github.com/thetreep/go-swagger@v0.0.0-20240223100711-35af64f14f01/fixtures/bugs/2919/edge-api/management/cas.yml (about) 1 --- 2 paths: 3 cas: 4 get: 5 summary: List CAs 6 description: Retrieves a list of CA resources; supports filtering, sorting, and pagination. Requires admin access. 7 security: 8 - ztSession: [ ] 9 tags: 10 - Certificate Authority 11 operationId: listCas 12 parameters: 13 - $ref: '../shared/parameters.yml#/limit' 14 - $ref: '../shared/parameters.yml#/offset' 15 - $ref: '../shared/parameters.yml#/filter' 16 responses: 17 '200': 18 $ref: '#/responses/listCas' 19 '401': 20 $ref: '../shared/standard-responses.yml#/responses/unauthorizedResponse' 21 '400': 22 $ref: '../shared/standard-responses.yml#/responses/badRequestResponse' 23 post: 24 summary: Creates a CA 25 description: Creates a CA in an unverified state. Requires admin access. 26 security: 27 - ztSession: [ ] 28 tags: 29 - Certificate Authority 30 operationId: createCa 31 32 parameters: 33 - name: ca 34 in: body 35 required: true 36 description: A CA to create 37 schema: 38 $ref: '#/definitions/caCreate' 39 responses: 40 '201': 41 $ref: '../shared/standard-responses.yml#/responses/createResponse' 42 '400': 43 $ref: '../shared/standard-responses.yml#/responses/badRequestResponse' 44 '401': 45 $ref: '../shared/standard-responses.yml#/responses/unauthorizedResponse' 46 cas-id: 47 parameters: 48 - $ref: '../shared/parameters.yml#/id' 49 get: 50 summary: Retrieves a single CA 51 description: Retrieves a single CA by id. Requires admin access. 52 security: 53 - ztSession: [ ] 54 tags: 55 - Certificate Authority 56 operationId: detailCa 57 responses: 58 '200': 59 $ref: '#/responses/detailCa' 60 '404': 61 $ref: '../shared/standard-responses.yml#/responses/notFoundResponse' 62 '401': 63 $ref: '../shared/standard-responses.yml#/responses/unauthorizedResponse' 64 put: 65 summary: Update all fields on a CA 66 description: Update all fields on a CA by id. Requires admin access. 67 security: 68 - ztSession: [ ] 69 tags: 70 - Certificate Authority 71 operationId: updateCa 72 parameters: 73 - name: ca 74 in: body 75 required: true 76 description: A CA update object 77 schema: 78 $ref: '#/definitions/caUpdate' 79 responses: 80 '200': 81 $ref: '../shared/standard-responses.yml#/responses/updateResponse' 82 '400': 83 $ref: '../shared/standard-responses.yml#/responses/badRequestResponse' 84 '404': 85 $ref: '../shared/standard-responses.yml#/responses/notFoundResponse' 86 '401': 87 $ref: '../shared/standard-responses.yml#/responses/unauthorizedResponse' 88 patch: 89 summary: Update the supplied fields on a CA 90 description: Update only the supplied fields on a CA by id. Requires admin access. 91 security: 92 - ztSession: [ ] 93 tags: 94 - Certificate Authority 95 operationId: patchCa 96 parameters: 97 - name: ca 98 in: body 99 required: true 100 description: A CA patch object 101 schema: 102 $ref: '#/definitions/caPatch' 103 responses: 104 '200': 105 $ref: '../shared/standard-responses.yml#/responses/patchResponse' 106 '400': 107 $ref: '../shared/standard-responses.yml#/responses/badRequestResponse' 108 '404': 109 $ref: '../shared/standard-responses.yml#/responses/notFoundResponse' 110 '401': 111 $ref: '../shared/standard-responses.yml#/responses/unauthorizedResponse' 112 delete: 113 summary: Delete a CA 114 description: | 115 Delete a CA by id. Deleting a CA will delete its associated certificate authenticators. This can make it 116 impossible for identities to authenticate if they no longer have any valid authenticators. Requires admin access. 117 security: 118 - ztSession: [ ] 119 tags: 120 - Certificate Authority 121 operationId: deleteCa 122 responses: 123 '200': 124 $ref: '../shared/standard-responses.yml#/responses/deleteResponse' 125 '400': 126 $ref: '../shared/standard-responses.yml#/responses/badRequestResponse' 127 '401': 128 $ref: '../shared/standard-responses.yml#/responses/unauthorizedResponse' 129 cas-id-jwt: 130 parameters: 131 - $ref: '../shared/parameters.yml#/id' 132 get: 133 summary: Retrieve the enrollment JWT for a CA 134 description: | 135 For CA auto enrollment, the enrollment JWT is static and provided on each CA resource. This endpoint provides 136 the jwt as a text response. 137 security: 138 - ztSession: [ ] 139 tags: 140 - Certificate Authority 141 operationId: getCaJwt 142 produces: 143 - 'application/jwt' 144 responses: 145 '200': 146 description: The result is the JWT text to validate the CA 147 schema: 148 type: string 149 examples: 150 'application/jwt': 'eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJlbSI6ImNhIiwiaXNzIjoiaHR0cHM6Ly9sb2NhbGhvc3Q6MTI 151 4MC8ifQ.Ot6lhNBSOw8ygHytdI5l7WDf9EWadOj44UPvJ0c-8mJ54fClWM3uMZrAHSSfV6KmOSZOeBBJe4VlNyoD-_MOECP0BzYSnSQP3E 152 zJb0VlM-fFmGcKNGW157icyZNISfO43JL_Lw2QPBzTgikqSIj9eZnocC3BeAmZCHsVznnLfHWqDldcmuxnu-5MNOSrWV1x9iVcgLFlLHXK 153 2PLA4qIiZmlQTrQjpHJmUaoJ07mnj8hMKzxB3wBG8kpazjEo7HDRCO06aBH4eqFgf_l0iT8Dzcb31jquWMGUoSXPhf4lVJh_FiNcR1wVx- 154 UiHLbG5h23Aqf1UJF-F38rc1FElKz0Zg' 155 '404': 156 $ref: '../shared/standard-responses.yml#/responses/notFoundResponse' 157 '401': 158 $ref: '../shared/standard-responses.yml#/responses/unauthorizedResponse' 159 cas-id-verify: 160 parameters: 161 - $ref: '../shared/parameters.yml#/id' 162 post: 163 summary: Verify a CA 164 description: | 165 Allows a CA to become verified by submitting a certificate in PEM format that has been signed by the target CA. 166 The common name on the certificate must match the verificationToken property of the CA. Unverfieid CAs can not 167 be used for enrollment/authentication. Requires admin access. 168 security: 169 - ztSession: [ ] 170 tags: 171 - Certificate Authority 172 operationId: verifyCa 173 consumes: 174 - 'text/plain' 175 parameters: 176 - name: certificate 177 required: true 178 in: body 179 description: A PEM formatted certificate signed by the target CA with the common name matching the CA's validationToken 180 schema: 181 type: string 182 responses: 183 200: 184 $ref: '../shared/standard-responses.yml#/responses/emptyResponse' 185 '400': 186 $ref: '../shared/standard-responses.yml#/responses/badRequestResponse' 187 '404': 188 $ref: '../shared/standard-responses.yml#/responses/notFoundResponse' 189 '401': 190 $ref: '../shared/standard-responses.yml#/responses/unauthorizedResponse' 191 responses: 192 listCas: 193 description: A list of Certificate Authorities (CAs) 194 schema: 195 $ref: '#/definitions/listCasEnvelope' 196 detailCa: 197 description: A singular Certificate Authority (CA) resource 198 schema: 199 $ref: '#/definitions/detailCaEnvelope' 200 201 definitions: 202 externalIdClaim: 203 type: object 204 required: 205 - location 206 - matcher 207 - matcherCriteria 208 - parser 209 - parserCriteria 210 - index 211 properties: 212 location: 213 type: string 214 x-nullable: true 215 enum: 216 - COMMON_NAME 217 - SAN_URI 218 - SAN_EMAIL 219 matcher: 220 type: string 221 x-nullable: true 222 enum: 223 - ALL 224 - PREFIX 225 - SUFFIX 226 - SCHEME 227 matcherCriteria: 228 type: string 229 x-nullable: true 230 parser: 231 type: string 232 x-nullable: true 233 enum: 234 - NONE 235 - SPLIT 236 parserCriteria: 237 type: string 238 x-nullable: true 239 index: 240 type: integer 241 x-nullable: true 242 externalIdClaimPatch: 243 type: object 244 properties: 245 location: 246 type: string 247 x-nullable: true 248 enum: 249 - COMMON_NAME 250 - SAN_URI 251 - SAN_EMAIL 252 matcher: 253 type: string 254 x-nullable: true 255 enum: 256 - ALL 257 - PREFIX 258 - SUFFIX 259 - SCHEME 260 matcherCriteria: 261 type: string 262 x-nullable: true 263 parser: 264 type: string 265 x-nullable: true 266 enum: 267 - NONE 268 - SPLIT 269 parserCriteria: 270 type: string 271 x-nullable: true 272 index: 273 type: integer 274 x-nullable: true 275 listCasEnvelope: 276 type: object 277 required: 278 - meta 279 - data 280 properties: 281 meta: 282 $ref: '../shared/standard-responses.yml#/definitions/meta' 283 data: 284 $ref: '#/definitions/caList' 285 detailCaEnvelope: 286 type: object 287 required: 288 - meta 289 - data 290 properties: 291 meta: 292 $ref: '../shared/standard-responses.yml#/definitions/meta' 293 data: 294 $ref: '#/definitions/caDetail' 295 caList: 296 description: An array of Certificate Authority (CA) resources 297 type: array 298 items: 299 $ref: '#/definitions/caDetail' 300 caDetail: 301 description: A Certificate Authority (CA) resource 302 type: object 303 allOf: 304 - $ref: '../shared/base-entity.yml#/definitions/baseEntity' 305 - type: object 306 required: 307 - name 308 - fingerprint 309 - certPem 310 - isVerified 311 - isAutoCaEnrollmentEnabled 312 - isOttCaEnrollmentEnabled 313 - isAuthEnabled 314 - identityRoles 315 - identityNameFormat 316 properties: 317 name: 318 type: string 319 fingerprint: 320 type: string 321 certPem: 322 type: string 323 isVerified: 324 type: boolean 325 example: false 326 verificationToken: 327 type: string 328 format: uuid 329 isAutoCaEnrollmentEnabled: 330 type: boolean 331 example: true 332 isOttCaEnrollmentEnabled: 333 type: boolean 334 example: true 335 isAuthEnabled: 336 type: boolean 337 example: true 338 identityRoles: 339 $ref: '../shared/base-entity.yml#/definitions/roles' 340 identityNameFormat: 341 type: string 342 externalIdClaim: 343 $ref: '#/definitions/externalIdClaim' 344 caCreate: 345 description: A create Certificate Authority (CA) object 346 type: object 347 required: 348 - name 349 - certPem 350 - isAutoCaEnrollmentEnabled 351 - isOttCaEnrollmentEnabled 352 - isAuthEnabled 353 - identityRoles 354 properties: 355 name: 356 type: string 357 example: 'Test 3rd Party External CA' 358 isAutoCaEnrollmentEnabled: 359 type: boolean 360 example: true 361 isAuthEnabled: 362 type: boolean 363 example: true 364 isOttCaEnrollmentEnabled: 365 type: boolean 366 example: true 367 certPem: 368 type: string 369 example: | 370 -----BEGIN CERTIFICATE----- 371 MIICUjCCAdmgAwIBAgIJANooo7NB+dZZMAoGCCqGSM49BAMCMF4xCzAJBgNVBAYT 372 AlVTMQswCQYDVQQIDAJOQzETMBEGA1UECgwKTmV0Rm91bmRyeTEtMCsGA1UEAwwk 373 TmV0Rm91bmRyeSBaaXRpIEV4dGVybmFsIEFQSSBSb290IENBMB4XDTE4MTExNTEy 374 NTcwOVoXDTM4MTExMDEyNTcwOVowXjELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAk5D 375 MRMwEQYDVQQKDApOZXRGb3VuZHJ5MS0wKwYDVQQDDCROZXRGb3VuZHJ5IFppdGkg 376 RXh0ZXJuYWwgQVBJIFJvb3QgQ0EwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAARwq61Z 377 Iaqbaw0PDt3frJZaHjkxfZhwYrykI1GlbRNd/jix03lVG9qvpN5Og9fQfFFcFmD/ 378 3vCE9S6O0npm0mADQxcBcxbMRAH5dtBuCuiJW6qAAbPgiM32vqSxBiFt0KejYzBh 379 MB0GA1UdDgQWBBRx1OVGuc/jdltDc8YBtkw8Tbr4fjAfBgNVHSMEGDAWgBRx1OVG 380 uc/jdltDc8YBtkw8Tbr4fjAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB 381 hjAKBggqhkjOPQQDAgNnADBkAjBDRxNZUaIVpkQKnAgJukl3ysd3/i7Z6hDyIEms 382 kllz/+ZvmdBp9iedV5o5BvJUggACMCv+UBFlJH7pmsOCo/F45Kk178YsCC7gaMxE 383 1ZG1zveyMvsYsH04C9FndE6w2MLvlA== 384 -----END CERTIFICATE----- 385 identityRoles: 386 $ref: '../shared/base-entity.yml#/definitions/roles' 387 identityNameFormat: 388 type: string 389 tags: 390 $ref: '../shared/base-entity.yml#/definitions/tags' 391 externalIdClaim: 392 $ref: '#/definitions/externalIdClaim' 393 x-nullable: true 394 caUpdate: 395 type: object 396 required: 397 - name 398 - isAutoCaEnrollmentEnabled 399 - isOttCaEnrollmentEnabled 400 - isAuthEnabled 401 - identityRoles 402 - identityNameFormat 403 properties: 404 name: 405 type: string 406 example: My CA 407 isAutoCaEnrollmentEnabled: 408 type: boolean 409 example: true 410 isOttCaEnrollmentEnabled: 411 type: boolean 412 example: true 413 isAuthEnabled: 414 type: boolean 415 example: true 416 identityRoles: 417 $ref: '../shared/base-entity.yml#/definitions/roles' 418 identityNameFormat: 419 type: string 420 tags: 421 $ref: '../shared/base-entity.yml#/definitions/tags' 422 externalIdClaim: 423 $ref: '#/definitions/externalIdClaim' 424 x-nullable: true 425 caPatch: 426 type: object 427 properties: 428 name: 429 type: string 430 example: My CA 431 x-nullable: true 432 isAutoCaEnrollmentEnabled: 433 type: boolean 434 example: true 435 x-nullable: true 436 isOttCaEnrollmentEnabled: 437 type: boolean 438 example: true 439 x-nullable: true 440 isAuthEnabled: 441 type: boolean 442 example: true 443 x-nullable: true 444 identityRoles: 445 $ref: '../shared/base-entity.yml#/definitions/roles' 446 identityNameFormat: 447 type: string 448 x-nullable: true 449 tags: 450 $ref: '../shared/base-entity.yml#/definitions/tags' 451 externalIdClaim: 452 $ref: '#/definitions/externalIdClaimPatch'