Merge pull request #21 from IBM-Security/v24.03-assets

IAG v24.03 release updates

Author: keiran-ibm

openapi/advanced.yaml

@@ -14,23 +14,26 @@ advanced:
 
         This entry is an array and can be used to specify multiple tuning
         parameters.
-
-
-        Example:
-
-        advanced:
-          configuration:
-            - stanza: server
-              entry: web-http-port
-              operation: set
-              value: ["80"]
-            - stanza: server
-              entry: web-https-port
-              operation: set
-              value: ["443"]
+      x-examples:
+        - advanced:
+            configuration:
+              - stanza: server
+                entry: web-http-port
+                operation: set
+                value: ["80"]
+              - stanza: server
+                entry: web-https-port
+                operation: set
+                value: ["443"]
       type: array
       items:
+        title: AdvancedConfiguration
         type: object
+        x-openapi-required:
+          - stanza
+          - entry
+          - operation
+          - value
         properties:
           stanza:
             description: >

openapi/authorization.yaml

@@ -40,15 +40,18 @@ authorization:
         (AZN_CRED_PRINCIPAL_NAME = "user_a") | Match when the credential attribute "AZN_CRED_PRINCIPAL_NAME" is equal to "user_a".
 
 
-        Example:
-
-        authorization:
-          rules:
-            - name: ruleA
-              rule: (any groupIds = "administrator")
+      x-examples:
+        - authorization:
+            rules:
+              - name: ruleA
+                rule: (any groupIds = "administrator")
       type: array
       items:
+        title: AuthorizationRules
         type: object
+        x-openapi-required:
+          - name
+          - rule
         properties:
           name:
             description: >

openapi/ci_oidc.yaml

@@ -81,29 +81,26 @@ ci_oidc:
     When an ID token is received each claim will be evaluated against each rule in sequence until a match is found.
     The corresponding code (+|-) will then be used to determine whether the claim will be added to the credential or not.
     If the claim name does not match a configured rule it will by default be added to the credential.
-
-
-    Example:
-
-    identity:
-      ci_oidc:
-        hostname: www.test.com
-        client_id: 11111111-2222-3333-4444-5a5a5a5a5a5a5a
-        client_secret: 1a2b3c4d5e
-        mapped_identity: "{sub}"
-        redirect_uri_host: www.test2.com
-        response_type: code
-        response_mode: query
-        proxy: https://www.testproxy.com:443
-        scopes:
-          - profile
-          - email
-        allowed_query_args:
-          - "oidc_test=value"
-        bearer_token_attrs:
-          - "-access_token"
-        id_token_attrs:
-          - "-email"
+  x-examples:
+    - identity:
+        ci_oidc:
+          hostname: www.test.com
+          client_id: 11111111-2222-3333-4444-5a5a5a5a5a5a5a
+          client_secret: 1a2b3c4d5e
+          mapped_identity: "{sub}"
+          redirect_uri_host: www.test2.com
+          response_type: code
+          response_mode: query
+          proxy: https://www.testproxy.com:443
+          scopes:
+            - profile
+            - email
+          allowed_query_args:
+            - "oidc_test=value"
+          bearer_token_attrs:
+            - "-access_token"
+          id_token_attrs:
+            - "-email"
   type: object
   x-name: CI OIDC (deprecated)
   properties:

openapi/eai.yaml

@@ -20,19 +20,20 @@ eai:
     also have the same protocol (http[s] = TCP/SSL) and have the
     same `virtual-host-name` and `port` as the trigger.
 
-    Example:
-
-    identity:
-      eai:
-        triggers:
-          # Path-based application
-          - /auth_app/login_complete
-          - /auth_app/login_complete_v2
-          # Virtual Host application
-          - https://auth.ibm.com:9443/eai/login
-          - https://auth.ibm.com:9443/eai/login_v2
+  x-examples:
+    - identity:
+        eai:
+          triggers:
+            # Path-based application
+            - /auth_app/login_complete
+            - /auth_app/login_complete_v2
+            # Virtual Host application
+            - https://auth.ibm.com:9443/eai/login
+            - https://auth.ibm.com:9443/eai/login_v2
   type: object
   x-name: EAI
+  x-openapi-required:
+    - triggers
   properties:
       triggers:
         description: >

openapi/identity.yaml

@@ -13,23 +13,20 @@ identity:
 
         If an OIDC identity source is configured, this entry will default to
         the OIDC authentication URI "/pkmsoidc?iss=default".
-
-
-        Example:
-
-        identity:
-          auth_challenge_redirect:
-            url: /eai/login_start
-            parameters:
-              - source: macro
-                value:  HOSTNAME
-                name:   host
-              - source: credential
-                value:  AZN_CRED_NETWORK_ADDRESS_STR
-                name:   origin
-              - source: header
-                value:  X-IBM-Proxy
-                name:   proxy
+      x-examples:
+        - identity:
+            auth_challenge_redirect:
+              url: /eai/login_start
+              parameters:
+                - source: macro
+                  value:  HOSTNAME
+                  name:   host
+                - source: credential
+                  value:  AZN_CRED_NETWORK_ADDRESS_STR
+                  name:   origin
+                - source: header
+                  value:  X-IBM-Proxy
+                  name:   proxy
       type: object
       properties:
         url:
@@ -44,7 +41,11 @@ identity:
             query string arguments.
           type: array
           items:
+            title: IdentityAuthChallengeRedirectParameters
             type: object
+            x-openapi-required:
+              - source
+              - value
             properties:
               source:
                 description: >
@@ -89,23 +90,20 @@ identity:
         These entries can be used to override the default post authentication
         URL which clients will be redirected to once they have successfully
         authenticated.
-
-
-        Example:
-
-        identity:
-          auth_complete_redirect:
-            url: /landing
-            parameters:
-              - source: macro
-                value:  HOSTNAME
-                name:   host
-              - source: credential
-                value:  AZN_CRED_NETWORK_ADDRESS_STR
-                name:   origin
-              - source: header
-                value:  X-IBM-Proxy
-                name:   proxy
+      x-examples:
+        - identity:
+            auth_complete_redirect:
+              url: /landing
+              parameters:
+                - source: macro
+                  value:  HOSTNAME
+                  name:   host
+                - source: credential
+                  value:  AZN_CRED_NETWORK_ADDRESS_STR
+                  name:   origin
+                - source: header
+                  value:  X-IBM-Proxy
+                  name:   proxy
       type: object
       properties:
         url:
@@ -120,7 +118,11 @@ identity:
             query string arguments.
           type: array
           items:
+            title: IdentityAuthCompleteRedirectParameters
             type: object
+            x-openapi-required:
+              - source
+              - value
             properties:
               source:
                 description: >
@@ -158,7 +160,10 @@ identity:
                 type: string
 
     oidc:
-      $ref: "oidc.yaml#/oidc"
+      title: Oidc
+      type: array
+      items:
+        $ref: "oidc.yaml#/oidc"
     oauth:
       description: |
         The configuration entries in this section allow the reverse proxy to accept an OAuth bearer token and use the configured OAuth introspection endpoints to validate the token and create an authenticated session.
@@ -184,40 +189,37 @@ identity:
         When an introspection response token is received each JSON data element will be evaluated against each rule in sequence until a match is found.
         The corresponding code (+|-) will then be used to determine whether the JSON data will be added to the credential or not.
         If the JSON data name does not match a configured rule it will by default be added to the credential.
-
-
-        Example:
-
-        identity:
-          oauth:
-            - name: verify_introspection
-              restricted: false
-              introspection_endpoint: https://ibm-app-gw.verify.ibm.com/v1.0/endpoint/default/introspect
-              client_id: 11111111-2222-3333-4444-5a5a5a5a5a5a5a
-              client_secret: 1a2b3c4d5e
-              auth_method: client_secret_post
-              proxy: https://www.testproxy.com:443
-              token_type_hint: "access_token"
-              ssl:
-                certificate:
-                  - "@www-test-com-ca.pem"
-              mapped_identity: "{sub}"
-              attributes:
-                - "+scope"
-                - "+client_id"
-                - "+iat"
-                - "+exp"
-              multi_valued_scope: true
-              headers:
-                - source: header
-                  value:  host
-                  name:   X-Forwarded-For
-                - source: credential
-                  value:  AZN_CRED_NETWORK_ADDRESS_STR
-                  name:   origin
-                - source: text
-                  value:  green
-                  name:   X-Deployment-Status
+      x-examples:
+        - identity:
+            oauth:
+              - name: verify_introspection
+                restricted: false
+                introspection_endpoint: https://ibm-app-gw.verify.ibm.com/v1.0/endpoint/default/introspect
+                client_id: 11111111-2222-3333-4444-5a5a5a5a5a5a5a
+                client_secret: 1a2b3c4d5e
+                auth_method: client_secret_post
+                proxy: https://www.testproxy.com:443
+                token_type_hint: "access_token"
+                ssl:
+                  certificate:
+                    - "@www-test-com-ca.pem"
+                mapped_identity: "{sub}"
+                attributes:
+                  - "+scope"
+                  - "+client_id"
+                  - "+iat"
+                  - "+exp"
+                multi_valued_scope: true
+                headers:
+                  - source: header
+                    value:  host
+                    name:   X-Forwarded-For
+                  - source: credential
+                    value:  AZN_CRED_NETWORK_ADDRESS_STR
+                    name:   origin
+                  - source: text
+                    value:  green
+                    name:   X-Deployment-Status
 
       type: array
       items: