From 8817e08a4ecc9d5a385bbb9f9c5e51bd02da9969 Mon Sep 17 00:00:00 2001 From: OAS Bot Date: Fri, 31 May 2024 12:26:15 +0000 Subject: [PATCH] OAS Update --- services/authorization/v2/authorization.json | 344 +++++---- .../service-account/v2/service-account.json | 698 +++++++++--------- 2 files changed, 556 insertions(+), 486 deletions(-) diff --git a/services/authorization/v2/authorization.json b/services/authorization/v2/authorization.json index ab5d0ad..6448367 100644 --- a/services/authorization/v2/authorization.json +++ b/services/authorization/v2/authorization.json @@ -1,6 +1,28 @@ { "components": { "schemas": { + "AddMembersPayload": { + "properties": { + "members": { + "items": { + "$ref": "#/components/schemas/Member" + }, + "title": "The list of members", + "type": "array" + }, + "resourceType": { + "example": "organization", + "pattern": "^[a-z](?:-?[a-z]){1,63}$", + "title": "Resource type", + "type": "string" + } + }, + "required": [ + "resourceType", + "members" + ], + "type": "object" + }, "ErrorResponse": { "example": { "error": "Bad Request", @@ -58,6 +80,78 @@ ], "type": "object" }, + "ListMembersResponse": { + "properties": { + "members": { + "items": { + "$ref": "#/components/schemas/Member" + }, + "title": "The list of members who should be added to this resource", + "type": "array" + }, + "resourceId": { + "example": "schwarz-it-kg-WJACUK1", + "pattern": "^([a-zA-Z0-9/_|\\-=+@.]{1,})$", + "title": "The ID of the resource, where the members should be updated", + "type": "string" + }, + "resourceType": { + "example": "organization", + "pattern": "^[a-z](?:-?[a-z]){1,63}$", + "title": "Resource type", + "type": "string" + } + }, + "required": [ + "resourceId", + "resourceType", + "members" + ], + "type": "object" + }, + "ListPermissionsResponse": { + "properties": { + "permissions": { + "items": { + "$ref": "#/components/schemas/Permission" + }, + "title": "List of permissions", + "type": "array" + } + }, + "required": [ + "permissions" + ], + "type": "object" + }, + "ListUserMembershipsResponse": { + "properties": { + "items": { + "items": { + "$ref": "#/components/schemas/UserMembership" + }, + "type": "array" + } + }, + "required": [ + "items" + ], + "type": "object" + }, + "ListUserPermissionsResponse": { + "properties": { + "items": { + "items": { + "$ref": "#/components/schemas/UserPermission" + }, + "type": "array" + } + }, + "required": [ + "items" + ], + "type": "object" + }, "Member": { "properties": { "role": { @@ -80,6 +174,38 @@ ], "type": "object" }, + "MembersResponse": { + "properties": { + "members": { + "items": { + "$ref": "#/components/schemas/Member" + }, + "title": "The list of members who should be added to this resource", + "type": "array" + }, + "resourceId": { + "example": "schwarz-it-kg-WJACUK1", + "pattern": "^([a-zA-Z0-9/_|\\-=+@.]{1,})$", + "title": "The ID of the resource, where the members should be updated", + "type": "string" + }, + "resourceType": { + "example": "organization", + "pattern": "^[a-z](?:-?[a-z]){1,63}$", + "title": "Resource type", + "type": "string" + }, + "writtenAt": { + "$ref": "#/components/schemas/Zookie" + } + }, + "required": [ + "resourceId", + "resourceType", + "members" + ], + "type": "object" + }, "Permission": { "properties": { "description": { @@ -262,132 +388,6 @@ } }, "type": "object" - }, - "AddMembersPayload": { - "properties": { - "members": { - "items": { - "$ref": "#/components/schemas/Member" - }, - "title": "The list of members", - "type": "array" - }, - "resourceType": { - "example": "organization", - "pattern": "^[a-z](?:-?[a-z]){1,63}$", - "title": "Resource type", - "type": "string" - } - }, - "required": [ - "resourceType", - "members" - ], - "type": "object" - }, - "MembersResponse": { - "properties": { - "members": { - "items": { - "$ref": "#/components/schemas/Member" - }, - "title": "The list of members who should be added to this resource", - "type": "array" - }, - "resourceId": { - "example": "schwarz-it-kg-WJACUK1", - "pattern": "^([a-zA-Z0-9/_|\\-=+@.]{1,})$", - "title": "The ID of the resource, where the members should be updated", - "type": "string" - }, - "resourceType": { - "example": "organization", - "pattern": "^[a-z](?:-?[a-z]){1,63}$", - "title": "Resource type", - "type": "string" - }, - "writtenAt": { - "$ref": "#/components/schemas/Zookie" - } - }, - "required": [ - "resourceId", - "resourceType", - "members" - ], - "type": "object" - }, - "ListPermissionsResponse": { - "properties": { - "permissions": { - "items": { - "$ref": "#/components/schemas/Permission" - }, - "title": "List of permissions", - "type": "array" - } - }, - "required": [ - "permissions" - ], - "type": "object" - }, - "ListMembersResponse": { - "properties": { - "members": { - "items": { - "$ref": "#/components/schemas/Member" - }, - "title": "The list of members who should be added to this resource", - "type": "array" - }, - "resourceId": { - "example": "schwarz-it-kg-WJACUK1", - "pattern": "^([a-zA-Z0-9/_|\\-=+@.]{1,})$", - "title": "The ID of the resource, where the members should be updated", - "type": "string" - }, - "resourceType": { - "example": "organization", - "pattern": "^[a-z](?:-?[a-z]){1,63}$", - "title": "Resource type", - "type": "string" - } - }, - "required": [ - "resourceId", - "resourceType", - "members" - ], - "type": "object" - }, - "ListUserMembershipsResponse": { - "properties": { - "items": { - "items": { - "$ref": "#/components/schemas/UserMembership" - }, - "type": "array" - } - }, - "required": [ - "items" - ], - "type": "object" - }, - "ListUserPermissionsResponse": { - "properties": { - "items": { - "items": { - "$ref": "#/components/schemas/UserPermission" - }, - "type": "array" - } - }, - "required": [ - "items" - ], - "type": "object" } } }, @@ -536,6 +536,89 @@ "summary": "List memberships of a user" } }, + "/v2/users/{email}/permissions": { + "get": { + "description": "List permissions of a user. An administrative access is needed to list any user's permissions, while the user can do it on his/her own email. Lists every resource of the given type where the user has any effective permissions. When requested, also lists why the permission is present.", + "operationId": "ListUserPermissions", + "parameters": [ + { + "in": "path", + "name": "email", + "required": true, + "schema": { + "type": "string" + } + }, + { + "in": "query", + "name": "resource", + "schema": { + "type": "string" + } + }, + { + "in": "query", + "name": "resourceType", + "schema": { + "type": "string" + } + }, + { + "in": "query", + "name": "permissions", + "schema": { + "items": { + "type": "string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ListUserPermissionsResponse" + } + } + }, + "description": "OK" + }, + "400": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ErrorResponse" + } + } + }, + "description": "Malformed input" + }, + "401": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ErrorResponse" + } + } + }, + "description": "Unauthorized" + }, + "403": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ErrorResponse" + } + } + }, + "description": "Forbidden" + } + }, + "summary": "List permissions of a user" + } + }, "/v2/{resourceId}/members": { "patch": { "description": "Add members to the given resource with specified roles.", @@ -818,17 +901,12 @@ }, "servers": [ { - "url": "https://authorization.api.{region}stackit.cloud", + "url": "https://authorization.api.stackit.cloud", "variables": { "region": { - "default": "" + "default": "global" } } } - ], - "tags": [ - { - "name": "Membership" - } ] } \ No newline at end of file diff --git a/services/service-account/v2/service-account.json b/services/service-account/v2/service-account.json index 3029a64..d8d97c6 100644 --- a/services/service-account/v2/service-account.json +++ b/services/service-account/v2/service-account.json @@ -30,6 +30,75 @@ } }, "schemas": { + "AccessToken": { + "description": "Contains token metadata and actual token.", + "properties": { + "active": { + "description": "Newly created access tokens are valid, and can be revoked if needed.", + "type": "boolean" + }, + "createdAt": { + "description": "Creation time of the access token.", + "format": "date-time", + "type": "string" + }, + "id": { + "description": "Unique ID of the access token. Also used as JTI field.", + "format": "uuid", + "type": "string" + }, + "token": { + "description": "The access token in JWT format. Use this with `Bearer` prefix for API calls. Store it, as it is not recoverable later.", + "type": "string" + }, + "validUntil": { + "description": "Approximate expiration time of the access token. Check the JWT for actual validity date.", + "format": "date-time", + "type": "string" + } + }, + "required": [ + "id", + "createdAt", + "validUntil", + "active", + "token" + ], + "title": "AccessTokenV2", + "type": "object" + }, + "AccessTokenMetadata": { + "description": "Does not contain the actual token.", + "properties": { + "active": { + "description": "If true, access token can be used for authorized API calls, if false, the token is not usable anymore.", + "type": "boolean" + }, + "createdAt": { + "description": "Creation time of the access token.", + "format": "date-time", + "type": "string" + }, + "id": { + "description": "Unique ID of the access token. Also used as JTI field.", + "format": "uuid", + "type": "string" + }, + "validUntil": { + "description": "Approximate expiration time of the access token. Check the JWT for actual validity date.", + "format": "date-time", + "type": "string" + } + }, + "required": [ + "id", + "createdAt", + "validUntil", + "active" + ], + "title": "AccessTokenMetadataV2", + "type": "object" + }, "AuthError": { "example": { "error": { @@ -65,44 +134,37 @@ "title": "AuthError", "type": "object" }, - "Error": { - "description": "Contains error information.", - "example": { - "error": "Bad Request", - "message": "Some information about what caused the Error", - "path": "/v1/path/which/returned/error", - "status": 400, - "timeStamp": "2019-08-24T14:15:22Z" + "CreateAccessTokenPayload": { + "properties": { + "ttlDays": { + "description": "The duration in days for how long the new Access Token should be valid.", + "maximum": 180, + "minimum": 1, + "type": "integer" + } }, + "required": [ + "ttlDays" + ], + "title": "CreateAccessTokenRequestBody", + "type": "object" + }, + "CreateServiceAccountKeyPayload": { "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "path": { + "publicKey": { + "description": "Optional, public key part of the user generated RSA key-pair wrapped in a [X.509 v3 certificate](https://www.rfc-editor.org/rfc/rfc5280)", "type": "string" }, - "status": { - "type": "integer" - }, - "timeStamp": { + "validUntil": { + "description": "Optional, date of key expiration. When omitted, key is valid until deleted", "format": "date-time", "type": "string" } }, - "required": [ - "timeStamp", - "path", - "status", - "error", - "message" - ], - "title": "ErrorResponse", + "title": "ServiceAccountKeyRequest", "type": "object" }, - "ServiceAccountKeyListResponse": { + "CreateServiceAccountKeyResponse": { "properties": { "active": { "type": "boolean" @@ -112,6 +174,39 @@ "format": "date-time", "type": "string" }, + "credentials": { + "properties": { + "aud": { + "description": "Audience - service account API URL", + "type": "string" + }, + "iss": { + "description": "Service account email", + "format": "email", + "type": "string" + }, + "kid": { + "description": "Key id to use", + "type": "string" + }, + "privateKey": { + "description": "Private key. Only present, if the service account API was generating the key. Not recoverable later.", + "type": "string" + }, + "sub": { + "description": "Service account id", + "format": "uuid", + "type": "string" + } + }, + "required": [ + "kid", + "iss", + "sub", + "aud" + ], + "type": "object" + }, "id": { "description": "Unique ID of the key.", "format": "uuid", @@ -137,6 +232,10 @@ ], "type": "string" }, + "publicKey": { + "description": "Public key, that was provider, or was generated by the service account API", + "type": "string" + }, "validUntil": { "description": "If specified, the timestamp until the key is active. May be null", "format": "date-time", @@ -150,9 +249,10 @@ "keyType", "keyOrigin", "keyAlgorithm", - "active" + "active", + "credentials" ], - "title": "ServiceAccountKeyListResponse", + "title": "ServiceAccountKeyPrivateResponse", "type": "object" }, "CreateServiceAccountPayload": { @@ -172,275 +272,104 @@ "title": "CreateServiceAccountRequestBodyV2", "type": "object" }, - "CreateAccessTokenPayload": { - "properties": { - "ttlDays": { - "description": "The duration in days for how long the new Access Token should be valid.", - "maximum": 180, - "minimum": 1, - "type": "integer" - } - }, - "required": [ - "ttlDays" - ], - "title": "CreateAccessTokenRequestBody", - "type": "object" - }, - "CreateServiceAccountKeyPayload": { - "properties": { - "publicKey": { - "description": "Optional, public key part of the user generated RSA key-pair wrapped in a [X.509 v3 certificate](https://www.rfc-editor.org/rfc/rfc5280)", - "type": "string" - }, - "validUntil": { - "description": "Optional, date of key expiration. When omitted, key is valid until deleted", - "format": "date-time", - "type": "string" - } - }, - "title": "ServiceAccountKeyRequest", - "type": "object" - }, - "PartialUpdateServiceAccountKeyPayload": { - "properties": { - "active": { - "description": "Active keys are valid, while inactive keys are temporarily deactivated.", - "type": "boolean" - }, - "validUntil": { - "description": "Optional, date of key expiration. To disable, set time to \"9999-01-01T01:01:01Z\"", - "format": "date-time", - "type": "string" - } - }, - "title": "ServiceAccountKeyUpdateRequest", - "type": "object" - }, - "AccessTokenMetadata": { - "description": "Does not contain the actual token.", - "properties": { - "active": { - "description": "If true, access token can be used for authorized API calls, if false, the token is not usable anymore.", - "type": "boolean" - }, - "createdAt": { - "description": "Creation time of the access token.", - "format": "date-time", - "type": "string" - }, - "id": { - "description": "Unique ID of the access token. Also used as JTI field.", - "format": "uuid", - "type": "string" - }, - "validUntil": { - "description": "Approximate expiration time of the access token. Check the JWT for actual validity date.", - "format": "date-time", - "type": "string" - } - }, - "required": [ - "id", - "createdAt", - "validUntil", - "active" - ], - "title": "AccessTokenMetadataV2", - "type": "object" - }, - "AccessToken": { - "description": "Contains token metadata and actual token.", + "CreateShortLivedAccessTokenPayload": { "properties": { - "active": { - "description": "Newly created access tokens are valid, and can be revoked if needed.", - "type": "boolean" - }, - "createdAt": { - "description": "Creation time of the access token.", - "format": "date-time", - "type": "string" - }, - "id": { - "description": "Unique ID of the access token. Also used as JTI field.", - "format": "uuid", + "assertion": { + "description": "The self signed JWT. Must be given when grant_type is urn:ietf:params:oauth:grant-type:jwt-bearer", "type": "string" }, - "token": { - "description": "The access token in JWT format. Use this with `Bearer` prefix for API calls. Store it, as it is not recoverable later.", + "grant_type": { + "description": "Always use URL encoded values. E.g. urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Ajwt-bearer", + "enum": [ + "urn:ietf:params:oauth:grant-type:jwt-bearer", + "refresh_token" + ], "type": "string" }, - "validUntil": { - "description": "Approximate expiration time of the access token. Check the JWT for actual validity date.", - "format": "date-time", + "refresh_token": { + "description": "Refresh token provided by a previous call with a self signed token. Must be given when grant_type is refresh_token", "type": "string" } }, "required": [ - "id", - "createdAt", - "validUntil", - "active", - "token" - ], - "title": "AccessTokenV2", - "type": "object" - }, - "ListAccessTokensResponse": { - "properties": { - "items": { - "items": { - "$ref": "#/components/schemas/AccessTokenMetadata" - }, - "type": "array" - } - }, - "title": "GetAccessTokensResponseBodyV2", - "type": "object" - }, - "JWKS": { - "properties": { - "keys": { - "items": { - "$ref": "#/components/schemas/JWK" - }, - "type": "array" - } - }, - "required": [ - "keys" - ], - "title": "GetJWKResponseBody", - "type": "object" - }, - "ListServiceAccountKeysResponse": { - "properties": { - "items": { - "items": { - "$ref": "#/components/schemas/ServiceAccountKeyListResponse" - }, - "type": "array" - } - }, - "required": [ - "items" - ], - "title": "GetServiceAccountsResponseBody", - "type": "object" - }, - "ListServiceAccountsResponse": { - "properties": { - "items": { - "items": { - "$ref": "#/components/schemas/ServiceAccount" - }, - "type": "array" - } - }, - "required": [ - "items" + "grant_type" ], - "title": "GetServiceAccountsResponseBodyV2", + "title": "TokenRequestBody", "type": "object" }, - "JWK": { - "description": "JSON Web Key according to https://datatracker.ietf.org/doc/html/rfc7517#section-4", + "CreateShortLivedAccessTokenResponse": { "properties": { - "alg": { - "type": "string" - }, - "e": { - "type": "string" - }, - "kid": { - "type": "string" - }, - "ks": { - "type": "string" - }, - "n": { - "type": "string" - }, - "ops": { - "type": "string" - }, - "use": { + "access_token": { + "description": "The short lived token that can be used for API access", "type": "string" }, - "x5c": { - "type": "string" + "expires_in": { + "example": 3600, + "type": "integer" }, - "x5t": { + "refresh_token": { + "description": "Refresh token that can be used to request a new access token when it expires (and before refresh token expires). Tokens are rotated.", "type": "string" }, - "x5t256": { + "scope": { + "description": "scope field of the self signed token", "type": "string" }, - "x5u": { + "token_type": { + "enum": [ + "Bearer" + ], "type": "string" } }, "required": [ - "n", - "e" + "access_token", + "refresh_token", + "scope", + "token_type", + "expires_in" ], - "title": "JsonWebKey", + "title": "TokenResponseBody", "type": "object" }, - "PartialUpdateServiceAccountKeyResponse": { + "Error": { + "description": "Contains error information.", + "example": { + "error": "Bad Request", + "message": "Some information about what caused the Error", + "path": "/v1/path/which/returned/error", + "status": 400, + "timeStamp": "2019-08-24T14:15:22Z" + }, "properties": { - "active": { - "type": "boolean" - }, - "createdAt": { - "description": "Creation time of the key", - "format": "date-time", - "type": "string" - }, - "id": { - "description": "Unique ID of the key.", - "format": "uuid", + "error": { "type": "string" }, - "keyAlgorithm": { - "enum": [ - "RSA_2048" - ], + "message": { "type": "string" }, - "keyOrigin": { - "enum": [ - "USER_PROVIDED", - "GENERATED" - ], + "path": { "type": "string" }, - "keyType": { - "enum": [ - "USER_MANAGED", - "SYSTEM_MANAGED" - ], - "type": "string" + "status": { + "type": "integer" }, - "validUntil": { - "description": "If specified, the timestamp until the key is active. May be null", + "timeStamp": { "format": "date-time", "type": "string" } - }, - "required": [ - "id", - "publicKey", - "createdAt", - "keyType", - "keyOrigin", - "keyAlgorithm", - "active" + }, + "required": [ + "timeStamp", + "path", + "status", + "error", + "message" ], - "title": "ServiceAccountKeyPatchResponse", + "title": "ErrorResponse", "type": "object" }, - "CreateServiceAccountKeyResponse": { + "GetServiceAccountKeyResponse": { "properties": { "active": { "type": "boolean" @@ -465,10 +394,6 @@ "description": "Key id to use", "type": "string" }, - "privateKey": { - "description": "Private key. Only present, if the service account API was generating the key. Not recoverable later.", - "type": "string" - }, "sub": { "description": "Service account id", "format": "uuid", @@ -509,7 +434,7 @@ "type": "string" }, "publicKey": { - "description": "Public key, that was provider, or was generated by the service account API", + "description": "Public key, in the requested format", "type": "string" }, "validUntil": { @@ -520,7 +445,6 @@ }, "required": [ "id", - "publicKey", "createdAt", "keyType", "keyOrigin", @@ -528,10 +452,126 @@ "active", "credentials" ], - "title": "ServiceAccountKeyPrivateResponse", + "title": "ServiceAccountKeyResponseWithKey", "type": "object" }, - "GetServiceAccountKeyResponse": { + "JWK": { + "description": "JSON Web Key according to https://datatracker.ietf.org/doc/html/rfc7517#section-4", + "properties": { + "alg": { + "type": "string" + }, + "e": { + "type": "string" + }, + "kid": { + "type": "string" + }, + "ks": { + "type": "string" + }, + "n": { + "type": "string" + }, + "ops": { + "type": "string" + }, + "use": { + "type": "string" + }, + "x5c": { + "type": "string" + }, + "x5t": { + "type": "string" + }, + "x5t256": { + "type": "string" + }, + "x5u": { + "type": "string" + } + }, + "required": [ + "n", + "e" + ], + "title": "JsonWebKey", + "type": "object" + }, + "JWKS": { + "properties": { + "keys": { + "items": { + "$ref": "#/components/schemas/JWK" + }, + "type": "array" + } + }, + "required": [ + "keys" + ], + "title": "GetJWKResponseBody", + "type": "object" + }, + "ListAccessTokensResponse": { + "properties": { + "items": { + "items": { + "$ref": "#/components/schemas/AccessTokenMetadata" + }, + "type": "array" + } + }, + "title": "GetAccessTokensResponseBodyV2", + "type": "object" + }, + "ListServiceAccountKeysResponse": { + "properties": { + "items": { + "items": { + "$ref": "#/components/schemas/ServiceAccountKeyListResponse" + }, + "type": "array" + } + }, + "required": [ + "items" + ], + "title": "GetServiceAccountsResponseBody", + "type": "object" + }, + "ListServiceAccountsResponse": { + "properties": { + "items": { + "items": { + "$ref": "#/components/schemas/ServiceAccount" + }, + "type": "array" + } + }, + "required": [ + "items" + ], + "title": "GetServiceAccountsResponseBodyV2", + "type": "object" + }, + "PartialUpdateServiceAccountKeyPayload": { + "properties": { + "active": { + "description": "Active keys are valid, while inactive keys are temporarily deactivated.", + "type": "boolean" + }, + "validUntil": { + "description": "Optional, date of key expiration. To disable, set time to \"9999-01-01T01:01:01Z\"", + "format": "date-time", + "type": "string" + } + }, + "title": "ServiceAccountKeyUpdateRequest", + "type": "object" + }, + "PartialUpdateServiceAccountKeyResponse": { "properties": { "active": { "type": "boolean" @@ -541,35 +581,6 @@ "format": "date-time", "type": "string" }, - "credentials": { - "properties": { - "aud": { - "description": "Audience - service account API URL", - "type": "string" - }, - "iss": { - "description": "Service account email", - "format": "email", - "type": "string" - }, - "kid": { - "description": "Key id to use", - "type": "string" - }, - "sub": { - "description": "Service account id", - "format": "uuid", - "type": "string" - } - }, - "required": [ - "kid", - "iss", - "sub", - "aud" - ], - "type": "object" - }, "id": { "description": "Unique ID of the key.", "format": "uuid", @@ -595,10 +606,6 @@ ], "type": "string" }, - "publicKey": { - "description": "Public key, in the requested format", - "type": "string" - }, "validUntil": { "description": "If specified, the timestamp until the key is active. May be null", "format": "date-time", @@ -607,14 +614,14 @@ }, "required": [ "id", + "publicKey", "createdAt", "keyType", "keyOrigin", "keyAlgorithm", - "active", - "credentials" + "active" ], - "title": "ServiceAccountKeyResponseWithKey", + "title": "ServiceAccountKeyPatchResponse", "type": "object" }, "ServiceAccount": { @@ -648,64 +655,57 @@ "title": "ServiceAccount", "type": "object" }, - "CreateShortLivedAccessTokenPayload": { + "ServiceAccountKeyListResponse": { "properties": { - "assertion": { - "description": "The self signed JWT. Must be given when grant_type is urn:ietf:params:oauth:grant-type:jwt-bearer", - "type": "string" + "active": { + "type": "boolean" }, - "grant_type": { - "description": "Always use URL encoded values. E.g. urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Ajwt-bearer", - "enum": [ - "urn:ietf:params:oauth:grant-type:jwt-bearer", - "refresh_token" - ], + "createdAt": { + "description": "Creation time of the key", + "format": "date-time", "type": "string" }, - "refresh_token": { - "description": "Refresh token provided by a previous call with a self signed token. Must be given when grant_type is refresh_token", - "type": "string" - } - }, - "required": [ - "grant_type" - ], - "title": "TokenRequestBody", - "type": "object" - }, - "CreateShortLivedAccessTokenResponse": { - "properties": { - "access_token": { - "description": "The short lived token that can be used for API access", + "id": { + "description": "Unique ID of the key.", + "format": "uuid", "type": "string" }, - "expires_in": { - "example": 3600, - "type": "integer" - }, - "refresh_token": { - "description": "Refresh token that can be used to request a new access token when it expires (and before refresh token expires). Tokens are rotated.", + "keyAlgorithm": { + "enum": [ + "RSA_2048" + ], "type": "string" }, - "scope": { - "description": "scope field of the self signed token", + "keyOrigin": { + "enum": [ + "USER_PROVIDED", + "GENERATED" + ], "type": "string" }, - "token_type": { + "keyType": { "enum": [ - "Bearer" + "USER_MANAGED", + "SYSTEM_MANAGED" ], "type": "string" + }, + "validUntil": { + "description": "If specified, the timestamp until the key is active. May be null", + "format": "date-time", + "type": "string" } }, "required": [ - "access_token", - "refresh_token", - "scope", - "token_type", - "expires_in" + "id", + "publicKey", + "createdAt", + "keyType", + "keyOrigin", + "keyAlgorithm", + "active" ], - "title": "TokenResponseBody", + "title": "ServiceAccountKeyListResponse", "type": "object" } } @@ -1702,20 +1702,12 @@ }, "servers": [ { - "url": "https://service-account.api.{region}stackit.cloud", + "url": "https://service-account.api.stackit.cloud", "variables": { "region": { - "default": "" + "default": "global" } } } - ], - "tags": [ - { - "name": "Public" - }, - { - "name": "v2" - } ] } \ No newline at end of file