Merge pull request #4 from strick-j/3-add-remote-access-secure-web-se…

…ssions-auth-helper

3 add remote access secure web sessions auth helper

.env.example

@@ -19,6 +19,20 @@ SCIM_CLIENT_SECRET="scim-secret"
 SCIM_APPLICATION_ID="scim-application"
 SCIM_SCOPE="scim"
 
+# Remote Access Login Information
+RA_BASE_URL="api.alero.io"
+RA_TENANT_ID="12ed12ae1EXAMPLEfb8d6e1234"
+RA_SERVICE_ACCOUNT_ID="11ef91EXAMPLE415dc11bf4"
+RA_PRIVATE_KEY="-----BEGIN RSA PRIVATE KEY-----\r\nMIIEEXAMPLEowIBAAEXAMPLEu6p44EHG5f7QqREXAMPLEQ\r\n-----END RSA PRIVATE KEY-----\r\n"
+RA_REGION="us"
+
+# Secure Web Sessions Login Information
+SWS_BASE_URL="api.alero.io"  
+SWS_TENANT_ID="12ed12ae1EXAMPLEfb8d6e1234"
+SWS_SERVICE_ACCOUNT_ID="11ef91EXAMPLE415dc11bf4"
+SWS_PRIVATE_KEY="-----BEGIN RSA PRIVATE KEY-----\r\nMIIEEXAMPLEowIBAAEXAMPLEu6p44EHG5f7QqREXAMPLEQ\r\n-----END RSA PRIVATE KEY-----\r\n"
+SWS_REGION="us"
+
 # TEST SETTINGS
 ## NOTE: If TEST_FLAG is set to "true", then variables will be set via the pre-request and post-request scripts
 TEST_FLAG="true"
@@ -62,4 +76,9 @@ TEST_CONJUR_CLOUD_HOST_API_KEY="2EXAMPLEjqdz8xEXAMPLE3aj6chsEXAMPLEbp1m1"
 TEST_CONJUR_CLOUD_SERVICE_ID="SERIVCE_ID"
 
 ## Self Hosted PAM Test Settings
-TEST_SELF_HOSTED_PAM_BASE_URL="example.example.com"
+TEST_SELF_HOSTED_PAM_BASE_URL="example.example.com"
+
+## Remote Access Test Settings
+TEST_RA_SITE_ID="11eEXAMPLEc14EXAMPLE12e"
+TEST_RA_APPLICATION_ID="11eEXAMPLEc14EXAMPLE12e"
+TEST_RA_TEAM_ID="11eEXAMPLEc14EXAMPLE12e"

.gitignore

@@ -1,6 +1,5 @@
 # dependencies
 node_modules
-package-lock.json
 SaaS/Cloud Onboarding
 
 # testing

CHANGELOG.md

@@ -1,5 +1,15 @@
 # Changelog
 
+
+## v1.0.1
+
+### Added or Changed 
+- Added two auth helpers
+  - Secure Web Sessions
+  - Remote Access
+- Added Secure Web Sessions Endpoints
+- Added Remote Access Endpoints
+
 ## v1.0.0
 
 ### Added or Changed

README.md

@@ -110,35 +110,53 @@ Within Bruno, you can navigate to the desired API endpoint and run the API. The
 Note: The various API endpoints are not yet fully implemented. This is a work in progress.
 
 
-
 <p align="right">(<a href="#readme-top">back to top</a>)</p>
 
 ### Usage: API Authentication
 
 The various APIs require authentication. The authentication header for most of the endpoints is automatically generated using the "Pre Request" script in Bruno. The following is an example of the Pre Request Script for one of the API endpoints:
 
-   ```javascript
-   const platformTokenAuth = require('./tools/platformTokenAuth');
+  ```javascript
+  const platformTokenAuth = require('./tools/platformTokenAuth');
 
-   // Perform authentication usings platformToken.js tools
-   await platformTokenAuth.login();
-   ```
+  // Perform authentication usings platformToken.js tools
+  await platformTokenAuth.login();
+  ```
 
 In the example above, the Pre Request script specifically calls the platformTokenAuth.login() function. This function is defined in the platformTokenAuth.js file located in the [tools] folder. The platformTokenAuth.login() function is responsible for authenticating the user and generating the necessary headers for the API request.
 
 For authentication to work properly you must set the appropriate values in the .env file. For example, if the endpoint is configured to use Platform Token authentication you must set the following values in the .env file:
-   ```
-   PLATFORM_TOKEN_CLIENT_ID="user@example.com" 
-   PLATFORM_TOKEN_CLIENT_SECRET="ExamplePasssword1234"
-   ```
+  ```
+  PLATFORM_TOKEN_CLIENT_ID="user@example.com" 
+  PLATFORM_TOKEN_CLIENT_SECRET="ExamplePasssword1234"
+  ```
 
 If you are planning to use any of the SCIM endpoints you must set the following values in the .env file:
-   ```
-   SCIM_CLIENT_ID="scim-client"
-   SCIM_CLIENT_SECRET="scim-secret"
-   SCIM_APPLICATION_ID="scim-application"
-   SCIM_SCOPE="scim"
-   ```
+  ```
+  SCIM_CLIENT_ID="scim-client"
+  SCIM_CLIENT_SECRET="scim-secret"
+  SCIM_APPLICATION_ID="scim-application"
+  SCIM_SCOPE="scim"
+  ```
+
+If you are planning to use either the Remote Access or Secure Web Sessions endpoints you must set the following values in the .env file:
+  ```
+  # Remote Access Login Information
+  RA_BASE_URL="api.alero.io"
+  RA_TENANT_ID="12ed12ae1EXAMPLEfb8d6e1234"
+  RA_SERVICE_ACCOUNT_ID="11ef91EXAMPLE415dc11bf4"
+  RA_PRIVATE_KEY="-----BEGIN RSA PRIVATE KEY-----\r\nMIIEEXAMPLEowIBAAEXAMPLEu6p44EHG5f7QqREXAMPLEQ\r\n-----END RSA PRIVATE KEY-----\r\n"
+  RA_REGION="us"
+
+  # Secure Web Sessions Login Information
+  SWS_BASE_URL="api.alero.io"  
+  SWS_TENANT_ID="12ed12ae1EXAMPLEfb8d6e1234"
+  SWS_SERVICE_ACCOUNT_ID="11ef91EXAMPLE415dc11bf4"
+  SWS_PRIVATE_KEY="-----BEGIN RSA PRIVATE KEY-----\r\nMIIEEXAMPLEowIBAAEXAMPLEu6p44EHG5f7QqREXAMPLEQ\r\n-----END RSA PRIVATE KEY-----\r\n"
+  SWS_REGION="us"
+  ```
+You can find your Tenant ID by logging into your SWS or Remote Access portal. The Tenant ID is located in the URL of the portal. Your base URL will depend on your region and can be found in the documentation. The Service Account ID can be found in the Service Account ID and Private Key are part of the JSON file that gets created when you create a service account.
+
 <p align="right">(<a href="#readme-top">back to top</a>)</p>
 
 ### Usage: API Troubleshooting and Testing
@@ -212,7 +230,8 @@ The second variable, TEST_LOG_VERBOSE, will enable verbose logging for the API.
 - [ ] Add Remaining SaaS API Endpoints
   - [ ] Enpoint Privilege Manager
   - [ ] Identity
-  - [ ] Secure Web Sessions
+  - [x] Secure Web Sessions
+  - [x] Remote Access
 - [x] Add Changelog
 - [ ] Add more examples
 - [ ] Add development documentation
@@ -226,7 +245,8 @@ The second variable, TEST_LOG_VERBOSE, will enable verbose logging for the API.
     - [x] Secrets Hub
     - [x] Secure Cloud Access
     - [x] Secure Infrastructure Access
-    - [ ] Secure Web Sessions
+    - [x] Secure Web Sessions
+    - [x] Remote Access
   - [ ] Self Hosted
     - [ ] PAM
 

SaaS/Remote Access/v1-edge/Activities/Retrieve Activities.bru

@@ -0,0 +1,114 @@
+meta {
+  name: Retrieve Activities
+  type: http
+  seq: 1
+}
+
+get {
+  url: https://{{remoteAccessBaseUrl}}/v1-edge/activities?activityTypes=ApplicationDeleted, ApplicationUpdated, ApplicationEnabled, ApplicationDisabled
+  body: none
+  auth: none
+}
+
+query {
+  activityTypes: ApplicationDeleted, ApplicationUpdated, ApplicationEnabled, ApplicationDisabled
+  ~fromTime: 0
+  ~toTime: 0
+  ~offset: 0
+  ~limit: 100
+}
+
+assert {
+  res.body: isJson
+  res.status: eq 200
+}
+
+script:pre-request {
+  const remoteAccessAuth = require('./tools/remoteAccessAuth');
+
+  // Perform authentication usings remoteAccessAuth.js tools
+  await remoteAccessAuth.login();
+}
+
+docs {
+  ## Get Remote Access Tenant's Activities - v1
+  Get list of Activities, happened between specified period
+
+  ### URL
+  https://api.alero.io/v1-edge/activities
+
+  #### Resource Information
+  | HTTP Method | GET |
+  | :-- | :-- |
+
+  #### URL Query Parameters
+  | Parameter | Type | Mandatory | Description | 
+  | :-- | :-- | :-- | :-- |
+  | activityTypes | array of strings | yes | List of Activity Types to retrieve. **Available values:** ApplicationCreated, ApplicationDeleted, ApplicationUpdated, ApplicationEnabled, ApplicationDisabled, ApplicationUserLogin, ConnectorCreated, ConnectorDeleted, ConnectorInitializationExtended, ConnectorInitialized, ConnectorUpdated, ConnectorLdapUpdated, ConnectorLdapInitialized, ConnectorLdapStopped, GroupsCreated, GroupsDeleted, GroupsUpdated, SettingsUpdated, SiteCreated, SiteDeleted, SiteUpdated, TenantAliasUpdated, TenantCreated, TenantLogin, UserActivated, UserDeactivated, VendorActivated, VendorDeactivated, VendorUpdated, UserDeleteFromTenant, VendorDeleteFromTenant, UserJoinTenant, VendorJoinTenant, UserCreated, UserUpdated, UserRoleChanged, ApplicationVendorLogin, AppCertificateCreated, AppCertificateDeleted, AppCertificateUpdated, CompanyUserInvitationCreate, VendorInvitationCreate, ServiceAccountCreated, ServiceAccountDeleted, ServiceAccountActivated, ServiceAccountDeactivated, ApplicationLoginBlocked, DirectAccessUserResponse, DirectAccessConnectionDenied, OfflineAccessUserViewedPassword, IdaptiveVendorSync, IdaptiveRoleSync, CompanyInviterUpdated| 
+  | fromTime |  integer | no | From epoch Time **Example:** 1669923609709. **Default:** 0 | 
+  | toTime | integer | no | To epoch Time **Example:** 1669923609709. **Default:** 0 | 
+  | offset | integer | no | Starting activity offset. Default: 0 |
+  | limit | integer | no | Limit number or returned Activities. Default: 100 | 
+
+  ### Request
+  #### Request Header
+  | Request Header | Field Definition |
+  | :-- | :-- |
+  | Authorization | Bearer eyEXAMPLErQ |
+
+  #### Request Body
+  None
+
+  ### Response
+
+  #### Status Codes 
+  | Code | Description |
+  | :-- | :-- |
+  | 200 | OK |
+  | 400 | Custom Error |
+  | 401 | Unauthorized |
+  | 404 | Not Found |
+  | 500 | Internal Server Error |
+
+  #### 200 OK
+  ```
+  {
+    "activities": [
+      {
+        "activityType": "ApplicationCreated",
+        "activityData": {
+          "id": "string",
+          "time": 0,
+          "initiatedById": "string",
+          "initiatedByName": "string",
+          "initiatedByRole": "string",
+          "certId": "string",
+          "siteId": "string",
+          "siteName": "string",
+          "displayName": "string",
+          "description": "string",
+          "creationTime": 0,
+          "updateTime": 0,
+          "createdByUserId": "string",
+          "updatedByUserId": "string",
+          "subjectName": "string",
+          "validFrom": 0,
+          "validTo": 0
+        }
+      }
+    ],
+    "totalCount": 0
+  }
+  ```
+
+  #### 400 Bad Request
+  ```
+  {
+    "type": "about:blank",
+    "title": "Bad Request",
+    "status": 400,
+    "detail": "Required parameter 'activityTypes' is not present.",
+    "instance": "/v2-edge/activities"
+  }
+  ```
+}

SaaS/Remote Access/v1-edge/Applications/Retrieve Applications by Site.bru

@@ -0,0 +1,114 @@
+meta {
+  name: Retrieve Applications by Site
+  type: http
+  seq: 1
+}
+
+get {
+  url: https://{{remoteAccessBaseUrl}}/v1-edge/sites/{{siteId}}/applications
+  body: none
+  auth: none
+}
+
+query {
+  ~offset: 0
+  ~limit: 100
+}
+
+vars:pre-request {
+  siteId: 
+}
+
+assert {
+  res.body: isJson
+  res.status: eq 200
+}
+
+script:pre-request {
+  const remoteAccessAuth = require('./tools/remoteAccessAuth');
+  const tools = require('./tools/tools');
+
+  // Perform authentication usings remoteAccessAuth.js tools
+  await remoteAccessAuth.login();
+
+  // Sets Remote Access Site ID for testing based on environment flag and variables
+  var flag = bru.getEnvVar('testFlag')
+  if (flag == 'true') {
+    tools.log('Setting Variables');
+    bru.setVar('siteId', bru.getEnvVar('testRemoteAccessSiteId'));
+    tools.log('Remote Access Site Id Set: ' + bru.getVar('siteId'))
+  }
+}
+
+docs {
+  ## Get Remote Access Tenant's Sites - v1
+  Retrieves a list of tenant sites
+
+  ### URL
+  https://api.alero.io/v1-edge/sites/{siteId}/applications
+
+  #### Resource Information
+  | HTTP Method | GET |
+  | :-- | :-- |
+
+  #### URL Path Parameters
+  | Parameter | Type | Mandatory | Description | 
+  | :-- | :-- | :-- | :-- |
+  | siteId | string | yes | Unique Site ID to retreive applications for |
+
+  #### URL Query Parameters
+  | Parameter | Type | Mandatory | Description | 
+  | :-- | :-- | :-- | :-- |
+  | offset | integer | no | Starting activity offset. Default: 0 |
+  | limit | integer | no | Limit number or returned Activities. Default: 100 | 
+
+  ### Request
+  #### Request Header
+  | Request Header | Field Definition |
+  | :-- | :-- |
+  | Authorization | Bearer eyEXAMPLErQ |
+
+  #### Request Body
+  None
+
+  ### Response
+
+  #### Status Codes 
+  | Code | Description |
+  | :-- | :-- |
+  | 200 | OK |
+  | 400 | Custom Error |
+  | 401 | Unauthorized |
+  | 404 | Not Found |
+  | 500 | Internal Server Error |
+
+  #### 200 OK
+  ```
+  {
+    "applications": [
+      {
+        "id": "string",
+        "name": "string",
+        "authenticationMethod": "SAML",
+        "createdByUserId": "string",
+        "creationTime": 0,
+        "lastUpdatedByUserId": "string",
+        "lastUpdateTime": 0,
+        "logo": "string",
+        "internalUri": "string",
+        "certificateId": "string",
+        "externalUri": "string",
+        "nestedApplications": [
+          {
+            "externalUri": "string",
+            "internalUri": "string",
+            "certificateId": "string"
+          }
+        ],
+        "enabled": true
+      }
+    ],
+    "totalCount": 0
+  }
+  ```
+}