Skip to content

New endpoints to support remediation feature #49

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 7 commits into from
Closed

New endpoints to support remediation feature #49

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
9e1f440
Adding remediation point definition
pasha-zayko Oct 13, 2025
bed1d14
Merge branch 'main' into pasha-remediation-lab-815
pasha-zayko Oct 14, 2025
1294fd3
Merge branch 'main' into pasha-remediation-lab-815
pasha-zayko Oct 14, 2025
79eafbc
Merge branch 'main' into pasha-remediation-lab-815
pasha-zayko Oct 20, 2025
5627f91
Adding endpoint to create BreakGlass group resource
pasha-zayko Oct 20, 2025
63eae81
Merge branch 'main' into pasha-remediation-lab-815
pasha-zayko Nov 3, 2025
cb38c2a
Updating the spec definition to reflect all properties and adjusting …
pasha-zayko Nov 3, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
93 changes: 92 additions & 1 deletion specs/SHIELD.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1749,7 +1749,7 @@
},
"description": "Deprive your threats of practical significance. Deploy the Securing Privilege Access architecture. All in a few seconds.",
"title": "SHI Environment Lockdown and Defense",
"version": "3.0.4"
"version": "3.0.9"
},
"openapi": "3.1.0",
"paths": {
Expand Down Expand Up @@ -2631,6 +2631,97 @@
]
}
},
"/Api/Deploy/Remediate": {
"post": {
"summary": "Perform remediation steps to address discovered gaps in security posture",
"description": "After the user consents, perform necessary steps to deploy resources to cover the security gap.\n\nThis endpoint requires the `Deploy.ReadWrite`, or the `Everything.ReadWrite` scope (permission).",
"operationId": "/Api/Deploy/Remediate/Post",
"requestBody": {
"content": {
"application/json": {
"examples": {
"Insufficient Remediation Request": {
"description": "Someone trying to automate this application without reading the documentation.",
"summary": "Remediation Request Missing Needed Data",
"value": {}
},
"No User Consent": {
"description": "User did not agree to the terms and conditions. This post should not have been sent.",
"summary": "User Did Not Consent",
"value": {
"remediationConsent": false,
"templateList": [
"8e2b1c7a-4d5f-4a8b-9e6a-2c1b7f3d8e4a",
"3a7e2b1c-5d4f-4a8b-9e6a-7f2b3d1c9e45"
]
}
},
"User Consented": {
"description": "User agreed to the terms and conditions and pressed the remediate button.",
"summary": "User Consented",
"value": {
"remediationConsent": true,
"templateList": [
"9c1e7a2b-5d3f-4a8b-2c6e-1a7f3d9e8b5c",
"2b3e7a1c-4d5f-4a8b-9e6a-5d1c7e2b3a4f",
"7f1a3d9e-8b5c-4a8b-2c6e-9c2e7a1b5d3f"
]
}
}
},
"schema": {
"properties": {
"remediationConsent": {
"description": "Flag that indicates the end user has consented to remediation steps (`true`) or not (`false`).",
"type": "boolean",
"examples": [
true
]
},
"templateList": {
"description": "List of templateIds that indicate configuration items to be applied as part of remediation.",
"type": "array",
"items": {
"type": "string",
"format": "uuid",
"maxLength": 36,
"minLength": 36,
"pattern": "^[0-9a-f]{8}-[0-9a-f]{4}-[0-5][0-9a-f]{3}-[089ab][0-9a-f]{3}-[0-9a-f]{12}$",
"examples": [
"5d1c7e2b-3a4f-4a8b-9e6a-7f2b3d1c9e45"
]
},
"minItems": 0
}
},
"type": "object",
"required": [
"remediationConsent",
"templateList"
]
}
}
}
},
"responses": {
"202": {
"description": "Request for remediation is accepted and process is running"
},
"400": {
"description": "User provided information or choice are invalid for the operation"
},
"409": {
"description": "Operation is already in progress"
},
"503": {
"description": "System requirements have not been met!"
}
},
"tags": [
"Deploy"
]
}
},
"/Api/Deploy/Version": {
"get": {
"description": "Gets the version of the API server and the architecture version deployed as well as the supported version of the architecture spec from the server.\n\nThis endpoint requires the `Deploy.Read`, `Deploy.ReadWrite`, or the `Everything.ReadWrite` scope (permission).",
Expand Down
4 changes: 2 additions & 2 deletions src/shield/TypeScript/package-lock.json
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion src/shield/TypeScript/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "@shi-corp/sdk-shield",
"version": "3.0.7",
"version": "3.0.9",
"type": "module",
"main": "bin/index.js",
"description": "SDK client used to interface with the SHIELD application.",
Expand Down