From aa208db04bf5cbbae8401ed2c7ac8b6c10658689 Mon Sep 17 00:00:00 2001 From: akabdulhanif Date: Tue, 20 Jan 2026 17:08:25 +0000 Subject: [PATCH 01/28] feat(profile): add BuildByProps endpoint to profiles handler (local branch) --- internal/api/handler/oscal/profiles.go | 289 ++++++------------------- 1 file changed, 71 insertions(+), 218 deletions(-) diff --git a/internal/api/handler/oscal/profiles.go b/internal/api/handler/oscal/profiles.go index 4ded97f3..40f9cf00 100644 --- a/internal/api/handler/oscal/profiles.go +++ b/internal/api/handler/oscal/profiles.go @@ -16,7 +16,6 @@ import ( "github.com/google/uuid" "github.com/labstack/echo/v4" "go.uber.org/zap" - "gorm.io/datatypes" "gorm.io/gorm" ) @@ -25,41 +24,11 @@ type ProfileHandler struct { db *gorm.DB } -type RuleOperator string - -const ( - RuleOperatorEquals RuleOperator = "equals" - RuleOperatorContains RuleOperator = "contains" - RuleOperatorRegex RuleOperator = "regex" - RuleOperatorIn RuleOperator = "in" -) - -type MatchStrategy string - -const ( - MatchStrategyAll MatchStrategy = "all" - MatchStrategyAny MatchStrategy = "any" -) - type rule struct { - Name string `json:"name" example:"class"` - Ns string `json:"ns" example:"http://csrc.nist.gov/ns/oscal"` - Operator RuleOperator `json:"operator" binding:"required" example:"equals"` - Value string `json:"value" binding:"required" example:"technical"` -} - -type BuildByPropsRequest struct { - CatalogID string `json:"catalog-id" binding:"required" example:"9b0c9c43-2722-4bbb-b132-13d34fb94d45"` - MatchStrategy MatchStrategy `json:"match-strategy" binding:"required" example:"all"` - Rules []rule `json:"rules" binding:"required,min=1"` - Title string `json:"title" binding:"required" example:"My Custom Profile"` - Version string `json:"version" example:"1.0.0"` -} - -type BuildByPropsResponse struct { - ProfileID uuid.UUID `json:"profile-id"` - ControlIDs []string `json:"control-ids"` - Profile oscalTypes_1_1_3.Profile `json:"profile"` + Name string `json:"name"` + Ns string `json:"ns"` + Operator string `json:"operator"` // equals | contains | regex | in + Value string `json:"value"` } func NewProfileHandler(sugar *zap.SugaredLogger, db *gorm.DB) *ProfileHandler { @@ -75,7 +44,6 @@ func (h *ProfileHandler) Register(api *echo.Group) { api.POST("/build-props", h.BuildByProps) api.GET("/:id", h.Get) api.GET("/:id/resolved", h.Resolved) - api.GET("/:id/compliance-progress", h.ComplianceProgress) api.GET("/:id/modify", h.GetModify) api.GET("/:id/back-matter", h.GetBackmatter) @@ -101,8 +69,8 @@ func (h *ProfileHandler) Register(api *echo.Group) { // @Tags Profile // @Accept json // @Produce json -// @Param request body oscal.BuildByPropsRequest true "Prop matching request" -// @Success 201 {object} handler.GenericDataResponse[oscal.BuildByPropsResponse] +// @Param request body oscal.ProfileHandler.BuildByProps.request true "Prop matching request" +// @Success 201 {object} handler.GenericDataResponse[oscal.ProfileHandler.BuildByProps.response] // @Failure 400 {object} api.Error // @Failure 401 {object} api.Error // @Failure 404 {object} api.Error @@ -110,193 +78,102 @@ func (h *ProfileHandler) Register(api *echo.Group) { // @Security OAuth2Password // @Router /oscal/profiles/build-props [post] func (h *ProfileHandler) BuildByProps(ctx echo.Context) error { - var req BuildByPropsRequest + type request struct { + CatalogID string `json:"catalogId"` + MatchStrategy string `json:"matchStrategy"` // all | any + Rules []rule `json:"rules"` + Title string `json:"title"` + Version string `json:"version"` + } + type response struct { + ProfileID uuid.UUID `json:"profileId"` + ControlIDs []string `json:"controlIds"` + Profile oscalTypes_1_1_3.Profile `json:"profile"` + } + var req request if err := ctx.Bind(&req); err != nil { h.sugar.Warnw("failed to bind BuildByProps request", "error", err) return ctx.JSON(http.StatusBadRequest, api.NewError(err)) } - if req.CatalogID == "" || len(req.Rules) == 0 { - return ctx.JSON(http.StatusBadRequest, api.NewError(errors.New("catalog-id and rules are required"))) - } - - // Filter out invalid rules and validate operators - validRules := make([]rule, 0, len(req.Rules)) - for _, r := range req.Rules { - if strings.TrimSpace(string(r.Operator)) != "" && strings.TrimSpace(r.Value) != "" { - validRules = append(validRules, r) - } - } - if len(validRules) == 0 { - return ctx.JSON(http.StatusBadRequest, api.NewError(errors.New("rules must include non-empty operator and value"))) + return ctx.JSON(http.StatusBadRequest, api.NewError(errors.New("catalogId and rules are required"))) } - - // Pre-compile regex patterns and validate - regexCache := make(map[string]*regexp.Regexp) - for _, r := range validRules { - if r.Operator == RuleOperatorRegex { - re, err := regexp.Compile(r.Value) - if err != nil { - h.sugar.Warnw("invalid regex pattern", "pattern", r.Value, "error", err) - return ctx.JSON(http.StatusBadRequest, api.NewError(fmt.Errorf("invalid regex pattern '%s': %w", r.Value, err))) - } - regexCache[r.Value] = re - } - } - catUUID, err := uuid.Parse(req.CatalogID) if err != nil { return ctx.JSON(http.StatusBadRequest, api.NewError(err)) } - - // Check if catalog exists - var catalog relational.Catalog - if err := h.db.Preload("Metadata").First(&catalog, "id = ?", catUUID).Error; err != nil { + var controls []relational.Control + if err := h.db.Where("catalog_id = ?", catUUID).Find(&controls).Error; err != nil { if errors.Is(err, gorm.ErrRecordNotFound) { return ctx.JSON(http.StatusNotFound, api.NewError(err)) } - h.sugar.Errorw("failed to load catalog metadata", "catalogId", req.CatalogID, "error", err) - return ctx.JSON(http.StatusInternalServerError, api.NewError(err)) - } - - var controls []relational.Control - if err := h.db.Where("catalog_id = ?", catUUID).Find(&controls).Error; err != nil { h.sugar.Errorw("failed to list catalog controls", "catalogId", req.CatalogID, "error", err) return ctx.JSON(http.StatusInternalServerError, api.NewError(err)) } - - // Check if controls were found - if len(controls) == 0 { - return ctx.JSON(http.StatusNotFound, api.NewError(errors.New("no controls found in catalog"))) - } - - matchAll := req.MatchStrategy == MatchStrategyAll + matchAll := strings.ToLower(req.MatchStrategy) == "all" matched := make([]relational.Control, 0, len(controls)) matchedIDs := make([]string, 0, len(controls)) for i := range controls { - if matchControlByProps(&controls[i], validRules, matchAll, regexCache) { + if matchControlByProps(&controls[i], req.Rules, matchAll) { matched = append(matched, controls[i]) matchedIDs = append(matchedIDs, controls[i].ID) } } - - // Wrap the entire build flow in a transaction - var profileID uuid.UUID - var oscalProfile *oscalTypes_1_1_3.Profile - err = h.db.Transaction(func(tx *gorm.DB) error { - now := time.Now() - resourceUUID := uuid.New() - title := catalog.Metadata.Title - resource := relational.BackMatterResource{ - ID: resourceUUID, - Title: &title, - RLinks: []relational.ResourceLink{ - { - Href: "#" + req.CatalogID, - MediaType: "application/ccf+oscal+json", - }, - }, - } - includeGroup := relational.SelectControlById{ - WithChildControls: "", - WithIds: datatypes.NewJSONSlice(matchedIDs), - } - newImport := relational.Import{ - Href: "#" + resourceUUID.String(), - } - profile := &relational.Profile{ - Metadata: relational.Metadata{ - Title: req.Title, - Version: req.Version, - OscalVersion: versioning.GetLatestSupportedVersion(), - LastModified: &now, - }, - Controls: matched, - } - if err := tx.Create(profile).Error; err != nil { - return fmt.Errorf("failed to create profile: %w", err) - } - profileID = *profile.ID - - // Persist BackMatter and resource under this profile - parentID := profile.ID.String() - parentType := "profiles" - bmRecord := &relational.BackMatter{ - ParentID: &parentID, - ParentType: &parentType, - } - if err := tx.Create(bmRecord).Error; err != nil { - return fmt.Errorf("failed to create backmatter: %w", err) - } - if bmRecord.ID != nil { - resource.BackMatterID = *bmRecord.ID - } - if err := tx.Create(&resource).Error; err != nil { - return fmt.Errorf("failed to create backmatter resource: %w", err) - } - - // Persist import and include-controls - newImport.ProfileID = *profile.ID - if err := tx.Create(&newImport).Error; err != nil { - return fmt.Errorf("failed to create import: %w", err) - } - if len(matchedIDs) > 0 && newImport.ID != nil { - includeGroup.ParentID = *newImport.ID - includeGroup.ParentType = "included" - if err := tx.Create(&includeGroup).Error; err != nil { - return fmt.Errorf("failed to create include-controls: %w", err) - } - } - - if _, err := SyncProfileControls(tx, *profile.ID); err != nil { - return fmt.Errorf("failed to sync profile controls: %w", err) - } - - // Reload full profile with associations for response - fullProfile, err := FindFullProfile(tx, *profile.ID) - if err != nil { - return fmt.Errorf("failed to reload full profile: %w", err) - } - oscalProfile = fullProfile.MarshalOscal() - return nil - }) - - if err != nil { - h.sugar.Errorw("failed to build profile by props", "error", err) + now := time.Now() + profile := &relational.Profile{ + Metadata: relational.Metadata{ + Title: req.Title, + Version: req.Version, + OscalVersion: versioning.GetLatestSupportedVersion(), + LastModified: &now, + }, + Controls: matched, + } + if err := h.db.Create(profile).Error; err != nil { + h.sugar.Errorw("failed to create profile from props", "error", err) return ctx.JSON(http.StatusInternalServerError, api.NewError(err)) } - - return ctx.JSON(http.StatusCreated, handler.GenericDataResponse[BuildByPropsResponse]{ - Data: BuildByPropsResponse{ - ProfileID: profileID, + if _, err := SyncProfileControls(h.db, *profile.ID); err != nil { + h.sugar.Errorw("failed to sync profile controls", "profileId", profile.ID, "error", err) + return ctx.JSON(http.StatusInternalServerError, api.NewError(err)) + } + oscalProfile := profile.MarshalOscal() + return ctx.JSON(http.StatusCreated, handler.GenericDataResponse[response]{ + Data: response{ + ProfileID: *profile.ID, ControlIDs: matchedIDs, Profile: *oscalProfile, }, }) } -func matchControlByProps(ctl *relational.Control, rules []rule, matchAll bool, regexCache map[string]*regexp.Regexp) bool { +func matchControlByProps(ctl *relational.Control, rules []rule, matchAll bool) bool { if len(rules) == 0 { return false } eval := func(r rule, p relational.Prop) bool { - if r.Name != "" && !strings.EqualFold(r.Name, p.Name) { + if r.Name != "" && strings.ToLower(r.Name) != strings.ToLower(p.Name) { return false } - if r.Ns != "" && !strings.EqualFold(r.Ns, p.Ns) { + if r.Ns != "" && strings.ToLower(r.Ns) != strings.ToLower(p.Ns) { return false } - switch r.Operator { - case RuleOperatorEquals: + switch strings.ToLower(r.Operator) { + case "equals": return strings.EqualFold(p.Value, r.Value) - case RuleOperatorContains: + case "contains": return strings.Contains(strings.ToLower(p.Value), strings.ToLower(r.Value)) - case RuleOperatorRegex: - if re, ok := regexCache[r.Value]; ok { - return re.MatchString(p.Value) - } - return false - case RuleOperatorIn: + case "regex": + m, _ := func() (bool, error) { + // simple regex match + re, err := regexp.Compile(r.Value) + if err != nil { + return false, err + } + return re.MatchString(p.Value), nil + }() + return m + case "in": parts := strings.Split(r.Value, ",") for _, v := range parts { if strings.EqualFold(strings.TrimSpace(v), p.Value) { @@ -1458,12 +1335,8 @@ func rollUpToRootControl(db *gorm.DB, control relational.Control) (relational.Co tx := db.Session(&gorm.Session{}) if *control.ParentType == "controls" { - if control.ParentID == nil { - return control, fmt.Errorf("control %s has parent type %q but nil parent ID", control.ID, *control.ParentType) - } - parent := relational.Control{} - if err := tx.First(&parent, "id = ? AND catalog_id = ?", *control.ParentID, control.CatalogID).Error; err != nil { + if err := tx.First(&parent, "id = ?", control.ParentID).Error; err != nil { return control, err } parent.Controls = append(parent.Controls, control) @@ -1480,12 +1353,8 @@ func rollUpToRootGroup(db *gorm.DB, group relational.Group) (relational.Group, e tx := db.Session(&gorm.Session{}) if *group.ParentType == "groups" { - if group.ParentID == nil { - return group, fmt.Errorf("group %s has parent type %q but nil parent ID", group.ID, *group.ParentType) - } - parent := relational.Group{} - if err := tx.First(&parent, "id = ? AND catalog_id = ?", *group.ParentID, group.CatalogID).Error; err != nil { + if err := tx.First(&parent, "id = ?", *group.ParentID).Error; err != nil { return group, err } parent.Groups = append(parent.Groups, group) @@ -1495,26 +1364,15 @@ func rollUpToRootGroup(db *gorm.DB, group relational.Group) (relational.Group, e return group, nil } -type controlMergeKey struct { - CatalogID uuid.UUID - ID string -} - -type groupMergeKey struct { - CatalogID uuid.UUID - ID string -} - func mergeControls(controls ...relational.Control) []relational.Control { - mapped := map[controlMergeKey]relational.Control{} + mapped := map[string]relational.Control{} for _, control := range controls { - key := controlMergeKey{CatalogID: control.CatalogID, ID: control.ID} - if sub, ok := mapped[key]; ok { + if sub, ok := mapped[control.ID]; ok { control.Controls = append(control.Controls, sub.Controls...) } control.Controls = mergeControls(control.Controls...) - mapped[key] = control + mapped[control.ID] = control } flattened := []relational.Control{} @@ -1525,17 +1383,16 @@ func mergeControls(controls ...relational.Control) []relational.Control { } func mergeGroups(groups ...relational.Group) []relational.Group { - mapped := map[groupMergeKey]relational.Group{} + mapped := map[string]relational.Group{} for _, group := range groups { - key := groupMergeKey{CatalogID: group.CatalogID, ID: group.ID} - if sub, ok := mapped[key]; ok { + if sub, ok := mapped[group.ID]; ok { group.Groups = append(group.Groups, sub.Groups...) group.Controls = append(group.Controls, sub.Controls...) } group.Controls = mergeControls(group.Controls...) group.Groups = mergeGroups(group.Groups...) - mapped[key] = group + mapped[group.ID] = group } flattened := []relational.Group{} for _, group := range mapped { @@ -1571,12 +1428,8 @@ func rollUpControlsToCatalog(db *gorm.DB, allControls []relational.Control) (*re // If the control has a group as a parent, roll it up. if *rootControl.ParentType == "groups" { - if rootControl.ParentID == nil { - return nil, fmt.Errorf("control %s has parent type %q but nil parent ID", rootControl.ID, *rootControl.ParentType) - } - group := &relational.Group{} - if err = db.First(group, "id = ? AND catalog_id = ?", *rootControl.ParentID, rootControl.CatalogID).Error; err != nil { + if err = db.First(group, "id = ?", *rootControl.ParentID).Error; err != nil { return nil, err } group.Controls = append(group.Controls, rootControl) @@ -1669,7 +1522,7 @@ func FindOscalCatalogFromBackMatter(profile *relational.Profile, ref string) (uu } } } - return uuid.Nil, errors.New("no valid catalog uuid was found within the backmatter. ref: " + ref) + return uuid.Nil, errors.New("No valid catalog UUID was found within the backmatter. Ref: " + ref) } // GatherControlIds extracts unique control IDs from an Import’s IncludeControls, avoiding duplicates. From 08fbeb26f9fd2651c533f8df93521ac58a7fe683 Mon Sep 17 00:00:00 2001 From: akabdulhanif Date: Tue, 20 Jan 2026 18:14:24 +0000 Subject: [PATCH 02/28] feat(profile): accept kebab-case keys in BuildByProps request --- internal/api/handler/oscal/profiles.go | 37 ++++++++++++++++++++++++-- 1 file changed, 35 insertions(+), 2 deletions(-) diff --git a/internal/api/handler/oscal/profiles.go b/internal/api/handler/oscal/profiles.go index 40f9cf00..1218fbcb 100644 --- a/internal/api/handler/oscal/profiles.go +++ b/internal/api/handler/oscal/profiles.go @@ -1,6 +1,7 @@ package oscal import ( + "encoding/json" "errors" "fmt" "net/http" @@ -91,10 +92,42 @@ func (h *ProfileHandler) BuildByProps(ctx echo.Context) error { Profile oscalTypes_1_1_3.Profile `json:"profile"` } var req request - if err := ctx.Bind(&req); err != nil { - h.sugar.Warnw("failed to bind BuildByProps request", "error", err) + var raw map[string]any + if err := json.NewDecoder(ctx.Request().Body).Decode(&raw); err != nil { + h.sugar.Warnw("failed to decode BuildByProps request", "error", err) return ctx.JSON(http.StatusBadRequest, api.NewError(err)) } + // Accept both camelCase and kebab-case keys + getStr := func(m map[string]any, keys ...string) string { + for _, k := range keys { + if v, ok := m[k]; ok { + if s, ok := v.(string); ok { + return s + } + } + } + return "" + } + req.CatalogID = getStr(raw, "catalogId", "catalog-id") + req.MatchStrategy = getStr(raw, "matchStrategy", "match-strategy") + req.Title = getStr(raw, "title") + req.Version = getStr(raw, "version") + if rv, ok := raw["rules"]; ok { + if arr, ok := rv.([]any); ok { + out := make([]rule, 0, len(arr)) + for _, it := range arr { + if mm, ok := it.(map[string]any); ok { + out = append(out, rule{ + Name: getStr(mm, "name"), + Ns: getStr(mm, "ns"), + Operator: getStr(mm, "operator"), + Value: getStr(mm, "value"), + }) + } + } + req.Rules = out + } + } if req.CatalogID == "" || len(req.Rules) == 0 { return ctx.JSON(http.StatusBadRequest, api.NewError(errors.New("catalogId and rules are required"))) } From 13402d183fceddbe244b4bcbe0205565131cfb06 Mon Sep 17 00:00:00 2001 From: akabdulhanif Date: Wed, 21 Jan 2026 11:09:03 +0000 Subject: [PATCH 03/28] feat(profile): BuildByProps creates import and back-matter; validates rules --- internal/api/handler/oscal/profiles.go | 43 ++++++++++++++++++++++++-- 1 file changed, 41 insertions(+), 2 deletions(-) diff --git a/internal/api/handler/oscal/profiles.go b/internal/api/handler/oscal/profiles.go index 1218fbcb..4a2cd7e6 100644 --- a/internal/api/handler/oscal/profiles.go +++ b/internal/api/handler/oscal/profiles.go @@ -17,6 +17,7 @@ import ( "github.com/google/uuid" "github.com/labstack/echo/v4" "go.uber.org/zap" + "gorm.io/datatypes" "gorm.io/gorm" ) @@ -131,6 +132,16 @@ func (h *ProfileHandler) BuildByProps(ctx echo.Context) error { if req.CatalogID == "" || len(req.Rules) == 0 { return ctx.JSON(http.StatusBadRequest, api.NewError(errors.New("catalogId and rules are required"))) } + // filter out invalid rules (empty operator or value) + validRules := make([]rule, 0, len(req.Rules)) + for _, r := range req.Rules { + if strings.TrimSpace(r.Operator) != "" && strings.TrimSpace(r.Value) != "" { + validRules = append(validRules, r) + } + } + if len(validRules) == 0 { + return ctx.JSON(http.StatusBadRequest, api.NewError(errors.New("rules must include non-empty operator and value"))) + } catUUID, err := uuid.Parse(req.CatalogID) if err != nil { return ctx.JSON(http.StatusBadRequest, api.NewError(err)) @@ -147,12 +158,38 @@ func (h *ProfileHandler) BuildByProps(ctx echo.Context) error { matched := make([]relational.Control, 0, len(controls)) matchedIDs := make([]string, 0, len(controls)) for i := range controls { - if matchControlByProps(&controls[i], req.Rules, matchAll) { + if matchControlByProps(&controls[i], validRules, matchAll) { matched = append(matched, controls[i]) matchedIDs = append(matchedIDs, controls[i].ID) } } now := time.Now() + // build BackMatter resource and Import pointing to the catalog + var catalog relational.Catalog + if err := h.db.Preload("Metadata").First(&catalog, "id = ?", catUUID).Error; err != nil { + h.sugar.Warnw("failed to load catalog metadata", "catalogId", req.CatalogID, "error", err) + return ctx.JSON(http.StatusBadRequest, api.NewError(err)) + } + resourceUUID := uuid.New() + title := catalog.Metadata.Title + resource := relational.BackMatterResource{ + ID: resourceUUID, + Title: &title, + RLinks: []relational.ResourceLink{ + { + Href: "#" + req.CatalogID, + MediaType: "application/ccf+oscal+json", + }, + }, + } + includeGroup := relational.SelectControlById{ + WithChildControls: "", + WithIds: datatypes.NewJSONSlice(matchedIDs), + } + newImport := relational.Import{ + Href: "#" + resourceUUID.String(), + IncludeControls: []relational.SelectControlById{includeGroup}, + } profile := &relational.Profile{ Metadata: relational.Metadata{ Title: req.Title, @@ -160,7 +197,9 @@ func (h *ProfileHandler) BuildByProps(ctx echo.Context) error { OscalVersion: versioning.GetLatestSupportedVersion(), LastModified: &now, }, - Controls: matched, + Controls: matched, + BackMatter: &relational.BackMatter{Resources: []relational.BackMatterResource{resource}}, + Imports: []relational.Import{newImport}, } if err := h.db.Create(profile).Error; err != nil { h.sugar.Errorw("failed to create profile from props", "error", err) From c3b064f0d4b16c9555238d42d379b87f64ebf090 Mon Sep 17 00:00:00 2001 From: akabdulhanif Date: Wed, 21 Jan 2026 15:53:52 +0000 Subject: [PATCH 04/28] fix(profile): persist import include-controls and back-matter resources in BuildByProps --- internal/api/handler/oscal/profiles.go | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/internal/api/handler/oscal/profiles.go b/internal/api/handler/oscal/profiles.go index 4a2cd7e6..edb57acd 100644 --- a/internal/api/handler/oscal/profiles.go +++ b/internal/api/handler/oscal/profiles.go @@ -205,6 +205,24 @@ func (h *ProfileHandler) BuildByProps(ctx echo.Context) error { h.sugar.Errorw("failed to create profile from props", "error", err) return ctx.JSON(http.StatusInternalServerError, api.NewError(err)) } + if err := h.db.Model(profile).Association("Imports").Append(&newImport); err != nil { + h.sugar.Errorw("failed to append import", "profileId", profile.ID, "error", err) + return ctx.JSON(http.StatusInternalServerError, api.NewError(err)) + } + var savedImport relational.Import + if err := h.db.Where("profile_id = ? AND href = ?", profile.ID, newImport.Href).First(&savedImport).Error; err == nil { + if err := h.db.Model(&savedImport).Association("IncludeControls").Replace([]relational.SelectControlById{includeGroup}); err != nil { + h.sugar.Errorw("failed to set include controls", "profileId", profile.ID, "error", err) + return ctx.JSON(http.StatusInternalServerError, api.NewError(err)) + } + } + var bm relational.BackMatter + if err := h.db.Where("parent_id = ? AND parent_type = 'profiles'", profile.ID.String()).First(&bm).Error; err == nil { + if err := h.db.Model(&bm).Association("Resources").Append(&resource); err != nil { + h.sugar.Errorw("failed to append backmatter resource", "profileId", profile.ID, "error", err) + return ctx.JSON(http.StatusInternalServerError, api.NewError(err)) + } + } if _, err := SyncProfileControls(h.db, *profile.ID); err != nil { h.sugar.Errorw("failed to sync profile controls", "profileId", profile.ID, "error", err) return ctx.JSON(http.StatusInternalServerError, api.NewError(err)) From 58b3bdac87c5bcfb15b57cc8547a6c98a1f8e8e5 Mon Sep 17 00:00:00 2001 From: akabdulhanif Date: Wed, 21 Jan 2026 23:01:17 +0000 Subject: [PATCH 05/28] fix(profile): avoid duplicate imports/back-matter; persist associations after create and reload full profile --- internal/api/handler/oscal/profiles.go | 50 +++++++++++++++++--------- 1 file changed, 34 insertions(+), 16 deletions(-) diff --git a/internal/api/handler/oscal/profiles.go b/internal/api/handler/oscal/profiles.go index edb57acd..8649c96a 100644 --- a/internal/api/handler/oscal/profiles.go +++ b/internal/api/handler/oscal/profiles.go @@ -197,29 +197,41 @@ func (h *ProfileHandler) BuildByProps(ctx echo.Context) error { OscalVersion: versioning.GetLatestSupportedVersion(), LastModified: &now, }, - Controls: matched, - BackMatter: &relational.BackMatter{Resources: []relational.BackMatterResource{resource}}, - Imports: []relational.Import{newImport}, + Controls: matched, } if err := h.db.Create(profile).Error; err != nil { h.sugar.Errorw("failed to create profile from props", "error", err) return ctx.JSON(http.StatusInternalServerError, api.NewError(err)) } - if err := h.db.Model(profile).Association("Imports").Append(&newImport); err != nil { - h.sugar.Errorw("failed to append import", "profileId", profile.ID, "error", err) + // Persist BackMatter and resource under this profile + parentID := profile.ID.String() + parentType := "profiles" + bmRecord := &relational.BackMatter{ + ParentID: &parentID, + ParentType: &parentType, + } + if err := h.db.Create(bmRecord).Error; err != nil { + h.sugar.Errorw("failed to create backmatter for profile", "profileId", profile.ID, "error", err) return ctx.JSON(http.StatusInternalServerError, api.NewError(err)) } - var savedImport relational.Import - if err := h.db.Where("profile_id = ? AND href = ?", profile.ID, newImport.Href).First(&savedImport).Error; err == nil { - if err := h.db.Model(&savedImport).Association("IncludeControls").Replace([]relational.SelectControlById{includeGroup}); err != nil { - h.sugar.Errorw("failed to set include controls", "profileId", profile.ID, "error", err) - return ctx.JSON(http.StatusInternalServerError, api.NewError(err)) - } + if bmRecord.ID != nil { + resource.BackMatterID = *bmRecord.ID + } + if err := h.db.Create(&resource).Error; err != nil { + h.sugar.Errorw("failed to create backmatter resource", "profileId", profile.ID, "error", err) + return ctx.JSON(http.StatusInternalServerError, api.NewError(err)) } - var bm relational.BackMatter - if err := h.db.Where("parent_id = ? AND parent_type = 'profiles'", profile.ID.String()).First(&bm).Error; err == nil { - if err := h.db.Model(&bm).Association("Resources").Append(&resource); err != nil { - h.sugar.Errorw("failed to append backmatter resource", "profileId", profile.ID, "error", err) + // Persist import and include-controls + newImport.ProfileID = *profile.ID + if err := h.db.Create(&newImport).Error; err != nil { + h.sugar.Errorw("failed to create import", "profileId", profile.ID, "error", err) + return ctx.JSON(http.StatusInternalServerError, api.NewError(err)) + } + if len(matchedIDs) > 0 && newImport.ID != nil { + includeGroup.ParentID = *newImport.ID + includeGroup.ParentType = "included" + if err := h.db.Create(&includeGroup).Error; err != nil { + h.sugar.Errorw("failed to create include-controls", "profileId", profile.ID, "error", err) return ctx.JSON(http.StatusInternalServerError, api.NewError(err)) } } @@ -227,7 +239,13 @@ func (h *ProfileHandler) BuildByProps(ctx echo.Context) error { h.sugar.Errorw("failed to sync profile controls", "profileId", profile.ID, "error", err) return ctx.JSON(http.StatusInternalServerError, api.NewError(err)) } - oscalProfile := profile.MarshalOscal() + // Reload full profile with associations for response + fullProfile, err := FindFullProfile(h.db, *profile.ID) + if err != nil { + h.sugar.Errorw("failed to reload full profile", "profileId", profile.ID, "error", err) + return ctx.JSON(http.StatusInternalServerError, api.NewError(err)) + } + oscalProfile := fullProfile.MarshalOscal() return ctx.JSON(http.StatusCreated, handler.GenericDataResponse[response]{ Data: response{ ProfileID: *profile.ID, From 4fe715eba63e61d609f7e862bf92668efda0f8d9 Mon Sep 17 00:00:00 2001 From: akabdulhanif Date: Wed, 21 Jan 2026 23:39:17 +0000 Subject: [PATCH 06/28] fix(profile): prevent duplicate include-controls groups by creating association explicitly --- internal/api/handler/oscal/profiles.go | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/internal/api/handler/oscal/profiles.go b/internal/api/handler/oscal/profiles.go index 8649c96a..e5a30936 100644 --- a/internal/api/handler/oscal/profiles.go +++ b/internal/api/handler/oscal/profiles.go @@ -187,8 +187,7 @@ func (h *ProfileHandler) BuildByProps(ctx echo.Context) error { WithIds: datatypes.NewJSONSlice(matchedIDs), } newImport := relational.Import{ - Href: "#" + resourceUUID.String(), - IncludeControls: []relational.SelectControlById{includeGroup}, + Href: "#" + resourceUUID.String(), } profile := &relational.Profile{ Metadata: relational.Metadata{ From 12bb4146d91b8d29b56899f32620a5ae24f2b478 Mon Sep 17 00:00:00 2001 From: akabdulhanif Date: Thu, 22 Jan 2026 00:09:52 +0000 Subject: [PATCH 07/28] test(api): add integration test for BuildByProps to assert import and controls --- .../oscal/profiles_integration_test.go | 602 +----------------- 1 file changed, 11 insertions(+), 591 deletions(-) diff --git a/internal/api/handler/oscal/profiles_integration_test.go b/internal/api/handler/oscal/profiles_integration_test.go index 1a2efd83..183365e0 100644 --- a/internal/api/handler/oscal/profiles_integration_test.go +++ b/internal/api/handler/oscal/profiles_integration_test.go @@ -6,6 +6,7 @@ import ( "bytes" "context" "encoding/json" + "fmt" "net/http" "net/http/httptest" "os" @@ -14,16 +15,13 @@ import ( "github.com/compliance-framework/api/internal/api" "github.com/compliance-framework/api/internal/api/handler" - "github.com/compliance-framework/api/internal/converters/labelfilter" "github.com/compliance-framework/api/internal/service/relational" - evidencesvc "github.com/compliance-framework/api/internal/service/relational/evidence" "github.com/compliance-framework/api/internal/tests" oscalTypes_1_1_3 "github.com/defenseunicorns/go-oscal/src/types/oscal-1-1-3" "github.com/google/uuid" "github.com/labstack/echo/v4" "github.com/stretchr/testify/suite" "go.uber.org/zap" - "gorm.io/datatypes" ) var ( @@ -65,8 +63,7 @@ func (suite *ProfileIntegrationSuite) SetupSuite() { suite.logger = logger.Sugar() metrics := api.NewMetricsHandler(context.Background(), suite.logger) suite.server = api.NewServer(context.Background(), suite.logger, suite.Config, metrics) - evidenceSvc := evidencesvc.NewEvidenceService(suite.DB, logger.Sugar(), suite.Config, nil) - RegisterHandlers(suite.server, logger.Sugar(), suite.DB, suite.Config, evidenceSvc) + RegisterHandlers(suite.server, suite.logger, suite.DB, suite.Config) profileFp, err := os.Open("../../../../testdata/profile_fedramp_low.json") suite.Require().NoError(err, "Failed to open profile file") @@ -520,6 +517,7 @@ func (suite *ProfileIntegrationSuite) TestAddImport() { suite.server.E().ServeHTTP(rec, req) + fmt.Println("Response Body:", rec.Body.String()) suite.Require().Equal(http.StatusCreated, rec.Code, "Expected status code 201 Created") var response handler.GenericDataResponse[oscalTypes_1_1_3.Import] @@ -591,10 +589,10 @@ func (suite *ProfileIntegrationSuite) TestBuildByPropsCreatesImportAndControls() Metadata: relational.Metadata{Title: "Prop Match Test Catalog"}, Controls: []relational.Control{ { - ID: "ac-1", - Title: "Access Control 1", + ID: "ac-1", + Title: "Access Control 1", CatalogID: catID, - Props: []relational.Prop{{Name: "class", Value: "technical"}}, + Props: []relational.Prop{{Name: "class", Value: "technical"}}, }, }, } @@ -603,8 +601,8 @@ func (suite *ProfileIntegrationSuite) TestBuildByPropsCreatesImportAndControls() // Build profile by props targeting the seeded catalog and rule body := map[string]any{ - "catalog-id": catID.String(), - "match-strategy": "all", + "catalogId": catID.String(), + "matchStrategy": "all", "rules": []map[string]string{ {"name": "class", "operator": "equals", "value": "technical"}, }, @@ -621,9 +619,9 @@ func (suite *ProfileIntegrationSuite) TestBuildByPropsCreatesImportAndControls() suite.Require().Equal(http.StatusCreated, rec.Code, "Expected 201 from build-by-props") var response handler.GenericDataResponse[struct { - ProfileID uuid.UUID `json:"profile-id"` - ControlIDs []string `json:"control-ids"` - Profile oscalTypes_1_1_3.Profile `json:"profile"` + ProfileID uuid.UUID `json:"profileId"` + ControlIDs []string `json:"controlIds"` + Profile oscalTypes_1_1_3.Profile `json:"profile"` }] err = json.NewDecoder(rec.Body).Decode(&response) suite.Require().NoError(err, "Failed to decode build-by-props response") @@ -642,237 +640,6 @@ func (suite *ProfileIntegrationSuite) TestBuildByPropsCreatesImportAndControls() suite.Require().Len(list.Data, 1, "Expected a single import") } -func (suite *ProfileIntegrationSuite) TestBuildByPropsOperators() { - suite.IntegrationTestSuite.Migrator.Refresh() - token, err := suite.GetAuthToken() - suite.Require().NoError(err, "Failed to get auth token") - - // Seed a catalog with multiple controls with different props - catID := uuid.New() - catalog := &relational.Catalog{ - UUIDModel: relational.UUIDModel{ID: &catID}, - Metadata: relational.Metadata{Title: "Operator Test Catalog"}, - Controls: []relational.Control{ - { - ID: "ac-1", - Title: "Access Control 1", - CatalogID: catID, - Props: []relational.Prop{ - {Name: "class", Value: "technical"}, - {Name: "priority", Value: "P1"}, - }, - }, - { - ID: "ac-2", - Title: "Access Control 2", - CatalogID: catID, - Props: []relational.Prop{ - {Name: "class", Value: "operational"}, - {Name: "priority", Value: "P2"}, - }, - }, - { - ID: "ac-3", - Title: "Access Control 3", - CatalogID: catID, - Props: []relational.Prop{ - {Name: "class", Value: "management"}, - {Name: "priority", Value: "P1-critical"}, - }, - }, - { - ID: "sc-1", - Title: "System and Communications Protection 1", - CatalogID: catID, - Props: []relational.Prop{ - {Name: "class", Value: "technical"}, - {Name: "family", Value: "SC"}, - }, - }, - }, - } - err = suite.DB.Create(catalog).Error - suite.Require().NoError(err, "Failed to seed test catalog") - - suite.Run("Regex operator - match controls with priority starting with P1", func() { - body := map[string]any{ - "catalog-id": catID.String(), - "match-strategy": "any", - "rules": []map[string]string{ - {"name": "priority", "operator": "regex", "value": "^P1"}, - }, - "title": "Regex Test Profile", - "version": "1.0.0", - } - payload, _ := json.Marshal(body) - - rec := httptest.NewRecorder() - req := httptest.NewRequest(http.MethodPost, "/api/oscal/profiles/build-props", bytes.NewReader(payload)) - req.Header.Set(echo.HeaderContentType, echo.MIMEApplicationJSON) - req.Header.Set(echo.HeaderAuthorization, "Bearer "+*token) - suite.server.E().ServeHTTP(rec, req) - suite.Require().Equal(http.StatusCreated, rec.Code, "Expected 201 from build-by-props") - - var response handler.GenericDataResponse[struct { - ProfileID uuid.UUID `json:"profile-id"` - ControlIDs []string `json:"control-ids"` - Profile oscalTypes_1_1_3.Profile `json:"profile"` - }] - err = json.NewDecoder(rec.Body).Decode(&response) - suite.Require().NoError(err, "Failed to decode response") - suite.Require().Len(response.Data.ControlIDs, 2, "Expected two matched controls (ac-1, ac-3)") - suite.Require().Contains(response.Data.ControlIDs, "ac-1") - suite.Require().Contains(response.Data.ControlIDs, "ac-3") - }) - - suite.Run("In operator - match controls with class in list", func() { - body := map[string]any{ - "catalog-id": catID.String(), - "match-strategy": "any", - "rules": []map[string]string{ - {"name": "class", "operator": "in", "value": "technical,operational"}, - }, - "title": "In Operator Test Profile", - "version": "1.0.0", - } - payload, _ := json.Marshal(body) - - rec := httptest.NewRecorder() - req := httptest.NewRequest(http.MethodPost, "/api/oscal/profiles/build-props", bytes.NewReader(payload)) - req.Header.Set(echo.HeaderContentType, echo.MIMEApplicationJSON) - req.Header.Set(echo.HeaderAuthorization, "Bearer "+*token) - suite.server.E().ServeHTTP(rec, req) - suite.Require().Equal(http.StatusCreated, rec.Code, "Expected 201 from build-by-props") - - var response handler.GenericDataResponse[struct { - ProfileID uuid.UUID `json:"profile-id"` - ControlIDs []string `json:"control-ids"` - Profile oscalTypes_1_1_3.Profile `json:"profile"` - }] - err = json.NewDecoder(rec.Body).Decode(&response) - suite.Require().NoError(err, "Failed to decode response") - suite.Require().Len(response.Data.ControlIDs, 3, "Expected three matched controls (ac-1, ac-2, sc-1)") - suite.Require().Contains(response.Data.ControlIDs, "ac-1") - suite.Require().Contains(response.Data.ControlIDs, "ac-2") - suite.Require().Contains(response.Data.ControlIDs, "sc-1") - }) - - suite.Run("Contains operator - match controls with class containing 'tech'", func() { - body := map[string]any{ - "catalog-id": catID.String(), - "match-strategy": "any", - "rules": []map[string]string{ - {"name": "class", "operator": "contains", "value": "tech"}, - }, - "title": "Contains Operator Test Profile", - "version": "1.0.0", - } - payload, _ := json.Marshal(body) - - rec := httptest.NewRecorder() - req := httptest.NewRequest(http.MethodPost, "/api/oscal/profiles/build-props", bytes.NewReader(payload)) - req.Header.Set(echo.HeaderContentType, echo.MIMEApplicationJSON) - req.Header.Set(echo.HeaderAuthorization, "Bearer "+*token) - suite.server.E().ServeHTTP(rec, req) - suite.Require().Equal(http.StatusCreated, rec.Code, "Expected 201 from build-by-props") - - var response handler.GenericDataResponse[struct { - ProfileID uuid.UUID `json:"profile-id"` - ControlIDs []string `json:"control-ids"` - Profile oscalTypes_1_1_3.Profile `json:"profile"` - }] - err = json.NewDecoder(rec.Body).Decode(&response) - suite.Require().NoError(err, "Failed to decode response") - suite.Require().Len(response.Data.ControlIDs, 2, "Expected two matched controls (ac-1, sc-1)") - suite.Require().Contains(response.Data.ControlIDs, "ac-1") - suite.Require().Contains(response.Data.ControlIDs, "sc-1") - }) - - suite.Run("Invalid regex pattern returns 400", func() { - body := map[string]any{ - "catalog-id": catID.String(), - "match-strategy": "any", - "rules": []map[string]string{ - {"name": "priority", "operator": "regex", "value": "[invalid(regex"}, - }, - "title": "Invalid Regex Test", - "version": "1.0.0", - } - payload, _ := json.Marshal(body) - - rec := httptest.NewRecorder() - req := httptest.NewRequest(http.MethodPost, "/api/oscal/profiles/build-props", bytes.NewReader(payload)) - req.Header.Set(echo.HeaderContentType, echo.MIMEApplicationJSON) - req.Header.Set(echo.HeaderAuthorization, "Bearer "+*token) - suite.server.E().ServeHTTP(rec, req) - suite.Require().Equal(http.StatusBadRequest, rec.Code, "Expected 400 for invalid regex") - suite.Require().Contains(rec.Body.String(), "invalid regex pattern") - }) - - suite.Run("Match strategy 'all' requires all rules to match", func() { - body := map[string]any{ - "catalog-id": catID.String(), - "match-strategy": "all", - "rules": []map[string]string{ - {"name": "class", "operator": "equals", "value": "technical"}, - {"name": "priority", "operator": "equals", "value": "P1"}, - }, - "title": "Match All Strategy Test", - "version": "1.0.0", - } - payload, _ := json.Marshal(body) - - rec := httptest.NewRecorder() - req := httptest.NewRequest(http.MethodPost, "/api/oscal/profiles/build-props", bytes.NewReader(payload)) - req.Header.Set(echo.HeaderContentType, echo.MIMEApplicationJSON) - req.Header.Set(echo.HeaderAuthorization, "Bearer "+*token) - suite.server.E().ServeHTTP(rec, req) - suite.Require().Equal(http.StatusCreated, rec.Code, "Expected 201 from build-by-props") - - var response handler.GenericDataResponse[struct { - ProfileID uuid.UUID `json:"profile-id"` - ControlIDs []string `json:"control-ids"` - Profile oscalTypes_1_1_3.Profile `json:"profile"` - }] - err = json.NewDecoder(rec.Body).Decode(&response) - suite.Require().NoError(err, "Failed to decode response") - suite.Require().Len(response.Data.ControlIDs, 1, "Expected only one control matching both rules (ac-1)") - suite.Require().Equal("ac-1", response.Data.ControlIDs[0]) - }) - - suite.Run("Match strategy 'any' matches if any rule matches", func() { - body := map[string]any{ - "catalog-id": catID.String(), - "match-strategy": "any", - "rules": []map[string]string{ - {"name": "class", "operator": "equals", "value": "technical"}, - {"name": "family", "operator": "equals", "value": "SC"}, - }, - "title": "Match Any Strategy Test", - "version": "1.0.0", - } - payload, _ := json.Marshal(body) - - rec := httptest.NewRecorder() - req := httptest.NewRequest(http.MethodPost, "/api/oscal/profiles/build-props", bytes.NewReader(payload)) - req.Header.Set(echo.HeaderContentType, echo.MIMEApplicationJSON) - req.Header.Set(echo.HeaderAuthorization, "Bearer "+*token) - suite.server.E().ServeHTTP(rec, req) - suite.Require().Equal(http.StatusCreated, rec.Code, "Expected 201 from build-by-props") - - var response handler.GenericDataResponse[struct { - ProfileID uuid.UUID `json:"profile-id"` - ControlIDs []string `json:"control-ids"` - Profile oscalTypes_1_1_3.Profile `json:"profile"` - }] - err = json.NewDecoder(rec.Body).Decode(&response) - suite.Require().NoError(err, "Failed to decode response") - suite.Require().Len(response.Data.ControlIDs, 2, "Expected two controls (ac-1 and sc-1)") - suite.Require().Contains(response.Data.ControlIDs, "ac-1") - suite.Require().Contains(response.Data.ControlIDs, "sc-1") - }) -} - func (suite *ProfileIntegrationSuite) TestDeleteImport() { suite.IntegrationTestSuite.Migrator.Refresh() suite.SeedDatabase() @@ -1021,353 +788,6 @@ func (suite *ProfileIntegrationSuite) TestResolved() { }) } -func (suite *ProfileIntegrationSuite) TestComplianceProgress() { - suite.IntegrationTestSuite.Migrator.Refresh() - - token, err := suite.GetAuthToken() - suite.Require().NoError(err, "Failed to get auth token") - - catalog := &relational.Catalog{ - Metadata: relational.Metadata{Title: "Compliance Progress Catalog"}, - } - suite.Require().NoError(suite.DB.Create(catalog).Error) - - controlSatisfied := relational.Control{ID: "CTRL-SAT", CatalogID: *catalog.ID, Title: "Satisfied Control"} - controlNotSatisfied := relational.Control{ID: "CTRL-NS", CatalogID: *catalog.ID, Title: "Not Satisfied Control"} - controlUnknown := relational.Control{ID: "CTRL-UNK", CatalogID: *catalog.ID, Title: "Unknown Control"} - - suite.Require().NoError(suite.DB.Create(&controlSatisfied).Error) - suite.Require().NoError(suite.DB.Create(&controlNotSatisfied).Error) - suite.Require().NoError(suite.DB.Create(&controlUnknown).Error) - - filterSatisfied := relational.Filter{ - Name: "Satisfied Filter", - Filter: datatypes.NewJSONType(labelfilter.Filter{ - Scope: &labelfilter.Scope{ - Condition: &labelfilter.Condition{ - Label: "provider", - Operator: "=", - Value: "aws", - }, - }, - }), - } - - filterNotSatisfied := relational.Filter{ - Name: "Not Satisfied Filter", - Filter: datatypes.NewJSONType(labelfilter.Filter{ - Scope: &labelfilter.Scope{ - Condition: &labelfilter.Condition{ - Label: "provider", - Operator: "=", - Value: "gcp", - }, - }, - }), - } - - suite.Require().NoError(suite.DB.Create(&filterSatisfied).Error) - suite.Require().NoError(suite.DB.Create(&filterNotSatisfied).Error) - suite.Require().NoError(suite.DB.Model(&controlSatisfied).Association("Filters").Append(&filterSatisfied)) - suite.Require().NoError(suite.DB.Model(&controlNotSatisfied).Association("Filters").Append(&filterNotSatisfied)) - - profile := &relational.Profile{ - Metadata: relational.Metadata{Title: "Compliance Progress Profile"}, - Controls: []relational.Control{controlSatisfied, controlNotSatisfied, controlUnknown}, - } - suite.Require().NoError(suite.DB.Create(profile).Error) - - now := time.Now().UTC() - evidenceRecords := []relational.Evidence{ - { - UUID: uuid.New(), - Title: "AWS satisfied evidence", - Start: now.Add(-time.Hour), - End: now.Add(-time.Minute), - Status: datatypes.NewJSONType(oscalTypes_1_1_3.ObjectiveStatus{State: "satisfied"}), - Labels: []relational.Labels{{Name: "provider", Value: "aws"}}, - }, - { - UUID: uuid.New(), - Title: "GCP not satisfied evidence", - Start: now.Add(-time.Hour), - End: now.Add(-time.Minute), - Status: datatypes.NewJSONType(oscalTypes_1_1_3.ObjectiveStatus{State: "not-satisfied"}), - Labels: []relational.Labels{{Name: "provider", Value: "gcp"}}, - }, - { - UUID: uuid.New(), - Title: "Non-matching evidence", - Start: now.Add(-time.Hour), - End: now.Add(-time.Minute), - Status: datatypes.NewJSONType(oscalTypes_1_1_3.ObjectiveStatus{State: "satisfied"}), - Labels: []relational.Labels{{Name: "provider", Value: "azure"}}, - }, - } - suite.Require().NoError(suite.DB.Create(&evidenceRecords).Error) - - suite.Run("Returns aggregated compliance progress", func() { - rec := httptest.NewRecorder() - url := "/api/oscal/profiles/" + profile.ID.String() + "/compliance-progress" - req := httptest.NewRequest(http.MethodGet, url, nil) - req.Header.Set(echo.HeaderAuthorization, "Bearer "+*token) - - suite.server.E().ServeHTTP(rec, req) - suite.Require().Equal(http.StatusOK, rec.Code, "Expected status code 200 OK") - - var response handler.GenericDataResponse[ProfileComplianceProgress] - err = json.NewDecoder(rec.Body).Decode(&response) - suite.Require().NoError(err, "Failed to decode response body") - - suite.Require().Equal(profile.ID.String(), response.Data.Scope.ID.String()) - suite.Require().Equal("profile", response.Data.Scope.Type) - suite.Require().Equal("Compliance Progress Profile", response.Data.Scope.Title) - - suite.Require().Equal(3, response.Data.Summary.TotalControls) - suite.Require().Equal(1, response.Data.Summary.Satisfied) - suite.Require().Equal(1, response.Data.Summary.NotSatisfied) - suite.Require().Equal(1, response.Data.Summary.Unknown) - suite.Require().Equal(33, response.Data.Summary.CompliancePct) - suite.Require().Equal(67, response.Data.Summary.AssessedPct) - - suite.Require().Len(response.Data.Groups, 0) - suite.Require().Len(response.Data.Controls, 3) - - controlsByID := make(map[string]ProfileComplianceControl, len(response.Data.Controls)) - for _, control := range response.Data.Controls { - controlsByID[control.ControlID] = control - } - - suite.Require().Equal("satisfied", controlsByID["CTRL-SAT"].ComputedStatus) - suite.Require().Equal("not-satisfied", controlsByID["CTRL-NS"].ComputedStatus) - suite.Require().Equal("unknown", controlsByID["CTRL-UNK"].ComputedStatus) - }) - - suite.Run("Allows omitting controls from response", func() { - rec := httptest.NewRecorder() - url := "/api/oscal/profiles/" + profile.ID.String() + "/compliance-progress?includeControls=false" - req := httptest.NewRequest(http.MethodGet, url, nil) - req.Header.Set(echo.HeaderAuthorization, "Bearer "+*token) - - suite.server.E().ServeHTTP(rec, req) - suite.Require().Equal(http.StatusOK, rec.Code, "Expected status code 200 OK") - - var response handler.GenericDataResponse[ProfileComplianceProgress] - err = json.NewDecoder(rec.Body).Decode(&response) - suite.Require().NoError(err, "Failed to decode response body") - suite.Require().Len(response.Data.Controls, 0) - suite.Require().Equal(3, response.Data.Summary.TotalControls) - }) - - suite.Run("Returns 404 for non-existing profile", func() { - rec := httptest.NewRecorder() - url := "/api/oscal/profiles/" + uuid.New().String() + "/compliance-progress" - req := httptest.NewRequest(http.MethodGet, url, nil) - req.Header.Set(echo.HeaderAuthorization, "Bearer "+*token) - - suite.server.E().ServeHTTP(rec, req) - suite.Require().Equal(http.StatusNotFound, rec.Code, "Expected status code 404 Not Found") - }) - - suite.Run("Returns 400 for invalid profile UUID", func() { - rec := httptest.NewRecorder() - url := "/api/oscal/profiles/invalid-uuid/compliance-progress" - req := httptest.NewRequest(http.MethodGet, url, nil) - req.Header.Set(echo.HeaderAuthorization, "Bearer "+*token) - - suite.server.E().ServeHTTP(rec, req) - suite.Require().Equal(http.StatusBadRequest, rec.Code, "Expected status code 400 Bad Request") - }) -} - -func (suite *ProfileIntegrationSuite) TestComplianceProgressEdgeCases() { - suite.IntegrationTestSuite.Migrator.Refresh() - - token, err := suite.GetAuthToken() - suite.Require().NoError(err, "Failed to get auth token") - - suite.Run("Profile with zero controls returns empty summary", func() { - emptyProfile := &relational.Profile{ - Metadata: relational.Metadata{Title: "Empty Profile"}, - } - suite.Require().NoError(suite.DB.Create(emptyProfile).Error) - - rec := httptest.NewRecorder() - url := "/api/oscal/profiles/" + emptyProfile.ID.String() + "/compliance-progress" - req := httptest.NewRequest(http.MethodGet, url, nil) - req.Header.Set(echo.HeaderAuthorization, "Bearer "+*token) - - suite.server.E().ServeHTTP(rec, req) - suite.Require().Equal(http.StatusOK, rec.Code) - - var response handler.GenericDataResponse[ProfileComplianceProgress] - suite.Require().NoError(json.NewDecoder(rec.Body).Decode(&response)) - - suite.Require().Equal(0, response.Data.Summary.TotalControls) - suite.Require().Equal(0, response.Data.Summary.Satisfied) - suite.Require().Equal(0, response.Data.Summary.NotSatisfied) - suite.Require().Equal(0, response.Data.Summary.Unknown) - suite.Require().Equal(0, response.Data.Summary.CompliancePct) - suite.Require().Nil(response.Data.Summary.ImplementedTotal, "implementedControls should be absent when no sspId requested") - suite.Require().Len(response.Data.Controls, 0) - suite.Require().Len(response.Data.Groups, 0) - }) - - suite.Run("Control with no linked filters reports unknown status", func() { - cat := &relational.Catalog{Metadata: relational.Metadata{Title: "Unfiltered Catalog"}} - suite.Require().NoError(suite.DB.Create(cat).Error) - - ctrl := relational.Control{ID: "CTRL-NOFILTER", CatalogID: *cat.ID, Title: "No Filter Control"} - suite.Require().NoError(suite.DB.Create(&ctrl).Error) - - p := &relational.Profile{ - Metadata: relational.Metadata{Title: "No Filter Profile"}, - Controls: []relational.Control{ctrl}, - } - suite.Require().NoError(suite.DB.Create(p).Error) - - rec := httptest.NewRecorder() - url := "/api/oscal/profiles/" + p.ID.String() + "/compliance-progress" - req := httptest.NewRequest(http.MethodGet, url, nil) - req.Header.Set(echo.HeaderAuthorization, "Bearer "+*token) - - suite.server.E().ServeHTTP(rec, req) - suite.Require().Equal(http.StatusOK, rec.Code) - - var response handler.GenericDataResponse[ProfileComplianceProgress] - suite.Require().NoError(json.NewDecoder(rec.Body).Decode(&response)) - - suite.Require().Equal(1, response.Data.Summary.TotalControls) - suite.Require().Equal(0, response.Data.Summary.Satisfied) - suite.Require().Equal(0, response.Data.Summary.NotSatisfied) - suite.Require().Equal(1, response.Data.Summary.Unknown) - suite.Require().Len(response.Data.Controls, 1) - suite.Require().Equal("unknown", response.Data.Controls[0].ComputedStatus) - }) - - suite.Run("Duplicate control IDs across different catalogs are tracked separately", func() { - catA := &relational.Catalog{Metadata: relational.Metadata{Title: "Catalog A"}} - catB := &relational.Catalog{Metadata: relational.Metadata{Title: "Catalog B"}} - suite.Require().NoError(suite.DB.Create(catA).Error) - suite.Require().NoError(suite.DB.Create(catB).Error) - - ctrlA := relational.Control{ID: "CTRL-SHARED", CatalogID: *catA.ID, Title: "Shared Control from A"} - ctrlB := relational.Control{ID: "CTRL-SHARED", CatalogID: *catB.ID, Title: "Shared Control from B"} - suite.Require().NoError(suite.DB.Create(&ctrlA).Error) - suite.Require().NoError(suite.DB.Create(&ctrlB).Error) - - p := &relational.Profile{ - Metadata: relational.Metadata{Title: "Cross-Catalog Profile"}, - Controls: []relational.Control{ctrlA, ctrlB}, - } - suite.Require().NoError(suite.DB.Create(p).Error) - - rec := httptest.NewRecorder() - url := "/api/oscal/profiles/" + p.ID.String() + "/compliance-progress" - req := httptest.NewRequest(http.MethodGet, url, nil) - req.Header.Set(echo.HeaderAuthorization, "Bearer "+*token) - - suite.server.E().ServeHTTP(rec, req) - suite.Require().Equal(http.StatusOK, rec.Code) - - var response handler.GenericDataResponse[ProfileComplianceProgress] - suite.Require().NoError(json.NewDecoder(rec.Body).Decode(&response)) - - // Both controls have the same controlId but different catalogIds — they must each be counted - suite.Require().Equal(2, response.Data.Summary.TotalControls, "Controls with same ID but different catalogs must be counted separately") - suite.Require().Len(response.Data.Controls, 2) - - catalogIDs := make(map[string]struct{}, 2) - for _, c := range response.Data.Controls { - suite.Require().Equal("CTRL-SHARED", c.ControlID) - catalogIDs[c.CatalogID.String()] = struct{}{} - } - suite.Require().Len(catalogIDs, 2, "Each entry must have a distinct catalogId") - }) - - suite.Run("sspId scope reports implemented and unimplemented controls", func() { - cat := &relational.Catalog{Metadata: relational.Metadata{Title: "SSP Catalog"}} - suite.Require().NoError(suite.DB.Create(cat).Error) - - ctrlImpl := relational.Control{ID: "CTRL-IMPL", CatalogID: *cat.ID, Title: "Implemented Control"} - ctrlUnimpl := relational.Control{ID: "CTRL-UNIMPL", CatalogID: *cat.ID, Title: "Unimplemented Control"} - suite.Require().NoError(suite.DB.Create(&ctrlImpl).Error) - suite.Require().NoError(suite.DB.Create(&ctrlUnimpl).Error) - - p := &relational.Profile{ - Metadata: relational.Metadata{Title: "SSP Profile"}, - Controls: []relational.Control{ctrlImpl, ctrlUnimpl}, - } - suite.Require().NoError(suite.DB.Create(p).Error) - - ssp := &relational.SystemSecurityPlan{ - Metadata: relational.Metadata{Title: "Test SSP"}, - ControlImplementation: relational.ControlImplementation{ - ImplementedRequirements: []relational.ImplementedRequirement{ - { - ControlId: "CTRL-IMPL", - Statements: []relational.Statement{ - {StatementId: "CTRL-IMPL_smt.a"}, - }, - }, - }, - }, - } - suite.Require().NoError(suite.DB.Create(ssp).Error) - - rec := httptest.NewRecorder() - url := "/api/oscal/profiles/" + p.ID.String() + "/compliance-progress?sspId=" + ssp.ID.String() - req := httptest.NewRequest(http.MethodGet, url, nil) - req.Header.Set(echo.HeaderAuthorization, "Bearer "+*token) - - suite.server.E().ServeHTTP(rec, req) - suite.Require().Equal(http.StatusOK, rec.Code) - - var response handler.GenericDataResponse[ProfileComplianceProgress] - suite.Require().NoError(json.NewDecoder(rec.Body).Decode(&response)) - - suite.Require().Equal(2, response.Data.Summary.TotalControls) - suite.Require().NotNil(response.Data.Summary.ImplementedTotal, "implementedControls must be present when sspId provided") - suite.Require().Equal(1, *response.Data.Summary.ImplementedTotal) - - suite.Require().NotNil(response.Data.Implementation) - suite.Require().Equal(1, response.Data.Implementation.ImplementedControls) - suite.Require().Equal(1, response.Data.Implementation.UnimplementedControls) - suite.Require().Equal(50, response.Data.Implementation.ImplementationPct) - - implByID := make(map[string]bool, 2) - for _, c := range response.Data.Controls { - if c.Implemented != nil { - implByID[c.ControlID] = *c.Implemented - } - } - suite.Require().True(implByID["CTRL-IMPL"], "CTRL-IMPL should be implemented") - suite.Require().False(implByID["CTRL-UNIMPL"], "CTRL-UNIMPL should not be implemented") - }) - - suite.Run("Non-existent sspId returns 404", func() { - cat := &relational.Catalog{Metadata: relational.Metadata{Title: "404 SSP Catalog"}} - suite.Require().NoError(suite.DB.Create(cat).Error) - - ctrl := relational.Control{ID: "CTRL-ANY", CatalogID: *cat.ID, Title: "Any Control"} - suite.Require().NoError(suite.DB.Create(&ctrl).Error) - - p := &relational.Profile{ - Metadata: relational.Metadata{Title: "404 SSP Profile"}, - Controls: []relational.Control{ctrl}, - } - suite.Require().NoError(suite.DB.Create(p).Error) - - rec := httptest.NewRecorder() - url := "/api/oscal/profiles/" + p.ID.String() + "/compliance-progress?sspId=" + uuid.New().String() - req := httptest.NewRequest(http.MethodGet, url, nil) - req.Header.Set(echo.HeaderAuthorization, "Bearer "+*token) - - suite.server.E().ServeHTTP(rec, req) - suite.Require().Equal(http.StatusNotFound, rec.Code) - }) -} - func (suite *ProfileIntegrationSuite) TestGetControlCatalogFromBuiltProfile() { suite.IntegrationTestSuite.Migrator.Refresh() From 0a5078e6781ab80d396e34a9753f37f188d1782f Mon Sep 17 00:00:00 2001 From: akabdulhanif Date: Sun, 25 Jan 2026 21:05:20 +0000 Subject: [PATCH 08/28] lint(api): fix error string casing and remove debug print in integration test --- internal/api/handler/oscal/profiles.go | 2 +- .../api/handler/oscal/profiles_integration_test.go | 14 ++++++-------- 2 files changed, 7 insertions(+), 9 deletions(-) diff --git a/internal/api/handler/oscal/profiles.go b/internal/api/handler/oscal/profiles.go index e5a30936..968b5945 100644 --- a/internal/api/handler/oscal/profiles.go +++ b/internal/api/handler/oscal/profiles.go @@ -1629,7 +1629,7 @@ func FindOscalCatalogFromBackMatter(profile *relational.Profile, ref string) (uu } } } - return uuid.Nil, errors.New("No valid catalog UUID was found within the backmatter. Ref: " + ref) + return uuid.Nil, errors.New("no valid catalog uuid was found within the backmatter. ref: " + ref) } // GatherControlIds extracts unique control IDs from an Import’s IncludeControls, avoiding duplicates. diff --git a/internal/api/handler/oscal/profiles_integration_test.go b/internal/api/handler/oscal/profiles_integration_test.go index 183365e0..5f776dac 100644 --- a/internal/api/handler/oscal/profiles_integration_test.go +++ b/internal/api/handler/oscal/profiles_integration_test.go @@ -6,7 +6,6 @@ import ( "bytes" "context" "encoding/json" - "fmt" "net/http" "net/http/httptest" "os" @@ -517,7 +516,6 @@ func (suite *ProfileIntegrationSuite) TestAddImport() { suite.server.E().ServeHTTP(rec, req) - fmt.Println("Response Body:", rec.Body.String()) suite.Require().Equal(http.StatusCreated, rec.Code, "Expected status code 201 Created") var response handler.GenericDataResponse[oscalTypes_1_1_3.Import] @@ -589,10 +587,10 @@ func (suite *ProfileIntegrationSuite) TestBuildByPropsCreatesImportAndControls() Metadata: relational.Metadata{Title: "Prop Match Test Catalog"}, Controls: []relational.Control{ { - ID: "ac-1", - Title: "Access Control 1", + ID: "ac-1", + Title: "Access Control 1", CatalogID: catID, - Props: []relational.Prop{{Name: "class", Value: "technical"}}, + Props: []relational.Prop{{Name: "class", Value: "technical"}}, }, }, } @@ -619,9 +617,9 @@ func (suite *ProfileIntegrationSuite) TestBuildByPropsCreatesImportAndControls() suite.Require().Equal(http.StatusCreated, rec.Code, "Expected 201 from build-by-props") var response handler.GenericDataResponse[struct { - ProfileID uuid.UUID `json:"profileId"` - ControlIDs []string `json:"controlIds"` - Profile oscalTypes_1_1_3.Profile `json:"profile"` + ProfileID uuid.UUID `json:"profileId"` + ControlIDs []string `json:"controlIds"` + Profile oscalTypes_1_1_3.Profile `json:"profile"` }] err = json.NewDecoder(rec.Body).Decode(&response) suite.Require().NoError(err, "Failed to decode build-by-props response") From a71bdfdd5b5f3212d7b0787df20b826c03331e1c Mon Sep 17 00:00:00 2001 From: akabdulhanif Date: Mon, 26 Jan 2026 17:29:14 +0000 Subject: [PATCH 09/28] ci(api): fix golangci-lint inputs; commit generated swagger docs to satisfy check-diff --- docs/docs.go | 18472 ++++++----------------- docs/swagger.json | 18472 ++++++----------------- docs/swagger.yaml | 13935 +++++------------ internal/api/handler/oscal/profiles.go | 2 +- 4 files changed, 13073 insertions(+), 37808 deletions(-) diff --git a/docs/docs.go b/docs/docs.go index c85333ec..1df8780f 100644 --- a/docs/docs.go +++ b/docs/docs.go @@ -736,285 +736,6 @@ const docTemplate = `{ ] } }, - "/evidence-templates": { - "get": { - "description": "List evidence templates with optional filters and pagination.", - "produces": [ - "application/json" - ], - "tags": [ - "Evidence Templates" - ], - "summary": "List evidence templates", - "parameters": [ - { - "type": "string", - "description": "Plugin ID", - "name": "pluginId", - "in": "query" - }, - { - "type": "string", - "description": "Policy package", - "name": "policyPackage", - "in": "query" - }, - { - "type": "boolean", - "description": "Active flag", - "name": "isActive", - "in": "query" - }, - { - "type": "integer", - "description": "Page number", - "name": "page", - "in": "query" - }, - { - "type": "integer", - "description": "Page size", - "name": "limit", - "in": "query" - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/service.ListResponse-templates_evidenceTemplateResponse" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - }, - "post": { - "description": "Create an evidence template with selector labels, label schema, and linked risk/subject template IDs.", - "consumes": [ - "application/json" - ], - "produces": [ - "application/json" - ], - "tags": [ - "Evidence Templates" - ], - "summary": "Create evidence template", - "parameters": [ - { - "description": "Evidence template payload", - "name": "template", - "in": "body", - "required": true, - "schema": { - "$ref": "#/definitions/templates.upsertEvidenceTemplateRequest" - } - } - ], - "responses": { - "201": { - "description": "Created", - "schema": { - "$ref": "#/definitions/templates.evidenceTemplateDataResponse" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - } - }, - "/evidence-templates/{id}": { - "get": { - "description": "Get an evidence template by ID.", - "produces": [ - "application/json" - ], - "tags": [ - "Evidence Templates" - ], - "summary": "Get evidence template", - "parameters": [ - { - "type": "string", - "description": "Evidence Template ID", - "name": "id", - "in": "path", - "required": true - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/templates.evidenceTemplateDataResponse" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - }, - "put": { - "description": "Update an evidence template and atomically replace selector labels, label schema, and linked IDs.", - "consumes": [ - "application/json" - ], - "produces": [ - "application/json" - ], - "tags": [ - "Evidence Templates" - ], - "summary": "Update evidence template", - "parameters": [ - { - "type": "string", - "description": "Evidence Template ID", - "name": "id", - "in": "path", - "required": true - }, - { - "description": "Evidence template payload", - "name": "template", - "in": "body", - "required": true, - "schema": { - "$ref": "#/definitions/templates.upsertEvidenceTemplateRequest" - } - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/templates.evidenceTemplateDataResponse" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - }, - "delete": { - "description": "Delete an evidence template and its associated selector labels, label schema, and join rows.", - "produces": [ - "application/json" - ], - "tags": [ - "Evidence Templates" - ], - "summary": "Delete evidence template", - "parameters": [ - { - "type": "string", - "description": "Evidence Template ID", - "name": "id", - "in": "path", - "required": true - } - ], - "responses": { - "204": { - "description": "No Content" - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - } - }, "/evidence/compliance-by-control/{id}": { "get": { "description": "Retrieves the count of evidence statuses for filters associated with a specific Control ID.", @@ -1038,7 +759,7 @@ const docTemplate = `{ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/handler.GenericDataListResponse-evidence_StatusCount" + "$ref": "#/definitions/handler.GenericDataListResponse-handler_ComplianceByControl_StatusCount" } }, "500": { @@ -1073,7 +794,7 @@ const docTemplate = `{ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/handler.GenericDataListResponse-evidence_StatusCount" + "$ref": "#/definitions/handler.GenericDataListResponse-handler_ComplianceByControl_StatusCount" } }, "400": { @@ -6820,16 +6541,16 @@ const docTemplate = `{ ] } }, - "/oscal/catalogs/{id}/all-controls": { + "/oscal/catalogs/{id}/back-matter": { "get": { - "description": "Retrieves the top-level controls for a given Catalog.", + "description": "Retrieves the back-matter for a given Catalog.", "produces": [ "application/json" ], "tags": [ "Catalog" ], - "summary": "List controls for a Catalog", + "summary": "Get back-matter for a Catalog", "parameters": [ { "type": "string", @@ -6843,7 +6564,7 @@ const docTemplate = `{ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_Control" + "$ref": "#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_BackMatter" } }, "400": { @@ -6878,16 +6599,16 @@ const docTemplate = `{ ] } }, - "/oscal/catalogs/{id}/back-matter": { + "/oscal/catalogs/{id}/controls": { "get": { - "description": "Retrieves the back-matter for a given Catalog.", + "description": "Retrieves the top-level controls for a given Catalog.", "produces": [ "application/json" ], "tags": [ "Catalog" ], - "summary": "Get back-matter for a Catalog", + "summary": "List controls for a Catalog", "parameters": [ { "type": "string", @@ -6901,65 +6622,7 @@ const docTemplate = `{ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_BackMatter" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "401": { - "description": "Unauthorized", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - } - }, - "/oscal/catalogs/{id}/controls": { - "get": { - "description": "Retrieves the top-level controls for a given Catalog.", - "produces": [ - "application/json" - ], - "tags": [ - "Catalog" - ], - "summary": "List controls for a Catalog", - "parameters": [ - { - "type": "string", - "description": "Catalog ID", - "name": "id", - "in": "path", - "required": true - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_Control" + "$ref": "#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_Control" } }, "400": { @@ -10971,63 +10634,6 @@ const docTemplate = `{ } } } - }, - "put": { - "description": "Updates local-definitions for a given POA\u0026M with special handling of array and object fields.\n- Components and inventory-items arrays are treated as full replacements: the existing values on the POA\u0026M are overwritten by the arrays provided in the request body (no per-element merge is performed).\n- Sending an empty array [] for components or inventory-items clears that specific field (resulting in an empty array on the POA\u0026M).\n- Omitting a field in the request body leaves the existing value for that field unchanged.\n- Sending an empty JSON object {} as the payload deletes the entire local-definitions object for the POA\u0026M.", - "consumes": [ - "application/json" - ], - "produces": [ - "application/json" - ], - "tags": [ - "Plan Of Action and Milestones" - ], - "summary": "Update POA\u0026M local-definitions", - "parameters": [ - { - "type": "string", - "description": "POA\u0026M ID", - "name": "id", - "in": "path", - "required": true - }, - { - "description": "Local definitions data", - "name": "local-definitions", - "in": "body", - "required": true, - "schema": { - "$ref": "#/definitions/oscalTypes_1_1_3.PlanOfActionAndMilestonesLocalDefinitions" - } - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_PlanOfActionAndMilestonesLocalDefinitions" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - } } }, "/oscal/plan-of-action-and-milestones/{id}/metadata": { @@ -12061,7 +11667,7 @@ const docTemplate = `{ "in": "body", "required": true, "schema": { - "$ref": "#/definitions/oscal.BuildByPropsRequest" + "$ref": "#/definitions/oscal.ProfileHandler" } } ], @@ -12069,7 +11675,7 @@ const docTemplate = `{ "201": { "description": "Created", "schema": { - "$ref": "#/definitions/handler.GenericDataResponse-oscal_BuildByPropsResponse" + "$ref": "#/definitions/handler.GenericDataResponse-oscal_ProfileHandler" } }, "400": { @@ -12220,76 +11826,6 @@ const docTemplate = `{ ] } }, - "/oscal/profiles/{id}/compliance-progress": { - "get": { - "description": "Returns aggregated compliance progress for controls in a Profile, including summary, optional per-control rows, and group rollups.", - "produces": [ - "application/json" - ], - "tags": [ - "Profile" - ], - "summary": "Get compliance progress for a Profile", - "parameters": [ - { - "type": "string", - "description": "Profile ID", - "name": "id", - "in": "path", - "required": true - }, - { - "type": "boolean", - "description": "Include per-control breakdown (default true)", - "name": "includeControls", - "in": "query" - }, - { - "type": "string", - "description": "System Security Plan ID for implementation coverage", - "name": "sspId", - "in": "query" - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/handler.GenericDataResponse-oscal_ProfileComplianceProgress" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "401": { - "description": "Unauthorized", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - } - }, "/oscal/profiles/{id}/full": { "get": { "description": "Retrieves the full OSCAL Profile, including all nested content.", @@ -13649,52 +13185,6 @@ const docTemplate = `{ } } }, - "/oscal/system-security-plans/{id}/bulk-apply-component-suggestions": { - "post": { - "description": "For each ImplementedRequirement, creates SystemComponents from matching DefinedComponents and links them via ByComponent.", - "tags": [ - "System Security Plans" - ], - "summary": "Bulk apply component suggestions for all implemented requirements in an SSP", - "parameters": [ - { - "type": "string", - "description": "SSP ID", - "name": "id", - "in": "path", - "required": true - } - ], - "responses": { - "204": { - "description": "No Content" - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - } - }, "/oscal/system-security-plans/{id}/control-implementation": { "get": { "description": "Retrieves the Control Implementation for a given System Security Plan.", @@ -14026,13 +13516,19 @@ const docTemplate = `{ } } }, - "/oscal/system-security-plans/{id}/control-implementation/implemented-requirements/{reqId}/apply-suggestion": { - "post": { - "description": "Creates SystemComponents from DefinedComponents that implement the same control and links them via ByComponent.", + "/oscal/system-security-plans/{id}/control-implementation/implemented-requirements/{reqId}/by-components/{byComponentId}": { + "put": { + "description": "Updates an existing by-component that belongs to an implemented requirement for a given SSP.", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], "tags": [ "System Security Plans" ], - "summary": "Apply component suggestions for an implemented requirement", + "summary": "Update a by-component within an implemented requirement", "parameters": [ { "type": "string", @@ -14043,15 +13539,34 @@ const docTemplate = `{ }, { "type": "string", - "description": "Implemented Requirement ID", + "description": "Requirement ID", "name": "reqId", "in": "path", "required": true + }, + { + "type": "string", + "description": "By-Component ID", + "name": "byComponentId", + "in": "path", + "required": true + }, + { + "description": "By-Component data", + "name": "by-component", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/oscalTypes_1_1_3.ByComponent" + } } ], "responses": { - "204": { - "description": "No Content" + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_ByComponent" + } }, "400": { "description": "Bad Request", @@ -14071,85 +13586,7 @@ const docTemplate = `{ "$ref": "#/definitions/api.Error" } } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - } - }, - "/oscal/system-security-plans/{id}/control-implementation/implemented-requirements/{reqId}/by-components/{byComponentId}": { - "put": { - "description": "Updates an existing by-component that belongs to an implemented requirement for a given SSP.", - "consumes": [ - "application/json" - ], - "produces": [ - "application/json" - ], - "tags": [ - "System Security Plans" - ], - "summary": "Update a by-component within an implemented requirement", - "parameters": [ - { - "type": "string", - "description": "SSP ID", - "name": "id", - "in": "path", - "required": true - }, - { - "type": "string", - "description": "Requirement ID", - "name": "reqId", - "in": "path", - "required": true - }, - { - "type": "string", - "description": "By-Component ID", - "name": "byComponentId", - "in": "path", - "required": true - }, - { - "description": "By-Component data", - "name": "by-component", - "in": "body", - "required": true, - "schema": { - "$ref": "#/definitions/oscalTypes_1_1_3.ByComponent" - } - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_ByComponent" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - } + } } }, "/oscal/system-security-plans/{id}/control-implementation/implemented-requirements/{reqId}/statements": { @@ -14291,66 +13728,6 @@ const docTemplate = `{ } } }, - "/oscal/system-security-plans/{id}/control-implementation/implemented-requirements/{reqId}/statements/{stmtId}/apply-suggestion": { - "post": { - "description": "Creates SystemComponents from DefinedComponents that implement the statement's parent control and links them via ByComponent to the statement.", - "tags": [ - "System Security Plans" - ], - "summary": "Apply component suggestions for a statement", - "parameters": [ - { - "type": "string", - "description": "SSP ID", - "name": "id", - "in": "path", - "required": true - }, - { - "type": "string", - "description": "Implemented Requirement ID", - "name": "reqId", - "in": "path", - "required": true - }, - { - "type": "string", - "description": "Statement ID", - "name": "stmtId", - "in": "path", - "required": true - } - ], - "responses": { - "204": { - "description": "No Content" - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - } - }, "/oscal/system-security-plans/{id}/control-implementation/implemented-requirements/{reqId}/statements/{stmtId}/by-components": { "post": { "description": "Create a by-component within an existing statement within an implemented requirement for a given SSP.", @@ -14573,131 +13950,6 @@ const docTemplate = `{ } } }, - "/oscal/system-security-plans/{id}/control-implementation/implemented-requirements/{reqId}/statements/{stmtId}/suggest-components": { - "post": { - "description": "Returns DefinedComponents that implement the statement's parent control and are not yet present in the SSP.", - "produces": [ - "application/json" - ], - "tags": [ - "System Security Plans" - ], - "summary": "Suggest system components for a statement", - "parameters": [ - { - "type": "string", - "description": "SSP ID", - "name": "id", - "in": "path", - "required": true - }, - { - "type": "string", - "description": "Implemented Requirement ID", - "name": "reqId", - "in": "path", - "required": true - }, - { - "type": "string", - "description": "Statement ID", - "name": "stmtId", - "in": "path", - "required": true - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/handler.GenericDataListResponse-relational_SystemComponentSuggestion" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - } - }, - "/oscal/system-security-plans/{id}/control-implementation/implemented-requirements/{reqId}/suggest-components": { - "post": { - "description": "Returns DefinedComponents that implement the same control and are not yet present in the SSP.", - "produces": [ - "application/json" - ], - "tags": [ - "System Security Plans" - ], - "summary": "Suggest system components for an implemented requirement", - "parameters": [ - { - "type": "string", - "description": "SSP ID", - "name": "id", - "in": "path", - "required": true - }, - { - "type": "string", - "description": "Implemented Requirement ID", - "name": "reqId", - "in": "path", - "required": true - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/handler.GenericDataListResponse-relational_SystemComponentSuggestion" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - } - }, "/oscal/system-security-plans/{id}/import-profile": { "get": { "description": "Retrieves import-profile for a given SSP.", @@ -16126,7 +15378,7 @@ const docTemplate = `{ ] }, "post": { - "description": "Creates a new system component for a given SSP. Accepts an optional definedComponentId field to link to a DefinedComponent.", + "description": "Creates a new system component for a given SSP.", "consumes": [ "application/json" ], @@ -16146,12 +15398,12 @@ const docTemplate = `{ "required": true }, { - "description": "System Component data with optional definedComponentId field", + "description": "System Component data", "name": "component", "in": "body", "required": true, "schema": { - "$ref": "#/definitions/oscal.SystemComponentRequest" + "$ref": "#/definitions/oscalTypes_1_1_3.SystemComponent" } } ], @@ -16248,7 +15500,7 @@ const docTemplate = `{ ] }, "put": { - "description": "Updates an existing system component for a given SSP. Accepts an optional definedComponentId field to link to a DefinedComponent.", + "description": "Updates an existing system component for a given SSP.", "consumes": [ "application/json" ], @@ -16275,12 +15527,12 @@ const docTemplate = `{ "required": true }, { - "description": "System Component data with optional definedComponentId field", + "description": "System Component data", "name": "component", "in": "body", "required": true, "schema": { - "$ref": "#/definitions/oscal.SystemComponentRequest" + "$ref": "#/definitions/oscalTypes_1_1_3.SystemComponent" } } ], @@ -17039,57 +16291,31 @@ const docTemplate = `{ } } }, - "/risk-templates": { + "/users/me": { "get": { - "description": "List risk templates with optional filters and pagination.", + "description": "Retrieves the details of the currently logged-in user", "produces": [ "application/json" ], "tags": [ - "Risk Templates" - ], - "summary": "List risk templates", - "parameters": [ - { - "type": "string", - "description": "Plugin ID", - "name": "pluginId", - "in": "query" - }, - { - "type": "string", - "description": "Policy package", - "name": "policyPackage", - "in": "query" - }, - { - "type": "boolean", - "description": "Active flag", - "name": "isActive", - "in": "query" - }, - { - "type": "integer", - "description": "Page number", - "name": "page", - "in": "query" - }, - { - "type": "integer", - "description": "Page size", - "name": "limit", - "in": "query" - } + "Users" ], + "summary": "Get logged-in user details", "responses": { "200": { "description": "OK", "schema": { - "$ref": "#/definitions/service.ListResponse-templates_riskTemplateResponse" + "$ref": "#/definitions/handler.GenericDataResponse-relational_User" } }, - "400": { - "description": "Bad Request", + "401": { + "description": "Unauthorized", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", "schema": { "$ref": "#/definitions/api.Error" } @@ -17106,9 +16332,11 @@ const docTemplate = `{ "OAuth2Password": [] } ] - }, + } + }, + "/users/me/change-password": { "post": { - "description": "Create a risk template with threat references and remediation template/tasks.", + "description": "Changes the password for the currently logged-in user", "consumes": [ "application/json" ], @@ -17116,26 +16344,23 @@ const docTemplate = `{ "application/json" ], "tags": [ - "Risk Templates" + "Users" ], - "summary": "Create risk template", + "summary": "Change password for logged-in user", "parameters": [ { - "description": "Risk template payload", - "name": "template", + "description": "Change Password Request", + "name": "changePasswordRequest", "in": "body", "required": true, "schema": { - "$ref": "#/definitions/templates.upsertRiskTemplateRequest" + "$ref": "#/definitions/handler.UserHandler" } } ], "responses": { - "201": { - "description": "Created", - "schema": { - "$ref": "#/definitions/templates.riskTemplateDataResponse" - } + "204": { + "description": "No Content" }, "400": { "description": "Bad Request", @@ -17143,6 +16368,12 @@ const docTemplate = `{ "$ref": "#/definitions/api.Error" } }, + "401": { + "description": "Unauthorized", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, "500": { "description": "Internal Server Error", "schema": { @@ -17157,34 +16388,25 @@ const docTemplate = `{ ] } }, - "/risk-templates/{id}": { + "/users/me/digest-subscription": { "get": { - "description": "Get a risk template by ID.", + "description": "Gets the current user's digest email subscription status", "produces": [ "application/json" ], "tags": [ - "Risk Templates" - ], - "summary": "Get risk template", - "parameters": [ - { - "type": "string", - "description": "Risk Template ID", - "name": "id", - "in": "path", - "required": true - } + "Users" ], + "summary": "Get digest subscription status", "responses": { "200": { "description": "OK", "schema": { - "$ref": "#/definitions/templates.riskTemplateDataResponse" + "$ref": "#/definitions/handler.GenericDataResponse-handler_UserHandler" } }, - "400": { - "description": "Bad Request", + "401": { + "description": "Unauthorized", "schema": { "$ref": "#/definitions/api.Error" } @@ -17209,7 +16431,7 @@ const docTemplate = `{ ] }, "put": { - "description": "Update a risk template and atomically replace threat refs and remediation tasks.", + "description": "Updates the current user's digest email subscription status", "consumes": [ "application/json" ], @@ -17217,24 +16439,17 @@ const docTemplate = `{ "application/json" ], "tags": [ - "Risk Templates" + "Users" ], - "summary": "Update risk template", + "summary": "Update digest subscription status", "parameters": [ { - "type": "string", - "description": "Risk Template ID", - "name": "id", - "in": "path", - "required": true - }, - { - "description": "Risk template payload", - "name": "template", + "description": "Subscription status", + "name": "subscription", "in": "body", "required": true, "schema": { - "$ref": "#/definitions/templates.upsertRiskTemplateRequest" + "$ref": "#/definitions/handler.UserHandler" } } ], @@ -17242,7 +16457,7 @@ const docTemplate = `{ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/templates.riskTemplateDataResponse" + "$ref": "#/definitions/handler.GenericDataResponse-handler_UserHandler" } }, "400": { @@ -17251,49 +16466,8 @@ const docTemplate = `{ "$ref": "#/definitions/api.Error" } }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - }, - "delete": { - "description": "Delete a risk template and its associated threat references and remediation data.", - "produces": [ - "application/json" - ], - "tags": [ - "Risk Templates" - ], - "summary": "Delete risk template", - "parameters": [ - { - "type": "string", - "description": "Risk Template ID", - "name": "id", - "in": "path", - "required": true - } - ], - "responses": { - "204": { - "description": "No Content" - }, - "400": { - "description": "Bad Request", + "401": { + "description": "Unauthorized", "schema": { "$ref": "#/definitions/api.Error" } @@ -17318,124 +16492,9 @@ const docTemplate = `{ ] } }, - "/risks": { - "get": { - "description": "Lists risk register entries with filtering, sorting, and pagination.", - "produces": [ - "application/json" - ], - "tags": [ - "Risks" - ], - "summary": "List risks", - "parameters": [ - { - "type": "string", - "description": "Risk status", - "name": "status", - "in": "query" - }, - { - "type": "string", - "description": "Risk likelihood", - "name": "likelihood", - "in": "query" - }, - { - "type": "string", - "description": "Risk impact", - "name": "impact", - "in": "query" - }, - { - "type": "string", - "description": "SSP ID", - "name": "sspId", - "in": "query" - }, - { - "type": "string", - "description": "Control ID", - "name": "controlId", - "in": "query" - }, - { - "type": "string", - "description": "Evidence ID", - "name": "evidenceId", - "in": "query" - }, - { - "type": "string", - "description": "Owner kind", - "name": "ownerKind", - "in": "query" - }, - { - "type": "string", - "description": "Owner reference", - "name": "ownerRef", - "in": "query" - }, - { - "type": "string", - "description": "Review deadline upper bound (RFC3339)", - "name": "reviewDeadlineBefore", - "in": "query" - }, - { - "type": "integer", - "description": "Page number", - "name": "page", - "in": "query" - }, - { - "type": "integer", - "description": "Page size", - "name": "limit", - "in": "query" - }, - { - "type": "string", - "description": "Sort field", - "name": "sort", - "in": "query" - }, - { - "type": "string", - "description": "Sort order (asc|desc)", - "name": "order", - "in": "query" - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/service.ListResponse-handler_riskResponse" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - }, + "/users/{id}/change-password": { "post": { - "description": "Creates a risk register entry.", + "description": "Changes the password for a user by ID", "consumes": [ "application/json" ], @@ -17443,26 +16502,30 @@ const docTemplate = `{ "application/json" ], "tags": [ - "Risks" + "Users" ], - "summary": "Create risk", + "summary": "Change password for a specific user", "parameters": [ { - "description": "Risk payload", - "name": "risk", + "type": "string", + "description": "User ID", + "name": "id", + "in": "path", + "required": true + }, + { + "description": "Change Password Request", + "name": "changePasswordRequest", "in": "body", "required": true, "schema": { - "$ref": "#/definitions/handler.createRiskRequest" + "$ref": "#/definitions/handler.UserHandler" } } ], "responses": { - "201": { - "description": "Created", - "schema": { - "$ref": "#/definitions/handler.GenericDataResponse-handler_riskResponse" - } + "204": { + "description": "No Content" }, "400": { "description": "Bad Request", @@ -17476,6 +16539,12 @@ const docTemplate = `{ "$ref": "#/definitions/api.Error" } }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, "500": { "description": "Internal Server Error", "schema": { @@ -17489,7362 +16558,94 @@ const docTemplate = `{ } ] } + } + }, + "definitions": { + "api.Error": { + "type": "object", + "properties": { + "errors": { + "type": "object", + "additionalProperties": {} + } + } }, - "/risks/{id}": { - "get": { - "description": "Retrieves a risk register entry by ID.", - "produces": [ - "application/json" - ], - "tags": [ - "Risks" - ], - "summary": "Get risk", - "parameters": [ - { - "type": "string", - "description": "Risk ID", - "name": "id", - "in": "path", - "required": true - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/handler.GenericDataResponse-handler_riskResponse" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - }, - "put": { - "description": "Updates a risk register entry by ID.", - "consumes": [ - "application/json" - ], - "produces": [ - "application/json" - ], - "tags": [ - "Risks" - ], - "summary": "Update risk", - "parameters": [ - { - "type": "string", - "description": "Risk ID", - "name": "id", - "in": "path", - "required": true - }, - { - "description": "Risk payload", - "name": "risk", - "in": "body", - "required": true, - "schema": { - "$ref": "#/definitions/handler.updateRiskRequest" - } - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/handler.GenericDataResponse-handler_riskResponse" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - }, - "delete": { - "description": "Deletes a risk register entry and link rows by ID.", - "tags": [ - "Risks" - ], - "summary": "Delete risk", - "parameters": [ - { - "type": "string", - "description": "Risk ID", - "name": "id", - "in": "path", - "required": true - } - ], - "responses": { - "204": { - "description": "No Content" - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - } - }, - "/risks/{id}/accept": { - "post": { - "description": "Accepts a risk with required justification and a future review deadline.", - "consumes": [ - "application/json" - ], - "produces": [ - "application/json" - ], - "tags": [ - "Risks" - ], - "summary": "Accept risk", - "parameters": [ - { - "type": "string", - "description": "Risk ID", - "name": "id", - "in": "path", - "required": true - }, - { - "description": "Accept payload", - "name": "body", - "in": "body", - "required": true, - "schema": { - "$ref": "#/definitions/handler.acceptRiskRequest" - } - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/handler.GenericDataResponse-handler_riskResponse" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - } - }, - "/risks/{id}/components": { - "get": { - "description": "Lists components linked to a risk.", - "produces": [ - "application/json" - ], - "tags": [ - "Risks" - ], - "summary": "List risk component links", - "parameters": [ - { - "type": "string", - "description": "Risk ID", - "name": "id", - "in": "path", - "required": true - }, - { - "type": "integer", - "description": "Page number", - "name": "page", - "in": "query" - }, - { - "type": "integer", - "description": "Page size", - "name": "limit", - "in": "query" - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/service.ListResponse-risks_RiskComponentLink" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - }, - "post": { - "description": "Idempotently links a component to a risk.", - "consumes": [ - "application/json" - ], - "produces": [ - "application/json" - ], - "tags": [ - "Risks" - ], - "summary": "Link component to risk", - "parameters": [ - { - "type": "string", - "description": "Risk ID", - "name": "id", - "in": "path", - "required": true - }, - { - "description": "Component link payload", - "name": "link", - "in": "body", - "required": true, - "schema": { - "$ref": "#/definitions/handler.addComponentLinkRequest" - } - } - ], - "responses": { - "201": { - "description": "Created", - "schema": { - "$ref": "#/definitions/handler.GenericDataResponse-risks_RiskComponentLink" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - } - }, - "/risks/{id}/controls": { - "get": { - "description": "Lists controls linked to a risk.", - "produces": [ - "application/json" - ], - "tags": [ - "Risks" - ], - "summary": "List risk control links", - "parameters": [ - { - "type": "string", - "description": "Risk ID", - "name": "id", - "in": "path", - "required": true - }, - { - "type": "integer", - "description": "Page number", - "name": "page", - "in": "query" - }, - { - "type": "integer", - "description": "Page size", - "name": "limit", - "in": "query" - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/service.ListResponse-risks_RiskControlLink" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - }, - "post": { - "description": "Idempotently links a control to a risk.", - "consumes": [ - "application/json" - ], - "produces": [ - "application/json" - ], - "tags": [ - "Risks" - ], - "summary": "Link control to risk", - "parameters": [ - { - "type": "string", - "description": "Risk ID", - "name": "id", - "in": "path", - "required": true - }, - { - "description": "Control link payload", - "name": "link", - "in": "body", - "required": true, - "schema": { - "$ref": "#/definitions/handler.addControlLinkRequest" - } - } - ], - "responses": { - "201": { - "description": "Created", - "schema": { - "$ref": "#/definitions/handler.GenericDataResponse-risks_RiskControlLink" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - } - }, - "/risks/{id}/evidence": { - "get": { - "description": "Lists evidence IDs linked to a risk.", - "produces": [ - "application/json" - ], - "tags": [ - "Risks" - ], - "summary": "List risk evidence links", - "parameters": [ - { - "type": "string", - "description": "Risk ID", - "name": "id", - "in": "path", - "required": true - }, - { - "type": "integer", - "description": "Page number", - "name": "page", - "in": "query" - }, - { - "type": "integer", - "description": "Page size", - "name": "limit", - "in": "query" - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/service.ListResponse-uuid_UUID" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - }, - "post": { - "description": "Idempotently links an evidence item to a risk.", - "consumes": [ - "application/json" - ], - "produces": [ - "application/json" - ], - "tags": [ - "Risks" - ], - "summary": "Link evidence to risk", - "parameters": [ - { - "type": "string", - "description": "Risk ID", - "name": "id", - "in": "path", - "required": true - }, - { - "description": "Evidence link payload", - "name": "link", - "in": "body", - "required": true, - "schema": { - "$ref": "#/definitions/handler.addEvidenceLinkRequest" - } - } - ], - "responses": { - "201": { - "description": "Created", - "schema": { - "$ref": "#/definitions/handler.GenericDataResponse-risks_RiskEvidenceLink" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - } - }, - "/risks/{id}/evidence/{evidenceId}": { - "delete": { - "description": "Deletes the link between a risk and evidence item.", - "tags": [ - "Risks" - ], - "summary": "Delete risk evidence link", - "parameters": [ - { - "type": "string", - "description": "Risk ID", - "name": "id", - "in": "path", - "required": true - }, - { - "type": "string", - "description": "Evidence ID", - "name": "evidenceId", - "in": "path", - "required": true - } - ], - "responses": { - "204": { - "description": "No Content" - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - } - }, - "/risks/{id}/review": { - "post": { - "description": "Records a structured review for an accepted risk. nextReviewDeadline is required for decision=extend and must be omitted for decision=reopen.", - "consumes": [ - "application/json" - ], - "produces": [ - "application/json" - ], - "tags": [ - "Risks" - ], - "summary": "Review risk", - "parameters": [ - { - "type": "string", - "description": "Risk ID", - "name": "id", - "in": "path", - "required": true - }, - { - "description": "Review payload", - "name": "body", - "in": "body", - "required": true, - "schema": { - "$ref": "#/definitions/handler.reviewRiskRequest" - } - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/handler.GenericDataResponse-handler_riskResponse" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - } - }, - "/risks/{id}/subjects": { - "get": { - "description": "Lists subjects linked to a risk.", - "produces": [ - "application/json" - ], - "tags": [ - "Risks" - ], - "summary": "List risk subject links", - "parameters": [ - { - "type": "string", - "description": "Risk ID", - "name": "id", - "in": "path", - "required": true - }, - { - "type": "integer", - "description": "Page number", - "name": "page", - "in": "query" - }, - { - "type": "integer", - "description": "Page size", - "name": "limit", - "in": "query" - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/service.ListResponse-risks_RiskSubjectLink" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - }, - "post": { - "description": "Idempotently links a subject to a risk.", - "consumes": [ - "application/json" - ], - "produces": [ - "application/json" - ], - "tags": [ - "Risks" - ], - "summary": "Link subject to risk", - "parameters": [ - { - "type": "string", - "description": "Risk ID", - "name": "id", - "in": "path", - "required": true - }, - { - "description": "Subject link payload", - "name": "link", - "in": "body", - "required": true, - "schema": { - "$ref": "#/definitions/handler.addSubjectLinkRequest" - } - } - ], - "responses": { - "201": { - "description": "Created", - "schema": { - "$ref": "#/definitions/handler.GenericDataResponse-risks_RiskSubjectLink" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - } - }, - "/ssp/{sspId}/risks": { - "get": { - "description": "Lists risk register entries scoped to an SSP.", - "produces": [ - "application/json" - ], - "tags": [ - "Risks" - ], - "summary": "List risks for SSP", - "parameters": [ - { - "type": "string", - "description": "SSP ID", - "name": "sspId", - "in": "path", - "required": true - }, - { - "type": "string", - "description": "Risk status", - "name": "status", - "in": "query" - }, - { - "type": "string", - "description": "Risk likelihood", - "name": "likelihood", - "in": "query" - }, - { - "type": "string", - "description": "Risk impact", - "name": "impact", - "in": "query" - }, - { - "type": "string", - "description": "Control ID", - "name": "controlId", - "in": "query" - }, - { - "type": "string", - "description": "Evidence ID", - "name": "evidenceId", - "in": "query" - }, - { - "type": "string", - "description": "Owner kind", - "name": "ownerKind", - "in": "query" - }, - { - "type": "string", - "description": "Owner reference", - "name": "ownerRef", - "in": "query" - }, - { - "type": "string", - "description": "Review deadline upper bound (RFC3339)", - "name": "reviewDeadlineBefore", - "in": "query" - }, - { - "type": "integer", - "description": "Page number", - "name": "page", - "in": "query" - }, - { - "type": "integer", - "description": "Page size", - "name": "limit", - "in": "query" - }, - { - "type": "string", - "description": "Sort field", - "name": "sort", - "in": "query" - }, - { - "type": "string", - "description": "Sort order (asc|desc)", - "name": "order", - "in": "query" - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/service.ListResponse-handler_riskResponse" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - }, - "post": { - "description": "Creates a risk register entry scoped to an SSP.", - "consumes": [ - "application/json" - ], - "produces": [ - "application/json" - ], - "tags": [ - "Risks" - ], - "summary": "Create risk for SSP", - "parameters": [ - { - "type": "string", - "description": "SSP ID", - "name": "sspId", - "in": "path", - "required": true - }, - { - "description": "Risk payload", - "name": "risk", - "in": "body", - "required": true, - "schema": { - "$ref": "#/definitions/handler.createRiskRequest" - } - } - ], - "responses": { - "201": { - "description": "Created", - "schema": { - "$ref": "#/definitions/handler.GenericDataResponse-handler_riskResponse" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - } - }, - "/ssp/{sspId}/risks/{id}": { - "get": { - "description": "Retrieves a risk register entry by ID scoped to an SSP.", - "produces": [ - "application/json" - ], - "tags": [ - "Risks" - ], - "summary": "Get risk for SSP", - "parameters": [ - { - "type": "string", - "description": "SSP ID", - "name": "sspId", - "in": "path", - "required": true - }, - { - "type": "string", - "description": "Risk ID", - "name": "id", - "in": "path", - "required": true - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/handler.GenericDataResponse-handler_riskResponse" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - }, - "put": { - "description": "Updates a risk register entry by ID scoped to an SSP.", - "consumes": [ - "application/json" - ], - "produces": [ - "application/json" - ], - "tags": [ - "Risks" - ], - "summary": "Update risk for SSP", - "parameters": [ - { - "type": "string", - "description": "SSP ID", - "name": "sspId", - "in": "path", - "required": true - }, - { - "type": "string", - "description": "Risk ID", - "name": "id", - "in": "path", - "required": true - }, - { - "description": "Risk payload", - "name": "risk", - "in": "body", - "required": true, - "schema": { - "$ref": "#/definitions/handler.updateRiskRequest" - } - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/handler.GenericDataResponse-handler_riskResponse" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - }, - "delete": { - "description": "Deletes a risk register entry by ID scoped to an SSP.", - "tags": [ - "Risks" - ], - "summary": "Delete risk for SSP", - "parameters": [ - { - "type": "string", - "description": "SSP ID", - "name": "sspId", - "in": "path", - "required": true - }, - { - "type": "string", - "description": "Risk ID", - "name": "id", - "in": "path", - "required": true - } - ], - "responses": { - "204": { - "description": "No Content" - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - } - }, - "/ssp/{sspId}/risks/{id}/accept": { - "post": { - "description": "Accepts a risk by ID scoped to an SSP.", - "consumes": [ - "application/json" - ], - "produces": [ - "application/json" - ], - "tags": [ - "Risks" - ], - "summary": "Accept risk for SSP", - "parameters": [ - { - "type": "string", - "description": "SSP ID", - "name": "sspId", - "in": "path", - "required": true - }, - { - "type": "string", - "description": "Risk ID", - "name": "id", - "in": "path", - "required": true - }, - { - "description": "Accept payload", - "name": "body", - "in": "body", - "required": true, - "schema": { - "$ref": "#/definitions/handler.acceptRiskRequest" - } - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/handler.GenericDataResponse-handler_riskResponse" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - } - }, - "/ssp/{sspId}/risks/{id}/review": { - "post": { - "description": "Records a risk review by ID scoped to an SSP. nextReviewDeadline is required for decision=extend and must be omitted for decision=reopen.", - "consumes": [ - "application/json" - ], - "produces": [ - "application/json" - ], - "tags": [ - "Risks" - ], - "summary": "Review risk for SSP", - "parameters": [ - { - "type": "string", - "description": "SSP ID", - "name": "sspId", - "in": "path", - "required": true - }, - { - "type": "string", - "description": "Risk ID", - "name": "id", - "in": "path", - "required": true - }, - { - "description": "Review payload", - "name": "body", - "in": "body", - "required": true, - "schema": { - "$ref": "#/definitions/handler.reviewRiskRequest" - } - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/handler.GenericDataResponse-handler_riskResponse" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - } - }, - "/subject-templates": { - "get": { - "description": "List subject templates with optional filters and pagination.", - "produces": [ - "application/json" - ], - "tags": [ - "Subject Templates" - ], - "summary": "List subject templates", - "parameters": [ - { - "type": "string", - "description": "Subject type", - "name": "type", - "in": "query" - }, - { - "type": "string", - "description": "Source mode", - "name": "sourceMode", - "in": "query" - }, - { - "type": "integer", - "description": "Page number", - "name": "page", - "in": "query" - }, - { - "type": "integer", - "description": "Page size", - "name": "limit", - "in": "query" - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/service.ListResponse-templates_subjectTemplateResponse" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - }, - "post": { - "description": "Create a subject template with selector labels and label schema.", - "consumes": [ - "application/json" - ], - "produces": [ - "application/json" - ], - "tags": [ - "Subject Templates" - ], - "summary": "Create subject template", - "parameters": [ - { - "description": "Subject template payload", - "name": "template", - "in": "body", - "required": true, - "schema": { - "$ref": "#/definitions/templates.upsertSubjectTemplateRequest" - } - } - ], - "responses": { - "201": { - "description": "Created", - "schema": { - "$ref": "#/definitions/templates.subjectTemplateDataResponse" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - } - }, - "/subject-templates/{id}": { - "get": { - "description": "Get a subject template by ID.", - "produces": [ - "application/json" - ], - "tags": [ - "Subject Templates" - ], - "summary": "Get subject template", - "parameters": [ - { - "type": "string", - "description": "Subject Template ID", - "name": "id", - "in": "path", - "required": true - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/templates.subjectTemplateDataResponse" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - }, - "put": { - "description": "Update a subject template and atomically replace selector labels and label schema.", - "consumes": [ - "application/json" - ], - "produces": [ - "application/json" - ], - "tags": [ - "Subject Templates" - ], - "summary": "Update subject template", - "parameters": [ - { - "type": "string", - "description": "Subject Template ID", - "name": "id", - "in": "path", - "required": true - }, - { - "description": "Subject template payload", - "name": "template", - "in": "body", - "required": true, - "schema": { - "$ref": "#/definitions/templates.upsertSubjectTemplateRequest" - } - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/templates.subjectTemplateDataResponse" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - } - }, - "/users/me": { - "get": { - "description": "Retrieves the details of the currently logged-in user", - "produces": [ - "application/json" - ], - "tags": [ - "Users" - ], - "summary": "Get logged-in user details", - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/handler.GenericDataResponse-relational_User" - } - }, - "401": { - "description": "Unauthorized", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - } - }, - "/users/me/change-password": { - "post": { - "description": "Changes the password for the currently logged-in user", - "consumes": [ - "application/json" - ], - "produces": [ - "application/json" - ], - "tags": [ - "Users" - ], - "summary": "Change password for logged-in user", - "parameters": [ - { - "description": "Change Password Request", - "name": "changePasswordRequest", - "in": "body", - "required": true, - "schema": { - "$ref": "#/definitions/handler.UserHandler" - } - } - ], - "responses": { - "204": { - "description": "No Content" - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "401": { - "description": "Unauthorized", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - } - }, - "/users/me/subscriptions": { - "get": { - "description": "Gets the current user's digest and workflow notification email preferences", - "produces": [ - "application/json" - ], - "tags": [ - "Users" - ], - "summary": "Get notification preferences", - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/handler.GenericDataResponse-handler_SubscriptionsResponse" - } - }, - "401": { - "description": "Unauthorized", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - }, - "put": { - "description": "Updates the current user's digest and workflow notification email preferences", - "consumes": [ - "application/json" - ], - "produces": [ - "application/json" - ], - "tags": [ - "Users" - ], - "summary": "Update notification preferences", - "parameters": [ - { - "description": "Notification preferences", - "name": "subscription", - "in": "body", - "required": true, - "schema": { - "$ref": "#/definitions/handler.UpdateSubscriptionsRequest" - } - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/handler.GenericDataResponse-handler_SubscriptionsResponse" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "401": { - "description": "Unauthorized", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - } - }, - "/users/{id}/change-password": { - "post": { - "description": "Changes the password for a user by ID", - "consumes": [ - "application/json" - ], - "produces": [ - "application/json" - ], - "tags": [ - "Users" - ], - "summary": "Change password for a specific user", - "parameters": [ - { - "type": "string", - "description": "User ID", - "name": "id", - "in": "path", - "required": true - }, - { - "description": "Change Password Request", - "name": "changePasswordRequest", - "in": "body", - "required": true, - "schema": { - "$ref": "#/definitions/handler.UserHandler" - } - } - ], - "responses": { - "204": { - "description": "No Content" - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "401": { - "description": "Unauthorized", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - } - }, - "/workflows/control-relationships": { - "get": { - "description": "List all control relationships, optionally filtered by workflow definition", - "produces": [ - "application/json" - ], - "tags": [ - "Control Relationships" - ], - "summary": "List control relationships", - "parameters": [ - { - "type": "string", - "description": "Workflow Definition ID", - "name": "workflow_definition_id", - "in": "query" - }, - { - "type": "string", - "description": "Control ID", - "name": "control_id", - "in": "query" - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/workflows.ControlRelationshipListResponse" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "401": { - "description": "Unauthorized", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - }, - "post": { - "description": "Create a new control relationship for a workflow", - "consumes": [ - "application/json" - ], - "produces": [ - "application/json" - ], - "tags": [ - "Control Relationships" - ], - "summary": "Create control relationship", - "parameters": [ - { - "description": "Control relationship details", - "name": "request", - "in": "body", - "required": true, - "schema": { - "$ref": "#/definitions/workflows.CreateControlRelationshipRequest" - } - } - ], - "responses": { - "201": { - "description": "Created", - "schema": { - "$ref": "#/definitions/workflows.ControlRelationshipResponse" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "401": { - "description": "Unauthorized", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - } - }, - "/workflows/control-relationships/{id}": { - "get": { - "description": "Get control relationship by ID", - "produces": [ - "application/json" - ], - "tags": [ - "Control Relationships" - ], - "summary": "Get control relationship", - "parameters": [ - { - "type": "string", - "description": "Control Relationship ID", - "name": "id", - "in": "path", - "required": true - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/workflows.ControlRelationshipResponse" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "401": { - "description": "Unauthorized", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - }, - "put": { - "description": "Update an existing control relationship", - "consumes": [ - "application/json" - ], - "produces": [ - "application/json" - ], - "tags": [ - "Control Relationships" - ], - "summary": "Update control relationship", - "parameters": [ - { - "type": "string", - "description": "Control Relationship ID", - "name": "id", - "in": "path", - "required": true - }, - { - "description": "Update details", - "name": "request", - "in": "body", - "required": true, - "schema": { - "$ref": "#/definitions/workflows.UpdateControlRelationshipRequest" - } - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/workflows.ControlRelationshipResponse" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "401": { - "description": "Unauthorized", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - }, - "delete": { - "description": "Delete a control relationship", - "tags": [ - "Control Relationships" - ], - "summary": "Delete control relationship", - "parameters": [ - { - "type": "string", - "description": "Control Relationship ID", - "name": "id", - "in": "path", - "required": true - } - ], - "responses": { - "204": { - "description": "No Content" - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "401": { - "description": "Unauthorized", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - } - }, - "/workflows/control-relationships/{id}/activate": { - "put": { - "description": "Activate a control relationship", - "produces": [ - "application/json" - ], - "tags": [ - "Control Relationships" - ], - "summary": "Activate control relationship", - "parameters": [ - { - "type": "string", - "description": "Control Relationship ID", - "name": "id", - "in": "path", - "required": true - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/workflows.ControlRelationshipResponse" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "401": { - "description": "Unauthorized", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - } - }, - "/workflows/control-relationships/{id}/deactivate": { - "put": { - "description": "Deactivate a control relationship", - "produces": [ - "application/json" - ], - "tags": [ - "Control Relationships" - ], - "summary": "Deactivate control relationship", - "parameters": [ - { - "type": "string", - "description": "Control Relationship ID", - "name": "id", - "in": "path", - "required": true - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/workflows.ControlRelationshipResponse" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "401": { - "description": "Unauthorized", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - } - }, - "/workflows/definitions": { - "get": { - "description": "List all workflow definition templates", - "produces": [ - "application/json" - ], - "tags": [ - "Workflow Definitions" - ], - "summary": "List workflow definitions", - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/workflows.WorkflowDefinitionListResponse" - } - }, - "401": { - "description": "Unauthorized", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - }, - "post": { - "description": "Create a new workflow definition template", - "consumes": [ - "application/json" - ], - "produces": [ - "application/json" - ], - "tags": [ - "Workflow Definitions" - ], - "summary": "Create workflow definition", - "parameters": [ - { - "description": "Workflow definition details", - "name": "request", - "in": "body", - "required": true, - "schema": { - "$ref": "#/definitions/workflows.CreateWorkflowDefinitionRequest" - } - } - ], - "responses": { - "201": { - "description": "Created", - "schema": { - "$ref": "#/definitions/workflows.WorkflowDefinitionResponse" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "401": { - "description": "Unauthorized", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - } - }, - "/workflows/definitions/{id}": { - "get": { - "description": "Get workflow definition by ID", - "produces": [ - "application/json" - ], - "tags": [ - "Workflow Definitions" - ], - "summary": "Get workflow definition", - "parameters": [ - { - "type": "string", - "description": "Workflow Definition ID", - "name": "id", - "in": "path", - "required": true - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/workflows.WorkflowDefinitionResponse" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "401": { - "description": "Unauthorized", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - }, - "put": { - "description": "Update workflow definition by ID", - "consumes": [ - "application/json" - ], - "produces": [ - "application/json" - ], - "tags": [ - "Workflow Definitions" - ], - "summary": "Update workflow definition", - "parameters": [ - { - "type": "string", - "description": "Workflow Definition ID", - "name": "id", - "in": "path", - "required": true - }, - { - "description": "Updated workflow definition details", - "name": "request", - "in": "body", - "required": true, - "schema": { - "$ref": "#/definitions/workflows.UpdateWorkflowDefinitionRequest" - } - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/workflows.WorkflowDefinitionResponse" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "401": { - "description": "Unauthorized", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - }, - "delete": { - "description": "Delete workflow definition by ID", - "produces": [ - "application/json" - ], - "tags": [ - "Workflow Definitions" - ], - "summary": "Delete workflow definition", - "parameters": [ - { - "type": "string", - "description": "Workflow Definition ID", - "name": "id", - "in": "path", - "required": true - } - ], - "responses": { - "204": { - "description": "No Content" - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "401": { - "description": "Unauthorized", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - } - }, - "/workflows/executions": { - "get": { - "description": "List all executions for a workflow instance", - "produces": [ - "application/json" - ], - "tags": [ - "Workflow Executions" - ], - "summary": "List workflow executions", - "parameters": [ - { - "type": "string", - "description": "Workflow Instance ID", - "name": "workflow_instance_id", - "in": "query", - "required": true - }, - { - "type": "integer", - "description": "Limit", - "name": "limit", - "in": "query" - }, - { - "type": "integer", - "description": "Offset", - "name": "offset", - "in": "query" - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/workflows.WorkflowExecutionListResponse" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "401": { - "description": "Unauthorized", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - }, - "post": { - "description": "Start a new execution of a workflow instance", - "consumes": [ - "application/json" - ], - "produces": [ - "application/json" - ], - "tags": [ - "Workflow Executions" - ], - "summary": "Start workflow execution", - "parameters": [ - { - "description": "Execution details", - "name": "request", - "in": "body", - "required": true, - "schema": { - "$ref": "#/definitions/workflows.StartWorkflowExecutionRequest" - } - } - ], - "responses": { - "201": { - "description": "Created", - "schema": { - "$ref": "#/definitions/workflows.WorkflowExecutionResponse" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "401": { - "description": "Unauthorized", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - } - }, - "/workflows/executions/{id}": { - "get": { - "description": "Get workflow execution by ID", - "produces": [ - "application/json" - ], - "tags": [ - "Workflow Executions" - ], - "summary": "Get workflow execution", - "parameters": [ - { - "type": "string", - "description": "Workflow Execution ID", - "name": "id", - "in": "path", - "required": true - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/workflows.WorkflowExecutionResponse" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "401": { - "description": "Unauthorized", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - } - }, - "/workflows/executions/{id}/cancel": { - "put": { - "description": "Cancel a running workflow execution", - "consumes": [ - "application/json" - ], - "produces": [ - "application/json" - ], - "tags": [ - "Workflow Executions" - ], - "summary": "Cancel workflow execution", - "parameters": [ - { - "type": "string", - "description": "Workflow Execution ID", - "name": "id", - "in": "path", - "required": true - }, - { - "description": "Cancel details", - "name": "request", - "in": "body", - "required": true, - "schema": { - "$ref": "#/definitions/workflows.CancelWorkflowExecutionRequest" - } - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/workflows.WorkflowExecutionResponse" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "401": { - "description": "Unauthorized", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - } - }, - "/workflows/executions/{id}/metrics": { - "get": { - "description": "Get performance metrics for a workflow execution", - "produces": [ - "application/json" - ], - "tags": [ - "Workflow Executions" - ], - "summary": "Get workflow execution metrics", - "parameters": [ - { - "type": "string", - "description": "Workflow Execution ID", - "name": "id", - "in": "path", - "required": true - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/workflows.WorkflowExecutionMetricsResponse" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "401": { - "description": "Unauthorized", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - } - }, - "/workflows/executions/{id}/reassign-role": { - "put": { - "description": "Reassign eligible steps in an execution for a given role", - "consumes": [ - "application/json" - ], - "produces": [ - "application/json" - ], - "tags": [ - "Workflow Executions" - ], - "summary": "Bulk reassign steps by role", - "parameters": [ - { - "type": "string", - "description": "Workflow Execution ID", - "name": "id", - "in": "path", - "required": true - }, - { - "description": "Bulk reassignment details", - "name": "request", - "in": "body", - "required": true, - "schema": { - "$ref": "#/definitions/workflows.ReassignRoleRequest" - } - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/workflows.BulkReassignRoleResponse" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "401": { - "description": "Unauthorized", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - } - }, - "/workflows/executions/{id}/retry": { - "post": { - "description": "Create a new execution to retry a failed workflow", - "produces": [ - "application/json" - ], - "tags": [ - "Workflow Executions" - ], - "summary": "Retry workflow execution", - "parameters": [ - { - "type": "string", - "description": "Workflow Execution ID", - "name": "id", - "in": "path", - "required": true - } - ], - "responses": { - "201": { - "description": "Created", - "schema": { - "$ref": "#/definitions/workflows.WorkflowExecutionResponse" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "401": { - "description": "Unauthorized", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - } - }, - "/workflows/executions/{id}/status": { - "get": { - "description": "Get detailed status of a workflow execution including step counts", - "produces": [ - "application/json" - ], - "tags": [ - "Workflow Executions" - ], - "summary": "Get workflow execution status", - "parameters": [ - { - "type": "string", - "description": "Workflow Execution ID", - "name": "id", - "in": "path", - "required": true - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/workflows.WorkflowExecutionStatusResponse" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "401": { - "description": "Unauthorized", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - } - }, - "/workflows/instances": { - "get": { - "description": "List all workflow instances with optional filtering", - "produces": [ - "application/json" - ], - "tags": [ - "Workflow Instances" - ], - "summary": "List workflow instances", - "parameters": [ - { - "type": "string", - "description": "Filter by Workflow Definition ID", - "name": "workflow_definition_id", - "in": "query" - }, - { - "type": "string", - "description": "Filter by System Security Plan ID", - "name": "system_security_plan_id", - "in": "query" - }, - { - "type": "boolean", - "description": "Filter by Active Status", - "name": "is_active", - "in": "query" - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/workflows.WorkflowInstanceListResponse" - } - }, - "401": { - "description": "Unauthorized", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - }, - "post": { - "description": "Create a new workflow instance for a specific system", - "consumes": [ - "application/json" - ], - "produces": [ - "application/json" - ], - "tags": [ - "Workflow Instances" - ], - "summary": "Create workflow instance", - "parameters": [ - { - "description": "Workflow instance details", - "name": "request", - "in": "body", - "required": true, - "schema": { - "$ref": "#/definitions/workflows.CreateWorkflowInstanceRequest" - } - } - ], - "responses": { - "201": { - "description": "Created", - "schema": { - "$ref": "#/definitions/workflows.WorkflowInstanceResponse" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "401": { - "description": "Unauthorized", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - } - }, - "/workflows/instances/{id}": { - "get": { - "description": "Get workflow instance by ID", - "produces": [ - "application/json" - ], - "tags": [ - "Workflow Instances" - ], - "summary": "Get workflow instance", - "parameters": [ - { - "type": "string", - "description": "Workflow Instance ID", - "name": "id", - "in": "path", - "required": true - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/workflows.WorkflowInstanceResponse" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "401": { - "description": "Unauthorized", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - }, - "put": { - "description": "Update workflow instance by ID", - "consumes": [ - "application/json" - ], - "produces": [ - "application/json" - ], - "tags": [ - "Workflow Instances" - ], - "summary": "Update workflow instance", - "parameters": [ - { - "type": "string", - "description": "Workflow Instance ID", - "name": "id", - "in": "path", - "required": true - }, - { - "description": "Updated workflow instance details", - "name": "request", - "in": "body", - "required": true, - "schema": { - "$ref": "#/definitions/workflows.UpdateWorkflowInstanceRequest" - } - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/workflows.WorkflowInstanceResponse" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "401": { - "description": "Unauthorized", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - }, - "delete": { - "description": "Delete workflow instance by ID", - "produces": [ - "application/json" - ], - "tags": [ - "Workflow Instances" - ], - "summary": "Delete workflow instance", - "parameters": [ - { - "type": "string", - "description": "Workflow Instance ID", - "name": "id", - "in": "path", - "required": true - } - ], - "responses": { - "204": { - "description": "No Content" - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "401": { - "description": "Unauthorized", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - } - }, - "/workflows/instances/{id}/activate": { - "put": { - "description": "Activate a workflow instance to enable scheduled executions", - "produces": [ - "application/json" - ], - "tags": [ - "Workflow Instances" - ], - "summary": "Activate workflow instance", - "parameters": [ - { - "type": "string", - "description": "Workflow Instance ID", - "name": "id", - "in": "path", - "required": true - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/workflows.WorkflowInstanceResponse" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "401": { - "description": "Unauthorized", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - } - }, - "/workflows/instances/{id}/deactivate": { - "put": { - "description": "Deactivate a workflow instance to disable scheduled executions", - "produces": [ - "application/json" - ], - "tags": [ - "Workflow Instances" - ], - "summary": "Deactivate workflow instance", - "parameters": [ - { - "type": "string", - "description": "Workflow Instance ID", - "name": "id", - "in": "path", - "required": true - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/workflows.WorkflowInstanceResponse" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "401": { - "description": "Unauthorized", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - } - }, - "/workflows/role-assignments": { - "get": { - "description": "List all role assignments, optionally filtered by workflow instance", - "produces": [ - "application/json" - ], - "tags": [ - "Role Assignments" - ], - "summary": "List role assignments", - "parameters": [ - { - "type": "string", - "description": "Workflow Instance ID", - "name": "workflow_instance_id", - "in": "query" - }, - { - "type": "string", - "description": "Role Name", - "name": "role_name", - "in": "query" - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/workflows.RoleAssignmentListResponse" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "401": { - "description": "Unauthorized", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - }, - "post": { - "description": "Create a new role assignment for a workflow instance", - "consumes": [ - "application/json" - ], - "produces": [ - "application/json" - ], - "tags": [ - "Role Assignments" - ], - "summary": "Create role assignment", - "parameters": [ - { - "description": "Role assignment details", - "name": "request", - "in": "body", - "required": true, - "schema": { - "$ref": "#/definitions/workflows.CreateRoleAssignmentRequest" - } - } - ], - "responses": { - "201": { - "description": "Created", - "schema": { - "$ref": "#/definitions/workflows.RoleAssignmentResponse" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "401": { - "description": "Unauthorized", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - } - }, - "/workflows/role-assignments/{id}": { - "get": { - "description": "Get role assignment by ID", - "produces": [ - "application/json" - ], - "tags": [ - "Role Assignments" - ], - "summary": "Get role assignment", - "parameters": [ - { - "type": "string", - "description": "Role Assignment ID", - "name": "id", - "in": "path", - "required": true - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/workflows.RoleAssignmentResponse" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "401": { - "description": "Unauthorized", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - }, - "put": { - "description": "Update an existing role assignment", - "consumes": [ - "application/json" - ], - "produces": [ - "application/json" - ], - "tags": [ - "Role Assignments" - ], - "summary": "Update role assignment", - "parameters": [ - { - "type": "string", - "description": "Role Assignment ID", - "name": "id", - "in": "path", - "required": true - }, - { - "description": "Update details", - "name": "request", - "in": "body", - "required": true, - "schema": { - "$ref": "#/definitions/workflows.UpdateRoleAssignmentRequest" - } - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/workflows.RoleAssignmentResponse" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "401": { - "description": "Unauthorized", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - }, - "delete": { - "description": "Delete a role assignment", - "tags": [ - "Role Assignments" - ], - "summary": "Delete role assignment", - "parameters": [ - { - "type": "string", - "description": "Role Assignment ID", - "name": "id", - "in": "path", - "required": true - } - ], - "responses": { - "204": { - "description": "No Content" - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "401": { - "description": "Unauthorized", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - } - }, - "/workflows/role-assignments/{id}/activate": { - "put": { - "description": "Activate a role assignment", - "produces": [ - "application/json" - ], - "tags": [ - "Role Assignments" - ], - "summary": "Activate role assignment", - "parameters": [ - { - "type": "string", - "description": "Role Assignment ID", - "name": "id", - "in": "path", - "required": true - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/workflows.RoleAssignmentResponse" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "401": { - "description": "Unauthorized", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - } - }, - "/workflows/role-assignments/{id}/deactivate": { - "put": { - "description": "Deactivate a role assignment", - "produces": [ - "application/json" - ], - "tags": [ - "Role Assignments" - ], - "summary": "Deactivate role assignment", - "parameters": [ - { - "type": "string", - "description": "Role Assignment ID", - "name": "id", - "in": "path", - "required": true - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/workflows.RoleAssignmentResponse" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "401": { - "description": "Unauthorized", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - } - }, - "/workflows/step-executions": { - "get": { - "description": "List all step executions for a workflow execution", - "produces": [ - "application/json" - ], - "tags": [ - "Step Executions" - ], - "summary": "List step executions", - "parameters": [ - { - "type": "string", - "description": "Workflow Execution ID", - "name": "workflow_execution_id", - "in": "query", - "required": true - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/workflows.StepExecutionListResponse" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "401": { - "description": "Unauthorized", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - } - }, - "/workflows/step-executions/my": { - "get": { - "description": "List all step executions assigned to the current user with optional filters and pagination", - "produces": [ - "application/json" - ], - "tags": [ - "Step Executions" - ], - "summary": "List my step assignments", - "parameters": [ - { - "type": "string", - "description": "Filter by status (pending, in_progress, blocked)", - "name": "status", - "in": "query" - }, - { - "type": "string", - "description": "Filter by due date before (RFC3339 format)", - "name": "due_before", - "in": "query" - }, - { - "type": "string", - "description": "Filter by due date after (RFC3339 format)", - "name": "due_after", - "in": "query" - }, - { - "type": "string", - "description": "Filter by workflow definition ID", - "name": "workflow_definition_id", - "in": "query" - }, - { - "type": "integer", - "description": "Limit (default 20, max 100)", - "name": "limit", - "in": "query" - }, - { - "type": "integer", - "description": "Offset (default 0)", - "name": "offset", - "in": "query" - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/workflows.MyAssignmentsResponse" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "401": { - "description": "Unauthorized", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - } - }, - "/workflows/step-executions/{id}": { - "get": { - "description": "Get step execution by ID", - "produces": [ - "application/json" - ], - "tags": [ - "Step Executions" - ], - "summary": "Get step execution", - "parameters": [ - { - "type": "string", - "description": "Step Execution ID", - "name": "id", - "in": "path", - "required": true - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/workflows.StepExecutionResponse" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "401": { - "description": "Unauthorized", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - } - }, - "/workflows/step-executions/{id}/can-transition": { - "get": { - "description": "Check if a user has permission to transition a step execution", - "produces": [ - "application/json" - ], - "tags": [ - "Step Executions" - ], - "summary": "Check if user can transition step", - "parameters": [ - { - "type": "string", - "description": "Step Execution ID", - "name": "id", - "in": "path", - "required": true - }, - { - "type": "string", - "description": "User ID", - "name": "user_id", - "in": "query", - "required": true - }, - { - "type": "string", - "description": "User Type (user, group, email)", - "name": "user_type", - "in": "query", - "required": true - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "type": "object", - "additionalProperties": true - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - } - }, - "/workflows/step-executions/{id}/evidence-requirements": { - "get": { - "description": "Get the evidence requirements for a step execution", - "produces": [ - "application/json" - ], - "tags": [ - "Step Executions" - ], - "summary": "Get evidence requirements for step", - "parameters": [ - { - "type": "string", - "description": "Step Execution ID", - "name": "id", - "in": "path", - "required": true - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "type": "object", - "additionalProperties": true - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - } - }, - "/workflows/step-executions/{id}/fail": { - "put": { - "description": "Mark a step execution as failed with a reason", - "consumes": [ - "application/json" - ], - "produces": [ - "application/json" - ], - "tags": [ - "Step Executions" - ], - "summary": "Fail step execution", - "parameters": [ - { - "type": "string", - "description": "Step Execution ID", - "name": "id", - "in": "path", - "required": true - }, - { - "description": "Failure details", - "name": "request", - "in": "body", - "required": true, - "schema": { - "$ref": "#/definitions/workflows.FailStepRequest" - } - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/workflows.StepExecutionResponse" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "401": { - "description": "Unauthorized", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - } - }, - "/workflows/step-executions/{id}/reassign": { - "put": { - "description": "Reassign a step execution to a new assignee", - "consumes": [ - "application/json" - ], - "produces": [ - "application/json" - ], - "tags": [ - "Step Executions" - ], - "summary": "Reassign step execution", - "parameters": [ - { - "type": "string", - "description": "Step Execution ID", - "name": "id", - "in": "path", - "required": true - }, - { - "description": "Reassignment details", - "name": "request", - "in": "body", - "required": true, - "schema": { - "$ref": "#/definitions/workflows.ReassignStepRequest" - } - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/workflows.StepExecutionResponse" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "401": { - "description": "Unauthorized", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - } - }, - "/workflows/step-executions/{id}/transition": { - "put": { - "description": "Transition a step execution status with role verification and evidence validation", - "consumes": [ - "application/json" - ], - "produces": [ - "application/json" - ], - "tags": [ - "Step Executions" - ], - "summary": "Transition step execution status", - "parameters": [ - { - "type": "string", - "description": "Step Execution ID", - "name": "id", - "in": "path", - "required": true - }, - { - "description": "Transition request", - "name": "request", - "in": "body", - "required": true, - "schema": { - "$ref": "#/definitions/workflows.TransitionStepRequest" - } - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/workflows.StepExecutionResponse" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "401": { - "description": "Unauthorized", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "403": { - "description": "Forbidden", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - } - }, - "/workflows/steps": { - "get": { - "description": "List all step definitions for a workflow definition", - "produces": [ - "application/json" - ], - "tags": [ - "Workflow Step Definitions" - ], - "summary": "List workflow step definitions", - "parameters": [ - { - "type": "string", - "description": "Workflow Definition ID", - "name": "workflow_definition_id", - "in": "query", - "required": true - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/workflows.WorkflowStepDefinitionListResponse" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "401": { - "description": "Unauthorized", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - }, - "post": { - "description": "Create a new step definition for a workflow", - "consumes": [ - "application/json" - ], - "produces": [ - "application/json" - ], - "tags": [ - "Workflow Step Definitions" - ], - "summary": "Create workflow step definition", - "parameters": [ - { - "description": "Step definition details", - "name": "request", - "in": "body", - "required": true, - "schema": { - "$ref": "#/definitions/workflows.CreateWorkflowStepDefinitionRequest" - } - } - ], - "responses": { - "201": { - "description": "Created", - "schema": { - "$ref": "#/definitions/workflows.WorkflowStepDefinitionResponse" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "401": { - "description": "Unauthorized", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - } - }, - "/workflows/steps/{id}": { - "get": { - "description": "Get workflow step definition by ID", - "produces": [ - "application/json" - ], - "tags": [ - "Workflow Step Definitions" - ], - "summary": "Get workflow step definition", - "parameters": [ - { - "type": "string", - "description": "Step Definition ID", - "name": "id", - "in": "path", - "required": true - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/workflows.WorkflowStepDefinitionResponse" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "401": { - "description": "Unauthorized", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - }, - "put": { - "description": "Update workflow step definition by ID", - "consumes": [ - "application/json" - ], - "produces": [ - "application/json" - ], - "tags": [ - "Workflow Step Definitions" - ], - "summary": "Update workflow step definition", - "parameters": [ - { - "type": "string", - "description": "Step Definition ID", - "name": "id", - "in": "path", - "required": true - }, - { - "description": "Updated step definition details", - "name": "request", - "in": "body", - "required": true, - "schema": { - "$ref": "#/definitions/workflows.UpdateWorkflowStepDefinitionRequest" - } - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/workflows.WorkflowStepDefinitionResponse" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "401": { - "description": "Unauthorized", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - }, - "delete": { - "description": "Delete workflow step definition by ID", - "produces": [ - "application/json" - ], - "tags": [ - "Workflow Step Definitions" - ], - "summary": "Delete workflow step definition", - "parameters": [ - { - "type": "string", - "description": "Step Definition ID", - "name": "id", - "in": "path", - "required": true - } - ], - "responses": { - "204": { - "description": "No Content" - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "401": { - "description": "Unauthorized", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - } - }, - "/workflows/steps/{id}/dependencies": { - "get": { - "description": "Get all dependencies for a workflow step definition", - "produces": [ - "application/json" - ], - "tags": [ - "Workflow Step Definitions" - ], - "summary": "Get step dependencies", - "parameters": [ - { - "type": "string", - "description": "Step Definition ID", - "name": "id", - "in": "path", - "required": true - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/workflows.WorkflowStepDefinitionListResponse" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "401": { - "description": "Unauthorized", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - } - } - }, - "definitions": { - "api.Error": { - "type": "object", - "properties": { - "errors": { - "type": "object", - "additionalProperties": {} - } - } - }, - "auth.AuthHandler": { - "type": "object" - }, - "authn.JWK": { - "type": "object", - "properties": { - "alg": { - "type": "string" - }, - "e": { - "type": "string" - }, - "kid": { - "type": "string" - }, - "kty": { - "type": "string" - }, - "n": { - "type": "string" - }, - "use": { - "type": "string" - } - } - }, - "datatypes.JSONType-labelfilter_Filter": { - "type": "object" - }, - "datatypes.JSONType-oscalTypes_1_1_3_ObjectiveStatus": { - "type": "object" - }, - "datatypes.JSONType-relational_Address": { - "type": "object" - }, - "datatypes.JSONType-relational_Base64": { - "type": "object" - }, - "datatypes.JSONType-relational_Citation": { - "type": "object" - }, - "datatypes.JSONType-relational_CombinationRule": { - "type": "object" - }, - "datatypes.JSONType-relational_FlatWithoutGrouping": { - "type": "object" - }, - "datatypes.JSONType-relational_ImplementationStatus": { - "type": "object" - }, - "datatypes.JSONType-relational_ImportProfile": { - "type": "object" - }, - "datatypes.JSONType-relational_IncludeAll": { - "type": "object" - }, - "datatypes.JSONType-relational_ParameterSelection": { - "type": "object" - }, - "datatypes.JSONType-relational_SecurityImpactLevel": { - "type": "object" - }, - "datatypes.JSONType-relational_Status": { - "type": "object" - }, - "datatypes.JSONType-relational_SystemComponentStatus": { - "type": "object" - }, - "datatypes.JSONType-relational_SystemInformation": { - "type": "object" - }, - "digest.EvidenceItem": { - "type": "object", - "properties": { - "description": { - "type": "string" - }, - "expiresAt": { - "description": "Formatted expiration date string (empty if no expiration)", - "type": "string" - }, - "id": { - "type": "string" - }, - "labels": { - "type": "array", - "items": { - "type": "string" - } - }, - "status": { - "type": "string" - }, - "title": { - "type": "string" - }, - "uuid": { - "type": "string" - } - } - }, - "digest.EvidenceSummary": { - "type": "object", - "properties": { - "expiredCount": { - "type": "integer", - "format": "int64" - }, - "notSatisfiedCount": { - "type": "integer", - "format": "int64" - }, - "otherCount": { - "type": "integer", - "format": "int64" - }, - "satisfiedCount": { - "type": "integer", - "format": "int64" - }, - "topExpired": { - "description": "Top items for the digest email", - "type": "array", - "items": { - "$ref": "#/definitions/digest.EvidenceItem" - } - }, - "topNotSatisfied": { - "type": "array", - "items": { - "$ref": "#/definitions/digest.EvidenceItem" - } - }, - "totalCount": { - "type": "integer", - "format": "int64" - } - } - }, - "evidence.StatusCount": { - "type": "object", - "properties": { - "count": { - "type": "integer" - }, - "status": { - "type": "string" - } - } - }, - "gorm.DeletedAt": { - "type": "object", - "properties": { - "time": { - "type": "string" - }, - "valid": { - "description": "Valid is true if Time is not NULL", - "type": "boolean" - } - } - }, - "handler.EvidenceActivity": { - "type": "object", - "properties": { - "description": { - "type": "string" - }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" - } - }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" - } - }, - "remarks": { - "type": "string" - }, - "steps": { - "type": "array", - "items": { - "$ref": "#/definitions/handler.EvidenceActivityStep" - } - }, - "title": { - "type": "string" - }, - "uuid": { - "type": "string" - } - } - }, - "handler.EvidenceActivityStep": { - "type": "object", - "properties": { - "description": { - "type": "string" - }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" - } - }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" - } - }, - "remarks": { - "type": "string" - }, - "title": { - "type": "string" - }, - "uuid": { - "type": "string" - } - } - }, - "handler.EvidenceComponent": { - "type": "object", - "properties": { - "description": { - "type": "string" - }, - "identifier": { - "description": "components/common/ssh\ncomponents/common/github-repository\ncomponents/common/github-organisation\ncomponents/common/ubuntu-22\ncomponents/internal/auth-policy", - "type": "string" - }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" - } - }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" - } - }, - "protocols": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Protocol" - } - }, - "purpose": { - "type": "string" - }, - "remarks": { - "type": "string" - }, - "title": { - "type": "string" - }, - "type": { - "description": "Software\nService", - "type": "string" - } - } - }, - "handler.EvidenceCreateRequest": { - "type": "object", - "properties": { - "activities": { - "description": "What steps did we take to create this evidence", - "type": "array", - "items": { - "$ref": "#/definitions/handler.EvidenceActivity" - } - }, - "back-matter": { - "$ref": "#/definitions/oscalTypes_1_1_3.BackMatter" - }, - "components": { - "description": "Which components of the subject are being observed. A tool, user, policy etc.", - "type": "array", - "items": { - "$ref": "#/definitions/handler.EvidenceComponent" - } - }, - "description": { - "type": "string" - }, - "end": { - "type": "string" - }, - "expires": { - "type": "string" - }, - "inventoryItems": { - "type": "array", - "items": { - "$ref": "#/definitions/handler.EvidenceInventoryItem" - } - }, - "labels": { - "description": "Assigning labels to Evidence makes it searchable and easily usable in the UI", - "type": "object", - "additionalProperties": { - "type": "string" - } - }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" - } - }, - "origins": { - "description": "Who or What is generating this evidence", - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Origin" - } - }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" - } - }, - "remarks": { - "type": "string" - }, - "start": { - "description": "When did we start collecting the evidence, and when did the process end, and how long is it valid for ?", - "type": "string" - }, - "status": { - "description": "Did we satisfy what was being tested for, or did we fail ?", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.ObjectiveStatus" - } - ] - }, - "subjects": { - "description": "Who or What are we providing evidence for. What's under test.", - "type": "array", - "items": { - "$ref": "#/definitions/handler.EvidenceSubject" - } - }, - "title": { - "type": "string" - }, - "uuid": { - "description": "UUID needs to remain consistent for a piece of evidence being collected periodically.\nIt represents the \"stream\" of the same observation being made over time.\nFor the same checks, performed on the same machine, the UUID for each check should remain the same.\nFor the same check, performed on two different machines, the UUID should differ.", - "type": "string" - } - } - }, - "handler.EvidenceInventoryItem": { - "type": "object", - "properties": { - "description": { - "type": "string" - }, - "identifier": { - "description": "user/chris@linguine.tech\noperating-system/ubuntu/22.4\nweb-server/ec2/i-12345", - "type": "string" - }, - "implementedComponents": { - "type": "array", - "items": { - "type": "object", - "properties": { - "identifier": { - "type": "string" - } - } - } - }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" - } - }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" - } - }, - "remarks": { - "type": "string" - }, - "title": { - "type": "string" - }, - "type": { - "description": "\"operating-system\"\tdescription=\"System software that manages computer hardware, software resources, and provides common services for computer programs.\"\n\"database\"\t\t\tdescription=\"An electronic collection of data, or information, that is specially organized for rapid search and retrieval.\"\n\"web-server\"\t\t\tdescription=\"A system that delivers content or services to end users over the Internet or an intranet.\"\n\"dns-server\"\t\t\tdescription=\"A system that resolves domain names to internet protocol (IP) addresses.\"\n\"email-server\"\t\tdescription=\"A computer system that sends and receives electronic mail messages.\"\n\"directory-server\"\tdescription=\"A system that stores, organizes and provides access to directory information in order to unify network resources.\"\n\"pbx\"\t\t\t\tdescription=\"A private branch exchange (PBX) provides a a private telephone switchboard.\"\n\"firewall\"\t\t\tdescription=\"A network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules.\"\n\"router\"\t\t\t\tdescription=\"A physical or virtual networking device that forwards data packets between computer networks.\"\n\"switch\"\t\t\t\tdescription=\"A physical or virtual networking device that connects devices within a computer network by using packet switching to receive and forward data to the destination device.\"\n\"storage-array\"\t\tdescription=\"A consolidated, block-level data storage capability.\"\n\"appliance\"\t\t\tdescription=\"A physical or virtual machine that centralizes hardware, software, or services for a specific purpose.\"", - "type": "string" - } - } - }, - "handler.EvidenceSubject": { - "type": "object", - "properties": { - "description": { - "type": "string" - }, - "identifier": { - "type": "string" - }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" - } - }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" - } - }, - "remarks": { - "type": "string" - }, - "type": { - "description": "InventoryItem\nComponent", - "type": "string" - } - } - }, - "handler.FilterImportFileResult": { - "type": "object", - "properties": { - "count": { - "type": "integer" - }, - "filename": { - "type": "string" - }, - "message": { - "type": "string" - }, - "success": { - "type": "boolean" - } - } - }, - "handler.FilterImportResponse": { - "type": "object", - "properties": { - "failed_count": { - "type": "integer" - }, - "results": { - "type": "array", - "items": { - "$ref": "#/definitions/handler.FilterImportFileResult" - } - }, - "successful_count": { - "type": "integer" - }, - "total_dashboards": { - "type": "integer" - }, - "total_files": { - "type": "integer" - } - } - }, - "handler.FilterWithAssociations": { - "type": "object", - "properties": { - "components": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.SystemComponent" - } - }, - "controls": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Control" - } - }, - "filter": { - "$ref": "#/definitions/datatypes.JSONType-labelfilter_Filter" - }, - "id": { - "type": "string" - }, - "name": { - "type": "string" - } - } - }, - "handler.ForControl.EvidenceDataListResponse": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "type": "array", - "items": { - "$ref": "#/definitions/handler.OscalLikeEvidence" - } - }, - "metadata": { - "$ref": "#/definitions/handler.ForControl.responseMetadata" - } - } - }, - "handler.ForControl.responseMetadata": { - "type": "object", - "properties": { - "control": { - "$ref": "#/definitions/oscalTypes_1_1_3.Control" - } - } - }, - "handler.GenericDataListResponse-array_oscalTypes_1_1_3_Control": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "type": "array", - "items": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Control" - } - } - } - } - }, - "handler.GenericDataListResponse-evidence_StatusCount": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "type": "array", - "items": { - "$ref": "#/definitions/evidence.StatusCount" - } - } - } - }, - "handler.GenericDataListResponse-handler_FilterWithAssociations": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "type": "array", - "items": { - "$ref": "#/definitions/handler.FilterWithAssociations" - } - } - } - }, - "handler.GenericDataListResponse-handler_OscalLikeEvidence": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "type": "array", - "items": { - "$ref": "#/definitions/handler.OscalLikeEvidence" - } - } - } - }, - "handler.GenericDataListResponse-handler_OverTime_HeartbeatInterval": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "type": "array", - "items": { - "$ref": "#/definitions/handler.OverTime.HeartbeatInterval" - } - } - } - }, - "handler.GenericDataListResponse-handler_StatusInterval": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "type": "array", - "items": { - "$ref": "#/definitions/handler.StatusInterval" - } - } - } - }, - "handler.GenericDataListResponse-oscalTypes_1_1_3_AssessmentPlan": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentPlan" - } - } - } - }, - "handler.GenericDataListResponse-oscalTypes_1_1_3_AssessmentResults": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentResults" - } - } - } - }, - "handler.GenericDataListResponse-oscalTypes_1_1_3_AssociatedActivity": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.AssociatedActivity" - } - } - } - }, - "handler.GenericDataListResponse-oscalTypes_1_1_3_AttestationStatements": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.AttestationStatements" - } - } - } - }, - "handler.GenericDataListResponse-oscalTypes_1_1_3_Capability": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Capability" - } - } - } - }, - "handler.GenericDataListResponse-oscalTypes_1_1_3_Catalog": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Catalog" - } - } - } - }, - "handler.GenericDataListResponse-oscalTypes_1_1_3_ComponentDefinition": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ComponentDefinition" - } - } - } - }, - "handler.GenericDataListResponse-oscalTypes_1_1_3_Control": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Control" - } - } - } - }, - "handler.GenericDataListResponse-oscalTypes_1_1_3_ControlImplementationSet": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ControlImplementationSet" - } - } - } - }, - "handler.GenericDataListResponse-oscalTypes_1_1_3_ControlStatementImplementation": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ControlStatementImplementation" - } - } - } - }, - "handler.GenericDataListResponse-oscalTypes_1_1_3_DefinedComponent": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.DefinedComponent" - } - } - } - }, - "handler.GenericDataListResponse-oscalTypes_1_1_3_Finding": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Finding" - } - } - } - }, - "handler.GenericDataListResponse-oscalTypes_1_1_3_Group": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Group" - } - } - } - }, - "handler.GenericDataListResponse-oscalTypes_1_1_3_ImplementedRequirement": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ImplementedRequirement" - } - } - } - }, - "handler.GenericDataListResponse-oscalTypes_1_1_3_ImplementedRequirementControlImplementation": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ImplementedRequirementControlImplementation" - } - } - } - }, - "handler.GenericDataListResponse-oscalTypes_1_1_3_Import": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Import" - } - } - } - }, - "handler.GenericDataListResponse-oscalTypes_1_1_3_ImportComponentDefinition": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ImportComponentDefinition" - } - } - } - }, - "handler.GenericDataListResponse-oscalTypes_1_1_3_IncorporatesComponent": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.IncorporatesComponent" - } - } - } - }, - "handler.GenericDataListResponse-oscalTypes_1_1_3_InventoryItem": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.InventoryItem" - } - } - } - }, - "handler.GenericDataListResponse-oscalTypes_1_1_3_LeveragedAuthorization": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.LeveragedAuthorization" - } - } - } - }, - "handler.GenericDataListResponse-oscalTypes_1_1_3_Observation": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Observation" - } - } - } - }, - "handler.GenericDataListResponse-oscalTypes_1_1_3_Party": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Party" - } - } - } - }, - "handler.GenericDataListResponse-oscalTypes_1_1_3_PlanOfActionAndMilestones": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.PlanOfActionAndMilestones" - } - } - } - }, - "handler.GenericDataListResponse-oscalTypes_1_1_3_PoamItem": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.PoamItem" - } - } - } - }, - "handler.GenericDataListResponse-oscalTypes_1_1_3_Resource": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Resource" - } - } - } - }, - "handler.GenericDataListResponse-oscalTypes_1_1_3_Result": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Result" - } - } - } - }, - "handler.GenericDataListResponse-oscalTypes_1_1_3_Risk": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Risk" - } - } - } - }, - "handler.GenericDataListResponse-oscalTypes_1_1_3_Role": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Role" - } - } - } - }, - "handler.GenericDataListResponse-oscalTypes_1_1_3_SystemComponent": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.SystemComponent" - } - } - } - }, - "handler.GenericDataListResponse-oscalTypes_1_1_3_SystemSecurityPlan": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.SystemSecurityPlan" - } - } - } - }, - "handler.GenericDataListResponse-oscalTypes_1_1_3_SystemUser": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.SystemUser" - } - } - } - }, - "handler.GenericDataListResponse-oscal_InventoryItemWithSource": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "type": "array", - "items": { - "$ref": "#/definitions/oscal.InventoryItemWithSource" - } - } - } - }, - "handler.GenericDataListResponse-oscal_ProfileHandler": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "type": "array", - "items": { - "$ref": "#/definitions/oscal.ProfileHandler" - } - } - } - }, - "handler.GenericDataListResponse-relational_Evidence": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "type": "array", - "items": { - "$ref": "#/definitions/relational.Evidence" - } - } - } - }, - "handler.GenericDataListResponse-relational_SystemComponentSuggestion": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "type": "array", - "items": { - "$ref": "#/definitions/relational.SystemComponentSuggestion" - } - } - } - }, - "handler.GenericDataListResponse-relational_User": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "type": "array", - "items": { - "$ref": "#/definitions/relational.User" - } - } - } - }, - "handler.GenericDataResponse-array_oscalTypes_1_1_3_AssessmentAssets": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentAssets" - } - } - } - }, - "handler.GenericDataResponse-array_oscalTypes_1_1_3_AssessmentSubject": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentSubject" - } - } - } - }, - "handler.GenericDataResponse-array_oscalTypes_1_1_3_Task": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Task" - } - } - } - }, - "handler.GenericDataResponse-auth_AuthHandler": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/auth.AuthHandler" - } - ] - } - } - }, - "handler.GenericDataResponse-digest_EvidenceSummary": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/digest.EvidenceSummary" - } - ] - } - } - }, - "handler.GenericDataResponse-handler_FilterImportResponse": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/handler.FilterImportResponse" - } - ] - } - } - }, - "handler.GenericDataResponse-handler_FilterWithAssociations": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/handler.FilterWithAssociations" - } - ] - } - } - }, - "handler.GenericDataResponse-handler_OscalLikeEvidence": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/handler.OscalLikeEvidence" - } - ] - } - } - }, - "handler.GenericDataResponse-handler_SubscriptionsResponse": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/handler.SubscriptionsResponse" - } - ] - } - } - }, - "handler.GenericDataResponse-handler_riskResponse": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/handler.riskResponse" - } - ] - } - } - }, - "handler.GenericDataResponse-oscalTypes_1_1_3_Activity": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.Activity" - } - ] - } - } - }, - "handler.GenericDataResponse-oscalTypes_1_1_3_AssessmentAssets": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentAssets" - } - ] - } - } - }, - "handler.GenericDataResponse-oscalTypes_1_1_3_AssessmentPlan": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentPlan" - } - ] - } - } - }, - "handler.GenericDataResponse-oscalTypes_1_1_3_AssessmentPlanTermsAndConditions": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentPlanTermsAndConditions" - } - ] - } - } - }, - "handler.GenericDataResponse-oscalTypes_1_1_3_AssessmentResults": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentResults" - } - ] - } - } - }, - "handler.GenericDataResponse-oscalTypes_1_1_3_AssessmentSubject": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentSubject" - } - ] - } - } - }, - "handler.GenericDataResponse-oscalTypes_1_1_3_AttestationStatements": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.AttestationStatements" - } - ] - } - } - }, - "handler.GenericDataResponse-oscalTypes_1_1_3_AuthorizationBoundary": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.AuthorizationBoundary" - } - ] - } - } - }, - "handler.GenericDataResponse-oscalTypes_1_1_3_BackMatter": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.BackMatter" - } - ] - } - } - }, - "handler.GenericDataResponse-oscalTypes_1_1_3_ByComponent": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.ByComponent" - } - ] - } - } - }, - "handler.GenericDataResponse-oscalTypes_1_1_3_Capability": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.Capability" - } - ] - } - } - }, - "handler.GenericDataResponse-oscalTypes_1_1_3_Catalog": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.Catalog" - } - ] - } - } - }, - "handler.GenericDataResponse-oscalTypes_1_1_3_ComponentDefinition": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.ComponentDefinition" - } - ] - } - } - }, - "handler.GenericDataResponse-oscalTypes_1_1_3_Control": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.Control" - } - ] - } - } - }, - "handler.GenericDataResponse-oscalTypes_1_1_3_ControlImplementation": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.ControlImplementation" - } - ] - } - } - }, - "handler.GenericDataResponse-oscalTypes_1_1_3_ControlImplementationSet": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.ControlImplementationSet" - } - ] - } - } - }, - "handler.GenericDataResponse-oscalTypes_1_1_3_DataFlow": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.DataFlow" - } - ] - } - } - }, - "handler.GenericDataResponse-oscalTypes_1_1_3_DefinedComponent": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.DefinedComponent" - } - ] - } - } - }, - "handler.GenericDataResponse-oscalTypes_1_1_3_Diagram": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.Diagram" - } - ] - } - } - }, - "handler.GenericDataResponse-oscalTypes_1_1_3_Finding": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.Finding" - } - ] - } - } - }, - "handler.GenericDataResponse-oscalTypes_1_1_3_Group": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.Group" - } - ] - } - } - }, - "handler.GenericDataResponse-oscalTypes_1_1_3_ImplementedRequirement": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.ImplementedRequirement" - } - ] - } - } - }, - "handler.GenericDataResponse-oscalTypes_1_1_3_Import": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.Import" - } - ] - } - } - }, - "handler.GenericDataResponse-oscalTypes_1_1_3_ImportAp": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.ImportAp" - } - ] - } - } - }, - "handler.GenericDataResponse-oscalTypes_1_1_3_ImportProfile": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.ImportProfile" - } - ] - } - } - }, - "handler.GenericDataResponse-oscalTypes_1_1_3_ImportSsp": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.ImportSsp" - } - ] - } - } - }, - "handler.GenericDataResponse-oscalTypes_1_1_3_InventoryItem": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.InventoryItem" - } - ] - } - } - }, - "handler.GenericDataResponse-oscalTypes_1_1_3_LeveragedAuthorization": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.LeveragedAuthorization" - } - ] - } - } - }, - "handler.GenericDataResponse-oscalTypes_1_1_3_LocalDefinitions": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.LocalDefinitions" - } - ] - } - } - }, - "handler.GenericDataResponse-oscalTypes_1_1_3_Merge": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.Merge" - } - ] - } - } - }, - "handler.GenericDataResponse-oscalTypes_1_1_3_Metadata": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.Metadata" - } - ] - } - } - }, - "handler.GenericDataResponse-oscalTypes_1_1_3_Modify": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.Modify" - } - ] - } - } - }, - "handler.GenericDataResponse-oscalTypes_1_1_3_NetworkArchitecture": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.NetworkArchitecture" - } - ] - } - } - }, - "handler.GenericDataResponse-oscalTypes_1_1_3_Observation": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.Observation" - } - ] - } - } - }, - "handler.GenericDataResponse-oscalTypes_1_1_3_Party": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.Party" - } - ] - } - } - }, - "handler.GenericDataResponse-oscalTypes_1_1_3_PlanOfActionAndMilestones": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.PlanOfActionAndMilestones" - } - ] - } - } - }, - "handler.GenericDataResponse-oscalTypes_1_1_3_PlanOfActionAndMilestonesLocalDefinitions": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.PlanOfActionAndMilestonesLocalDefinitions" - } - ] - } - } - }, - "handler.GenericDataResponse-oscalTypes_1_1_3_PoamItem": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.PoamItem" - } - ] - } - } - }, - "handler.GenericDataResponse-oscalTypes_1_1_3_Profile": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.Profile" - } - ] - } - } - }, - "handler.GenericDataResponse-oscalTypes_1_1_3_Resource": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.Resource" - } - ] - } - } - }, - "handler.GenericDataResponse-oscalTypes_1_1_3_Result": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.Result" - } - ] - } - } - }, - "handler.GenericDataResponse-oscalTypes_1_1_3_Risk": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.Risk" - } - ] - } - } - }, - "handler.GenericDataResponse-oscalTypes_1_1_3_Role": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.Role" - } - ] - } - } - }, - "handler.GenericDataResponse-oscalTypes_1_1_3_Statement": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.Statement" - } - ] - } - } - }, - "handler.GenericDataResponse-oscalTypes_1_1_3_SystemCharacteristics": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.SystemCharacteristics" - } - ] - } - } - }, - "handler.GenericDataResponse-oscalTypes_1_1_3_SystemComponent": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.SystemComponent" - } - ] - } - } - }, - "handler.GenericDataResponse-oscalTypes_1_1_3_SystemId": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.SystemId" - } - ] - } - } - }, - "handler.GenericDataResponse-oscalTypes_1_1_3_SystemImplementation": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.SystemImplementation" - } - ] - } - } - }, - "handler.GenericDataResponse-oscalTypes_1_1_3_SystemSecurityPlan": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.SystemSecurityPlan" - } - ] - } - } - }, - "handler.GenericDataResponse-oscalTypes_1_1_3_SystemUser": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.SystemUser" - } - ] - } - } - }, - "handler.GenericDataResponse-oscalTypes_1_1_3_Task": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.Task" - } - ] - } - } - }, - "handler.GenericDataResponse-oscal_BuildByPropsResponse": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscal.BuildByPropsResponse" - } - ] - } - } - }, - "handler.GenericDataResponse-oscal_ImportResponse": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscal.ImportResponse" - } - ] - } - } - }, - "handler.GenericDataResponse-oscal_InventoryItemWithSource": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscal.InventoryItemWithSource" - } - ] - } - } - }, - "handler.GenericDataResponse-oscal_ProfileComplianceProgress": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscal.ProfileComplianceProgress" - } - ] - } - } - }, - "handler.GenericDataResponse-oscal_ProfileHandler": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscal.ProfileHandler" - } - ] - } - } - }, - "handler.GenericDataResponse-relational_Evidence": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/relational.Evidence" - } - ] - } - } - }, - "handler.GenericDataResponse-relational_Filter": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/relational.Filter" - } - ] - } - } - }, - "handler.GenericDataResponse-relational_User": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/relational.User" - } - ] - } - } - }, - "handler.GenericDataResponse-risks_RiskComponentLink": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/risks.RiskComponentLink" - } - ] - } - } - }, - "handler.GenericDataResponse-risks_RiskControlLink": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/risks.RiskControlLink" - } - ] - } - } - }, - "handler.GenericDataResponse-risks_RiskEvidenceLink": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/risks.RiskEvidenceLink" - } - ] - } - } - }, - "handler.GenericDataResponse-risks_RiskSubjectLink": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/risks.RiskSubjectLink" - } - ] - } - } - }, - "handler.GenericDataResponse-string": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "type": "string" - } - } - }, - "handler.HeartbeatCreateRequest": { - "type": "object", - "required": [ - "created_at", - "uuid" - ], - "properties": { - "created_at": { - "type": "string" - }, - "uuid": { - "type": "string" - } - } - }, - "handler.OscalLikeEvidence": { - "type": "object", - "properties": { - "activities": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Activity" - } - }, - "back-matter": { - "$ref": "#/definitions/oscalTypes_1_1_3.BackMatter" - }, - "components": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.SystemComponent" - } - }, - "description": { - "type": "string" - }, - "end": { - "type": "string" - }, - "expires": { - "type": "string" - }, - "id": { - "type": "string" - }, - "inventory-items": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.InventoryItem" - } - }, - "labels": { - "description": "Assigning labels to Evidence makes it searchable and easily usable in the UI", - "type": "array", - "items": { - "$ref": "#/definitions/relational.Labels" - } - }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" - } - }, - "origins": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Origin" - } - }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" - } - }, - "remarks": { - "type": "string" - }, - "start": { - "description": "When did we start collecting the evidence, and when did the process end, and how long is it valid for ?", - "type": "string" - }, - "status": { - "$ref": "#/definitions/oscalTypes_1_1_3.ObjectiveStatus" - }, - "subjects": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentSubject" - } - }, - "title": { - "type": "string" - }, - "uuid": { - "description": "UUID needs to remain consistent when automation runs again, but unique for each subject.\nIt represents the \"stream\" of the same observation being made over time.", - "type": "string" - } - } - }, - "handler.OverTime.HeartbeatInterval": { - "type": "object", - "properties": { - "interval": { - "type": "string" - }, - "total": { - "type": "integer" - } - } - }, - "handler.StatusInterval": { - "type": "object", - "properties": { - "interval": { - "type": "string" - }, - "statuses": { - "type": "array", - "items": { - "$ref": "#/definitions/evidence.StatusCount" - } - } - } - }, - "handler.SubscriptionsResponse": { - "type": "object", - "properties": { - "subscribed": { - "type": "boolean" - }, - "taskAvailableEmailSubscribed": { - "type": "boolean" - }, - "taskDailyDigestSubscribed": { - "type": "boolean" - } - } - }, - "handler.UpdateSubscriptionsRequest": { - "type": "object", - "properties": { - "subscribed": { - "type": "boolean" - }, - "taskAvailableEmailSubscribed": { - "type": "boolean" - }, - "taskDailyDigestSubscribed": { - "type": "boolean" - } - } - }, - "handler.UserHandler": { - "type": "object" - }, - "handler.acceptRiskRequest": { - "type": "object", - "properties": { - "justification": { - "type": "string" - }, - "reviewDeadline": { - "type": "string" - } - } - }, - "handler.addComponentLinkRequest": { - "type": "object", - "properties": { - "componentId": { - "type": "string" - } - } - }, - "handler.addControlLinkRequest": { - "type": "object", - "properties": { - "catalogId": { - "type": "string" - }, - "controlId": { - "type": "string" - } - } - }, - "handler.addEvidenceLinkRequest": { - "type": "object", - "properties": { - "evidenceId": { - "type": "string" - } - } - }, - "handler.addSubjectLinkRequest": { - "type": "object", - "properties": { - "subjectId": { - "type": "string" - } - } - }, - "handler.createFilterRequest": { - "type": "object", - "required": [ - "filter", - "name" - ], - "properties": { - "components": { - "type": "array", - "items": { - "type": "string" - } - }, - "controls": { - "type": "array", - "items": { - "type": "string" - } - }, - "filter": { - "$ref": "#/definitions/labelfilter.Filter" - }, - "name": { - "type": "string" - } - } - }, - "handler.createRiskRequest": { - "type": "object", - "properties": { - "acceptanceJustification": { - "type": "string" - }, - "description": { - "type": "string" - }, - "impact": { - "type": "string" - }, - "lastReviewedAt": { - "type": "string" - }, - "likelihood": { - "type": "string" - }, - "ownerAssignments": { - "type": "array", - "items": { - "$ref": "#/definitions/handler.riskOwnerAssignmentRequest" - } - }, - "primaryOwnerUserId": { - "type": "string" - }, - "reviewDeadline": { - "type": "string" - }, - "riskTemplateId": { - "type": "string" - }, - "sspId": { - "type": "string" - }, - "status": { - "type": "string" - }, - "title": { - "type": "string" - } - } - }, - "handler.reviewRiskRequest": { - "type": "object", - "properties": { - "decision": { - "type": "string" - }, - "nextReviewDeadline": { - "type": "string" - }, - "notes": { - "type": "string" - }, - "reviewedAt": { - "type": "string" - } - } - }, - "handler.riskControlLinkResponse": { - "type": "object", - "properties": { - "catalogId": { - "type": "string" - }, - "controlId": { - "type": "string" - } - } - }, - "handler.riskOwnerAssignmentRequest": { - "type": "object", - "properties": { - "isPrimary": { - "type": "boolean" - }, - "ownerKind": { - "type": "string" - }, - "ownerRef": { - "type": "string" - } - } - }, - "handler.riskOwnerAssignmentResponse": { - "type": "object", - "properties": { - "isPrimary": { - "type": "boolean" - }, - "ownerKind": { - "type": "string" - }, - "ownerRef": { - "type": "string" - } - } - }, - "handler.riskResponse": { - "type": "object", - "properties": { - "acceptanceJustification": { - "type": "string" - }, - "componentIds": { - "type": "array", - "items": { - "type": "string" - } - }, - "controlLinks": { - "type": "array", - "items": { - "$ref": "#/definitions/handler.riskControlLinkResponse" - } - }, - "createdAt": { - "type": "string" - }, - "dedupeKey": { - "type": "string" - }, - "description": { - "type": "string" - }, - "evidenceIds": { - "type": "array", - "items": { - "type": "string" - } - }, - "firstSeenAt": { - "type": "string" - }, - "id": { - "type": "string" - }, - "impact": { - "type": "string" - }, - "lastReviewedAt": { - "type": "string" - }, - "lastSeenAt": { - "type": "string" - }, - "likelihood": { - "type": "string" - }, - "ownerAssignments": { - "type": "array", - "items": { - "$ref": "#/definitions/handler.riskOwnerAssignmentResponse" - } - }, - "primaryOwnerUserId": { - "type": "string" - }, - "reviewDeadline": { - "type": "string" - }, - "riskTemplateId": { - "type": "string" - }, - "sourceType": { - "type": "string" - }, - "sspId": { - "type": "string" - }, - "status": { - "type": "string" - }, - "subjectIds": { - "type": "array", - "items": { - "type": "string" - } - }, - "title": { - "type": "string" - }, - "updatedAt": { - "type": "string" - } - } + "auth.AuthHandler": { + "type": "object" }, - "handler.updateRiskRequest": { + "authn.JWK": { "type": "object", "properties": { - "acceptanceJustification": { - "type": "string" - }, - "description": { - "type": "string" - }, - "impact": { - "type": "string" - }, - "lastReviewedAt": { - "type": "string" - }, - "likelihood": { - "type": "string" - }, - "ownerAssignments": { - "type": "array", - "items": { - "$ref": "#/definitions/handler.riskOwnerAssignmentRequest" - } - }, - "primaryOwnerUserId": { + "alg": { "type": "string" }, - "reviewDeadline": { + "e": { "type": "string" }, - "reviewJustification": { + "kid": { "type": "string" }, - "riskTemplateId": { + "kty": { "type": "string" }, - "status": { + "n": { "type": "string" }, - "title": { + "use": { "type": "string" } } }, - "labelfilter.Condition": { - "type": "object", - "properties": { - "label": { - "description": "Label name (e.g., \"type\", \"group\", \"app\").", - "type": "string" - }, - "operator": { - "description": "Operator (e.g., \"=\", \"!=\", etc.).", - "type": "string" - }, - "value": { - "description": "Value for the condition (e.g., \"ssh\", \"prod\").", - "type": "string" - } - } + "datatypes.JSONType-labelfilter_Filter": { + "type": "object" }, - "labelfilter.Filter": { - "type": "object", - "properties": { - "scope": { - "$ref": "#/definitions/labelfilter.Scope" - } - } + "datatypes.JSONType-oscalTypes_1_1_3_ObjectiveStatus": { + "type": "object" }, - "labelfilter.Query": { - "type": "object", - "properties": { - "operator": { - "description": "Logical operator (e.g., \"AND\", \"OR\").", - "type": "string" - }, - "scopes": { - "description": "Scopes can be either ` + "`" + `Condition` + "`" + ` or nested ` + "`" + `Query` + "`" + `.", - "type": "array", - "items": { - "$ref": "#/definitions/labelfilter.Scope" - } - } - } + "datatypes.JSONType-relational_Address": { + "type": "object" }, - "labelfilter.Scope": { - "type": "object", - "properties": { - "condition": { - "$ref": "#/definitions/labelfilter.Condition" - }, - "query": { - "$ref": "#/definitions/labelfilter.Query" - } - } + "datatypes.JSONType-relational_Base64": { + "type": "object" }, - "oscal.BuildByPropsRequest": { - "type": "object", - "required": [ - "catalog-id", - "match-strategy", - "rules", - "title" - ], - "properties": { - "catalog-id": { - "type": "string", - "example": "9b0c9c43-2722-4bbb-b132-13d34fb94d45" - }, - "match-strategy": { - "allOf": [ - { - "$ref": "#/definitions/oscal.MatchStrategy" - } - ], - "example": "all" - }, - "rules": { - "type": "array", - "minItems": 1, - "items": { - "$ref": "#/definitions/oscal.rule" - } - }, - "title": { - "type": "string", - "example": "My Custom Profile" - }, - "version": { - "type": "string", - "example": "1.0.0" - } - } + "datatypes.JSONType-relational_Citation": { + "type": "object" }, - "oscal.BuildByPropsResponse": { - "type": "object", - "properties": { - "control-ids": { - "type": "array", - "items": { - "type": "string" - } - }, - "profile": { - "$ref": "#/definitions/oscalTypes_1_1_3.Profile" - }, - "profile-id": { - "type": "string" - } - } + "datatypes.JSONType-relational_ImplementationStatus": { + "type": "object" }, - "oscal.CreateInventoryItemRequest": { - "type": "object", - "properties": { - "destination": { - "description": "\"ssp\", \"poam\", or \"unattached\"", - "type": "string" - }, - "destination_id": { - "type": "string" - }, - "inventory_item": { - "$ref": "#/definitions/oscalTypes_1_1_3.InventoryItem" - } - } + "datatypes.JSONType-relational_IncludeAll": { + "type": "object" }, - "oscal.ImportFileResult": { - "type": "object", - "properties": { - "filename": { - "type": "string" - }, - "message": { - "type": "string" - }, - "success": { - "type": "boolean" - }, - "title": { - "type": "string" - }, - "type": { - "type": "string" - } - } + "datatypes.JSONType-relational_ParameterSelection": { + "type": "object" }, - "oscal.ImportResponse": { - "type": "object", - "properties": { - "failed_count": { - "type": "integer" - }, - "results": { - "type": "array", - "items": { - "$ref": "#/definitions/oscal.ImportFileResult" - } - }, - "successful_count": { - "type": "integer" - }, - "total_files": { - "type": "integer" - } - } + "datatypes.JSONType-relational_SystemComponentStatus": { + "type": "object" }, - "oscal.InventoryItemWithSource": { + "digest.EvidenceItem": { "type": "object", "properties": { - "description": { - "type": "string" - }, - "implemented-components": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ImplementedComponent" - } - }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" - } + "description": { + "type": "string" }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" - } + "expiresAt": { + "description": "Formatted expiration date string (empty if no expiration)", + "type": "string" }, - "remarks": { + "id": { "type": "string" }, - "responsible-parties": { + "labels": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleParty" + "type": "string" } }, - "source": { - "type": "string" - }, - "source_id": { + "status": { "type": "string" }, - "source_type": { + "title": { "type": "string" }, "uuid": { @@ -24852,191 +16653,139 @@ const docTemplate = `{ } } }, - "oscal.MatchStrategy": { - "type": "string", - "enum": [ - "all", - "any" - ], - "x-enum-varnames": [ - "MatchStrategyAll", - "MatchStrategyAny" - ] - }, - "oscal.ProfileComplianceControl": { + "digest.EvidenceSummary": { "type": "object", "properties": { - "catalogId": { - "type": "string" - }, - "computedStatus": { - "type": "string" + "expiredCount": { + "type": "integer", + "format": "int64" }, - "controlId": { - "type": "string" + "notSatisfiedCount": { + "type": "integer", + "format": "int64" }, - "groupId": { - "type": "string" + "otherCount": { + "type": "integer", + "format": "int64" }, - "groupTitle": { - "type": "string" + "satisfiedCount": { + "type": "integer", + "format": "int64" }, - "implemented": { - "type": "boolean" + "topExpired": { + "description": "Top items for the digest email", + "type": "array", + "items": { + "$ref": "#/definitions/digest.EvidenceItem" + } }, - "statusCounts": { + "topNotSatisfied": { "type": "array", "items": { - "$ref": "#/definitions/oscal.ProfileComplianceStatusCount" + "$ref": "#/definitions/digest.EvidenceItem" } }, - "title": { - "type": "string" + "totalCount": { + "type": "integer", + "format": "int64" } } }, - "oscal.ProfileComplianceGroup": { + "gorm.DeletedAt": { "type": "object", "properties": { - "compliancePercent": { - "type": "integer" - }, - "id": { - "type": "string" - }, - "notSatisfied": { - "type": "integer" - }, - "satisfied": { - "type": "integer" - }, - "title": { + "time": { "type": "string" }, - "totalControls": { - "type": "integer" - }, - "unknown": { - "type": "integer" + "valid": { + "description": "Valid is true if Time is not NULL", + "type": "boolean" } } }, - "oscal.ProfileComplianceImplementation": { + "handler.ComplianceByControl.StatusCount": { "type": "object", "properties": { - "implementationPercent": { - "type": "integer" - }, - "implementedControls": { + "count": { "type": "integer" }, - "unimplementedControls": { - "type": "integer" + "status": { + "type": "string" } } }, - "oscal.ProfileComplianceProgress": { + "handler.EvidenceActivity": { "type": "object", "properties": { - "controls": { + "description": { + "type": "string" + }, + "links": { "type": "array", "items": { - "$ref": "#/definitions/oscal.ProfileComplianceControl" + "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, - "groups": { + "props": { "type": "array", "items": { - "$ref": "#/definitions/oscal.ProfileComplianceGroup" + "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, - "implementation": { - "$ref": "#/definitions/oscal.ProfileComplianceImplementation" - }, - "scope": { - "$ref": "#/definitions/oscal.ProfileComplianceScope" - }, - "summary": { - "$ref": "#/definitions/oscal.ProfileComplianceSummary" - } - } - }, - "oscal.ProfileComplianceScope": { - "type": "object", - "properties": { - "id": { + "remarks": { "type": "string" }, + "steps": { + "type": "array", + "items": { + "$ref": "#/definitions/handler.EvidenceActivityStep" + } + }, "title": { "type": "string" }, - "type": { + "uuid": { "type": "string" } } }, - "oscal.ProfileComplianceStatusCount": { + "handler.EvidenceActivityStep": { "type": "object", "properties": { - "count": { - "type": "integer" - }, - "status": { + "description": { "type": "string" - } - } - }, - "oscal.ProfileComplianceSummary": { - "type": "object", - "properties": { - "assessedPercent": { - "type": "integer" - }, - "compliancePercent": { - "type": "integer" }, - "implementedControls": { - "type": "integer" + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Link" + } }, - "notSatisfied": { - "type": "integer" + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Property" + } }, - "satisfied": { - "type": "integer" + "remarks": { + "type": "string" }, - "totalControls": { - "type": "integer" + "title": { + "type": "string" }, - "unknown": { - "type": "integer" + "uuid": { + "type": "string" } } }, - "oscal.ProfileHandler": { - "type": "object" - }, - "oscal.RuleOperator": { - "type": "string", - "enum": [ - "equals", - "contains", - "regex", - "in" - ], - "x-enum-varnames": [ - "RuleOperatorEquals", - "RuleOperatorContains", - "RuleOperatorRegex", - "RuleOperatorIn" - ] - }, - "oscal.SystemComponentRequest": { + "handler.EvidenceComponent": { "type": "object", "properties": { - "definedComponentId": { + "description": { "type": "string" }, - "description": { + "identifier": { + "description": "components/common/ssh\ncomponents/common/github-repository\ncomponents/common/github-organisation\ncomponents/common/ubuntu-22\ncomponents/internal/auth-policy", "type": "string" }, "links": { @@ -25063,67 +16812,70 @@ const docTemplate = `{ "remarks": { "type": "string" }, - "responsible-roles": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleRole" - } - }, - "status": { - "$ref": "#/definitions/oscalTypes_1_1_3.SystemComponentStatus" - }, "title": { "type": "string" }, "type": { - "type": "string" - }, - "uuid": { + "description": "Software\nService", "type": "string" } } }, - "oscal.rule": { + "handler.EvidenceCreateRequest": { "type": "object", - "required": [ - "operator", - "value" - ], "properties": { - "name": { - "type": "string", - "example": "class" + "activities": { + "description": "What steps did we take to create this evidence", + "type": "array", + "items": { + "$ref": "#/definitions/handler.EvidenceActivity" + } }, - "ns": { - "type": "string", - "example": "http://csrc.nist.gov/ns/oscal" + "back-matter": { + "$ref": "#/definitions/oscalTypes_1_1_3.BackMatter" }, - "operator": { - "allOf": [ - { - "$ref": "#/definitions/oscal.RuleOperator" - } - ], - "example": "equals" + "components": { + "description": "Which components of the subject are being observed. A tool, user, policy etc.", + "type": "array", + "items": { + "$ref": "#/definitions/handler.EvidenceComponent" + } }, - "value": { - "type": "string", - "example": "technical" - } - } - }, - "oscalTypes_1_1_3.Action": { - "type": "object", - "properties": { - "date": { + "description": { + "type": "string" + }, + "end": { + "type": "string" + }, + "expires": { "type": "string" }, + "inventoryItems": { + "type": "array", + "items": { + "$ref": "#/definitions/handler.EvidenceInventoryItem" + } + }, + "labels": { + "description": "Assigning labels to Evidence makes it searchable and easily usable in the UI", + "type": "object", + "additionalProperties": { + "type": "string" + } + }, "links": { "type": "array", "items": { "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, + "origins": { + "description": "Who or What is generating this evidence", + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Origin" + } + }, "props": { "type": "array", "items": { @@ -25133,29 +16885,55 @@ const docTemplate = `{ "remarks": { "type": "string" }, - "responsible-parties": { + "start": { + "description": "When did we start collecting the evidence, and when did the process end, and how long is it valid for ?", + "type": "string" + }, + "status": { + "description": "Did we satisfy what was being tested for, or did we fail ?", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.ObjectiveStatus" + } + ] + }, + "subjects": { + "description": "Who or What are we providing evidence for. What's under test.", "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleParty" - } - }, - "system": { - "type": "string" + "$ref": "#/definitions/handler.EvidenceSubject" + } }, - "type": { + "title": { "type": "string" }, "uuid": { + "description": "UUID needs to remain consistent for a piece of evidence being collected periodically.\nIt represents the \"stream\" of the same observation being made over time.\nFor the same checks, performed on the same machine, the UUID for each check should remain the same.\nFor the same check, performed on two different machines, the UUID should differ.", "type": "string" } } }, - "oscalTypes_1_1_3.Activity": { + "handler.EvidenceInventoryItem": { "type": "object", "properties": { "description": { "type": "string" }, + "identifier": { + "description": "user/chris@linguine.tech\noperating-system/ubuntu/22.4\nweb-server/ec2/i-12345", + "type": "string" + }, + "implementedComponents": { + "type": "array", + "items": { + "type": "object", + "properties": { + "identifier": { + "type": "string" + } + } + } + }, "links": { "type": "array", "items": { @@ -25168,36 +16946,25 @@ const docTemplate = `{ "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, - "related-controls": { - "$ref": "#/definitions/oscalTypes_1_1_3.ReviewedControls" - }, "remarks": { "type": "string" }, - "responsible-roles": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleRole" - } - }, - "steps": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Step" - } - }, "title": { "type": "string" }, - "uuid": { + "type": { + "description": "\"operating-system\"\tdescription=\"System software that manages computer hardware, software resources, and provides common services for computer programs.\"\n\"database\"\t\t\tdescription=\"An electronic collection of data, or information, that is specially organized for rapid search and retrieval.\"\n\"web-server\"\t\t\tdescription=\"A system that delivers content or services to end users over the Internet or an intranet.\"\n\"dns-server\"\t\t\tdescription=\"A system that resolves domain names to internet protocol (IP) addresses.\"\n\"email-server\"\t\tdescription=\"A computer system that sends and receives electronic mail messages.\"\n\"directory-server\"\tdescription=\"A system that stores, organizes and provides access to directory information in order to unify network resources.\"\n\"pbx\"\t\t\t\tdescription=\"A private branch exchange (PBX) provides a a private telephone switchboard.\"\n\"firewall\"\t\t\tdescription=\"A network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules.\"\n\"router\"\t\t\t\tdescription=\"A physical or virtual networking device that forwards data packets between computer networks.\"\n\"switch\"\t\t\t\tdescription=\"A physical or virtual networking device that connects devices within a computer network by using packet switching to receive and forward data to the destination device.\"\n\"storage-array\"\t\tdescription=\"A consolidated, block-level data storage capability.\"\n\"appliance\"\t\t\tdescription=\"A physical or virtual machine that centralizes hardware, software, or services for a specific purpose.\"", "type": "string" } } }, - "oscalTypes_1_1_3.Addition": { + "handler.EvidenceSubject": { "type": "object", "properties": { - "by-id": { + "description": { + "type": "string" + }, + "identifier": { "type": "string" }, "links": { @@ -25206,507 +16973,478 @@ const docTemplate = `{ "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, - "params": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Parameter" - } - }, - "parts": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Part" - } - }, - "position": { - "type": "string" - }, "props": { "type": "array", "items": { "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, - "title": { + "remarks": { + "type": "string" + }, + "type": { + "description": "InventoryItem\nComponent", "type": "string" } } }, - "oscalTypes_1_1_3.Address": { + "handler.FilterImportFileResult": { "type": "object", "properties": { - "addr-lines": { - "type": "array", - "items": { - "type": "string" - } - }, - "city": { - "type": "string" - }, - "country": { - "type": "string" + "count": { + "type": "integer" }, - "postal-code": { + "filename": { "type": "string" }, - "state": { + "message": { "type": "string" }, - "type": { - "type": "string" + "success": { + "type": "boolean" } } }, - "oscalTypes_1_1_3.Alteration": { + "handler.FilterImportResponse": { "type": "object", "properties": { - "adds": { + "failed_count": { + "type": "integer" + }, + "results": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Addition" + "$ref": "#/definitions/handler.FilterImportFileResult" } }, - "control-id": { - "type": "string" + "successful_count": { + "type": "integer" }, - "removes": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Removal" - } + "total_dashboards": { + "type": "integer" + }, + "total_files": { + "type": "integer" } } }, - "oscalTypes_1_1_3.AssessedControls": { + "handler.FilterWithAssociations": { "type": "object", "properties": { - "description": { - "type": "string" - }, - "exclude-controls": { + "components": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.AssessedControlsSelectControlById" + "$ref": "#/definitions/oscalTypes_1_1_3.SystemComponent" } }, - "include-all": { - "$ref": "#/definitions/oscalTypes_1_1_3.IncludeAll" - }, - "include-controls": { + "controls": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.AssessedControlsSelectControlById" + "$ref": "#/definitions/oscalTypes_1_1_3.Control" } }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" - } + "filter": { + "$ref": "#/definitions/datatypes.JSONType-labelfilter_Filter" }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" - } + "id": { + "type": "string" }, - "remarks": { + "name": { "type": "string" } } }, - "oscalTypes_1_1_3.AssessedControlsSelectControlById": { + "handler.ForControl.EvidenceDataListResponse": { "type": "object", "properties": { - "control-id": { - "type": "string" - }, - "statement-ids": { + "data": { + "description": "Items from the list response", "type": "array", "items": { - "type": "string" + "$ref": "#/definitions/handler.OscalLikeEvidence" } + }, + "metadata": { + "$ref": "#/definitions/handler.ForControl.responseMetadata" } } }, - "oscalTypes_1_1_3.AssessmentAssets": { + "handler.ForControl.responseMetadata": { "type": "object", "properties": { - "assessment-platforms": { + "control": { + "$ref": "#/definitions/oscalTypes_1_1_3.Control" + } + } + }, + "handler.GenericDataListResponse-array_oscalTypes_1_1_3_Control": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentPlatform" + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Control" + } } - }, - "components": { + } + } + }, + "handler.GenericDataListResponse-handler_ComplianceByControl_StatusCount": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.SystemComponent" + "$ref": "#/definitions/handler.ComplianceByControl.StatusCount" } } } }, - "oscalTypes_1_1_3.AssessmentLog": { + "handler.GenericDataListResponse-handler_FilterWithAssociations": { "type": "object", "properties": { - "entries": { + "data": { + "description": "Items from the list response", "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentLogEntry" + "$ref": "#/definitions/handler.FilterWithAssociations" } } } }, - "oscalTypes_1_1_3.AssessmentLogEntry": { + "handler.GenericDataListResponse-handler_OscalLikeEvidence": { "type": "object", "properties": { - "description": { - "type": "string" - }, - "end": { - "type": "string" - }, - "links": { + "data": { + "description": "Items from the list response", "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" + "$ref": "#/definitions/handler.OscalLikeEvidence" } - }, - "logged-by": { + } + } + }, + "handler.GenericDataListResponse-handler_OverTime_HeartbeatInterval": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.LoggedBy" + "$ref": "#/definitions/handler.OverTime.HeartbeatInterval" } - }, - "props": { + } + } + }, + "handler.GenericDataListResponse-handler_StatusInterval": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" + "$ref": "#/definitions/handler.StatusInterval" } - }, - "related-tasks": { + } + } + }, + "handler.GenericDataListResponse-oscalTypes_1_1_3_AssessmentPlan": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.RelatedTask" - } - }, - "remarks": { - "type": "string" - }, - "start": { - "type": "string" - }, - "title": { - "type": "string" - }, - "uuid": { - "type": "string" + "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentPlan" + } } } }, - "oscalTypes_1_1_3.AssessmentPart": { + "handler.GenericDataListResponse-oscalTypes_1_1_3_AssessmentResults": { "type": "object", "properties": { - "class": { - "type": "string" - }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" - } - }, - "name": { - "type": "string" - }, - "ns": { - "type": "string" - }, - "parts": { + "data": { + "description": "Items from the list response", "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentPart" + "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentResults" } - }, - "props": { + } + } + }, + "handler.GenericDataListResponse-oscalTypes_1_1_3_AssociatedActivity": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" + "$ref": "#/definitions/oscalTypes_1_1_3.AssociatedActivity" } - }, - "prose": { - "type": "string" - }, - "title": { - "type": "string" - }, - "uuid": { - "type": "string" } } }, - "oscalTypes_1_1_3.AssessmentPlan": { + "handler.GenericDataListResponse-oscalTypes_1_1_3_AttestationStatements": { "type": "object", "properties": { - "assessment-assets": { - "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentAssets" - }, - "assessment-subjects": { + "data": { + "description": "Items from the list response", "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentSubject" + "$ref": "#/definitions/oscalTypes_1_1_3.AttestationStatements" } - }, - "back-matter": { - "$ref": "#/definitions/oscalTypes_1_1_3.BackMatter" - }, - "import-ssp": { - "$ref": "#/definitions/oscalTypes_1_1_3.ImportSsp" - }, - "local-definitions": { - "$ref": "#/definitions/oscalTypes_1_1_3.LocalDefinitions" - }, - "metadata": { - "$ref": "#/definitions/oscalTypes_1_1_3.Metadata" - }, - "reviewed-controls": { - "$ref": "#/definitions/oscalTypes_1_1_3.ReviewedControls" - }, - "tasks": { + } + } + }, + "handler.GenericDataListResponse-oscalTypes_1_1_3_Capability": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Task" + "$ref": "#/definitions/oscalTypes_1_1_3.Capability" } - }, - "terms-and-conditions": { - "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentPlanTermsAndConditions" - }, - "uuid": { - "type": "string" } } }, - "oscalTypes_1_1_3.AssessmentPlanTermsAndConditions": { + "handler.GenericDataListResponse-oscalTypes_1_1_3_Catalog": { "type": "object", "properties": { - "parts": { + "data": { + "description": "Items from the list response", "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentPart" + "$ref": "#/definitions/oscalTypes_1_1_3.Catalog" } } } }, - "oscalTypes_1_1_3.AssessmentPlatform": { + "handler.GenericDataListResponse-oscalTypes_1_1_3_ComponentDefinition": { "type": "object", "properties": { - "links": { + "data": { + "description": "Items from the list response", "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" + "$ref": "#/definitions/oscalTypes_1_1_3.ComponentDefinition" } - }, - "props": { + } + } + }, + "handler.GenericDataListResponse-oscalTypes_1_1_3_Control": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" + "$ref": "#/definitions/oscalTypes_1_1_3.Control" } - }, - "remarks": { - "type": "string" - }, - "title": { - "type": "string" - }, - "uses-components": { + } + } + }, + "handler.GenericDataListResponse-oscalTypes_1_1_3_ControlImplementationSet": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.UsesComponent" + "$ref": "#/definitions/oscalTypes_1_1_3.ControlImplementationSet" } - }, - "uuid": { - "type": "string" } } }, - "oscalTypes_1_1_3.AssessmentResults": { + "handler.GenericDataListResponse-oscalTypes_1_1_3_ControlStatementImplementation": { "type": "object", "properties": { - "back-matter": { - "$ref": "#/definitions/oscalTypes_1_1_3.BackMatter" - }, - "import-ap": { - "$ref": "#/definitions/oscalTypes_1_1_3.ImportAp" - }, - "local-definitions": { - "$ref": "#/definitions/oscalTypes_1_1_3.LocalDefinitions" - }, - "metadata": { - "$ref": "#/definitions/oscalTypes_1_1_3.Metadata" - }, - "results": { + "data": { + "description": "Items from the list response", "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Result" + "$ref": "#/definitions/oscalTypes_1_1_3.ControlStatementImplementation" } - }, - "uuid": { - "type": "string" } } }, - "oscalTypes_1_1_3.AssessmentSubject": { + "handler.GenericDataListResponse-oscalTypes_1_1_3_DefinedComponent": { "type": "object", "properties": { - "description": { - "type": "string" - }, - "exclude-subjects": { + "data": { + "description": "Items from the list response", "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.SelectSubjectById" + "$ref": "#/definitions/oscalTypes_1_1_3.DefinedComponent" } - }, - "include-all": { - "$ref": "#/definitions/oscalTypes_1_1_3.IncludeAll" - }, - "include-subjects": { + } + } + }, + "handler.GenericDataListResponse-oscalTypes_1_1_3_Finding": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.SelectSubjectById" + "$ref": "#/definitions/oscalTypes_1_1_3.Finding" } - }, - "links": { + } + } + }, + "handler.GenericDataListResponse-oscalTypes_1_1_3_Group": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" + "$ref": "#/definitions/oscalTypes_1_1_3.Group" } - }, - "props": { + } + } + }, + "handler.GenericDataListResponse-oscalTypes_1_1_3_ImplementedRequirement": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" + "$ref": "#/definitions/oscalTypes_1_1_3.ImplementedRequirement" } - }, - "remarks": { - "type": "string" - }, - "type": { - "type": "string" } } }, - "oscalTypes_1_1_3.AssociatedActivity": { + "handler.GenericDataListResponse-oscalTypes_1_1_3_ImplementedRequirementControlImplementation": { "type": "object", "properties": { - "activity-uuid": { - "type": "string" - }, - "links": { + "data": { + "description": "Items from the list response", "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" + "$ref": "#/definitions/oscalTypes_1_1_3.ImplementedRequirementControlImplementation" } - }, - "props": { + } + } + }, + "handler.GenericDataListResponse-oscalTypes_1_1_3_Import": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" + "$ref": "#/definitions/oscalTypes_1_1_3.Import" } - }, - "remarks": { - "type": "string" - }, - "responsible-roles": { + } + } + }, + "handler.GenericDataListResponse-oscalTypes_1_1_3_ImportComponentDefinition": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleRole" + "$ref": "#/definitions/oscalTypes_1_1_3.ImportComponentDefinition" } - }, - "subjects": { + } + } + }, + "handler.GenericDataListResponse-oscalTypes_1_1_3_IncorporatesComponent": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentSubject" + "$ref": "#/definitions/oscalTypes_1_1_3.IncorporatesComponent" } } } }, - "oscalTypes_1_1_3.AssociatedRisk": { + "handler.GenericDataListResponse-oscalTypes_1_1_3_InventoryItem": { "type": "object", "properties": { - "risk-uuid": { - "type": "string" + "data": { + "description": "Items from the list response", + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.InventoryItem" + } } } }, - "oscalTypes_1_1_3.AttestationStatements": { + "handler.GenericDataListResponse-oscalTypes_1_1_3_LeveragedAuthorization": { "type": "object", "properties": { - "parts": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentPart" - } - }, - "responsible-parties": { + "data": { + "description": "Items from the list response", "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleParty" + "$ref": "#/definitions/oscalTypes_1_1_3.LeveragedAuthorization" } } } }, - "oscalTypes_1_1_3.AuthorizationBoundary": { + "handler.GenericDataListResponse-oscalTypes_1_1_3_Observation": { "type": "object", "properties": { - "description": { - "type": "string" - }, - "diagrams": { + "data": { + "description": "Items from the list response", "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Diagram" + "$ref": "#/definitions/oscalTypes_1_1_3.Observation" } - }, - "links": { + } + } + }, + "handler.GenericDataListResponse-oscalTypes_1_1_3_Party": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" + "$ref": "#/definitions/oscalTypes_1_1_3.Party" } - }, - "props": { + } + } + }, + "handler.GenericDataListResponse-oscalTypes_1_1_3_PlanOfActionAndMilestones": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" + "$ref": "#/definitions/oscalTypes_1_1_3.PlanOfActionAndMilestones" } - }, - "remarks": { - "type": "string" } } }, - "oscalTypes_1_1_3.AuthorizedPrivilege": { + "handler.GenericDataListResponse-oscalTypes_1_1_3_PoamItem": { "type": "object", "properties": { - "description": { - "type": "string" - }, - "functions-performed": { + "data": { + "description": "Items from the list response", "type": "array", "items": { - "type": "string" + "$ref": "#/definitions/oscalTypes_1_1_3.PoamItem" } - }, - "title": { - "type": "string" } } }, - "oscalTypes_1_1_3.BackMatter": { + "handler.GenericDataListResponse-oscalTypes_1_1_3_Resource": { "type": "object", "properties": { - "resources": { + "data": { + "description": "Items from the list response", "type": "array", "items": { "$ref": "#/definitions/oscalTypes_1_1_3.Resource" @@ -25714,1965 +17452,1046 @@ const docTemplate = `{ } } }, - "oscalTypes_1_1_3.Base64": { + "handler.GenericDataListResponse-oscalTypes_1_1_3_Result": { "type": "object", "properties": { - "filename": { - "type": "string" - }, - "media-type": { - "type": "string" - }, - "value": { - "type": "string" + "data": { + "description": "Items from the list response", + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Result" + } } } }, - "oscalTypes_1_1_3.ByComponent": { + "handler.GenericDataListResponse-oscalTypes_1_1_3_Risk": { "type": "object", "properties": { - "component-uuid": { - "type": "string" - }, - "description": { - "type": "string" - }, - "export": { - "$ref": "#/definitions/oscalTypes_1_1_3.Export" - }, - "implementation-status": { - "$ref": "#/definitions/oscalTypes_1_1_3.ImplementationStatus" - }, - "inherited": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.InheritedControlImplementation" - } - }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" - } - }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" - } - }, - "remarks": { - "type": "string" - }, - "responsible-roles": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleRole" - } - }, - "satisfied": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.SatisfiedControlImplementationResponsibility" - } - }, - "set-parameters": { + "data": { + "description": "Items from the list response", "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.SetParameter" + "$ref": "#/definitions/oscalTypes_1_1_3.Risk" } - }, - "uuid": { - "type": "string" } } }, - "oscalTypes_1_1_3.Capability": { + "handler.GenericDataListResponse-oscalTypes_1_1_3_Role": { "type": "object", "properties": { - "control-implementations": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ControlImplementationSet" - } - }, - "description": { - "type": "string" - }, - "incorporates-components": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.IncorporatesComponent" - } - }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" - } - }, - "name": { - "type": "string" - }, - "props": { + "data": { + "description": "Items from the list response", "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" + "$ref": "#/definitions/oscalTypes_1_1_3.Role" } - }, - "remarks": { - "type": "string" - }, - "uuid": { - "type": "string" } } }, - "oscalTypes_1_1_3.Catalog": { + "handler.GenericDataListResponse-oscalTypes_1_1_3_SystemComponent": { "type": "object", "properties": { - "back-matter": { - "$ref": "#/definitions/oscalTypes_1_1_3.BackMatter" - }, - "controls": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Control" - } - }, - "groups": { + "data": { + "description": "Items from the list response", "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Group" + "$ref": "#/definitions/oscalTypes_1_1_3.SystemComponent" } - }, - "metadata": { - "$ref": "#/definitions/oscalTypes_1_1_3.Metadata" - }, - "params": { + } + } + }, + "handler.GenericDataListResponse-oscalTypes_1_1_3_SystemSecurityPlan": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Parameter" + "$ref": "#/definitions/oscalTypes_1_1_3.SystemSecurityPlan" } - }, - "uuid": { - "type": "string" } } }, - "oscalTypes_1_1_3.Characterization": { + "handler.GenericDataListResponse-oscalTypes_1_1_3_SystemUser": { "type": "object", "properties": { - "facets": { + "data": { + "description": "Items from the list response", "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Facet" + "$ref": "#/definitions/oscalTypes_1_1_3.SystemUser" } - }, - "links": { + } + } + }, + "handler.GenericDataListResponse-oscal_InventoryItemWithSource": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" + "$ref": "#/definitions/oscal.InventoryItemWithSource" } - }, - "origin": { - "$ref": "#/definitions/oscalTypes_1_1_3.Origin" - }, - "props": { + } + } + }, + "handler.GenericDataListResponse-oscal_ProfileHandler": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" + "$ref": "#/definitions/oscal.ProfileHandler" } } } }, - "oscalTypes_1_1_3.Citation": { + "handler.GenericDataListResponse-relational_Evidence": { "type": "object", "properties": { - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" - } - }, - "props": { + "data": { + "description": "Items from the list response", "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" + "$ref": "#/definitions/relational.Evidence" } - }, - "text": { - "type": "string" } } }, - "oscalTypes_1_1_3.CombinationRule": { + "handler.GenericDataListResponse-relational_User": { "type": "object", "properties": { - "method": { - "type": "string" + "data": { + "description": "Items from the list response", + "type": "array", + "items": { + "$ref": "#/definitions/relational.User" + } } } }, - "oscalTypes_1_1_3.ComponentDefinition": { + "handler.GenericDataResponse-array_oscalTypes_1_1_3_AssessmentAssets": { "type": "object", "properties": { - "back-matter": { - "$ref": "#/definitions/oscalTypes_1_1_3.BackMatter" - }, - "capabilities": { + "data": { + "description": "Items from the list response", "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Capability" + "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentAssets" } - }, - "components": { + } + } + }, + "handler.GenericDataResponse-array_oscalTypes_1_1_3_AssessmentSubject": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.DefinedComponent" + "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentSubject" } - }, - "import-component-definitions": { + } + } + }, + "handler.GenericDataResponse-array_oscalTypes_1_1_3_Task": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ImportComponentDefinition" + "$ref": "#/definitions/oscalTypes_1_1_3.Task" } - }, - "metadata": { - "$ref": "#/definitions/oscalTypes_1_1_3.Metadata" - }, - "uuid": { - "type": "string" } } }, - "oscalTypes_1_1_3.ConstraintTest": { + "handler.GenericDataResponse-auth_AuthHandler": { "type": "object", "properties": { - "expression": { - "type": "string" - }, - "remarks": { - "type": "string" + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/auth.AuthHandler" + } + ] } } }, - "oscalTypes_1_1_3.Control": { + "handler.GenericDataResponse-digest_EvidenceSummary": { "type": "object", "properties": { - "class": { - "type": "string" - }, - "controls": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Control" - } - }, - "id": { - "type": "string" - }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" - } - }, - "params": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Parameter" - } - }, - "parts": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Part" - } - }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" - } - }, - "title": { - "type": "string" + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/digest.EvidenceSummary" + } + ] } } }, - "oscalTypes_1_1_3.ControlImplementation": { + "handler.GenericDataResponse-handler_FilterImportResponse": { "type": "object", "properties": { - "description": { - "type": "string" - }, - "implemented-requirements": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ImplementedRequirement" - } - }, - "set-parameters": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.SetParameter" - } + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/handler.FilterImportResponse" + } + ] } } }, - "oscalTypes_1_1_3.ControlImplementationResponsibility": { + "handler.GenericDataResponse-handler_FilterWithAssociations": { "type": "object", "properties": { - "description": { - "type": "string" - }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" - } - }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" - } - }, - "provided-uuid": { - "type": "string" - }, - "remarks": { - "type": "string" - }, - "responsible-roles": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleRole" - } - }, - "uuid": { - "type": "string" + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/handler.FilterWithAssociations" + } + ] } } }, - "oscalTypes_1_1_3.ControlImplementationSet": { + "handler.GenericDataResponse-handler_OscalLikeEvidence": { "type": "object", "properties": { - "description": { - "type": "string" - }, - "implemented-requirements": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ImplementedRequirementControlImplementation" - } - }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" - } - }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" - } - }, - "set-parameters": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.SetParameter" - } - }, - "source": { - "type": "string" - }, - "uuid": { - "type": "string" + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/handler.OscalLikeEvidence" + } + ] + } + } + }, + "handler.GenericDataResponse-handler_UserHandler": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/handler.UserHandler" + } + ] + } + } + }, + "handler.GenericDataResponse-oscalTypes_1_1_3_Activity": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.Activity" + } + ] } } }, - "oscalTypes_1_1_3.ControlStatementImplementation": { + "handler.GenericDataResponse-oscalTypes_1_1_3_AssessmentAssets": { "type": "object", "properties": { - "description": { - "type": "string" - }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" - } - }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" - } - }, - "remarks": { - "type": "string" - }, - "responsible-roles": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleRole" - } - }, - "statement-id": { - "type": "string" - }, - "uuid": { - "type": "string" + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentAssets" + } + ] } } }, - "oscalTypes_1_1_3.CustomGrouping": { + "handler.GenericDataResponse-oscalTypes_1_1_3_AssessmentPlan": { "type": "object", "properties": { - "groups": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.CustomGroupingGroup" - } - }, - "insert-controls": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.InsertControls" - } + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentPlan" + } + ] } } }, - "oscalTypes_1_1_3.CustomGroupingGroup": { + "handler.GenericDataResponse-oscalTypes_1_1_3_AssessmentPlanTermsAndConditions": { "type": "object", "properties": { - "class": { - "type": "string" - }, - "groups": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.CustomGroupingGroup" - } - }, - "id": { - "type": "string" - }, - "insert-controls": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.InsertControls" - } - }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" - } - }, - "params": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Parameter" - } - }, - "parts": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Part" - } - }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" - } - }, - "title": { - "type": "string" + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentPlanTermsAndConditions" + } + ] } } }, - "oscalTypes_1_1_3.DataFlow": { + "handler.GenericDataResponse-oscalTypes_1_1_3_AssessmentResults": { "type": "object", "properties": { - "description": { - "type": "string" - }, - "diagrams": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Diagram" - } - }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" - } - }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" - } - }, - "remarks": { - "type": "string" + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentResults" + } + ] } } }, - "oscalTypes_1_1_3.DefinedComponent": { + "handler.GenericDataResponse-oscalTypes_1_1_3_AssessmentSubject": { "type": "object", "properties": { - "control-implementations": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ControlImplementationSet" - } - }, - "description": { - "type": "string" - }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" - } - }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" - } - }, - "protocols": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Protocol" - } - }, - "purpose": { - "type": "string" - }, - "remarks": { - "type": "string" - }, - "responsible-roles": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleRole" - } - }, - "title": { - "type": "string" - }, - "type": { - "type": "string" - }, - "uuid": { - "type": "string" + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentSubject" + } + ] } } }, - "oscalTypes_1_1_3.Diagram": { + "handler.GenericDataResponse-oscalTypes_1_1_3_AttestationStatements": { "type": "object", "properties": { - "caption": { - "type": "string" - }, - "description": { - "type": "string" - }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" - } - }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" - } - }, - "remarks": { - "type": "string" - }, - "uuid": { - "type": "string" + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.AttestationStatements" + } + ] } } }, - "oscalTypes_1_1_3.DocumentId": { + "handler.GenericDataResponse-oscalTypes_1_1_3_AuthorizationBoundary": { "type": "object", "properties": { - "identifier": { - "type": "string" - }, - "scheme": { - "type": "string" + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.AuthorizationBoundary" + } + ] } } }, - "oscalTypes_1_1_3.EventTiming": { + "handler.GenericDataResponse-oscalTypes_1_1_3_BackMatter": { "type": "object", "properties": { - "at-frequency": { - "$ref": "#/definitions/oscalTypes_1_1_3.FrequencyCondition" - }, - "on-date": { - "$ref": "#/definitions/oscalTypes_1_1_3.OnDateCondition" - }, - "within-date-range": { - "$ref": "#/definitions/oscalTypes_1_1_3.OnDateRangeCondition" + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.BackMatter" + } + ] } } }, - "oscalTypes_1_1_3.Export": { + "handler.GenericDataResponse-oscalTypes_1_1_3_ByComponent": { "type": "object", "properties": { - "description": { - "type": "string" - }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" - } - }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" - } - }, - "provided": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ProvidedControlImplementation" - } - }, - "remarks": { - "type": "string" - }, - "responsibilities": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ControlImplementationResponsibility" - } + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.ByComponent" + } + ] } } }, - "oscalTypes_1_1_3.Facet": { + "handler.GenericDataResponse-oscalTypes_1_1_3_Capability": { "type": "object", "properties": { - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" - } - }, - "name": { - "type": "string" - }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" - } - }, - "remarks": { - "type": "string" - }, - "system": { - "type": "string" - }, - "value": { - "type": "string" + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.Capability" + } + ] } } }, - "oscalTypes_1_1_3.Finding": { + "handler.GenericDataResponse-oscalTypes_1_1_3_Catalog": { "type": "object", "properties": { - "description": { - "type": "string" - }, - "implementation-statement-uuid": { - "type": "string" - }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" - } - }, - "origins": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Origin" - } - }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" - } - }, - "related-observations": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.RelatedObservation" - } - }, - "related-risks": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.AssociatedRisk" - } - }, - "remarks": { - "type": "string" - }, - "target": { - "$ref": "#/definitions/oscalTypes_1_1_3.FindingTarget" - }, - "title": { - "type": "string" - }, - "uuid": { - "type": "string" + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.Catalog" + } + ] } } }, - "oscalTypes_1_1_3.FindingTarget": { + "handler.GenericDataResponse-oscalTypes_1_1_3_ComponentDefinition": { "type": "object", "properties": { - "description": { - "type": "string" - }, - "implementation-status": { - "$ref": "#/definitions/oscalTypes_1_1_3.ImplementationStatus" - }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" - } - }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" - } - }, - "remarks": { - "type": "string" - }, - "status": { - "$ref": "#/definitions/oscalTypes_1_1_3.ObjectiveStatus" - }, - "target-id": { - "type": "string" - }, - "title": { - "type": "string" - }, - "type": { - "type": "string" + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.ComponentDefinition" + } + ] } } }, - "oscalTypes_1_1_3.FlatWithoutGrouping": { - "type": "object", - "additionalProperties": true - }, - "oscalTypes_1_1_3.FrequencyCondition": { + "handler.GenericDataResponse-oscalTypes_1_1_3_Control": { "type": "object", "properties": { - "period": { - "type": "integer" - }, - "unit": { - "type": "string" + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.Control" + } + ] } } }, - "oscalTypes_1_1_3.Group": { + "handler.GenericDataResponse-oscalTypes_1_1_3_ControlImplementation": { "type": "object", "properties": { - "class": { - "type": "string" - }, - "controls": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Control" - } - }, - "groups": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Group" - } - }, - "id": { - "type": "string" - }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" - } - }, - "params": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Parameter" - } - }, - "parts": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Part" - } - }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" - } - }, - "title": { - "type": "string" + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.ControlImplementation" + } + ] } } }, - "oscalTypes_1_1_3.Hash": { + "handler.GenericDataResponse-oscalTypes_1_1_3_ControlImplementationSet": { "type": "object", "properties": { - "algorithm": { - "type": "string" - }, - "value": { - "type": "string" + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.ControlImplementationSet" + } + ] } } }, - "oscalTypes_1_1_3.IdentifiedSubject": { + "handler.GenericDataResponse-oscalTypes_1_1_3_DataFlow": { "type": "object", "properties": { - "subject-placeholder-uuid": { - "type": "string" - }, - "subjects": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentSubject" - } + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.DataFlow" + } + ] } } }, - "oscalTypes_1_1_3.Impact": { + "handler.GenericDataResponse-oscalTypes_1_1_3_DefinedComponent": { "type": "object", "properties": { - "adjustment-justification": { - "type": "string" - }, - "base": { - "type": "string" - }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" - } - }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" - } - }, - "selected": { - "type": "string" + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.DefinedComponent" + } + ] } } }, - "oscalTypes_1_1_3.ImplementationStatus": { + "handler.GenericDataResponse-oscalTypes_1_1_3_Diagram": { "type": "object", "properties": { - "remarks": { - "type": "string" - }, - "state": { - "type": "string" + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.Diagram" + } + ] } } }, - "oscalTypes_1_1_3.ImplementedComponent": { + "handler.GenericDataResponse-oscalTypes_1_1_3_Finding": { "type": "object", "properties": { - "component-uuid": { - "type": "string" - }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" - } - }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" - } - }, - "remarks": { - "type": "string" - }, - "responsible-parties": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleParty" - } + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.Finding" + } + ] } } }, - "oscalTypes_1_1_3.ImplementedRequirement": { + "handler.GenericDataResponse-oscalTypes_1_1_3_Group": { "type": "object", "properties": { - "by-components": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ByComponent" - } - }, - "control-id": { - "type": "string" - }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" - } - }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" - } - }, - "remarks": { - "type": "string" - }, - "responsible-roles": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleRole" - } - }, - "set-parameters": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.SetParameter" - } - }, - "statements": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Statement" - } - }, - "uuid": { - "type": "string" + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.Group" + } + ] } } }, - "oscalTypes_1_1_3.ImplementedRequirementControlImplementation": { + "handler.GenericDataResponse-oscalTypes_1_1_3_ImplementedRequirement": { "type": "object", "properties": { - "control-id": { - "type": "string" - }, - "description": { - "type": "string" - }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" - } - }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" - } - }, - "remarks": { - "type": "string" - }, - "responsible-roles": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleRole" - } - }, - "set-parameters": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.SetParameter" - } - }, - "statements": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ControlStatementImplementation" - } - }, - "uuid": { - "type": "string" + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.ImplementedRequirement" + } + ] } } }, - "oscalTypes_1_1_3.Import": { + "handler.GenericDataResponse-oscalTypes_1_1_3_Import": { "type": "object", "properties": { - "exclude-controls": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.SelectControlById" - } - }, - "href": { - "type": "string" - }, - "include-all": { - "$ref": "#/definitions/oscalTypes_1_1_3.IncludeAll" - }, - "include-controls": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.SelectControlById" - } + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.Import" + } + ] } } }, - "oscalTypes_1_1_3.ImportAp": { + "handler.GenericDataResponse-oscalTypes_1_1_3_ImportAp": { "type": "object", "properties": { - "href": { - "type": "string" - }, - "remarks": { - "type": "string" + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.ImportAp" + } + ] } } }, - "oscalTypes_1_1_3.ImportComponentDefinition": { + "handler.GenericDataResponse-oscalTypes_1_1_3_ImportProfile": { "type": "object", "properties": { - "href": { - "type": "string" + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.ImportProfile" + } + ] } } }, - "oscalTypes_1_1_3.ImportProfile": { + "handler.GenericDataResponse-oscalTypes_1_1_3_ImportSsp": { "type": "object", - "properties": { - "href": { - "type": "string" - }, - "remarks": { - "type": "string" + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.ImportSsp" + } + ] } } }, - "oscalTypes_1_1_3.ImportSsp": { + "handler.GenericDataResponse-oscalTypes_1_1_3_InventoryItem": { "type": "object", "properties": { - "href": { - "type": "string" - }, - "remarks": { - "type": "string" + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.InventoryItem" + } + ] } } }, - "oscalTypes_1_1_3.IncludeAll": { - "type": "object", - "additionalProperties": true - }, - "oscalTypes_1_1_3.IncorporatesComponent": { + "handler.GenericDataResponse-oscalTypes_1_1_3_LeveragedAuthorization": { "type": "object", "properties": { - "component-uuid": { - "type": "string" - }, - "description": { - "type": "string" + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.LeveragedAuthorization" + } + ] } } }, - "oscalTypes_1_1_3.InformationType": { + "handler.GenericDataResponse-oscalTypes_1_1_3_LocalDefinitions": { "type": "object", "properties": { - "availability-impact": { - "$ref": "#/definitions/oscalTypes_1_1_3.Impact" - }, - "categorizations": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.InformationTypeCategorization" - } - }, - "confidentiality-impact": { - "$ref": "#/definitions/oscalTypes_1_1_3.Impact" - }, - "description": { - "type": "string" - }, - "integrity-impact": { - "$ref": "#/definitions/oscalTypes_1_1_3.Impact" - }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" - } - }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" - } - }, - "title": { - "type": "string" - }, - "uuid": { - "type": "string" + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.LocalDefinitions" + } + ] } } }, - "oscalTypes_1_1_3.InformationTypeCategorization": { + "handler.GenericDataResponse-oscalTypes_1_1_3_Merge": { "type": "object", "properties": { - "information-type-ids": { - "type": "array", - "items": { - "type": "string" - } - }, - "system": { - "type": "string" + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.Merge" + } + ] } } }, - "oscalTypes_1_1_3.InheritedControlImplementation": { + "handler.GenericDataResponse-oscalTypes_1_1_3_Metadata": { "type": "object", "properties": { - "description": { - "type": "string" - }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" - } - }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" - } - }, - "provided-uuid": { - "type": "string" - }, - "responsible-roles": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleRole" - } - }, - "uuid": { - "type": "string" + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.Metadata" + } + ] } } }, - "oscalTypes_1_1_3.InsertControls": { + "handler.GenericDataResponse-oscalTypes_1_1_3_Modify": { "type": "object", "properties": { - "exclude-controls": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.SelectControlById" - } - }, - "include-all": { - "$ref": "#/definitions/oscalTypes_1_1_3.IncludeAll" - }, - "include-controls": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.SelectControlById" - } - }, - "order": { - "type": "string" + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.Modify" + } + ] } } }, - "oscalTypes_1_1_3.InventoryItem": { + "handler.GenericDataResponse-oscalTypes_1_1_3_NetworkArchitecture": { "type": "object", "properties": { - "description": { - "type": "string" - }, - "implemented-components": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ImplementedComponent" - } - }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" - } - }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" - } - }, - "remarks": { - "type": "string" - }, - "responsible-parties": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleParty" - } - }, - "uuid": { - "type": "string" + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.NetworkArchitecture" + } + ] } } }, - "oscalTypes_1_1_3.LeveragedAuthorization": { + "handler.GenericDataResponse-oscalTypes_1_1_3_Observation": { "type": "object", "properties": { - "date-authorized": { - "type": "string" - }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" - } - }, - "party-uuid": { - "type": "string" - }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" - } - }, - "remarks": { - "type": "string" - }, - "title": { - "type": "string" - }, - "uuid": { - "type": "string" + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.Observation" + } + ] } } }, - "oscalTypes_1_1_3.Link": { - "type": "object", - "properties": { - "href": { - "type": "string" - }, - "media-type": { - "type": "string" - }, - "rel": { - "type": "string" - }, - "resource-fragment": { - "type": "string" - }, - "text": { - "type": "string" + "handler.GenericDataResponse-oscalTypes_1_1_3_Party": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.Party" + } + ] } } }, - "oscalTypes_1_1_3.LocalDefinitions": { + "handler.GenericDataResponse-oscalTypes_1_1_3_PlanOfActionAndMilestones": { "type": "object", "properties": { - "activities": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Activity" - } - }, - "components": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.SystemComponent" - } - }, - "inventory-items": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.InventoryItem" - } - }, - "objectives-and-methods": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.LocalObjective" - } - }, - "remarks": { - "type": "string" - }, - "users": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.SystemUser" - } + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.PlanOfActionAndMilestones" + } + ] } } }, - "oscalTypes_1_1_3.LocalObjective": { + "handler.GenericDataResponse-oscalTypes_1_1_3_PlanOfActionAndMilestonesLocalDefinitions": { "type": "object", "properties": { - "control-id": { - "type": "string" - }, - "description": { - "type": "string" - }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" - } - }, - "parts": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Part" - } - }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" - } - }, - "remarks": { - "type": "string" + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.PlanOfActionAndMilestonesLocalDefinitions" + } + ] } } }, - "oscalTypes_1_1_3.Location": { + "handler.GenericDataResponse-oscalTypes_1_1_3_PoamItem": { "type": "object", "properties": { - "address": { - "$ref": "#/definitions/oscalTypes_1_1_3.Address" - }, - "email-addresses": { - "type": "array", - "items": { - "type": "string" - } - }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" - } - }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" - } - }, - "remarks": { - "type": "string" - }, - "telephone-numbers": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.TelephoneNumber" - } - }, - "title": { - "type": "string" - }, - "urls": { - "type": "array", - "items": { - "type": "string" - } - }, - "uuid": { - "type": "string" + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.PoamItem" + } + ] } } }, - "oscalTypes_1_1_3.LoggedBy": { + "handler.GenericDataResponse-oscalTypes_1_1_3_Profile": { "type": "object", "properties": { - "party-uuid": { - "type": "string" - }, - "role-id": { - "type": "string" + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.Profile" + } + ] } } }, - "oscalTypes_1_1_3.Matching": { + "handler.GenericDataResponse-oscalTypes_1_1_3_Resource": { "type": "object", "properties": { - "pattern": { - "type": "string" + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.Resource" + } + ] } } }, - "oscalTypes_1_1_3.Merge": { + "handler.GenericDataResponse-oscalTypes_1_1_3_Result": { "type": "object", "properties": { - "as-is": { - "type": "boolean" - }, - "combine": { - "$ref": "#/definitions/oscalTypes_1_1_3.CombinationRule" - }, - "custom": { - "$ref": "#/definitions/oscalTypes_1_1_3.CustomGrouping" - }, - "flat": { - "$ref": "#/definitions/oscalTypes_1_1_3.FlatWithoutGrouping" + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.Result" + } + ] } } }, - "oscalTypes_1_1_3.Metadata": { + "handler.GenericDataResponse-oscalTypes_1_1_3_Risk": { "type": "object", "properties": { - "actions": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Action" - } - }, - "document-ids": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.DocumentId" - } - }, - "last-modified": { - "type": "string" - }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" - } - }, - "locations": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Location" - } - }, - "oscal-version": { - "type": "string" - }, - "parties": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Party" - } - }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" - } - }, - "published": { - "type": "string" - }, - "remarks": { - "type": "string" - }, - "responsible-parties": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleParty" - } - }, - "revisions": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.RevisionHistoryEntry" - } - }, - "roles": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Role" - } - }, - "title": { - "type": "string" - }, - "version": { - "type": "string" + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.Risk" + } + ] } } }, - "oscalTypes_1_1_3.MitigatingFactor": { + "handler.GenericDataResponse-oscalTypes_1_1_3_Role": { "type": "object", "properties": { - "description": { - "type": "string" - }, - "implementation-uuid": { - "type": "string" - }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" - } - }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" - } - }, - "subjects": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.SubjectReference" - } - }, - "uuid": { - "type": "string" + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.Role" + } + ] } } }, - "oscalTypes_1_1_3.Modify": { + "handler.GenericDataResponse-oscalTypes_1_1_3_Statement": { "type": "object", "properties": { - "alters": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Alteration" - } - }, - "set-parameters": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ParameterSetting" - } + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.Statement" + } + ] } } }, - "oscalTypes_1_1_3.NetworkArchitecture": { + "handler.GenericDataResponse-oscalTypes_1_1_3_SystemCharacteristics": { "type": "object", "properties": { - "description": { - "type": "string" - }, - "diagrams": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Diagram" - } - }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" - } - }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" - } - }, - "remarks": { - "type": "string" + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.SystemCharacteristics" + } + ] } } }, - "oscalTypes_1_1_3.ObjectiveStatus": { + "handler.GenericDataResponse-oscalTypes_1_1_3_SystemComponent": { "type": "object", "properties": { - "reason": { - "type": "string" - }, - "remarks": { - "type": "string" - }, - "state": { - "type": "string" + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.SystemComponent" + } + ] } } }, - "oscalTypes_1_1_3.Observation": { + "handler.GenericDataResponse-oscalTypes_1_1_3_SystemId": { "type": "object", "properties": { - "collected": { - "type": "string" - }, - "description": { - "type": "string" - }, - "expires": { - "type": "string" - }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" - } - }, - "methods": { - "type": "array", - "items": { - "type": "string" - } - }, - "origins": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Origin" - } - }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" - } - }, - "relevant-evidence": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.RelevantEvidence" - } - }, - "remarks": { - "type": "string" - }, - "subjects": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.SubjectReference" - } - }, - "title": { - "type": "string" - }, - "types": { - "type": "array", - "items": { - "type": "string" - } - }, - "uuid": { - "type": "string" + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.SystemId" + } + ] } } }, - "oscalTypes_1_1_3.OnDateCondition": { + "handler.GenericDataResponse-oscalTypes_1_1_3_SystemImplementation": { "type": "object", "properties": { - "date": { - "type": "string" + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.SystemImplementation" + } + ] } } }, - "oscalTypes_1_1_3.OnDateRangeCondition": { + "handler.GenericDataResponse-oscalTypes_1_1_3_SystemSecurityPlan": { "type": "object", "properties": { - "end": { - "type": "string" - }, - "start": { - "type": "string" + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.SystemSecurityPlan" + } + ] } } }, - "oscalTypes_1_1_3.Origin": { + "handler.GenericDataResponse-oscalTypes_1_1_3_SystemUser": { "type": "object", "properties": { - "actors": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.OriginActor" - } - }, - "related-tasks": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.RelatedTask" - } + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.SystemUser" + } + ] + } + } + }, + "handler.GenericDataResponse-oscalTypes_1_1_3_Task": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.Task" + } + ] + } + } + }, + "handler.GenericDataResponse-oscal_ImportResponse": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscal.ImportResponse" + } + ] + } + } + }, + "handler.GenericDataResponse-oscal_InventoryItemWithSource": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscal.InventoryItemWithSource" + } + ] } } }, - "oscalTypes_1_1_3.OriginActor": { + "handler.GenericDataResponse-oscal_ProfileHandler": { "type": "object", "properties": { - "actor-uuid": { - "type": "string" - }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" - } - }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" - } - }, - "role-id": { - "type": "string" - }, - "type": { - "type": "string" + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscal.ProfileHandler" + } + ] } } }, - "oscalTypes_1_1_3.Parameter": { + "handler.GenericDataResponse-relational_Evidence": { "type": "object", "properties": { - "class": { - "type": "string" - }, - "constraints": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ParameterConstraint" - } - }, - "depends-on": { - "type": "string" - }, - "guidelines": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ParameterGuideline" - } - }, - "id": { - "type": "string" - }, - "label": { - "type": "string" - }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" - } - }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" - } - }, - "remarks": { - "type": "string" - }, - "select": { - "$ref": "#/definitions/oscalTypes_1_1_3.ParameterSelection" - }, - "usage": { - "type": "string" - }, - "values": { - "type": "array", - "items": { - "type": "string" - } + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/relational.Evidence" + } + ] } } }, - "oscalTypes_1_1_3.ParameterConstraint": { + "handler.GenericDataResponse-relational_Filter": { "type": "object", "properties": { - "description": { - "type": "string" - }, - "tests": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ConstraintTest" - } + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/relational.Filter" + } + ] } } }, - "oscalTypes_1_1_3.ParameterGuideline": { + "handler.GenericDataResponse-relational_User": { "type": "object", "properties": { - "prose": { - "type": "string" + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/relational.User" + } + ] } } }, - "oscalTypes_1_1_3.ParameterSelection": { + "handler.GenericDataResponse-string": { "type": "object", "properties": { - "choice": { - "type": "array", - "items": { - "type": "string" - } - }, - "how-many": { + "data": { + "description": "Items from the list response", "type": "string" } } }, - "oscalTypes_1_1_3.ParameterSetting": { + "handler.HeartbeatCreateRequest": { "type": "object", + "required": [ + "created_at", + "uuid" + ], "properties": { - "class": { - "type": "string" - }, - "constraints": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ParameterConstraint" - } - }, - "depends-on": { - "type": "string" - }, - "guidelines": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ParameterGuideline" - } - }, - "label": { - "type": "string" - }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" - } - }, - "param-id": { + "created_at": { "type": "string" }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" - } - }, - "select": { - "$ref": "#/definitions/oscalTypes_1_1_3.ParameterSelection" - }, - "usage": { + "uuid": { "type": "string" - }, - "values": { - "type": "array", - "items": { - "type": "string" - } } } }, - "oscalTypes_1_1_3.Part": { + "handler.OscalLikeEvidence": { "type": "object", "properties": { - "class": { - "type": "string" - }, - "id": { - "type": "string" - }, - "links": { + "activities": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" + "$ref": "#/definitions/oscalTypes_1_1_3.Activity" } }, - "name": { - "type": "string" - }, - "ns": { - "type": "string" + "back-matter": { + "$ref": "#/definitions/oscalTypes_1_1_3.BackMatter" }, - "parts": { + "components": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Part" + "$ref": "#/definitions/oscalTypes_1_1_3.SystemComponent" } }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" - } + "description": { + "type": "string" }, - "prose": { + "end": { "type": "string" }, - "title": { + "expires": { "type": "string" - } - } - }, - "oscalTypes_1_1_3.Party": { - "type": "object", - "properties": { - "addresses": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Address" - } }, - "email-addresses": { + "id": { + "type": "string" + }, + "inventory-items": { "type": "array", "items": { - "type": "string" + "$ref": "#/definitions/oscalTypes_1_1_3.InventoryItem" } }, - "external-ids": { + "labels": { + "description": "Assigning labels to Evidence makes it searchable and easily usable in the UI", "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.PartyExternalIdentifier" + "$ref": "#/definitions/relational.Labels" } }, "links": { @@ -27681,21 +18500,12 @@ const docTemplate = `{ "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, - "location-uuids": { - "type": "array", - "items": { - "type": "string" - } - }, - "member-of-organizations": { + "origins": { "type": "array", "items": { - "type": "string" + "$ref": "#/definitions/oscalTypes_1_1_3.Origin" } }, - "name": { - "type": "string" - }, "props": { "type": "array", "items": { @@ -27705,247 +18515,282 @@ const docTemplate = `{ "remarks": { "type": "string" }, - "short-name": { + "start": { + "description": "When did we start collecting the evidence, and when did the process end, and how long is it valid for ?", "type": "string" }, - "telephone-numbers": { + "status": { + "$ref": "#/definitions/oscalTypes_1_1_3.ObjectiveStatus" + }, + "subjects": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.TelephoneNumber" + "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentSubject" } }, - "type": { + "title": { "type": "string" }, "uuid": { + "description": "UUID needs to remain consistent when automation runs again, but unique for each subject.\nIt represents the \"stream\" of the same observation being made over time.", "type": "string" } } }, - "oscalTypes_1_1_3.PartyExternalIdentifier": { + "handler.OverTime.HeartbeatInterval": { "type": "object", "properties": { - "id": { + "interval": { "type": "string" }, - "scheme": { - "type": "string" + "total": { + "type": "integer" } } }, - "oscalTypes_1_1_3.PlanOfActionAndMilestones": { + "handler.StatusCount": { "type": "object", "properties": { - "back-matter": { - "$ref": "#/definitions/oscalTypes_1_1_3.BackMatter" - }, - "findings": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Finding" - } - }, - "import-ssp": { - "$ref": "#/definitions/oscalTypes_1_1_3.ImportSsp" - }, - "local-definitions": { - "$ref": "#/definitions/oscalTypes_1_1_3.PlanOfActionAndMilestonesLocalDefinitions" + "count": { + "type": "integer" }, - "metadata": { - "$ref": "#/definitions/oscalTypes_1_1_3.Metadata" + "status": { + "type": "string" + } + } + }, + "handler.StatusInterval": { + "type": "object", + "properties": { + "interval": { + "type": "string" }, - "observations": { + "statuses": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Observation" + "$ref": "#/definitions/handler.StatusCount" } - }, - "poam-items": { + } + } + }, + "handler.UserHandler": { + "type": "object" + }, + "handler.createFilterRequest": { + "type": "object", + "required": [ + "filter", + "name" + ], + "properties": { + "components": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.PoamItem" + "type": "string" } }, - "risks": { + "controls": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Risk" + "type": "string" } }, - "system-id": { - "$ref": "#/definitions/oscalTypes_1_1_3.SystemId" + "filter": { + "$ref": "#/definitions/labelfilter.Filter" }, - "uuid": { + "name": { "type": "string" } } }, - "oscalTypes_1_1_3.PlanOfActionAndMilestonesLocalDefinitions": { + "labelfilter.Condition": { "type": "object", "properties": { - "assessment-assets": { - "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentAssets" - }, - "components": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.SystemComponent" - } + "label": { + "description": "Label name (e.g., \"type\", \"group\", \"app\").", + "type": "string" }, - "inventory-items": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.InventoryItem" - } + "operator": { + "description": "Operator (e.g., \"=\", \"!=\", etc.).", + "type": "string" }, - "remarks": { + "value": { + "description": "Value for the condition (e.g., \"ssh\", \"prod\").", "type": "string" } } }, - "oscalTypes_1_1_3.PoamItem": { + "labelfilter.Filter": { "type": "object", "properties": { - "description": { + "scope": { + "$ref": "#/definitions/labelfilter.Scope" + } + } + }, + "labelfilter.Query": { + "type": "object", + "properties": { + "operator": { + "description": "Logical operator (e.g., \"AND\", \"OR\").", "type": "string" }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" - } - }, - "origins": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.PoamItemOrigin" - } - }, - "props": { + "scopes": { + "description": "Scopes can be either ` + "`" + `Condition` + "`" + ` or nested ` + "`" + `Query` + "`" + `.", "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" + "$ref": "#/definitions/labelfilter.Scope" } + } + } + }, + "labelfilter.Scope": { + "type": "object", + "properties": { + "condition": { + "$ref": "#/definitions/labelfilter.Condition" }, - "related-findings": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.RelatedFinding" - } + "query": { + "$ref": "#/definitions/labelfilter.Query" + } + } + }, + "oscal.CreateInventoryItemRequest": { + "type": "object", + "properties": { + "destination": { + "description": "\"ssp\", \"poam\", or \"unattached\"", + "type": "string" }, - "related-observations": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.RelatedObservation" - } + "destination_id": { + "type": "string" }, - "related-risks": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.AssociatedRisk" - } + "inventory_item": { + "$ref": "#/definitions/oscalTypes_1_1_3.InventoryItem" + } + } + }, + "oscal.ImportFileResult": { + "type": "object", + "properties": { + "filename": { + "type": "string" }, - "remarks": { + "message": { "type": "string" }, + "success": { + "type": "boolean" + }, "title": { "type": "string" }, - "uuid": { + "type": { "type": "string" } } }, - "oscalTypes_1_1_3.PoamItemOrigin": { + "oscal.ImportResponse": { "type": "object", "properties": { - "actors": { + "failed_count": { + "type": "integer" + }, + "results": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.OriginActor" + "$ref": "#/definitions/oscal.ImportFileResult" } - } - } - }, - "oscalTypes_1_1_3.PortRange": { - "type": "object", - "properties": { - "end": { - "type": "integer" }, - "start": { + "successful_count": { "type": "integer" }, - "transport": { - "type": "string" + "total_files": { + "type": "integer" } } }, - "oscalTypes_1_1_3.Profile": { + "oscal.InventoryItemWithSource": { "type": "object", "properties": { - "back-matter": { - "$ref": "#/definitions/oscalTypes_1_1_3.BackMatter" + "description": { + "type": "string" }, - "imports": { + "implemented-components": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Import" + "$ref": "#/definitions/oscalTypes_1_1_3.ImplementedComponent" } }, - "merge": { - "$ref": "#/definitions/oscalTypes_1_1_3.Merge" - }, - "metadata": { - "$ref": "#/definitions/oscalTypes_1_1_3.Metadata" + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Link" + } }, - "modify": { - "$ref": "#/definitions/oscalTypes_1_1_3.Modify" + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Property" + } }, - "uuid": { - "type": "string" - } - } - }, - "oscalTypes_1_1_3.Property": { - "type": "object", - "properties": { - "class": { + "remarks": { "type": "string" }, - "group": { - "type": "string" + "responsible-parties": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleParty" + } }, - "name": { + "source": { "type": "string" }, - "ns": { + "source_id": { "type": "string" }, - "remarks": { + "source_type": { "type": "string" }, "uuid": { "type": "string" - }, - "value": { - "type": "string" } } }, - "oscalTypes_1_1_3.Protocol": { + "oscal.ProfileHandler": { + "type": "object" + }, + "oscalTypes_1_1_3.Action": { "type": "object", "properties": { - "name": { + "date": { "type": "string" }, - "port-ranges": { + "links": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.PortRange" + "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, - "title": { + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Property" + } + }, + "remarks": { + "type": "string" + }, + "responsible-parties": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleParty" + } + }, + "system": { + "type": "string" + }, + "type": { "type": "string" }, "uuid": { @@ -27953,7 +18798,7 @@ const docTemplate = `{ } } }, - "oscalTypes_1_1_3.ProvidedControlImplementation": { + "oscalTypes_1_1_3.Activity": { "type": "object", "properties": { "description": { @@ -27971,6 +18816,9 @@ const docTemplate = `{ "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, + "related-controls": { + "$ref": "#/definitions/oscalTypes_1_1_3.ReviewedControls" + }, "remarks": { "type": "string" }, @@ -27980,70 +18828,124 @@ const docTemplate = `{ "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleRole" } }, + "steps": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Step" + } + }, + "title": { + "type": "string" + }, "uuid": { "type": "string" } } }, - "oscalTypes_1_1_3.ReferencedControlObjectives": { + "oscalTypes_1_1_3.Addition": { "type": "object", "properties": { - "description": { + "by-id": { "type": "string" }, - "exclude-objectives": { + "links": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.SelectObjectiveById" + "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, - "include-all": { - "$ref": "#/definitions/oscalTypes_1_1_3.IncludeAll" - }, - "include-objectives": { + "params": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.SelectObjectiveById" + "$ref": "#/definitions/oscalTypes_1_1_3.Parameter" } }, - "links": { + "parts": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" + "$ref": "#/definitions/oscalTypes_1_1_3.Part" } }, + "position": { + "type": "string" + }, "props": { "type": "array", "items": { "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, - "remarks": { + "title": { "type": "string" } } }, - "oscalTypes_1_1_3.RelatedFinding": { + "oscalTypes_1_1_3.Address": { "type": "object", "properties": { - "finding-uuid": { + "addr-lines": { + "type": "array", + "items": { + "type": "string" + } + }, + "city": { + "type": "string" + }, + "country": { + "type": "string" + }, + "postal-code": { + "type": "string" + }, + "state": { + "type": "string" + }, + "type": { "type": "string" } } }, - "oscalTypes_1_1_3.RelatedObservation": { + "oscalTypes_1_1_3.Alteration": { "type": "object", "properties": { - "observation-uuid": { + "adds": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Addition" + } + }, + "control-id": { "type": "string" + }, + "removes": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Removal" + } } } }, - "oscalTypes_1_1_3.RelatedTask": { + "oscalTypes_1_1_3.AssessedControls": { "type": "object", "properties": { - "identified-subject": { - "$ref": "#/definitions/oscalTypes_1_1_3.IdentifiedSubject" + "description": { + "type": "string" + }, + "exclude-controls": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.AssessedControlsSelectControlById" + } + }, + "include-all": { + "$ref": "#/definitions/oscalTypes_1_1_3.IncludeAll" + }, + "include-controls": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.AssessedControlsSelectControlById" + } }, "links": { "type": "array", @@ -28059,31 +18961,58 @@ const docTemplate = `{ }, "remarks": { "type": "string" + } + } + }, + "oscalTypes_1_1_3.AssessedControlsSelectControlById": { + "type": "object", + "properties": { + "control-id": { + "type": "string" }, - "responsible-parties": { + "statement-ids": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleParty" + "type": "string" } - }, - "subjects": { + } + } + }, + "oscalTypes_1_1_3.AssessmentAssets": { + "type": "object", + "properties": { + "assessment-platforms": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentSubject" + "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentPlatform" } }, - "task-uuid": { - "type": "string" + "components": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.SystemComponent" + } } } }, - "oscalTypes_1_1_3.RelevantEvidence": { + "oscalTypes_1_1_3.AssessmentLog": { + "type": "object", + "properties": { + "entries": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentLogEntry" + } + } + } + }, + "oscalTypes_1_1_3.AssessmentLogEntry": { "type": "object", "properties": { "description": { "type": "string" }, - "href": { + "end": { "type": "string" }, "links": { @@ -28092,41 +19021,42 @@ const docTemplate = `{ "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, + "logged-by": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.LoggedBy" + } + }, "props": { "type": "array", "items": { "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, - "remarks": { - "type": "string" - } - } - }, - "oscalTypes_1_1_3.Removal": { - "type": "object", - "properties": { - "by-class": { - "type": "string" + "related-tasks": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.RelatedTask" + } }, - "by-id": { + "remarks": { "type": "string" }, - "by-item-name": { + "start": { "type": "string" }, - "by-name": { + "title": { "type": "string" }, - "by-ns": { + "uuid": { "type": "string" } } }, - "oscalTypes_1_1_3.RequiredAsset": { + "oscalTypes_1_1_3.AssessmentPart": { "type": "object", "properties": { - "description": { + "class": { "type": "string" }, "links": { @@ -28135,21 +19065,27 @@ const docTemplate = `{ "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, - "props": { + "name": { + "type": "string" + }, + "ns": { + "type": "string" + }, + "parts": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" + "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentPart" } }, - "remarks": { - "type": "string" - }, - "subjects": { + "props": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.SubjectReference" + "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, + "prose": { + "type": "string" + }, "title": { "type": "string" }, @@ -28158,85 +19094,67 @@ const docTemplate = `{ } } }, - "oscalTypes_1_1_3.Resource": { + "oscalTypes_1_1_3.AssessmentPlan": { "type": "object", "properties": { - "base64": { - "$ref": "#/definitions/oscalTypes_1_1_3.Base64" - }, - "citation": { - "$ref": "#/definitions/oscalTypes_1_1_3.Citation" - }, - "description": { - "type": "string" + "assessment-assets": { + "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentAssets" }, - "document-ids": { + "assessment-subjects": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.DocumentId" + "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentSubject" } }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" - } + "back-matter": { + "$ref": "#/definitions/oscalTypes_1_1_3.BackMatter" + }, + "import-ssp": { + "$ref": "#/definitions/oscalTypes_1_1_3.ImportSsp" + }, + "local-definitions": { + "$ref": "#/definitions/oscalTypes_1_1_3.LocalDefinitions" + }, + "metadata": { + "$ref": "#/definitions/oscalTypes_1_1_3.Metadata" }, - "remarks": { - "type": "string" + "reviewed-controls": { + "$ref": "#/definitions/oscalTypes_1_1_3.ReviewedControls" }, - "rlinks": { + "tasks": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ResourceLink" + "$ref": "#/definitions/oscalTypes_1_1_3.Task" } }, - "title": { - "type": "string" + "terms-and-conditions": { + "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentPlanTermsAndConditions" }, "uuid": { "type": "string" } } }, - "oscalTypes_1_1_3.ResourceLink": { + "oscalTypes_1_1_3.AssessmentPlanTermsAndConditions": { "type": "object", "properties": { - "hashes": { + "parts": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Hash" + "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentPart" } - }, - "href": { - "type": "string" - }, - "media-type": { - "type": "string" } } }, - "oscalTypes_1_1_3.Response": { + "oscalTypes_1_1_3.AssessmentPlatform": { "type": "object", "properties": { - "description": { - "type": "string" - }, - "lifecycle": { - "type": "string" - }, "links": { "type": "array", "items": { "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, - "origins": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Origin" - } - }, "props": { "type": "array", "items": { @@ -28246,68 +19164,71 @@ const docTemplate = `{ "remarks": { "type": "string" }, - "required-assets": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.RequiredAsset" - } + "title": { + "type": "string" }, - "tasks": { + "uses-components": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Task" + "$ref": "#/definitions/oscalTypes_1_1_3.UsesComponent" } }, - "title": { - "type": "string" - }, "uuid": { "type": "string" } } }, - "oscalTypes_1_1_3.ResponsibleParty": { + "oscalTypes_1_1_3.AssessmentResults": { "type": "object", "properties": { - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" - } + "back-matter": { + "$ref": "#/definitions/oscalTypes_1_1_3.BackMatter" }, - "party-uuids": { - "type": "array", - "items": { - "type": "string" - } + "import-ap": { + "$ref": "#/definitions/oscalTypes_1_1_3.ImportAp" }, - "props": { + "local-definitions": { + "$ref": "#/definitions/oscalTypes_1_1_3.LocalDefinitions" + }, + "metadata": { + "$ref": "#/definitions/oscalTypes_1_1_3.Metadata" + }, + "results": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" + "$ref": "#/definitions/oscalTypes_1_1_3.Result" } }, - "remarks": { - "type": "string" - }, - "role-id": { + "uuid": { "type": "string" } } }, - "oscalTypes_1_1_3.ResponsibleRole": { + "oscalTypes_1_1_3.AssessmentSubject": { "type": "object", "properties": { - "links": { + "description": { + "type": "string" + }, + "exclude-subjects": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" + "$ref": "#/definitions/oscalTypes_1_1_3.SelectSubjectById" } }, - "party-uuids": { + "include-all": { + "$ref": "#/definitions/oscalTypes_1_1_3.IncludeAll" + }, + "include-subjects": { "type": "array", "items": { - "type": "string" + "$ref": "#/definitions/oscalTypes_1_1_3.SelectSubjectById" + } + }, + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, "props": { @@ -28319,50 +19240,23 @@ const docTemplate = `{ "remarks": { "type": "string" }, - "role-id": { + "type": { "type": "string" } } }, - "oscalTypes_1_1_3.Result": { + "oscalTypes_1_1_3.AssociatedActivity": { "type": "object", "properties": { - "assessment-log": { - "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentLog" - }, - "attestations": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.AttestationStatements" - } - }, - "description": { - "type": "string" - }, - "end": { + "activity-uuid": { "type": "string" }, - "findings": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Finding" - } - }, "links": { "type": "array", "items": { "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, - "local-definitions": { - "$ref": "#/definitions/oscalTypes_1_1_3.LocalDefinitions" - }, - "observations": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Observation" - } - }, "props": { "type": "array", "items": { @@ -28372,44 +19266,57 @@ const docTemplate = `{ "remarks": { "type": "string" }, - "reviewed-controls": { - "$ref": "#/definitions/oscalTypes_1_1_3.ReviewedControls" - }, - "risks": { + "responsible-roles": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Risk" + "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleRole" } }, - "start": { - "type": "string" - }, - "title": { - "type": "string" - }, - "uuid": { + "subjects": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentSubject" + } + } + } + }, + "oscalTypes_1_1_3.AssociatedRisk": { + "type": "object", + "properties": { + "risk-uuid": { "type": "string" } } }, - "oscalTypes_1_1_3.ReviewedControls": { + "oscalTypes_1_1_3.AttestationStatements": { "type": "object", "properties": { - "control-objective-selections": { + "parts": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ReferencedControlObjectives" + "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentPart" } }, - "control-selections": { + "responsible-parties": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.AssessedControls" + "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleParty" } - }, + } + } + }, + "oscalTypes_1_1_3.AuthorizationBoundary": { + "type": "object", + "properties": { "description": { "type": "string" }, + "diagrams": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Diagram" + } + }, "links": { "type": "array", "items": { @@ -28427,72 +19334,73 @@ const docTemplate = `{ } } }, - "oscalTypes_1_1_3.RevisionHistoryEntry": { + "oscalTypes_1_1_3.AuthorizedPrivilege": { "type": "object", "properties": { - "last-modified": { + "description": { "type": "string" }, - "links": { + "functions-performed": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" + "type": "string" } }, - "oscal-version": { + "title": { "type": "string" - }, - "props": { + } + } + }, + "oscalTypes_1_1_3.BackMatter": { + "type": "object", + "properties": { + "resources": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" + "$ref": "#/definitions/oscalTypes_1_1_3.Resource" } - }, - "published": { - "type": "string" - }, - "remarks": { + } + } + }, + "oscalTypes_1_1_3.Base64": { + "type": "object", + "properties": { + "filename": { "type": "string" }, - "title": { + "media-type": { "type": "string" }, - "version": { + "value": { "type": "string" } } }, - "oscalTypes_1_1_3.Risk": { + "oscalTypes_1_1_3.ByComponent": { "type": "object", "properties": { - "characterizations": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Characterization" - } - }, - "deadline": { + "component-uuid": { "type": "string" }, "description": { "type": "string" }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" - } + "export": { + "$ref": "#/definitions/oscalTypes_1_1_3.Export" }, - "mitigating-factors": { + "implementation-status": { + "$ref": "#/definitions/oscalTypes_1_1_3.ImplementationStatus" + }, + "inherited": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.MitigatingFactor" + "$ref": "#/definitions/oscalTypes_1_1_3.InheritedControlImplementation" } }, - "origins": { + "links": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Origin" + "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, "props": { @@ -28501,139 +19409,113 @@ const docTemplate = `{ "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, - "related-observations": { + "remarks": { + "type": "string" + }, + "responsible-roles": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.RelatedObservation" + "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleRole" } }, - "remediations": { + "satisfied": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Response" + "$ref": "#/definitions/oscalTypes_1_1_3.SatisfiedControlImplementationResponsibility" } }, - "risk-log": { - "$ref": "#/definitions/oscalTypes_1_1_3.RiskLog" - }, - "statement": { - "type": "string" - }, - "status": { - "type": "string" - }, - "threat-ids": { + "set-parameters": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ThreatId" + "$ref": "#/definitions/oscalTypes_1_1_3.SetParameter" } }, - "title": { - "type": "string" - }, "uuid": { "type": "string" } } }, - "oscalTypes_1_1_3.RiskLog": { + "oscalTypes_1_1_3.Capability": { "type": "object", "properties": { - "entries": { + "control-implementations": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.RiskLogEntry" + "$ref": "#/definitions/oscalTypes_1_1_3.ControlImplementationSet" } - } - } - }, - "oscalTypes_1_1_3.RiskLogEntry": { - "type": "object", - "properties": { - "description": { - "type": "string" }, - "end": { + "description": { "type": "string" }, - "links": { + "incorporates-components": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" + "$ref": "#/definitions/oscalTypes_1_1_3.IncorporatesComponent" } }, - "logged-by": { + "links": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.LoggedBy" + "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, + "name": { + "type": "string" + }, "props": { "type": "array", "items": { "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, - "related-responses": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.RiskResponseReference" - } - }, "remarks": { "type": "string" }, - "start": { - "type": "string" - }, - "status-change": { - "type": "string" - }, - "title": { - "type": "string" - }, "uuid": { "type": "string" } } }, - "oscalTypes_1_1_3.RiskResponseReference": { + "oscalTypes_1_1_3.Catalog": { "type": "object", "properties": { - "links": { + "back-matter": { + "$ref": "#/definitions/oscalTypes_1_1_3.BackMatter" + }, + "controls": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" + "$ref": "#/definitions/oscalTypes_1_1_3.Control" } }, - "props": { + "groups": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" + "$ref": "#/definitions/oscalTypes_1_1_3.Group" } }, - "related-tasks": { + "metadata": { + "$ref": "#/definitions/oscalTypes_1_1_3.Metadata" + }, + "params": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.RelatedTask" + "$ref": "#/definitions/oscalTypes_1_1_3.Parameter" } }, - "remarks": { - "type": "string" - }, - "response-uuid": { + "uuid": { "type": "string" } } }, - "oscalTypes_1_1_3.Role": { + "oscalTypes_1_1_3.Characterization": { "type": "object", "properties": { - "description": { - "type": "string" - }, - "id": { - "type": "string" + "facets": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Facet" + } }, "links": { "type": "array", @@ -28641,29 +19523,20 @@ const docTemplate = `{ "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, + "origin": { + "$ref": "#/definitions/oscalTypes_1_1_3.Origin" + }, "props": { "type": "array", "items": { "$ref": "#/definitions/oscalTypes_1_1_3.Property" } - }, - "remarks": { - "type": "string" - }, - "short-name": { - "type": "string" - }, - "title": { - "type": "string" } } }, - "oscalTypes_1_1_3.SatisfiedControlImplementationResponsibility": { + "oscalTypes_1_1_3.Citation": { "type": "object", "properties": { - "description": { - "type": "string" - }, "links": { "type": "array", "items": { @@ -28676,68 +19549,132 @@ const docTemplate = `{ "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, - "remarks": { + "text": { "type": "string" - }, - "responsibility-uuid": { + } + } + }, + "oscalTypes_1_1_3.CombinationRule": { + "type": "object", + "properties": { + "method": { "type": "string" + } + } + }, + "oscalTypes_1_1_3.ComponentDefinition": { + "type": "object", + "properties": { + "back-matter": { + "$ref": "#/definitions/oscalTypes_1_1_3.BackMatter" }, - "responsible-roles": { + "capabilities": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleRole" + "$ref": "#/definitions/oscalTypes_1_1_3.Capability" + } + }, + "components": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.DefinedComponent" + } + }, + "import-component-definitions": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.ImportComponentDefinition" } }, + "metadata": { + "$ref": "#/definitions/oscalTypes_1_1_3.Metadata" + }, "uuid": { "type": "string" } } }, - "oscalTypes_1_1_3.SecurityImpactLevel": { + "oscalTypes_1_1_3.ConstraintTest": { "type": "object", "properties": { - "security-objective-availability": { - "type": "string" - }, - "security-objective-confidentiality": { + "expression": { "type": "string" }, - "security-objective-integrity": { + "remarks": { "type": "string" } } }, - "oscalTypes_1_1_3.SelectControlById": { + "oscalTypes_1_1_3.Control": { "type": "object", "properties": { - "matching": { + "class": { + "type": "string" + }, + "controls": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Matching" + "$ref": "#/definitions/oscalTypes_1_1_3.Control" } }, - "with-child-controls": { + "id": { "type": "string" }, - "with-ids": { + "links": { "type": "array", "items": { - "type": "string" + "$ref": "#/definitions/oscalTypes_1_1_3.Link" + } + }, + "params": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Parameter" + } + }, + "parts": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Part" } + }, + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Property" + } + }, + "title": { + "type": "string" } } }, - "oscalTypes_1_1_3.SelectObjectiveById": { + "oscalTypes_1_1_3.ControlImplementation": { "type": "object", "properties": { - "objective-id": { + "description": { "type": "string" + }, + "implemented-requirements": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.ImplementedRequirement" + } + }, + "set-parameters": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.SetParameter" + } } } }, - "oscalTypes_1_1_3.SelectSubjectById": { + "oscalTypes_1_1_3.ControlImplementationResponsibility": { "type": "object", "properties": { + "description": { + "type": "string" + }, "links": { "type": "array", "items": { @@ -28750,41 +19687,33 @@ const docTemplate = `{ "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, - "remarks": { - "type": "string" - }, - "subject-uuid": { - "type": "string" - }, - "type": { - "type": "string" - } - } - }, - "oscalTypes_1_1_3.SetParameter": { - "type": "object", - "properties": { - "param-id": { + "provided-uuid": { "type": "string" }, "remarks": { "type": "string" }, - "values": { + "responsible-roles": { "type": "array", "items": { - "type": "string" + "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleRole" } + }, + "uuid": { + "type": "string" } } }, - "oscalTypes_1_1_3.Statement": { + "oscalTypes_1_1_3.ControlImplementationSet": { "type": "object", "properties": { - "by-components": { + "description": { + "type": "string" + }, + "implemented-requirements": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ByComponent" + "$ref": "#/definitions/oscalTypes_1_1_3.ImplementedRequirementControlImplementation" } }, "links": { @@ -28799,16 +19728,13 @@ const docTemplate = `{ "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, - "remarks": { - "type": "string" - }, - "responsible-roles": { + "set-parameters": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleRole" + "$ref": "#/definitions/oscalTypes_1_1_3.SetParameter" } }, - "statement-id": { + "source": { "type": "string" }, "uuid": { @@ -28816,18 +19742,7 @@ const docTemplate = `{ } } }, - "oscalTypes_1_1_3.Status": { - "type": "object", - "properties": { - "remarks": { - "type": "string" - }, - "state": { - "type": "string" - } - } - }, - "oscalTypes_1_1_3.Step": { + "oscalTypes_1_1_3.ControlStatementImplementation": { "type": "object", "properties": { "description": { @@ -28854,10 +19769,7 @@ const docTemplate = `{ "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleRole" } }, - "reviewed-controls": { - "$ref": "#/definitions/oscalTypes_1_1_3.ReviewedControls" - }, - "title": { + "statement-id": { "type": "string" }, "uuid": { @@ -28865,49 +19777,43 @@ const docTemplate = `{ } } }, - "oscalTypes_1_1_3.SubjectReference": { + "oscalTypes_1_1_3.CustomGrouping": { "type": "object", "properties": { - "links": { + "groups": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" + "$ref": "#/definitions/oscalTypes_1_1_3.CustomGroupingGroup" } }, - "props": { + "insert-controls": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" + "$ref": "#/definitions/oscalTypes_1_1_3.InsertControls" } - }, - "remarks": { - "type": "string" - }, - "subject-uuid": { - "type": "string" - }, - "title": { - "type": "string" - }, - "type": { - "type": "string" } } }, - "oscalTypes_1_1_3.SystemCharacteristics": { + "oscalTypes_1_1_3.CustomGroupingGroup": { "type": "object", "properties": { - "authorization-boundary": { - "$ref": "#/definitions/oscalTypes_1_1_3.AuthorizationBoundary" + "class": { + "type": "string" }, - "data-flow": { - "$ref": "#/definitions/oscalTypes_1_1_3.DataFlow" + "groups": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.CustomGroupingGroup" + } }, - "date-authorized": { + "id": { "type": "string" }, - "description": { - "type": "string" + "insert-controls": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.InsertControls" + } }, "links": { "type": "array", @@ -28915,8 +19821,17 @@ const docTemplate = `{ "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, - "network-architecture": { - "$ref": "#/definitions/oscalTypes_1_1_3.NetworkArchitecture" + "params": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Parameter" + } + }, + "parts": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Part" + } }, "props": { "type": "array", @@ -28924,44 +19839,49 @@ const docTemplate = `{ "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, - "remarks": { + "title": { + "type": "string" + } + } + }, + "oscalTypes_1_1_3.DataFlow": { + "type": "object", + "properties": { + "description": { "type": "string" }, - "responsible-parties": { + "diagrams": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleParty" + "$ref": "#/definitions/oscalTypes_1_1_3.Diagram" } }, - "security-impact-level": { - "$ref": "#/definitions/oscalTypes_1_1_3.SecurityImpactLevel" - }, - "security-sensitivity-level": { - "type": "string" - }, - "status": { - "$ref": "#/definitions/oscalTypes_1_1_3.Status" - }, - "system-ids": { + "links": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.SystemId" + "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, - "system-information": { - "$ref": "#/definitions/oscalTypes_1_1_3.SystemInformation" - }, - "system-name": { - "type": "string" + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Property" + } }, - "system-name-short": { + "remarks": { "type": "string" } } }, - "oscalTypes_1_1_3.SystemComponent": { + "oscalTypes_1_1_3.DefinedComponent": { "type": "object", "properties": { + "control-implementations": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.ControlImplementationSet" + } + }, "description": { "type": "string" }, @@ -28995,9 +19915,6 @@ const docTemplate = `{ "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleRole" } }, - "status": { - "$ref": "#/definitions/oscalTypes_1_1_3.SystemComponentStatus" - }, "title": { "type": "string" }, @@ -29009,55 +19926,107 @@ const docTemplate = `{ } } }, - "oscalTypes_1_1_3.SystemComponentStatus": { + "oscalTypes_1_1_3.Diagram": { "type": "object", "properties": { + "caption": { + "type": "string" + }, + "description": { + "type": "string" + }, + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Link" + } + }, + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Property" + } + }, "remarks": { "type": "string" }, - "state": { + "uuid": { "type": "string" } } }, - "oscalTypes_1_1_3.SystemId": { + "oscalTypes_1_1_3.DocumentId": { "type": "object", "properties": { - "id": { + "identifier": { "type": "string" }, - "identifier-type": { + "scheme": { "type": "string" } } }, - "oscalTypes_1_1_3.SystemImplementation": { + "oscalTypes_1_1_3.EventTiming": { "type": "object", "properties": { - "components": { + "at-frequency": { + "$ref": "#/definitions/oscalTypes_1_1_3.FrequencyCondition" + }, + "on-date": { + "$ref": "#/definitions/oscalTypes_1_1_3.OnDateCondition" + }, + "within-date-range": { + "$ref": "#/definitions/oscalTypes_1_1_3.OnDateRangeCondition" + } + } + }, + "oscalTypes_1_1_3.Export": { + "type": "object", + "properties": { + "description": { + "type": "string" + }, + "links": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.SystemComponent" + "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, - "inventory-items": { + "props": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.InventoryItem" + "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, - "leveraged-authorizations": { + "provided": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.LeveragedAuthorization" + "$ref": "#/definitions/oscalTypes_1_1_3.ProvidedControlImplementation" } }, + "remarks": { + "type": "string" + }, + "responsibilities": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.ControlImplementationResponsibility" + } + } + } + }, + "oscalTypes_1_1_3.Facet": { + "type": "object", + "properties": { "links": { "type": "array", "items": { "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, + "name": { + "type": "string" + }, "props": { "type": "array", "items": { @@ -29067,27 +20036,33 @@ const docTemplate = `{ "remarks": { "type": "string" }, - "users": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.SystemUser" - } + "system": { + "type": "string" + }, + "value": { + "type": "string" } } }, - "oscalTypes_1_1_3.SystemInformation": { + "oscalTypes_1_1_3.Finding": { "type": "object", "properties": { - "information-types": { + "description": { + "type": "string" + }, + "implementation-statement-uuid": { + "type": "string" + }, + "links": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.InformationType" + "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, - "links": { + "origins": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" + "$ref": "#/definitions/oscalTypes_1_1_3.Origin" } }, "props": { @@ -29095,47 +20070,42 @@ const docTemplate = `{ "items": { "$ref": "#/definitions/oscalTypes_1_1_3.Property" } - } - } - }, - "oscalTypes_1_1_3.SystemSecurityPlan": { - "type": "object", - "properties": { - "back-matter": { - "$ref": "#/definitions/oscalTypes_1_1_3.BackMatter" }, - "control-implementation": { - "$ref": "#/definitions/oscalTypes_1_1_3.ControlImplementation" + "related-observations": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.RelatedObservation" + } }, - "import-profile": { - "$ref": "#/definitions/oscalTypes_1_1_3.ImportProfile" + "related-risks": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.AssociatedRisk" + } }, - "metadata": { - "$ref": "#/definitions/oscalTypes_1_1_3.Metadata" + "remarks": { + "type": "string" }, - "system-characteristics": { - "$ref": "#/definitions/oscalTypes_1_1_3.SystemCharacteristics" + "target": { + "$ref": "#/definitions/oscalTypes_1_1_3.FindingTarget" }, - "system-implementation": { - "$ref": "#/definitions/oscalTypes_1_1_3.SystemImplementation" + "title": { + "type": "string" }, "uuid": { "type": "string" } } }, - "oscalTypes_1_1_3.SystemUser": { + "oscalTypes_1_1_3.FindingTarget": { "type": "object", "properties": { - "authorized-privileges": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.AuthorizedPrivilege" - } - }, "description": { "type": "string" }, + "implementation-status": { + "$ref": "#/definitions/oscalTypes_1_1_3.ImplementationStatus" + }, "links": { "type": "array", "items": { @@ -29151,39 +20121,54 @@ const docTemplate = `{ "remarks": { "type": "string" }, - "role-ids": { - "type": "array", - "items": { - "type": "string" - } + "status": { + "$ref": "#/definitions/oscalTypes_1_1_3.ObjectiveStatus" }, - "short-name": { + "target-id": { "type": "string" }, "title": { "type": "string" }, - "uuid": { + "type": { "type": "string" } } }, - "oscalTypes_1_1_3.Task": { + "oscalTypes_1_1_3.FlatWithoutGrouping": { + "type": "object", + "additionalProperties": true + }, + "oscalTypes_1_1_3.FrequencyCondition": { "type": "object", "properties": { - "associated-activities": { + "period": { + "type": "integer" + }, + "unit": { + "type": "string" + } + } + }, + "oscalTypes_1_1_3.Group": { + "type": "object", + "properties": { + "class": { + "type": "string" + }, + "controls": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.AssociatedActivity" + "$ref": "#/definitions/oscalTypes_1_1_3.Control" } }, - "dependencies": { + "groups": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.TaskDependency" + "$ref": "#/definitions/oscalTypes_1_1_3.Group" } }, - "description": { + "id": { "type": "string" }, "links": { @@ -29192,87 +20177,61 @@ const docTemplate = `{ "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" - } - }, - "remarks": { - "type": "string" - }, - "responsible-roles": { + "params": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleRole" + "$ref": "#/definitions/oscalTypes_1_1_3.Parameter" } }, - "subjects": { + "parts": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentSubject" + "$ref": "#/definitions/oscalTypes_1_1_3.Part" } }, - "tasks": { + "props": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Task" + "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, - "timing": { - "$ref": "#/definitions/oscalTypes_1_1_3.EventTiming" - }, "title": { "type": "string" - }, - "type": { - "type": "string" - }, - "uuid": { - "type": "string" } } }, - "oscalTypes_1_1_3.TaskDependency": { + "oscalTypes_1_1_3.Hash": { "type": "object", "properties": { - "remarks": { + "algorithm": { "type": "string" }, - "task-uuid": { + "value": { "type": "string" } } }, - "oscalTypes_1_1_3.TelephoneNumber": { + "oscalTypes_1_1_3.IdentifiedSubject": { "type": "object", "properties": { - "number": { + "subject-placeholder-uuid": { "type": "string" }, - "type": { - "type": "string" + "subjects": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentSubject" + } } } }, - "oscalTypes_1_1_3.ThreatId": { + "oscalTypes_1_1_3.Impact": { "type": "object", "properties": { - "href": { - "type": "string" - }, - "id": { + "adjustment-justification": { "type": "string" }, - "system": { - "type": "string" - } - } - }, - "oscalTypes_1_1_3.UsesComponent": { - "type": "object", - "properties": { - "component-uuid": { + "base": { "type": "string" }, "links": { @@ -29287,1122 +20246,1025 @@ const docTemplate = `{ "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, - "remarks": { + "selected": { "type": "string" - }, - "responsible-parties": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleParty" - } } } }, - "relational.Action": { + "oscalTypes_1_1_3.ImplementationStatus": { "type": "object", "properties": { - "date": { + "remarks": { "type": "string" }, - "id": { + "state": { + "type": "string" + } + } + }, + "oscalTypes_1_1_3.ImplementedComponent": { + "type": "object", + "properties": { + "component-uuid": { "type": "string" }, "links": { "type": "array", "items": { - "$ref": "#/definitions/relational.Link" + "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, - "metadata-id": { - "description": "Actions only exist on a metadata object. We'll link them straight there with a BelongsTo relationship", - "type": "string" - }, "props": { "type": "array", "items": { - "$ref": "#/definitions/relational.Prop" + "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, "remarks": { "type": "string" }, - "responsibleParties": { + "responsible-parties": { "type": "array", "items": { - "$ref": "#/definitions/relational.ResponsibleParty" + "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleParty" } - }, - "system": { - "description": "required", - "type": "string" - }, - "type": { - "description": "required", - "type": "string" } } }, - "relational.Activity": { + "oscalTypes_1_1_3.ImplementedRequirement": { "type": "object", "properties": { - "description": { - "description": "required", - "type": "string" + "by-components": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.ByComponent" + } }, - "id": { + "control-id": { "type": "string" }, "links": { "type": "array", "items": { - "$ref": "#/definitions/relational.Link" + "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, "props": { "type": "array", "items": { - "$ref": "#/definitions/relational.Prop" + "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, - "related-controls": { - "$ref": "#/definitions/relational.ReviewedControls" - }, - "relatedControlsID": { - "type": "string" - }, "remarks": { - "description": "required", "type": "string" }, "responsible-roles": { "type": "array", "items": { - "$ref": "#/definitions/relational.ResponsibleRole" + "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleRole" } }, - "steps": { + "set-parameters": { "type": "array", "items": { - "$ref": "#/definitions/relational.Step" + "$ref": "#/definitions/oscalTypes_1_1_3.SetParameter" } }, - "title": { + "statements": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Statement" + } + }, + "uuid": { "type": "string" } } }, - "relational.Addition": { + "oscalTypes_1_1_3.ImplementedRequirementControlImplementation": { "type": "object", "properties": { - "alterationID": { - "type": "string" - }, - "by-id": { + "control-id": { "type": "string" }, - "id": { + "description": { "type": "string" }, "links": { "type": "array", "items": { - "$ref": "#/definitions/relational.Link" + "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, - "params": { + "props": { "type": "array", "items": { - "$ref": "#/definitions/relational.Parameter" + "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, - "parts": { + "remarks": { + "type": "string" + }, + "responsible-roles": { "type": "array", "items": { - "$ref": "#/definitions/relational.Part" + "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleRole" } }, - "position": { - "type": "string" - }, - "props": { + "set-parameters": { "type": "array", "items": { - "$ref": "#/definitions/relational.Prop" + "$ref": "#/definitions/oscalTypes_1_1_3.SetParameter" } }, - "title": { - "type": "string" - } - } - }, - "relational.Address": { - "type": "object", - "properties": { - "city": { - "type": "string" - }, - "country": { - "type": "string" - }, - "lines": { + "statements": { "type": "array", "items": { - "type": "string" + "$ref": "#/definitions/oscalTypes_1_1_3.ControlStatementImplementation" } }, - "postal-code": { - "type": "string" - }, - "state": { + "uuid": { "type": "string" - }, - "type": { - "$ref": "#/definitions/relational.AddressType" } } }, - "relational.AddressType": { - "type": "string", - "enum": [ - "work", - "home" - ], - "x-enum-varnames": [ - "AddressTypeWork", - "AddressTypeHome" - ] - }, - "relational.Alteration": { + "oscalTypes_1_1_3.Import": { "type": "object", "properties": { - "adds": { + "exclude-controls": { "type": "array", "items": { - "$ref": "#/definitions/relational.Addition" + "$ref": "#/definitions/oscalTypes_1_1_3.SelectControlById" } }, - "control-id": { - "description": "required", - "type": "string" - }, - "id": { + "href": { "type": "string" }, - "modify-id": { - "type": "string" + "include-all": { + "$ref": "#/definitions/oscalTypes_1_1_3.IncludeAll" }, - "removes": { + "include-controls": { "type": "array", "items": { - "$ref": "#/definitions/relational.Removal" + "$ref": "#/definitions/oscalTypes_1_1_3.SelectControlById" } } } }, - "relational.AssessedControlsSelectControlById": { + "oscalTypes_1_1_3.ImportAp": { "type": "object", "properties": { - "control": { - "$ref": "#/definitions/relational.Control" + "href": { + "type": "string" }, - "controlID": { + "remarks": { + "type": "string" + } + } + }, + "oscalTypes_1_1_3.ImportComponentDefinition": { + "type": "object", + "properties": { + "href": { + "type": "string" + } + } + }, + "oscalTypes_1_1_3.ImportProfile": { + "type": "object", + "properties": { + "href": { "type": "string" }, - "id": { + "remarks": { + "type": "string" + } + } + }, + "oscalTypes_1_1_3.ImportSsp": { + "type": "object", + "properties": { + "href": { "type": "string" }, - "statements": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.Statement" - } + "remarks": { + "type": "string" } } }, - "relational.AssessmentSubject": { + "oscalTypes_1_1_3.IncludeAll": { + "type": "object", + "additionalProperties": true + }, + "oscalTypes_1_1_3.IncorporatesComponent": { "type": "object", "properties": { + "component-uuid": { + "type": "string" + }, "description": { "type": "string" + } + } + }, + "oscalTypes_1_1_3.InformationType": { + "type": "object", + "properties": { + "availability-impact": { + "$ref": "#/definitions/oscalTypes_1_1_3.Impact" }, - "evidence": { + "categorizations": { "type": "array", "items": { - "$ref": "#/definitions/relational.Evidence" + "$ref": "#/definitions/oscalTypes_1_1_3.InformationTypeCategorization" } }, - "excludeSubjects": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.SelectSubjectById" - } + "confidentiality-impact": { + "$ref": "#/definitions/oscalTypes_1_1_3.Impact" }, - "id": { + "description": { "type": "string" }, - "includeAll": { - "$ref": "#/definitions/datatypes.JSONType-relational_IncludeAll" - }, - "includeSubjects": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.SelectSubjectById" - } + "integrity-impact": { + "$ref": "#/definitions/oscalTypes_1_1_3.Impact" }, "links": { "type": "array", "items": { - "$ref": "#/definitions/relational.Link" + "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, "props": { "type": "array", "items": { - "$ref": "#/definitions/relational.Prop" + "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, - "remarks": { - "type": "string" - }, - "sspId": { + "title": { "type": "string" }, - "type": { - "description": "Type represents a component, party, location, user, or inventory item.\nIt will likely be updated once we can map it correctly", + "uuid": { "type": "string" } } }, - "relational.AuthorizationBoundary": { + "oscalTypes_1_1_3.InformationTypeCategorization": { "type": "object", "properties": { - "description": { - "type": "string" - }, - "diagrams": { + "information-type-ids": { "type": "array", "items": { - "$ref": "#/definitions/relational.Diagram" + "type": "string" } }, - "id": { + "system": { + "type": "string" + } + } + }, + "oscalTypes_1_1_3.InheritedControlImplementation": { + "type": "object", + "properties": { + "description": { "type": "string" }, "links": { "type": "array", "items": { - "$ref": "#/definitions/relational.Link" + "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, "props": { "type": "array", "items": { - "$ref": "#/definitions/relational.Prop" + "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, - "remarks": { - "type": "string" - }, - "systemCharacteristicsId": { - "type": "string" - } - } - }, - "relational.AuthorizedPrivilege": { - "type": "object", - "properties": { - "description": { + "provided-uuid": { "type": "string" }, - "functions-performed": { + "responsible-roles": { "type": "array", "items": { - "type": "string" + "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleRole" } }, - "id": { - "type": "string" - }, - "systemUserId": { - "type": "string" - }, - "title": { + "uuid": { "type": "string" } } }, - "relational.BackMatter": { + "oscalTypes_1_1_3.InsertControls": { "type": "object", "properties": { - "id": { - "type": "string" - }, - "parentID": { - "type": "string" + "exclude-controls": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.SelectControlById" + } }, - "parentType": { - "type": "string" + "include-all": { + "$ref": "#/definitions/oscalTypes_1_1_3.IncludeAll" }, - "resources": { + "include-controls": { "type": "array", "items": { - "$ref": "#/definitions/relational.BackMatterResource" + "$ref": "#/definitions/oscalTypes_1_1_3.SelectControlById" } + }, + "order": { + "type": "string" } } }, - "relational.BackMatterResource": { + "oscalTypes_1_1_3.InventoryItem": { "type": "object", "properties": { - "backMatterID": { - "type": "string" - }, - "base64": { - "$ref": "#/definitions/datatypes.JSONType-relational_Base64" - }, - "citation": { - "$ref": "#/definitions/datatypes.JSONType-relational_Citation" - }, "description": { "type": "string" }, - "document-ids": { + "implemented-components": { "type": "array", "items": { - "$ref": "#/definitions/relational.DocumentID" + "$ref": "#/definitions/oscalTypes_1_1_3.ImplementedComponent" } }, - "id": { - "description": "required", - "type": "string" + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Link" + } }, "props": { "type": "array", "items": { - "$ref": "#/definitions/relational.Prop" + "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, "remarks": { "type": "string" }, - "rlinks": { + "responsible-parties": { "type": "array", "items": { - "$ref": "#/definitions/relational.ResourceLink" + "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleParty" } }, - "title": { + "uuid": { "type": "string" } } }, - "relational.ByComponent": { + "oscalTypes_1_1_3.LeveragedAuthorization": { "type": "object", "properties": { - "component-uuid": { - "type": "string" - }, - "description": { - "type": "string" - }, - "export": { - "$ref": "#/definitions/relational.Export" - }, - "id": { + "date-authorized": { "type": "string" }, - "implementation-status": { - "$ref": "#/definitions/datatypes.JSONType-relational_ImplementationStatus" - }, - "inherited-control-implementations": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.InheritedControlImplementation" - } - }, "links": { "type": "array", "items": { - "$ref": "#/definitions/relational.Link" + "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, - "parentID": { - "description": "As ByComponent can be found in Implemented Requirements \u0026 Statements, using GORM polymorphism to tell us where to attach", - "type": "string" - }, - "parentType": { + "party-uuid": { "type": "string" }, "props": { "type": "array", "items": { - "$ref": "#/definitions/relational.Prop" + "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, "remarks": { "type": "string" }, - "responsible-parties": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.ResponsibleRole" - } - }, - "satisfied": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.SatisfiedControlImplementationResponsibility" - } + "title": { + "type": "string" }, - "set-parameters": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.SetParameter" - } + "uuid": { + "type": "string" } } }, - "relational.Capability": { + "oscalTypes_1_1_3.Link": { "type": "object", "properties": { - "componentDefinition": { - "$ref": "#/definitions/relational.ComponentDefinition" - }, - "componentDefinitionId": { + "href": { "type": "string" }, - "control-implementations": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.ControlImplementationSet" - } + "media-type": { + "type": "string" }, - "description": { - "description": "required", + "rel": { "type": "string" }, - "id": { + "resource-fragment": { "type": "string" }, - "incorporates-components": { + "text": { + "type": "string" + } + } + }, + "oscalTypes_1_1_3.LocalDefinitions": { + "type": "object", + "properties": { + "activities": { "type": "array", "items": { - "$ref": "#/definitions/relational.IncorporatesComponents" + "$ref": "#/definitions/oscalTypes_1_1_3.Activity" } }, - "links": { + "components": { "type": "array", "items": { - "$ref": "#/definitions/relational.Link" + "$ref": "#/definitions/oscalTypes_1_1_3.SystemComponent" } }, - "name": { - "description": "required", - "type": "string" + "inventory-items": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.InventoryItem" + } }, - "props": { + "objectives-and-methods": { "type": "array", "items": { - "$ref": "#/definitions/relational.Prop" + "$ref": "#/definitions/oscalTypes_1_1_3.LocalObjective" } }, "remarks": { "type": "string" + }, + "users": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.SystemUser" + } } } }, - "relational.ComponentDefinition": { + "oscalTypes_1_1_3.LocalObjective": { "type": "object", "properties": { - "back-matter": { - "$ref": "#/definitions/relational.BackMatter" + "control-id": { + "type": "string" }, - "capabilities": { + "description": { + "type": "string" + }, + "links": { "type": "array", "items": { - "$ref": "#/definitions/relational.Capability" + "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, - "components": { + "parts": { "type": "array", "items": { - "$ref": "#/definitions/relational.DefinedComponent" + "$ref": "#/definitions/oscalTypes_1_1_3.Part" } }, - "id": { - "type": "string" - }, - "import-component-definitions": { + "props": { "type": "array", "items": { - "$ref": "#/definitions/relational.ImportComponentDefinition" + "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, - "metadata": { - "description": "required", - "allOf": [ - { - "$ref": "#/definitions/relational.Metadata" - } - ] + "remarks": { + "type": "string" } } }, - "relational.Control": { + "oscalTypes_1_1_3.Location": { "type": "object", "properties": { - "catalogID": { - "type": "string" - }, - "class": { - "type": "string" - }, - "controls": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.Control" - } + "address": { + "$ref": "#/definitions/oscalTypes_1_1_3.Address" }, - "filters": { + "email-addresses": { "type": "array", "items": { - "$ref": "#/definitions/relational.Filter" + "type": "string" } }, - "id": { - "description": "required", - "type": "string" - }, "links": { "type": "array", "items": { - "$ref": "#/definitions/relational.Link" + "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, - "params": { + "props": { "type": "array", "items": { - "$ref": "#/definitions/relational.Parameter" + "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, - "parentID": { - "type": "string" - }, - "parentType": { + "remarks": { "type": "string" }, - "parts": { + "telephone-numbers": { "type": "array", "items": { - "$ref": "#/definitions/relational.Part" + "$ref": "#/definitions/oscalTypes_1_1_3.TelephoneNumber" } }, - "props": { + "title": { + "type": "string" + }, + "urls": { "type": "array", "items": { - "$ref": "#/definitions/relational.Prop" + "type": "string" } }, - "title": { - "description": "required", + "uuid": { "type": "string" } } }, - "relational.ControlImplementation": { + "oscalTypes_1_1_3.LoggedBy": { "type": "object", "properties": { - "description": { + "party-uuid": { "type": "string" }, - "id": { + "role-id": { + "type": "string" + } + } + }, + "oscalTypes_1_1_3.Matching": { + "type": "object", + "properties": { + "pattern": { "type": "string" + } + } + }, + "oscalTypes_1_1_3.Merge": { + "type": "object", + "properties": { + "as-is": { + "type": "boolean" }, - "implemented-requirements": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.ImplementedRequirement" - } + "combine": { + "$ref": "#/definitions/oscalTypes_1_1_3.CombinationRule" }, - "set-parameters": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.SetParameter" - } + "custom": { + "$ref": "#/definitions/oscalTypes_1_1_3.CustomGrouping" }, - "systemSecurityPlanId": { - "type": "string" + "flat": { + "$ref": "#/definitions/oscalTypes_1_1_3.FlatWithoutGrouping" } } }, - "relational.ControlImplementationResponsibility": { + "oscalTypes_1_1_3.Metadata": { "type": "object", "properties": { - "description": { - "description": "required", - "type": "string" + "actions": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Action" + } }, - "exportId": { - "type": "string" + "document-ids": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.DocumentId" + } }, - "id": { + "last-modified": { "type": "string" }, "links": { "type": "array", "items": { - "$ref": "#/definitions/relational.Link" + "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, - "props": { + "locations": { "type": "array", "items": { - "$ref": "#/definitions/relational.Prop" + "$ref": "#/definitions/oscalTypes_1_1_3.Location" } }, - "provided-uuid": { - "type": "string" - }, - "remarks": { + "oscal-version": { "type": "string" }, - "responsible-roles": { + "parties": { "type": "array", "items": { - "$ref": "#/definitions/relational.ResponsibleRole" + "$ref": "#/definitions/oscalTypes_1_1_3.Party" } - } - } - }, - "relational.ControlImplementationSet": { - "type": "object", - "properties": { - "definedComponent": { - "$ref": "#/definitions/relational.DefinedComponent" }, - "definedComponentID": { - "type": "string" + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Property" + } }, - "description": { - "description": "required", + "published": { "type": "string" }, - "id": { + "remarks": { "type": "string" }, - "implemented-requirements": { - "description": "required", - "type": "array", - "items": { - "$ref": "#/definitions/relational.ImplementedRequirementControlImplementation" - } - }, - "links": { + "responsible-parties": { "type": "array", "items": { - "$ref": "#/definitions/relational.Link" + "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleParty" } }, - "props": { + "revisions": { "type": "array", "items": { - "$ref": "#/definitions/relational.Prop" + "$ref": "#/definitions/oscalTypes_1_1_3.RevisionHistoryEntry" } }, - "set-parameters": { + "roles": { "type": "array", "items": { - "$ref": "#/definitions/relational.SetParameter" + "$ref": "#/definitions/oscalTypes_1_1_3.Role" } }, - "source": { - "description": "required", + "title": { + "type": "string" + }, + "version": { "type": "string" } } }, - "relational.ControlObjectiveSelection": { + "oscalTypes_1_1_3.MitigatingFactor": { "type": "object", "properties": { "description": { "type": "string" }, - "excludeObjectives": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.SelectObjectiveById" - } - }, - "id": { + "implementation-uuid": { "type": "string" }, - "includeAll": { - "$ref": "#/definitions/datatypes.JSONType-relational_IncludeAll" - }, - "includeObjectives": { + "links": { "type": "array", "items": { - "$ref": "#/definitions/relational.SelectObjectiveById" + "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, - "links": { + "props": { "type": "array", "items": { - "$ref": "#/definitions/relational.Link" + "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, - "props": { + "subjects": { "type": "array", "items": { - "$ref": "#/definitions/relational.Prop" + "$ref": "#/definitions/oscalTypes_1_1_3.SubjectReference" } }, - "remarks": { - "type": "string" - }, - "reviewedControlsID": { + "uuid": { "type": "string" } } }, - "relational.ControlSelection": { + "oscalTypes_1_1_3.Modify": { "type": "object", "properties": { - "description": { - "type": "string" - }, - "excludeControls": { + "alters": { "type": "array", "items": { - "$ref": "#/definitions/relational.AssessedControlsSelectControlById" + "$ref": "#/definitions/oscalTypes_1_1_3.Alteration" } }, - "id": { + "set-parameters": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.ParameterSetting" + } + } + } + }, + "oscalTypes_1_1_3.NetworkArchitecture": { + "type": "object", + "properties": { + "description": { "type": "string" }, - "includeAll": { - "$ref": "#/definitions/datatypes.JSONType-relational_IncludeAll" - }, - "includeControls": { + "diagrams": { "type": "array", "items": { - "$ref": "#/definitions/relational.AssessedControlsSelectControlById" + "$ref": "#/definitions/oscalTypes_1_1_3.Diagram" } }, "links": { "type": "array", "items": { - "$ref": "#/definitions/relational.Link" + "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, "props": { "type": "array", "items": { - "$ref": "#/definitions/relational.Prop" + "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, + "remarks": { + "type": "string" + } + } + }, + "oscalTypes_1_1_3.ObjectiveStatus": { + "type": "object", + "properties": { + "reason": { + "type": "string" + }, "remarks": { "type": "string" }, - "reviewedControlsID": { + "state": { "type": "string" } } }, - "relational.ControlStatementImplementation": { + "oscalTypes_1_1_3.Observation": { "type": "object", "properties": { - "description": { - "description": "required", + "collected": { "type": "string" }, - "id": { + "description": { "type": "string" }, - "implementedRequirementControlImplementationId": { + "expires": { "type": "string" }, "links": { "type": "array", "items": { - "$ref": "#/definitions/relational.Link" + "$ref": "#/definitions/oscalTypes_1_1_3.Link" + } + }, + "methods": { + "type": "array", + "items": { + "type": "string" + } + }, + "origins": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Origin" } }, "props": { "type": "array", "items": { - "$ref": "#/definitions/relational.Prop" + "$ref": "#/definitions/oscalTypes_1_1_3.Property" + } + }, + "relevant-evidence": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.RelevantEvidence" } }, "remarks": { "type": "string" }, - "responsible-roles": { + "subjects": { "type": "array", "items": { - "$ref": "#/definitions/relational.ResponsibleRole" + "$ref": "#/definitions/oscalTypes_1_1_3.SubjectReference" } }, - "statement-id": { - "description": "required", + "title": { + "type": "string" + }, + "types": { + "type": "array", + "items": { + "type": "string" + } + }, + "uuid": { "type": "string" } } }, - "relational.DataFlow": { + "oscalTypes_1_1_3.OnDateCondition": { "type": "object", "properties": { - "description": { + "date": { + "type": "string" + } + } + }, + "oscalTypes_1_1_3.OnDateRangeCondition": { + "type": "object", + "properties": { + "end": { "type": "string" }, - "diagrams": { + "start": { + "type": "string" + } + } + }, + "oscalTypes_1_1_3.Origin": { + "type": "object", + "properties": { + "actors": { "type": "array", "items": { - "$ref": "#/definitions/relational.Diagram" + "$ref": "#/definitions/oscalTypes_1_1_3.OriginActor" } }, - "id": { + "related-tasks": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.RelatedTask" + } + } + } + }, + "oscalTypes_1_1_3.OriginActor": { + "type": "object", + "properties": { + "actor-uuid": { "type": "string" }, "links": { "type": "array", "items": { - "$ref": "#/definitions/relational.Link" + "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, "props": { "type": "array", "items": { - "$ref": "#/definitions/relational.Prop" + "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, - "remarks": { + "role-id": { "type": "string" }, - "systemCharacteristicsId": { + "type": { "type": "string" } } }, - "relational.DefinedComponent": { + "oscalTypes_1_1_3.Parameter": { "type": "object", "properties": { - "componentDefinition": { - "$ref": "#/definitions/relational.ComponentDefinition" - }, - "componentDefinitionID": { + "class": { "type": "string" }, - "control-implementations": { + "constraints": { "type": "array", "items": { - "$ref": "#/definitions/relational.ControlImplementationSet" + "$ref": "#/definitions/oscalTypes_1_1_3.ParameterConstraint" } }, - "description": { - "description": "required", + "depends-on": { "type": "string" }, + "guidelines": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.ParameterGuideline" + } + }, "id": { "type": "string" }, + "label": { + "type": "string" + }, "links": { "type": "array", "items": { - "$ref": "#/definitions/relational.Link" + "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, "props": { "type": "array", "items": { - "$ref": "#/definitions/relational.Prop" - } - }, - "protocols": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.Protocol" + "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, - "purpose": { + "remarks": { "type": "string" }, - "remarks": { + "select": { + "$ref": "#/definitions/oscalTypes_1_1_3.ParameterSelection" + }, + "usage": { "type": "string" }, - "responsible-roles": { + "values": { "type": "array", "items": { - "$ref": "#/definitions/relational.ResponsibleRole" + "type": "string" } - }, - "title": { - "description": "required", - "type": "string" - }, - "type": { - "description": "required", - "type": "string" } } }, - "relational.Diagram": { + "oscalTypes_1_1_3.ParameterConstraint": { "type": "object", - "properties": { - "caption": { - "type": "string" - }, - "description": { - "type": "string" - }, - "id": { - "type": "string" - }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.Link" - } - }, - "parentID": { - "type": "string" - }, - "parentType": { + "properties": { + "description": { "type": "string" }, - "props": { + "tests": { "type": "array", "items": { - "$ref": "#/definitions/relational.Prop" + "$ref": "#/definitions/oscalTypes_1_1_3.ConstraintTest" } - }, - "remarks": { - "type": "string" } } }, - "relational.DocumentID": { + "oscalTypes_1_1_3.ParameterGuideline": { "type": "object", "properties": { - "identifier": { + "prose": { "type": "string" - }, - "scheme": { - "$ref": "#/definitions/relational.DocumentIDScheme" } } }, - "relational.DocumentIDScheme": { - "type": "string", - "enum": [ - "http://www.doi.org/" - ], - "x-enum-varnames": [ - "DocumentIDSchemeDoi" - ] - }, - "relational.Evidence": { + "oscalTypes_1_1_3.ParameterSelection": { "type": "object", "properties": { - "activities": { - "description": "What steps did we take to create this evidence", + "choice": { "type": "array", "items": { - "$ref": "#/definitions/relational.Activity" + "type": "string" } }, - "back-matter": { - "$ref": "#/definitions/relational.BackMatter" + "how-many": { + "type": "string" + } + } + }, + "oscalTypes_1_1_3.ParameterSetting": { + "type": "object", + "properties": { + "class": { + "type": "string" }, - "components": { - "description": "Which components of the subject are being observed. A tool, user, policy etc.", + "constraints": { "type": "array", "items": { - "$ref": "#/definitions/relational.SystemComponent" + "$ref": "#/definitions/oscalTypes_1_1_3.ParameterConstraint" } }, - "description": { - "type": "string" - }, - "end": { - "type": "string" - }, - "expires": { - "type": "string" - }, - "id": { + "depends-on": { "type": "string" }, - "inventory-items": { + "guidelines": { "type": "array", "items": { - "$ref": "#/definitions/relational.InventoryItem" + "$ref": "#/definitions/oscalTypes_1_1_3.ParameterGuideline" } }, - "labels": { - "description": "Assigning labels to Evidence makes it searchable and easily usable in the UI", - "type": "array", - "items": { - "$ref": "#/definitions/relational.Labels" - } + "label": { + "type": "string" }, "links": { "type": "array", "items": { - "$ref": "#/definitions/relational.Link" + "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, - "origins": { - "description": "Who or What is generating this evidence", - "type": "array", - "items": { - "$ref": "#/definitions/relational.Origin" - } + "param-id": { + "type": "string" }, "props": { "type": "array", "items": { - "$ref": "#/definitions/relational.Prop" + "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, - "remarks": { - "type": "string" + "select": { + "$ref": "#/definitions/oscalTypes_1_1_3.ParameterSelection" }, - "start": { - "description": "When did we start collecting the evidence, and when did the process end, and how long is it valid for ?", + "usage": { "type": "string" }, - "status": { - "description": "Did we satisfy what was being tested for, or did we fail ?", - "allOf": [ - { - "$ref": "#/definitions/datatypes.JSONType-oscalTypes_1_1_3_ObjectiveStatus" - } - ] - }, - "subjects": { - "description": "Who or What are we providing evidence for. What's under test.", + "values": { "type": "array", "items": { - "$ref": "#/definitions/relational.AssessmentSubject" + "type": "string" } - }, - "title": { - "type": "string" - }, - "uuid": { - "description": "UUID needs to remain consistent when automation runs again, but unique for each subject.\nIt represents the \"stream\" of the same observation being made over time.", - "type": "string" } } }, - "relational.Export": { + "oscalTypes_1_1_3.Part": { "type": "object", "properties": { - "byComponentId": { - "type": "string" - }, - "description": { + "class": { "type": "string" }, "id": { @@ -30411,378 +21273,307 @@ const docTemplate = `{ "links": { "type": "array", "items": { - "$ref": "#/definitions/relational.Link" + "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, - "props": { + "name": { + "type": "string" + }, + "ns": { + "type": "string" + }, + "parts": { "type": "array", "items": { - "$ref": "#/definitions/relational.Prop" + "$ref": "#/definitions/oscalTypes_1_1_3.Part" } }, - "provided": { + "props": { "type": "array", "items": { - "$ref": "#/definitions/relational.ProvidedControlImplementation" + "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, - "remarks": { + "prose": { "type": "string" }, - "responsibilities": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.ControlImplementationResponsibility" - } + "title": { + "type": "string" } } }, - "relational.Filter": { + "oscalTypes_1_1_3.Party": { "type": "object", "properties": { - "components": { + "addresses": { "type": "array", "items": { - "$ref": "#/definitions/relational.SystemComponent" + "$ref": "#/definitions/oscalTypes_1_1_3.Address" } }, - "controls": { + "email-addresses": { "type": "array", "items": { - "$ref": "#/definitions/relational.Control" + "type": "string" } }, - "filter": { - "$ref": "#/definitions/datatypes.JSONType-labelfilter_Filter" + "external-ids": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.PartyExternalIdentifier" + } }, - "id": { - "type": "string" + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Link" + } }, - "name": { - "type": "string" - } - } - }, - "relational.Hash": { - "type": "object", - "properties": { - "algorithm": { - "description": "required", - "allOf": [ - { - "$ref": "#/definitions/relational.HashAlgorithm" - } - ] + "location-uuids": { + "type": "array", + "items": { + "type": "string" + } }, - "value": { - "description": "required", - "type": "string" - } - } - }, - "relational.HashAlgorithm": { - "type": "string", - "enum": [ - "SHA-224", - "SHA-256", - "SHA-384", - "SHA-512", - "SHA3-224", - "SHA3-256", - "SHA3-384", - "SHA3-512" - ], - "x-enum-varnames": [ - "HashAlgorithmSHA_224", - "HashAlgorithmSHA_256", - "HashAlgorithmSHA_384", - "HashAlgorithmSHA_512", - "HashAlgorithmSHA3_224", - "HashAlgorithmSHA3_256", - "HashAlgorithmSHA3_384", - "HashAlgorithmSHA3_512" - ] - }, - "relational.ImplementedComponent": { - "type": "object", - "properties": { - "component": { - "$ref": "#/definitions/relational.DefinedComponent" + "member-of-organizations": { + "type": "array", + "items": { + "type": "string" + } }, - "component-uuid": { + "name": { "type": "string" }, - "id": { + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Property" + } + }, + "remarks": { "type": "string" }, - "inventoryItemId": { + "short-name": { "type": "string" }, - "links": { + "telephone-numbers": { "type": "array", "items": { - "$ref": "#/definitions/relational.Link" + "$ref": "#/definitions/oscalTypes_1_1_3.TelephoneNumber" } }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.Prop" - } + "type": { + "type": "string" }, - "remarks": { + "uuid": { + "type": "string" + } + } + }, + "oscalTypes_1_1_3.PartyExternalIdentifier": { + "type": "object", + "properties": { + "id": { "type": "string" }, - "responsible-parties": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.ResponsibleParty" - } + "scheme": { + "type": "string" } } }, - "relational.ImplementedRequirement": { + "oscalTypes_1_1_3.PlanOfActionAndMilestones": { "type": "object", "properties": { - "by-components": { + "back-matter": { + "$ref": "#/definitions/oscalTypes_1_1_3.BackMatter" + }, + "findings": { "type": "array", "items": { - "$ref": "#/definitions/relational.ByComponent" + "$ref": "#/definitions/oscalTypes_1_1_3.Finding" } }, - "control-id": { - "type": "string" + "import-ssp": { + "$ref": "#/definitions/oscalTypes_1_1_3.ImportSsp" }, - "controlImplementationId": { - "type": "string" + "local-definitions": { + "$ref": "#/definitions/oscalTypes_1_1_3.PlanOfActionAndMilestonesLocalDefinitions" }, - "id": { - "type": "string" + "metadata": { + "$ref": "#/definitions/oscalTypes_1_1_3.Metadata" }, - "links": { + "observations": { "type": "array", "items": { - "$ref": "#/definitions/relational.Link" + "$ref": "#/definitions/oscalTypes_1_1_3.Observation" } }, - "props": { + "poam-items": { "type": "array", "items": { - "$ref": "#/definitions/relational.Prop" + "$ref": "#/definitions/oscalTypes_1_1_3.PoamItem" } }, - "remarks": { - "type": "string" - }, - "responsible-roles": { + "risks": { "type": "array", "items": { - "$ref": "#/definitions/relational.ResponsibleRole" + "$ref": "#/definitions/oscalTypes_1_1_3.Risk" } }, - "set-parameters": { + "system-id": { + "$ref": "#/definitions/oscalTypes_1_1_3.SystemId" + }, + "uuid": { + "type": "string" + } + } + }, + "oscalTypes_1_1_3.PlanOfActionAndMilestonesLocalDefinitions": { + "type": "object", + "properties": { + "assessment-assets": { + "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentAssets" + }, + "components": { "type": "array", "items": { - "$ref": "#/definitions/relational.SetParameter" + "$ref": "#/definitions/oscalTypes_1_1_3.SystemComponent" } }, - "statements": { + "inventory-items": { "type": "array", "items": { - "$ref": "#/definitions/relational.Statement" + "$ref": "#/definitions/oscalTypes_1_1_3.InventoryItem" } + }, + "remarks": { + "type": "string" } } }, - "relational.ImplementedRequirementControlImplementation": { + "oscalTypes_1_1_3.PoamItem": { "type": "object", "properties": { - "control-id": { - "description": "required", - "type": "string" - }, - "controlImplementationSetID": { - "type": "string" - }, "description": { - "description": "required", - "type": "string" - }, - "id": { "type": "string" }, "links": { "type": "array", "items": { - "$ref": "#/definitions/relational.Link" + "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, - "props": { + "origins": { "type": "array", "items": { - "$ref": "#/definitions/relational.Prop" + "$ref": "#/definitions/oscalTypes_1_1_3.PoamItemOrigin" } }, - "remarks": { - "type": "string" - }, - "responsible-roles": { - "description": "required", + "props": { "type": "array", "items": { - "$ref": "#/definitions/relational.ResponsibleRole" + "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, - "set-parameters": { + "related-findings": { "type": "array", "items": { - "$ref": "#/definitions/relational.SetParameter" + "$ref": "#/definitions/oscalTypes_1_1_3.RelatedFinding" } }, - "statements": { + "related-observations": { "type": "array", "items": { - "$ref": "#/definitions/relational.ControlStatementImplementation" + "$ref": "#/definitions/oscalTypes_1_1_3.RelatedObservation" } - } - } - }, - "relational.Import": { - "type": "object", - "properties": { - "exclude-controls": { + }, + "related-risks": { "type": "array", "items": { - "$ref": "#/definitions/relational.SelectControlById" + "$ref": "#/definitions/oscalTypes_1_1_3.AssociatedRisk" } }, - "href": { - "description": "Href as per the OSCAL docs can be an absolute network path (potentially remote), relative or a URI fragment\nfor the moment to make the system's life easier, it should be a URI fragment to back-matter and try and resolve\nback to an ingested catalog.", + "remarks": { "type": "string" }, - "id": { + "title": { "type": "string" }, - "include-all": { - "$ref": "#/definitions/datatypes.JSONType-relational_IncludeAll" - }, - "include-controls": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.SelectControlById" - } - }, - "profileID": { + "uuid": { "type": "string" } } }, - "relational.ImportComponentDefinition": { + "oscalTypes_1_1_3.PoamItemOrigin": { "type": "object", "properties": { - "href": { - "type": "string" + "actors": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.OriginActor" + } } } }, - "relational.IncorporatesComponents": { + "oscalTypes_1_1_3.PortRange": { "type": "object", "properties": { - "component-uuid": { - "type": "string" + "end": { + "type": "integer" }, - "description": { + "start": { + "type": "integer" + }, + "transport": { "type": "string" } } }, - "relational.InheritedControlImplementation": { + "oscalTypes_1_1_3.Profile": { "type": "object", "properties": { - "byComponentId": { - "type": "string" - }, - "description": { - "description": "required", - "type": "string" - }, - "id": { - "type": "string" + "back-matter": { + "$ref": "#/definitions/oscalTypes_1_1_3.BackMatter" }, - "links": { + "imports": { "type": "array", "items": { - "$ref": "#/definitions/relational.Link" + "$ref": "#/definitions/oscalTypes_1_1_3.Import" } }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.Prop" - } + "merge": { + "$ref": "#/definitions/oscalTypes_1_1_3.Merge" }, - "provided-uuid": { - "type": "string" + "metadata": { + "$ref": "#/definitions/oscalTypes_1_1_3.Metadata" }, - "responsible-roles": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.ResponsibleRole" - } + "modify": { + "$ref": "#/definitions/oscalTypes_1_1_3.Modify" + }, + "uuid": { + "type": "string" } } }, - "relational.InventoryItem": { + "oscalTypes_1_1_3.Property": { "type": "object", "properties": { - "description": { + "class": { "type": "string" }, - "evidence": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.Evidence" - } - }, - "id": { + "group": { "type": "string" }, - "implemented-components": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.ImplementedComponent" - } - }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.Link" - } + "name": { + "type": "string" }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.Prop" - } + "ns": { + "type": "string" }, "remarks": { "type": "string" }, - "responsible-parties": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.ResponsibleParty" - } - }, - "systemImplementationId": { - "type": "string" - } - } - }, - "relational.Labels": { - "type": "object", - "properties": { - "name": { + "uuid": { "type": "string" }, "value": { @@ -30790,1321 +21581,1321 @@ const docTemplate = `{ } } }, - "relational.LeveragedAuthorization": { + "oscalTypes_1_1_3.Protocol": { "type": "object", "properties": { - "date-authorized": { - "type": "string" - }, - "id": { - "type": "string" - }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.Link" - } - }, - "party-uuid": { + "name": { "type": "string" }, - "props": { + "port-ranges": { "type": "array", "items": { - "$ref": "#/definitions/relational.Prop" + "$ref": "#/definitions/oscalTypes_1_1_3.PortRange" } }, - "remarks": { - "type": "string" - }, - "systemImplementationId": { + "title": { "type": "string" }, - "title": { + "uuid": { "type": "string" } } }, - "relational.Link": { + "oscalTypes_1_1_3.ProvidedControlImplementation": { "type": "object", "properties": { - "href": { + "description": { "type": "string" }, - "media-type": { - "type": "string" + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Link" + } }, - "rel": { - "type": "string" + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Property" + } }, - "resource-fragment": { + "remarks": { "type": "string" }, - "text": { + "responsible-roles": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleRole" + } + }, + "uuid": { "type": "string" } } }, - "relational.Location": { + "oscalTypes_1_1_3.ReferencedControlObjectives": { "type": "object", "properties": { - "address": { - "$ref": "#/definitions/datatypes.JSONType-relational_Address" + "description": { + "type": "string" }, - "email-addresses": { + "exclude-objectives": { "type": "array", "items": { - "type": "string" + "$ref": "#/definitions/oscalTypes_1_1_3.SelectObjectiveById" } }, - "id": { - "type": "string" + "include-all": { + "$ref": "#/definitions/oscalTypes_1_1_3.IncludeAll" }, - "links": { + "include-objectives": { "type": "array", "items": { - "$ref": "#/definitions/relational.Link" + "$ref": "#/definitions/oscalTypes_1_1_3.SelectObjectiveById" } }, - "props": { + "links": { "type": "array", "items": { - "$ref": "#/definitions/relational.Prop" + "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, - "remarks": { - "type": "string" - }, - "telephone-numbers": { + "props": { "type": "array", "items": { - "$ref": "#/definitions/relational.TelephoneNumber" + "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, - "title": { + "remarks": { "type": "string" - }, - "urls": { - "type": "array", - "items": { - "type": "string" - } } } }, - "relational.Matching": { + "oscalTypes_1_1_3.RelatedFinding": { "type": "object", "properties": { - "pattern": { + "finding-uuid": { "type": "string" } } }, - "relational.Merge": { + "oscalTypes_1_1_3.RelatedObservation": { "type": "object", "properties": { - "as-is": { - "type": "boolean" - }, - "combine": { - "$ref": "#/definitions/datatypes.JSONType-relational_CombinationRule" - }, - "flat": { - "$ref": "#/definitions/datatypes.JSONType-relational_FlatWithoutGrouping" - }, - "id": { - "type": "string" - }, - "profileID": { + "observation-uuid": { "type": "string" } } }, - "relational.Metadata": { + "oscalTypes_1_1_3.RelatedTask": { "type": "object", "properties": { - "actions": { + "identified-subject": { + "$ref": "#/definitions/oscalTypes_1_1_3.IdentifiedSubject" + }, + "links": { "type": "array", "items": { - "$ref": "#/definitions/relational.Action" + "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, - "document-ids": { - "description": "-\u003e DocumentID", + "props": { "type": "array", "items": { - "$ref": "#/definitions/relational.DocumentID" + "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, - "id": { - "type": "string" - }, - "last-modified": { + "remarks": { "type": "string" }, - "links": { + "responsible-parties": { "type": "array", "items": { - "$ref": "#/definitions/relational.Link" + "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleParty" } }, - "locations": { + "subjects": { "type": "array", "items": { - "$ref": "#/definitions/relational.Location" + "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentSubject" } }, - "oscal-version": { + "task-uuid": { "type": "string" - }, - "parentID": { - "description": "Metadata is shared across many resources, and so it mapped using a polymorphic relationship", + } + } + }, + "oscalTypes_1_1_3.RelevantEvidence": { + "type": "object", + "properties": { + "description": { "type": "string" }, - "parentType": { + "href": { "type": "string" }, - "parties": { + "links": { "type": "array", "items": { - "$ref": "#/definitions/relational.Party" + "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, "props": { "type": "array", "items": { - "$ref": "#/definitions/relational.Prop" + "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, - "published": { - "type": "string" - }, "remarks": { "type": "string" + } + } + }, + "oscalTypes_1_1_3.Removal": { + "type": "object", + "properties": { + "by-class": { + "type": "string" }, - "responsibleParties": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.ResponsibleParty" - } - }, - "revisions": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.Revision" - } + "by-id": { + "type": "string" }, - "roles": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.Role" - } + "by-item-name": { + "type": "string" }, - "title": { + "by-name": { "type": "string" }, - "version": { + "by-ns": { "type": "string" } } }, - "relational.Modify": { + "oscalTypes_1_1_3.RequiredAsset": { "type": "object", "properties": { - "alters": { + "description": { + "type": "string" + }, + "links": { "type": "array", "items": { - "$ref": "#/definitions/relational.Alteration" + "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, - "id": { - "type": "string" + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Property" + } }, - "profileID": { + "remarks": { "type": "string" }, - "set-parameters": { + "subjects": { "type": "array", "items": { - "$ref": "#/definitions/relational.ParameterSetting" + "$ref": "#/definitions/oscalTypes_1_1_3.SubjectReference" } + }, + "title": { + "type": "string" + }, + "uuid": { + "type": "string" } } }, - "relational.NetworkArchitecture": { + "oscalTypes_1_1_3.Resource": { "type": "object", "properties": { + "base64": { + "$ref": "#/definitions/oscalTypes_1_1_3.Base64" + }, + "citation": { + "$ref": "#/definitions/oscalTypes_1_1_3.Citation" + }, "description": { "type": "string" }, - "diagrams": { + "document-ids": { "type": "array", "items": { - "$ref": "#/definitions/relational.Diagram" + "$ref": "#/definitions/oscalTypes_1_1_3.DocumentId" } }, - "id": { - "type": "string" - }, - "links": { + "props": { "type": "array", "items": { - "$ref": "#/definitions/relational.Link" + "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, - "props": { + "remarks": { + "type": "string" + }, + "rlinks": { "type": "array", "items": { - "$ref": "#/definitions/relational.Prop" + "$ref": "#/definitions/oscalTypes_1_1_3.ResourceLink" } }, - "remarks": { + "title": { "type": "string" }, - "systemCharacteristicsId": { + "uuid": { "type": "string" } } }, - "relational.Origin": { + "oscalTypes_1_1_3.ResourceLink": { "type": "object", "properties": { - "actors": { + "hashes": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.OriginActor" + "$ref": "#/definitions/oscalTypes_1_1_3.Hash" } }, - "related-tasks": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.RelatedTask" - } + "href": { + "type": "string" + }, + "media-type": { + "type": "string" } } }, - "relational.Parameter": { + "oscalTypes_1_1_3.Response": { "type": "object", "properties": { - "class": { + "description": { "type": "string" }, - "constraints": { + "lifecycle": { + "type": "string" + }, + "links": { "type": "array", "items": { - "$ref": "#/definitions/relational.ParameterConstraint" + "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, - "guidelines": { + "origins": { "type": "array", "items": { - "$ref": "#/definitions/relational.ParameterGuideline" + "$ref": "#/definitions/oscalTypes_1_1_3.Origin" } }, - "id": { - "type": "string" + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Property" + } }, - "label": { + "remarks": { "type": "string" }, - "links": { + "required-assets": { "type": "array", "items": { - "$ref": "#/definitions/relational.Link" + "$ref": "#/definitions/oscalTypes_1_1_3.RequiredAsset" } }, - "props": { + "tasks": { "type": "array", "items": { - "$ref": "#/definitions/relational.Prop" + "$ref": "#/definitions/oscalTypes_1_1_3.Task" } }, - "remarks": { + "title": { "type": "string" }, - "select": { - "$ref": "#/definitions/datatypes.JSONType-relational_ParameterSelection" - }, - "usage": { + "uuid": { "type": "string" - }, - "values": { - "type": "array", - "items": { - "type": "string" - } } } }, - "relational.ParameterConstraint": { + "oscalTypes_1_1_3.ResponsibleParty": { "type": "object", "properties": { - "description": { - "type": "string" + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Link" + } }, - "tests": { + "party-uuids": { "type": "array", "items": { - "$ref": "#/definitions/relational.ParameterConstraintTest" + "type": "string" + } + }, + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Property" } - } - } - }, - "relational.ParameterConstraintTest": { - "type": "object", - "properties": { - "expression": { - "type": "string" }, "remarks": { "type": "string" - } - } - }, - "relational.ParameterGuideline": { - "type": "object", - "properties": { - "prose": { + }, + "role-id": { "type": "string" } } }, - "relational.ParameterSetting": { + "oscalTypes_1_1_3.ResponsibleRole": { "type": "object", "properties": { - "class": { - "type": "string" - }, - "constraints": { + "links": { "type": "array", "items": { - "$ref": "#/definitions/relational.ParameterConstraint" + "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, - "depends-on": { - "type": "string" + "party-uuids": { + "type": "array", + "items": { + "type": "string" + } }, - "guidelines": { + "props": { "type": "array", "items": { - "$ref": "#/definitions/relational.ParameterGuideline" + "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, - "id": { + "remarks": { "type": "string" }, - "label": { + "role-id": { "type": "string" + } + } + }, + "oscalTypes_1_1_3.Result": { + "type": "object", + "properties": { + "assessment-log": { + "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentLog" }, - "links": { + "attestations": { "type": "array", "items": { - "$ref": "#/definitions/relational.Link" + "$ref": "#/definitions/oscalTypes_1_1_3.AttestationStatements" } }, - "modifyID": { + "description": { "type": "string" }, - "param-id": { - "description": "required", + "end": { "type": "string" }, - "props": { + "findings": { "type": "array", "items": { - "$ref": "#/definitions/relational.Prop" + "$ref": "#/definitions/oscalTypes_1_1_3.Finding" } }, - "select": { - "$ref": "#/definitions/datatypes.JSONType-relational_ParameterSelection" - }, - "values": { + "links": { "type": "array", "items": { - "type": "string" + "$ref": "#/definitions/oscalTypes_1_1_3.Link" } - } - } - }, - "relational.Part": { - "type": "object", - "properties": { - "class": { - "type": "string" }, - "id": { - "type": "string" + "local-definitions": { + "$ref": "#/definitions/oscalTypes_1_1_3.LocalDefinitions" }, - "links": { + "observations": { "type": "array", "items": { - "$ref": "#/definitions/relational.Link" + "$ref": "#/definitions/oscalTypes_1_1_3.Observation" } }, - "name": { - "type": "string" - }, - "ns": { - "type": "string" - }, - "part_id": { - "type": "string" - }, - "parts": { - "description": "-\u003e Part", + "props": { "type": "array", "items": { - "$ref": "#/definitions/relational.Part" + "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, - "props": { + "remarks": { + "type": "string" + }, + "reviewed-controls": { + "$ref": "#/definitions/oscalTypes_1_1_3.ReviewedControls" + }, + "risks": { "type": "array", "items": { - "$ref": "#/definitions/relational.Prop" + "$ref": "#/definitions/oscalTypes_1_1_3.Risk" } }, - "prose": { + "start": { "type": "string" }, "title": { "type": "string" + }, + "uuid": { + "type": "string" } } }, - "relational.Party": { + "oscalTypes_1_1_3.ReviewedControls": { "type": "object", "properties": { - "addresses": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.Address" - } - }, - "email-addresses": { + "control-objective-selections": { "type": "array", "items": { - "type": "string" + "$ref": "#/definitions/oscalTypes_1_1_3.ReferencedControlObjectives" } }, - "external-ids": { + "control-selections": { "type": "array", "items": { - "$ref": "#/definitions/relational.PartyExternalID" + "$ref": "#/definitions/oscalTypes_1_1_3.AssessedControls" } }, - "id": { + "description": { "type": "string" }, "links": { "type": "array", "items": { - "$ref": "#/definitions/relational.Link" + "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, - "locations": { + "props": { "type": "array", "items": { - "$ref": "#/definitions/relational.Location" + "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, - "member-of-organizations": { - "description": "-\u003e Party", + "remarks": { + "type": "string" + } + } + }, + "oscalTypes_1_1_3.RevisionHistoryEntry": { + "type": "object", + "properties": { + "last-modified": { + "type": "string" + }, + "links": { "type": "array", "items": { - "$ref": "#/definitions/relational.Party" + "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, - "name": { + "oscal-version": { "type": "string" }, "props": { "type": "array", "items": { - "$ref": "#/definitions/relational.Prop" + "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, - "remarks": { + "published": { "type": "string" }, - "short-name": { + "remarks": { "type": "string" }, - "telephone-numbers": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.TelephoneNumber" - } + "title": { + "type": "string" }, - "type": { - "$ref": "#/definitions/relational.PartyType" + "version": { + "type": "string" } } }, - "relational.PartyExternalID": { + "oscalTypes_1_1_3.Risk": { "type": "object", "properties": { - "id": { + "characterizations": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Characterization" + } + }, + "deadline": { "type": "string" }, - "scheme": { - "$ref": "#/definitions/relational.PartyExternalIDScheme" - } - } - }, - "relational.PartyExternalIDScheme": { - "type": "string", - "enum": [ - "http://orcid.org/" - ], - "x-enum-varnames": [ - "PartyExternalIDSchemeOrchid" - ] - }, - "relational.PartyType": { - "type": "string", - "enum": [ - "person", - "organization" - ], - "x-enum-varnames": [ - "PartyTypePerson", - "PartyTypeOrganization" - ] - }, - "relational.Profile": { - "type": "object", - "properties": { - "back-matter": { - "$ref": "#/definitions/relational.BackMatter" + "description": { + "type": "string" + }, + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Link" + } }, - "controls": { + "mitigating-factors": { "type": "array", "items": { - "$ref": "#/definitions/relational.Control" + "$ref": "#/definitions/oscalTypes_1_1_3.MitigatingFactor" } }, - "id": { - "type": "string" + "origins": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Origin" + } }, - "imports": { + "props": { "type": "array", "items": { - "$ref": "#/definitions/relational.Import" + "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, - "merge": { - "$ref": "#/definitions/relational.Merge" + "related-observations": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.RelatedObservation" + } }, - "metadata": { - "$ref": "#/definitions/relational.Metadata" + "remediations": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Response" + } }, - "modify": { - "$ref": "#/definitions/relational.Modify" - } - } - }, - "relational.Prop": { - "type": "object", - "properties": { - "class": { - "type": "string" + "risk-log": { + "$ref": "#/definitions/oscalTypes_1_1_3.RiskLog" }, - "group": { + "statement": { "type": "string" }, - "name": { + "status": { "type": "string" }, - "ns": { - "type": "string" + "threat-ids": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.ThreatId" + } }, - "remarks": { + "title": { "type": "string" }, "uuid": { "type": "string" - }, - "value": { - "type": "string" } } }, - "relational.Protocol": { + "oscalTypes_1_1_3.RiskLog": { "type": "object", "properties": { - "name": { - "type": "string" - }, - "port-ranges": { + "entries": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.PortRange" + "$ref": "#/definitions/oscalTypes_1_1_3.RiskLogEntry" } - }, - "title": { - "type": "string" - }, - "uuid": { - "type": "string" } } }, - "relational.ProvidedControlImplementation": { + "oscalTypes_1_1_3.RiskLogEntry": { "type": "object", "properties": { "description": { "type": "string" }, - "exportId": { - "type": "string" - }, - "id": { + "end": { "type": "string" }, "links": { "type": "array", "items": { - "$ref": "#/definitions/relational.Link" + "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, - "props": { + "logged-by": { "type": "array", "items": { - "$ref": "#/definitions/relational.Prop" + "$ref": "#/definitions/oscalTypes_1_1_3.LoggedBy" } }, - "remarks": { - "type": "string" + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Property" + } }, - "responsible-roles": { + "related-responses": { "type": "array", "items": { - "$ref": "#/definitions/relational.ResponsibleRole" + "$ref": "#/definitions/oscalTypes_1_1_3.RiskResponseReference" } - } - } - }, - "relational.Removal": { - "type": "object", - "properties": { - "by-class": { + }, + "remarks": { "type": "string" }, - "by-id": { + "start": { "type": "string" }, - "by-item-name": { + "status-change": { "type": "string" }, - "by-name": { + "title": { "type": "string" }, - "by-ns": { + "uuid": { "type": "string" } } }, - "relational.ResourceLink": { + "oscalTypes_1_1_3.RiskResponseReference": { "type": "object", "properties": { - "hashes": { + "links": { "type": "array", "items": { - "$ref": "#/definitions/relational.Hash" + "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, - "href": { - "description": "required", + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Property" + } + }, + "related-tasks": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.RelatedTask" + } + }, + "remarks": { "type": "string" }, - "media-type": { + "response-uuid": { "type": "string" } } }, - "relational.ResponsibleParty": { + "oscalTypes_1_1_3.Role": { "type": "object", "properties": { + "description": { + "type": "string" + }, "id": { "type": "string" }, "links": { "type": "array", "items": { - "$ref": "#/definitions/relational.Link" + "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, - "parentID": { - "description": "Polymorphic relationship - allows ResponsibleParty to belong to different parent types", + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Property" + } + }, + "remarks": { "type": "string" }, - "parentType": { + "short-name": { "type": "string" }, - "parties": { + "title": { + "type": "string" + } + } + }, + "oscalTypes_1_1_3.SatisfiedControlImplementationResponsibility": { + "type": "object", + "properties": { + "description": { + "type": "string" + }, + "links": { "type": "array", "items": { - "$ref": "#/definitions/relational.ResponsiblePartyParties" + "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, "props": { "type": "array", "items": { - "$ref": "#/definitions/relational.Prop" + "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, "remarks": { "type": "string" }, - "role": { - "$ref": "#/definitions/relational.Role" + "responsibility-uuid": { + "type": "string" }, - "role-id": { - "description": "required", + "responsible-roles": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleRole" + } + }, + "uuid": { "type": "string" } } }, - "relational.ResponsiblePartyParties": { + "oscalTypes_1_1_3.SecurityImpactLevel": { "type": "object", "properties": { - "partyID": { + "security-objective-availability": { "type": "string" }, - "responsiblePartyID": { + "security-objective-confidentiality": { + "type": "string" + }, + "security-objective-integrity": { "type": "string" } } }, - "relational.ResponsibleRole": { + "oscalTypes_1_1_3.SelectControlById": { "type": "object", "properties": { - "id": { - "type": "string" - }, - "links": { + "matching": { "type": "array", "items": { - "$ref": "#/definitions/relational.Link" + "$ref": "#/definitions/oscalTypes_1_1_3.Matching" } }, - "parentID": { + "with-child-controls": { "type": "string" }, - "parentType": { + "with-ids": { + "type": "array", + "items": { + "type": "string" + } + } + } + }, + "oscalTypes_1_1_3.SelectObjectiveById": { + "type": "object", + "properties": { + "objective-id": { "type": "string" - }, - "parties": { + } + } + }, + "oscalTypes_1_1_3.SelectSubjectById": { + "type": "object", + "properties": { + "links": { "type": "array", "items": { - "$ref": "#/definitions/relational.Party" + "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, "props": { "type": "array", "items": { - "$ref": "#/definitions/relational.Prop" + "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, "remarks": { "type": "string" }, - "role": { - "$ref": "#/definitions/relational.Role" + "subject-uuid": { + "type": "string" }, - "role-id": { - "description": "required", + "type": { "type": "string" } } }, - "relational.ReviewedControls": { + "oscalTypes_1_1_3.SetParameter": { "type": "object", "properties": { - "controlObjectiveSelections": { + "param-id": { + "type": "string" + }, + "remarks": { + "type": "string" + }, + "values": { "type": "array", "items": { - "$ref": "#/definitions/relational.ControlObjectiveSelection" + "type": "string" } - }, - "controlSelections": { - "description": "required", + } + } + }, + "oscalTypes_1_1_3.Statement": { + "type": "object", + "properties": { + "by-components": { "type": "array", "items": { - "$ref": "#/definitions/relational.ControlSelection" + "$ref": "#/definitions/oscalTypes_1_1_3.ByComponent" } }, - "description": { - "type": "string" - }, - "id": { - "type": "string" - }, "links": { "type": "array", "items": { - "$ref": "#/definitions/relational.Link" + "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, "props": { "type": "array", "items": { - "$ref": "#/definitions/relational.Prop" + "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, "remarks": { "type": "string" + }, + "responsible-roles": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleRole" + } + }, + "statement-id": { + "type": "string" + }, + "uuid": { + "type": "string" } } }, - "relational.Revision": { + "oscalTypes_1_1_3.Status": { "type": "object", "properties": { - "id": { + "remarks": { "type": "string" }, - "last-modified": { + "state": { + "type": "string" + } + } + }, + "oscalTypes_1_1_3.Step": { + "type": "object", + "properties": { + "description": { "type": "string" }, "links": { "type": "array", "items": { - "$ref": "#/definitions/relational.Link" + "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, - "metadata-id": { - "description": "Revision only exist on a metadata object. We'll link them straight there with a BelongsTo relationship", - "type": "string" - }, - "oscal-version": { - "type": "string" - }, "props": { "type": "array", "items": { - "$ref": "#/definitions/relational.Prop" + "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, - "published": { - "type": "string" - }, "remarks": { "type": "string" }, + "responsible-roles": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleRole" + } + }, + "reviewed-controls": { + "$ref": "#/definitions/oscalTypes_1_1_3.ReviewedControls" + }, "title": { "type": "string" }, - "version": { - "description": "required", + "uuid": { "type": "string" } } }, - "relational.Role": { + "oscalTypes_1_1_3.SubjectReference": { "type": "object", "properties": { - "description": { - "type": "string" - }, - "id": { - "type": "string" - }, "links": { "type": "array", "items": { - "$ref": "#/definitions/relational.Link" + "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, "props": { "type": "array", "items": { - "$ref": "#/definitions/relational.Prop" + "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, "remarks": { "type": "string" }, - "short-name": { + "subject-uuid": { "type": "string" }, "title": { "type": "string" + }, + "type": { + "type": "string" } } }, - "relational.SatisfiedControlImplementationResponsibility": { + "oscalTypes_1_1_3.SystemCharacteristics": { "type": "object", "properties": { - "by-component-id": { - "type": "string" + "authorization-boundary": { + "$ref": "#/definitions/oscalTypes_1_1_3.AuthorizationBoundary" }, - "description": { + "data-flow": { + "$ref": "#/definitions/oscalTypes_1_1_3.DataFlow" + }, + "date-authorized": { "type": "string" }, - "id": { + "description": { "type": "string" }, "links": { "type": "array", "items": { - "$ref": "#/definitions/relational.Link" + "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, + "network-architecture": { + "$ref": "#/definitions/oscalTypes_1_1_3.NetworkArchitecture" + }, "props": { "type": "array", "items": { - "$ref": "#/definitions/relational.Prop" + "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, "remarks": { "type": "string" }, - "responsibility-uuid": { + "responsible-parties": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleParty" + } + }, + "security-impact-level": { + "$ref": "#/definitions/oscalTypes_1_1_3.SecurityImpactLevel" + }, + "security-sensitivity-level": { "type": "string" }, - "responsible-roles": { + "status": { + "$ref": "#/definitions/oscalTypes_1_1_3.Status" + }, + "system-ids": { "type": "array", "items": { - "$ref": "#/definitions/relational.ResponsibleRole" + "$ref": "#/definitions/oscalTypes_1_1_3.SystemId" } + }, + "system-information": { + "$ref": "#/definitions/oscalTypes_1_1_3.SystemInformation" + }, + "system-name": { + "type": "string" + }, + "system-name-short": { + "type": "string" } } }, - "relational.SelectControlById": { + "oscalTypes_1_1_3.SystemComponent": { "type": "object", "properties": { - "id": { + "description": { "type": "string" }, - "matching": { + "links": { "type": "array", "items": { - "$ref": "#/definitions/relational.Matching" + "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, - "parentID": { - "type": "string" + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Property" + } }, - "parentType": { + "protocols": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Protocol" + } + }, + "purpose": { "type": "string" }, - "with-child-controls": { + "remarks": { "type": "string" }, - "with-ids": { + "responsible-roles": { "type": "array", "items": { - "type": "string" + "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleRole" } - } - } - }, - "relational.SelectObjectiveById": { - "type": "object", - "properties": { - "id": { - "type": "string" }, - "objective": { - "description": "required", + "status": { + "$ref": "#/definitions/oscalTypes_1_1_3.SystemComponentStatus" + }, + "title": { "type": "string" }, - "parentID": { + "type": { "type": "string" }, - "parentType": { + "uuid": { "type": "string" } } }, - "relational.SelectSubjectById": { + "oscalTypes_1_1_3.SystemComponentStatus": { "type": "object", "properties": { - "assessmentSubjectID": { - "type": "string" - }, - "id": { - "type": "string" - }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.Link" - } - }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.Prop" - } - }, "remarks": { "type": "string" }, - "subjectUUID": { - "description": "SubjectUUID technically represents a UUID of a component, party, location, user, or inventory item.\nIt will likely be updated once we can map it correctly", + "state": { "type": "string" } } }, - "relational.SetParameter": { + "oscalTypes_1_1_3.SystemId": { "type": "object", "properties": { - "param-id": { + "id": { "type": "string" }, - "remarks": { + "identifier-type": { "type": "string" - }, - "values": { - "type": "array", - "items": { - "type": "string" - } } } }, - "relational.Statement": { + "oscalTypes_1_1_3.SystemImplementation": { "type": "object", "properties": { - "by-components": { + "components": { "type": "array", "items": { - "$ref": "#/definitions/relational.ByComponent" + "$ref": "#/definitions/oscalTypes_1_1_3.SystemComponent" } }, - "id": { - "type": "string" + "inventory-items": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.InventoryItem" + } }, - "implementedRequirementId": { - "type": "string" + "leveraged-authorizations": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.LeveragedAuthorization" + } }, "links": { "type": "array", "items": { - "$ref": "#/definitions/relational.Link" + "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, "props": { "type": "array", "items": { - "$ref": "#/definitions/relational.Prop" + "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, "remarks": { "type": "string" }, - "responsible-roles": { + "users": { "type": "array", "items": { - "$ref": "#/definitions/relational.ResponsibleRole" + "$ref": "#/definitions/oscalTypes_1_1_3.SystemUser" } - }, - "statement-id": { - "type": "string" } } }, - "relational.Step": { + "oscalTypes_1_1_3.SystemInformation": { "type": "object", "properties": { - "activityID": { - "type": "string" - }, - "description": { - "description": "required", - "type": "string" - }, - "id": { - "type": "string" + "information-types": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.InformationType" + } }, "links": { "type": "array", "items": { - "$ref": "#/definitions/relational.Link" + "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, "props": { "type": "array", "items": { - "$ref": "#/definitions/relational.Prop" + "$ref": "#/definitions/oscalTypes_1_1_3.Property" } + } + } + }, + "oscalTypes_1_1_3.SystemSecurityPlan": { + "type": "object", + "properties": { + "back-matter": { + "$ref": "#/definitions/oscalTypes_1_1_3.BackMatter" }, - "remarks": { - "type": "string" + "control-implementation": { + "$ref": "#/definitions/oscalTypes_1_1_3.ControlImplementation" }, - "responsible-roles": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.ResponsibleRole" - } + "import-profile": { + "$ref": "#/definitions/oscalTypes_1_1_3.ImportProfile" }, - "reviewed-controls": { - "$ref": "#/definitions/relational.ReviewedControls" + "metadata": { + "$ref": "#/definitions/oscalTypes_1_1_3.Metadata" }, - "reviewedControlsID": { - "type": "string" + "system-characteristics": { + "$ref": "#/definitions/oscalTypes_1_1_3.SystemCharacteristics" }, - "title": { + "system-implementation": { + "$ref": "#/definitions/oscalTypes_1_1_3.SystemImplementation" + }, + "uuid": { "type": "string" } } }, - "relational.SystemCharacteristics": { + "oscalTypes_1_1_3.SystemUser": { "type": "object", "properties": { - "authorization-boundary": { - "$ref": "#/definitions/relational.AuthorizationBoundary" - }, - "dataFlow": { - "$ref": "#/definitions/relational.DataFlow" - }, - "date-authorized": { - "type": "string" + "authorized-privileges": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.AuthorizedPrivilege" + } }, "description": { "type": "string" }, - "id": { - "type": "string" - }, "links": { "type": "array", "items": { - "$ref": "#/definitions/relational.Link" + "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, - "networkArchitecture": { - "$ref": "#/definitions/relational.NetworkArchitecture" - }, "props": { "type": "array", "items": { - "$ref": "#/definitions/relational.Prop" + "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, "remarks": { "type": "string" }, - "responsible-parties": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.ResponsibleParty" - } - }, - "security-impact-level": { - "$ref": "#/definitions/datatypes.JSONType-relational_SecurityImpactLevel" - }, - "security-sensitivity-level": { - "type": "string" - }, - "status": { - "$ref": "#/definitions/datatypes.JSONType-relational_Status" - }, - "system-ids": { + "role-ids": { "type": "array", "items": { - "$ref": "#/definitions/relational.SystemId" + "type": "string" } }, - "system-information": { - "$ref": "#/definitions/datatypes.JSONType-relational_SystemInformation" - }, - "system-name": { + "short-name": { "type": "string" }, - "system-name-short": { + "title": { "type": "string" }, - "systemSecurityPlanId": { + "uuid": { "type": "string" } } }, - "relational.SystemComponent": { + "oscalTypes_1_1_3.Task": { "type": "object", "properties": { - "definedComponentId": { - "type": "string" - }, - "description": { - "type": "string" - }, - "evidence": { + "associated-activities": { "type": "array", "items": { - "$ref": "#/definitions/relational.Evidence" + "$ref": "#/definitions/oscalTypes_1_1_3.AssociatedActivity" } }, - "filters": { + "dependencies": { "type": "array", "items": { - "$ref": "#/definitions/relational.Filter" + "$ref": "#/definitions/oscalTypes_1_1_3.TaskDependency" } }, - "id": { + "description": { "type": "string" }, "links": { "type": "array", "items": { - "$ref": "#/definitions/relational.Link" + "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, "props": { "type": "array", "items": { - "$ref": "#/definitions/relational.Prop" - } - }, - "protocols": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.Protocol" + "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, - "purpose": { - "type": "string" - }, "remarks": { "type": "string" }, "responsible-roles": { "type": "array", "items": { - "$ref": "#/definitions/relational.ResponsibleRole" + "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleRole" } }, - "status": { - "$ref": "#/definitions/datatypes.JSONType-relational_SystemComponentStatus" + "subjects": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentSubject" + } }, - "systemImplementationId": { - "type": "string" + "tasks": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Task" + } + }, + "timing": { + "$ref": "#/definitions/oscalTypes_1_1_3.EventTiming" }, "title": { "type": "string" }, "type": { "type": "string" + }, + "uuid": { + "type": "string" } } }, - "relational.SystemComponentSuggestion": { + "oscalTypes_1_1_3.TaskDependency": { "type": "object", "properties": { - "componentDefinitionId": { - "type": "string" - }, - "definedComponentId": { - "type": "string" - }, - "description": { + "remarks": { "type": "string" }, - "name": { + "task-uuid": { "type": "string" - }, - "purpose": { + } + } + }, + "oscalTypes_1_1_3.TelephoneNumber": { + "type": "object", + "properties": { + "number": { "type": "string" }, "type": { @@ -32112,40 +22903,57 @@ const docTemplate = `{ } } }, - "relational.SystemId": { + "oscalTypes_1_1_3.ThreatId": { "type": "object", "properties": { + "href": { + "type": "string" + }, "id": { "type": "string" }, - "identifier-type": { + "system": { "type": "string" } } }, - "relational.SystemImplementation": { + "oscalTypes_1_1_3.UsesComponent": { "type": "object", "properties": { - "components": { + "component-uuid": { + "type": "string" + }, + "links": { "type": "array", "items": { - "$ref": "#/definitions/relational.SystemComponent" + "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, - "id": { - "type": "string" - }, - "inventory-items": { + "props": { "type": "array", "items": { - "$ref": "#/definitions/relational.InventoryItem" + "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, - "leveraged-authorizations": { + "remarks": { + "type": "string" + }, + "responsible-parties": { "type": "array", "items": { - "$ref": "#/definitions/relational.LeveragedAuthorization" + "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleParty" } + } + } + }, + "relational.Action": { + "type": "object", + "properties": { + "date": { + "type": "string" + }, + "id": { + "type": "string" }, "links": { "type": "array", @@ -32153,6 +22961,10 @@ const docTemplate = `{ "$ref": "#/definitions/relational.Link" } }, + "metadata-id": { + "description": "Actions only exist on a metadata object. We'll link them straight there with a BelongsTo relationship", + "type": "string" + }, "props": { "type": "array", "items": { @@ -32162,59 +22974,27 @@ const docTemplate = `{ "remarks": { "type": "string" }, - "systemSecurityPlanId": { - "type": "string" - }, - "users": { + "responsibleParties": { "type": "array", "items": { - "$ref": "#/definitions/relational.SystemUser" + "$ref": "#/definitions/relational.ResponsibleParty" } - } - } - }, - "relational.SystemSecurityPlan": { - "type": "object", - "properties": { - "back-matter": { - "$ref": "#/definitions/relational.BackMatter" - }, - "control-implementation": { - "$ref": "#/definitions/relational.ControlImplementation" }, - "id": { + "system": { + "description": "required", "type": "string" }, - "import-profile": { - "$ref": "#/definitions/datatypes.JSONType-relational_ImportProfile" - }, - "metadata": { - "$ref": "#/definitions/relational.Metadata" - }, - "profile": { - "$ref": "#/definitions/relational.Profile" - }, - "profileID": { + "type": { + "description": "required", "type": "string" - }, - "system-characteristics": { - "$ref": "#/definitions/relational.SystemCharacteristics" - }, - "system-implementation": { - "$ref": "#/definitions/relational.SystemImplementation" } } }, - "relational.SystemUser": { + "relational.Activity": { "type": "object", "properties": { - "authorized-privileges": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.AuthorizedPrivilege" - } - }, "description": { + "description": "required", "type": "string" }, "id": { @@ -32232,659 +23012,758 @@ const docTemplate = `{ "$ref": "#/definitions/relational.Prop" } }, - "remarks": { + "related-controls": { + "$ref": "#/definitions/relational.ReviewedControls" + }, + "relatedControlsID": { + "type": "string" + }, + "remarks": { + "description": "required", + "type": "string" + }, + "responsible-roles": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.ResponsibleRole" + } + }, + "steps": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Step" + } + }, + "title": { + "type": "string" + } + } + }, + "relational.Address": { + "type": "object", + "properties": { + "city": { + "type": "string" + }, + "country": { "type": "string" }, - "role-ids": { + "lines": { "type": "array", "items": { "type": "string" } }, - "short-name": { - "type": "string" - }, - "systemImplementationId": { + "postal-code": { "type": "string" }, - "title": { - "type": "string" - } - } - }, - "relational.TelephoneNumber": { - "type": "object", - "properties": { - "number": { + "state": { "type": "string" }, "type": { - "$ref": "#/definitions/relational.TelephoneNumberType" + "$ref": "#/definitions/relational.AddressType" } } }, - "relational.TelephoneNumberType": { + "relational.AddressType": { "type": "string", "enum": [ - "home", - "office", - "mobile" + "work", + "home" ], "x-enum-varnames": [ - "TelephoneNumberTypeHome", - "TelephoneNumberTypeOffice", - "TelephoneNumberTypeMobile" + "AddressTypeWork", + "AddressTypeHome" ] }, - "relational.User": { + "relational.AssessedControlsSelectControlById": { "type": "object", "properties": { - "authMethod": { - "type": "string" + "control": { + "$ref": "#/definitions/relational.Control" }, - "createdAt": { + "controlID": { "type": "string" }, - "deletedAt": { - "description": "Soft delete", - "allOf": [ - { - "$ref": "#/definitions/gorm.DeletedAt" - } - ] - }, - "digestSubscribed": { - "description": "DigestSubscribed indicates if the user wants to receive evidence digest emails", - "type": "boolean" + "id": { + "type": "string" }, - "email": { + "statements": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Statement" + } + } + } + }, + "relational.AssessmentSubject": { + "type": "object", + "properties": { + "description": { "type": "string" }, - "failedLogins": { - "type": "integer" + "evidence": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Evidence" + } }, - "firstName": { - "type": "string" + "excludeSubjects": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.SelectSubjectById" + } }, "id": { "type": "string" }, - "isActive": { - "type": "boolean" - }, - "isLocked": { - "type": "boolean" - }, - "lastLogin": { - "type": "string" + "includeAll": { + "$ref": "#/definitions/datatypes.JSONType-relational_IncludeAll" }, - "lastName": { - "type": "string" + "includeSubjects": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.SelectSubjectById" + } }, - "taskAvailableEmailSubscribed": { - "description": "TaskAvailableEmailSubscribed indicates if the user wants an email when tasks become available", - "type": "boolean" + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Link" + } }, - "taskDailyDigestSubscribed": { - "description": "TaskDailyDigestSubscribed indicates if the user wants to receive a daily task digest email", - "type": "boolean" + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Prop" + } }, - "updatedAt": { + "remarks": { "type": "string" }, - "userAttributes": { + "type": { + "description": "Type represents a component, party, location, user, or inventory item.\nIt will likely be updated once we can map it correctly", "type": "string" } } }, - "risks.RiskComponentLink": { + "relational.BackMatter": { "type": "object", "properties": { - "componentId": { + "id": { "type": "string" }, - "createdAt": { + "parentID": { "type": "string" }, - "createdById": { + "parentType": { "type": "string" }, - "riskId": { - "type": "string" + "resources": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.BackMatterResource" + } } } }, - "risks.RiskControlLink": { + "relational.BackMatterResource": { "type": "object", "properties": { - "catalogId": { + "backMatterID": { "type": "string" }, - "controlId": { - "type": "string" + "base64": { + "$ref": "#/definitions/datatypes.JSONType-relational_Base64" }, - "createdAt": { - "type": "string" + "citation": { + "$ref": "#/definitions/datatypes.JSONType-relational_Citation" }, - "createdById": { + "description": { "type": "string" }, - "riskId": { - "type": "string" - } - } - }, - "risks.RiskEvidenceLink": { - "type": "object", - "properties": { - "createdAt": { - "type": "string" + "document-ids": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.DocumentID" + } }, - "createdById": { + "id": { + "description": "required", "type": "string" }, - "evidenceId": { - "description": "EvidenceID stores the evidence stream UUID (evidences.uuid), not a single evidence row ID.", + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Prop" + } + }, + "remarks": { "type": "string" }, - "riskId": { + "rlinks": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.ResourceLink" + } + }, + "title": { "type": "string" } } }, - "risks.RiskSubjectLink": { + "relational.ByComponent": { "type": "object", "properties": { - "createdAt": { + "component-uuid": { "type": "string" }, - "createdById": { + "description": { "type": "string" }, - "riskId": { - "type": "string" + "export": { + "$ref": "#/definitions/relational.Export" }, - "subjectId": { + "id": { "type": "string" - } - } - }, - "service.ListResponse-handler_riskResponse": { - "type": "object", - "properties": { - "data": { + }, + "implementation-status": { + "$ref": "#/definitions/datatypes.JSONType-relational_ImplementationStatus" + }, + "inherited-control-implementations": { "type": "array", "items": { - "$ref": "#/definitions/handler.riskResponse" + "$ref": "#/definitions/relational.InheritedControlImplementation" } }, - "limit": { - "type": "integer" + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Link" + } }, - "page": { - "type": "integer" + "parentID": { + "description": "As ByComponent can be found in Implemented Requirements \u0026 Statements, using GORM polymorphism to tell us where to attach", + "type": "string" }, - "total": { - "type": "integer" + "parentType": { + "type": "string" }, - "totalPages": { - "type": "integer" - } - } - }, - "service.ListResponse-risks_RiskComponentLink": { - "type": "object", - "properties": { - "data": { + "props": { "type": "array", "items": { - "$ref": "#/definitions/risks.RiskComponentLink" + "$ref": "#/definitions/relational.Prop" } }, - "limit": { - "type": "integer" + "remarks": { + "type": "string" }, - "page": { - "type": "integer" + "responsible-parties": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.ResponsibleRole" + } }, - "total": { - "type": "integer" + "satisfied": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.SatisfiedControlImplementationResponsibility" + } }, - "totalPages": { - "type": "integer" + "set-parameters": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.SetParameter" + } } } }, - "service.ListResponse-risks_RiskControlLink": { + "relational.Capability": { "type": "object", "properties": { - "data": { + "componentDefinition": { + "$ref": "#/definitions/relational.ComponentDefinition" + }, + "componentDefinitionId": { + "type": "string" + }, + "control-implementations": { "type": "array", "items": { - "$ref": "#/definitions/risks.RiskControlLink" + "$ref": "#/definitions/relational.ControlImplementationSet" } }, - "limit": { - "type": "integer" - }, - "page": { - "type": "integer" - }, - "total": { - "type": "integer" - }, - "totalPages": { - "type": "integer" - } - } - }, - "service.ListResponse-risks_RiskSubjectLink": { - "type": "object", - "properties": { - "data": { + "description": { + "description": "required", + "type": "string" + }, + "id": { + "type": "string" + }, + "incorporates-components": { "type": "array", "items": { - "$ref": "#/definitions/risks.RiskSubjectLink" + "$ref": "#/definitions/relational.IncorporatesComponents" } }, - "limit": { - "type": "integer" + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Link" + } }, - "page": { - "type": "integer" + "name": { + "description": "required", + "type": "string" }, - "total": { - "type": "integer" + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Prop" + } }, - "totalPages": { - "type": "integer" + "remarks": { + "type": "string" } } }, - "service.ListResponse-templates_evidenceTemplateResponse": { + "relational.ComponentDefinition": { "type": "object", "properties": { - "data": { + "back-matter": { + "$ref": "#/definitions/relational.BackMatter" + }, + "capabilities": { "type": "array", "items": { - "$ref": "#/definitions/templates.evidenceTemplateResponse" + "$ref": "#/definitions/relational.Capability" } }, - "limit": { - "type": "integer" + "components": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.DefinedComponent" + } }, - "page": { - "type": "integer" + "id": { + "type": "string" }, - "total": { - "type": "integer" + "import-component-definitions": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.ImportComponentDefinition" + } }, - "totalPages": { - "type": "integer" + "metadata": { + "description": "required", + "allOf": [ + { + "$ref": "#/definitions/relational.Metadata" + } + ] } } }, - "service.ListResponse-templates_riskTemplateResponse": { + "relational.Control": { "type": "object", "properties": { - "data": { + "catalogID": { + "type": "string" + }, + "class": { + "type": "string" + }, + "controls": { "type": "array", "items": { - "$ref": "#/definitions/templates.riskTemplateResponse" + "$ref": "#/definitions/relational.Control" } }, - "limit": { - "type": "integer" - }, - "page": { - "type": "integer" + "filters": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Filter" + } }, - "total": { - "type": "integer" + "id": { + "description": "required", + "type": "string" }, - "totalPages": { - "type": "integer" - } - } - }, - "service.ListResponse-templates_subjectTemplateResponse": { - "type": "object", - "properties": { - "data": { + "links": { "type": "array", "items": { - "$ref": "#/definitions/templates.subjectTemplateResponse" + "$ref": "#/definitions/relational.Link" } }, - "limit": { - "type": "integer" + "params": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Parameter" + } }, - "page": { - "type": "integer" + "parentID": { + "type": "string" }, - "total": { - "type": "integer" + "parentType": { + "type": "string" }, - "totalPages": { - "type": "integer" - } - } - }, - "service.ListResponse-uuid_UUID": { - "type": "object", - "properties": { - "data": { + "parts": { "type": "array", "items": { - "type": "string" + "$ref": "#/definitions/relational.Part" } }, - "limit": { - "type": "integer" - }, - "page": { - "type": "integer" - }, - "total": { - "type": "integer" + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Prop" + } }, - "totalPages": { - "type": "integer" - } - } - }, - "templates.evidenceTemplateDataResponse": { - "type": "object", - "properties": { - "data": { - "$ref": "#/definitions/templates.evidenceTemplateResponse" + "title": { + "description": "required", + "type": "string" } } }, - "templates.evidenceTemplateLabelSchemaFieldRequest": { + "relational.ControlImplementationResponsibility": { "type": "object", "properties": { "description": { + "description": "required", "type": "string" }, - "key": { + "exportId": { "type": "string" }, - "required": { - "type": "boolean" - } - } - }, - "templates.evidenceTemplateLabelSchemaFieldResponse": { - "type": "object", - "properties": { - "description": { + "id": { "type": "string" }, - "key": { + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Link" + } + }, + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Prop" + } + }, + "provided-uuid": { "type": "string" }, - "required": { - "type": "boolean" + "remarks": { + "type": "string" + }, + "responsible-roles": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.ResponsibleRole" + } } } }, - "templates.evidenceTemplateResponse": { + "relational.ControlImplementationSet": { "type": "object", "properties": { - "createdAt": { + "definedComponent": { + "$ref": "#/definitions/relational.DefinedComponent" + }, + "definedComponentID": { "type": "string" }, "description": { + "description": "required", "type": "string" }, "id": { "type": "string" }, - "isActive": { - "type": "boolean" - }, - "labelSchema": { - "type": "array", - "items": { - "$ref": "#/definitions/templates.evidenceTemplateLabelSchemaFieldResponse" - } - }, - "methods": { + "implemented-requirements": { + "description": "required", "type": "array", "items": { - "type": "string" + "$ref": "#/definitions/relational.ImplementedRequirementControlImplementation" } }, - "pluginId": { - "type": "string" - }, - "policyPackage": { - "type": "string" - }, - "riskTemplateIds": { + "links": { "type": "array", "items": { - "type": "string" + "$ref": "#/definitions/relational.Link" } }, - "selectorLabels": { + "props": { "type": "array", "items": { - "$ref": "#/definitions/templates.evidenceTemplateSelectorLabelResponse" + "$ref": "#/definitions/relational.Prop" } }, - "subjectTemplateIds": { + "set-parameters": { "type": "array", "items": { - "type": "string" + "$ref": "#/definitions/relational.SetParameter" } }, - "title": { - "type": "string" - }, - "updatedAt": { - "type": "string" - } - } - }, - "templates.evidenceTemplateSelectorLabelRequest": { - "type": "object", - "properties": { - "key": { - "type": "string" - }, - "value": { + "source": { + "description": "required", "type": "string" } } }, - "templates.evidenceTemplateSelectorLabelResponse": { + "relational.ControlObjectiveSelection": { "type": "object", "properties": { - "key": { + "description": { "type": "string" }, - "value": { - "type": "string" - } - } - }, - "templates.remediationTaskRequest": { - "type": "object", - "properties": { - "orderIndex": { - "type": "integer" + "excludeObjectives": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.SelectObjectiveById" + } }, - "title": { - "type": "string" - } - } - }, - "templates.remediationTaskResponse": { - "type": "object", - "properties": { "id": { "type": "string" }, - "orderIndex": { - "type": "integer" + "includeAll": { + "$ref": "#/definitions/datatypes.JSONType-relational_IncludeAll" + }, + "includeObjectives": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.SelectObjectiveById" + } + }, + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Link" + } + }, + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Prop" + } + }, + "remarks": { + "type": "string" }, - "title": { + "reviewedControlsID": { "type": "string" } } }, - "templates.remediationTemplateRequest": { + "relational.ControlSelection": { "type": "object", "properties": { "description": { "type": "string" }, - "tasks": { + "excludeControls": { "type": "array", "items": { - "$ref": "#/definitions/templates.remediationTaskRequest" + "$ref": "#/definitions/relational.AssessedControlsSelectControlById" } }, - "title": { + "id": { + "type": "string" + }, + "includeAll": { + "$ref": "#/definitions/datatypes.JSONType-relational_IncludeAll" + }, + "includeControls": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.AssessedControlsSelectControlById" + } + }, + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Link" + } + }, + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Prop" + } + }, + "remarks": { + "type": "string" + }, + "reviewedControlsID": { "type": "string" } } }, - "templates.remediationTemplateResponse": { + "relational.ControlStatementImplementation": { "type": "object", "properties": { "description": { + "description": "required", "type": "string" }, "id": { "type": "string" }, - "tasks": { + "implementedRequirementControlImplementationId": { + "type": "string" + }, + "links": { "type": "array", "items": { - "$ref": "#/definitions/templates.remediationTaskResponse" + "$ref": "#/definitions/relational.Link" } }, - "title": { + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Prop" + } + }, + "remarks": { + "type": "string" + }, + "responsible-roles": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.ResponsibleRole" + } + }, + "statement-id": { + "description": "required", "type": "string" } } }, - "templates.riskTemplateDataResponse": { - "type": "object", - "properties": { - "data": { - "$ref": "#/definitions/templates.riskTemplateResponse" - } - } - }, - "templates.riskTemplateResponse": { + "relational.DefinedComponent": { "type": "object", "properties": { - "createdAt": { - "type": "string" - }, - "id": { - "type": "string" - }, - "impactHint": { - "type": "string" - }, - "isActive": { - "type": "boolean" + "componentDefinition": { + "$ref": "#/definitions/relational.ComponentDefinition" }, - "likelihoodHint": { + "componentDefinitionID": { "type": "string" }, - "name": { - "type": "string" + "control-implementations": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.ControlImplementationSet" + } }, - "pluginId": { + "description": { + "description": "required", "type": "string" }, - "policyPackage": { + "id": { "type": "string" }, - "remediationTemplate": { - "$ref": "#/definitions/templates.remediationTemplateResponse" + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Link" + } }, - "statement": { - "type": "string" + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Prop" + } }, - "threatIds": { + "protocols": { "type": "array", "items": { - "$ref": "#/definitions/templates.threatIDResponse" + "$ref": "#/definitions/relational.Protocol" } }, - "title": { + "purpose": { "type": "string" }, - "updatedAt": { + "remarks": { "type": "string" }, - "violationIds": { + "responsible-roles": { "type": "array", "items": { - "type": "string" + "$ref": "#/definitions/relational.ResponsibleRole" } - } - } - }, - "templates.subjectTemplateDataResponse": { - "type": "object", - "properties": { - "data": { - "$ref": "#/definitions/templates.subjectTemplateResponse" - } - } - }, - "templates.subjectTemplateLabelSchemaFieldRequest": { - "type": "object", - "properties": { - "description": { + }, + "title": { + "description": "required", "type": "string" }, - "key": { + "type": { + "description": "required", "type": "string" } } }, - "templates.subjectTemplateLabelSchemaFieldResponse": { + "relational.DocumentID": { "type": "object", "properties": { - "description": { + "identifier": { "type": "string" }, - "key": { - "type": "string" + "scheme": { + "$ref": "#/definitions/relational.DocumentIDScheme" } } }, - "templates.subjectTemplateResponse": { + "relational.DocumentIDScheme": { + "type": "string", + "enum": [ + "http://www.doi.org/" + ], + "x-enum-varnames": [ + "DocumentIDSchemeDoi" + ] + }, + "relational.Evidence": { "type": "object", "properties": { - "createdAt": { + "activities": { + "description": "What steps did we take to create this evidence", + "type": "array", + "items": { + "$ref": "#/definitions/relational.Activity" + } + }, + "back-matter": { + "$ref": "#/definitions/relational.BackMatter" + }, + "components": { + "description": "Which components of the subject are being observed. A tool, user, policy etc.", + "type": "array", + "items": { + "$ref": "#/definitions/relational.SystemComponent" + } + }, + "description": { "type": "string" }, - "descriptionTemplate": { + "end": { + "type": "string" + }, + "expires": { "type": "string" }, "id": { "type": "string" }, - "identityLabelKeys": { + "inventory-items": { "type": "array", "items": { - "type": "string" + "$ref": "#/definitions/relational.InventoryItem" } }, - "labelSchema": { + "labels": { + "description": "Assigning labels to Evidence makes it searchable and easily usable in the UI", "type": "array", "items": { - "$ref": "#/definitions/templates.subjectTemplateLabelSchemaFieldResponse" + "$ref": "#/definitions/relational.Labels" } }, "links": { @@ -32893,8 +23772,12 @@ const docTemplate = `{ "$ref": "#/definitions/relational.Link" } }, - "name": { - "type": "string" + "origins": { + "description": "Who or What is generating this evidence", + "type": "array", + "items": { + "$ref": "#/definitions/relational.Origin" + } }, "props": { "type": "array", @@ -32902,207 +23785,198 @@ const docTemplate = `{ "$ref": "#/definitions/relational.Prop" } }, - "purposeTemplate": { + "remarks": { "type": "string" }, - "remarksTemplate": { + "start": { + "description": "When did we start collecting the evidence, and when did the process end, and how long is it valid for ?", "type": "string" }, - "selectorLabels": { + "status": { + "description": "Did we satisfy what was being tested for, or did we fail ?", + "allOf": [ + { + "$ref": "#/definitions/datatypes.JSONType-oscalTypes_1_1_3_ObjectiveStatus" + } + ] + }, + "subjects": { + "description": "Who or What are we providing evidence for. What's under test.", "type": "array", "items": { - "$ref": "#/definitions/templates.subjectTemplateSelectorLabelResponse" + "$ref": "#/definitions/relational.AssessmentSubject" } }, - "sourceMode": { - "type": "string" - }, - "titleTemplate": { - "type": "string" - }, - "type": { - "type": "string" - }, - "updatedAt": { - "type": "string" - } - } - }, - "templates.subjectTemplateSelectorLabelRequest": { - "type": "object", - "properties": { - "key": { - "type": "string" - }, - "value": { - "type": "string" - } - } - }, - "templates.subjectTemplateSelectorLabelResponse": { - "type": "object", - "properties": { - "key": { - "type": "string" - }, - "value": { - "type": "string" - } - } - }, - "templates.threatIDRequest": { - "type": "object", - "properties": { - "id": { - "type": "string" - }, - "system": { - "type": "string" - }, - "title": { - "type": "string" - }, - "url": { - "type": "string" - } - } - }, - "templates.threatIDResponse": { - "type": "object", - "properties": { - "id": { - "type": "string" - }, - "system": { - "type": "string" - }, "title": { "type": "string" }, - "url": { + "uuid": { + "description": "UUID needs to remain consistent when automation runs again, but unique for each subject.\nIt represents the \"stream\" of the same observation being made over time.", "type": "string" } } }, - "templates.upsertEvidenceTemplateRequest": { + "relational.Export": { "type": "object", "properties": { + "byComponentId": { + "type": "string" + }, "description": { "type": "string" }, - "isActive": { - "type": "boolean" + "id": { + "type": "string" }, - "labelSchema": { + "links": { "type": "array", "items": { - "$ref": "#/definitions/templates.evidenceTemplateLabelSchemaFieldRequest" + "$ref": "#/definitions/relational.Link" } }, - "methods": { + "props": { "type": "array", "items": { - "type": "string" + "$ref": "#/definitions/relational.Prop" } }, - "pluginId": { - "type": "string" + "provided": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.ProvidedControlImplementation" + } }, - "policyPackage": { + "remarks": { "type": "string" }, - "riskTemplateIds": { + "responsibilities": { "type": "array", "items": { - "type": "string" + "$ref": "#/definitions/relational.ControlImplementationResponsibility" } - }, - "selectorLabels": { + } + } + }, + "relational.Filter": { + "type": "object", + "properties": { + "components": { "type": "array", "items": { - "$ref": "#/definitions/templates.evidenceTemplateSelectorLabelRequest" + "$ref": "#/definitions/relational.SystemComponent" } }, - "subjectTemplateIds": { + "controls": { "type": "array", "items": { - "type": "string" + "$ref": "#/definitions/relational.Control" } }, - "title": { + "filter": { + "$ref": "#/definitions/datatypes.JSONType-labelfilter_Filter" + }, + "id": { + "type": "string" + }, + "name": { "type": "string" } } }, - "templates.upsertRiskTemplateRequest": { + "relational.Hash": { "type": "object", "properties": { - "impactHint": { - "type": "string" - }, - "isActive": { - "type": "boolean" + "algorithm": { + "description": "required", + "allOf": [ + { + "$ref": "#/definitions/relational.HashAlgorithm" + } + ] }, - "likelihoodHint": { + "value": { + "description": "required", "type": "string" + } + } + }, + "relational.HashAlgorithm": { + "type": "string", + "enum": [ + "SHA-224", + "SHA-256", + "SHA-384", + "SHA-512", + "SHA3-224", + "SHA3-256", + "SHA3-384", + "SHA3-512" + ], + "x-enum-varnames": [ + "HashAlgorithmSHA_224", + "HashAlgorithmSHA_256", + "HashAlgorithmSHA_384", + "HashAlgorithmSHA_512", + "HashAlgorithmSHA3_224", + "HashAlgorithmSHA3_256", + "HashAlgorithmSHA3_384", + "HashAlgorithmSHA3_512" + ] + }, + "relational.ImplementedComponent": { + "type": "object", + "properties": { + "component": { + "$ref": "#/definitions/relational.DefinedComponent" }, - "name": { + "component-uuid": { "type": "string" }, - "pluginId": { + "id": { "type": "string" }, - "policyPackage": { + "inventoryItemId": { "type": "string" }, - "remediationTemplate": { - "$ref": "#/definitions/templates.remediationTemplateRequest" - }, - "statement": { - "type": "string" + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Link" + } }, - "threatIds": { + "props": { "type": "array", "items": { - "$ref": "#/definitions/templates.threatIDRequest" + "$ref": "#/definitions/relational.Prop" } }, - "title": { + "remarks": { "type": "string" }, - "violationIds": { + "responsible-parties": { "type": "array", "items": { - "type": "string" + "$ref": "#/definitions/relational.ResponsibleParty" } } } }, - "templates.upsertSubjectTemplateRequest": { + "relational.ImplementedRequirementControlImplementation": { "type": "object", - "required": [ - "identityLabelKeys", - "labelSchema", - "name", - "selectorLabels", - "sourceMode", - "type" - ], "properties": { - "descriptionTemplate": { + "control-id": { + "description": "required", "type": "string" }, - "identityLabelKeys": { - "type": "array", - "items": { - "type": "string" - } + "controlImplementationSetID": { + "type": "string" }, - "labelSchema": { - "type": "array", - "items": { - "$ref": "#/definitions/templates.subjectTemplateLabelSchemaFieldRequest" - } + "description": { + "description": "required", + "type": "string" + }, + "id": { + "type": "string" }, "links": { "type": "array", @@ -33110,351 +23984,297 @@ const docTemplate = `{ "$ref": "#/definitions/relational.Link" } }, - "name": { - "type": "string" - }, "props": { "type": "array", "items": { "$ref": "#/definitions/relational.Prop" } }, - "purposeTemplate": { - "type": "string" - }, - "remarksTemplate": { + "remarks": { "type": "string" }, - "selectorLabels": { + "responsible-roles": { + "description": "required", "type": "array", "items": { - "$ref": "#/definitions/templates.subjectTemplateSelectorLabelRequest" + "$ref": "#/definitions/relational.ResponsibleRole" } }, - "sourceMode": { - "type": "string" - }, - "titleTemplate": { - "type": "string" + "set-parameters": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.SetParameter" + } }, - "type": { - "type": "string" + "statements": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.ControlStatementImplementation" + } } } }, - "time.Duration": { - "type": "integer", - "format": "int64", - "enum": [ - -9223372036854775808, - 9223372036854775807, - 1, - 1000, - 1000000, - 1000000000, - 60000000000, - 3600000000000 - ], - "x-enum-varnames": [ - "minDuration", - "maxDuration", - "Nanosecond", - "Microsecond", - "Millisecond", - "Second", - "Minute", - "Hour" - ] - }, - "workflow.EvidenceSubmission": { + "relational.ImportComponentDefinition": { "type": "object", "properties": { - "description": { - "type": "string" - }, - "evidence-id": { - "type": "string" - }, - "evidence-type": { - "type": "string" - }, - "file-content": { - "description": "Base64 encoded file content", - "type": "string" - }, - "file-hash": { - "type": "string" - }, - "file-path": { - "type": "string" - }, - "file-size": { - "type": "integer" - }, - "media-type": { - "description": "MIME type (e.g., \"application/pdf\", \"image/png\")", - "type": "string" - }, - "metadata": { - "type": "string" - }, - "name": { + "href": { "type": "string" } } }, - "workflow.ExecutionMetrics": { + "relational.IncorporatesComponents": { "type": "object", "properties": { - "averageStepDuration": { - "$ref": "#/definitions/time.Duration" - }, - "duration": { - "$ref": "#/definitions/time.Duration" - }, - "executionID": { + "component-uuid": { "type": "string" }, - "longestStepDuration": { - "$ref": "#/definitions/time.Duration" - }, - "totalSteps": { - "type": "integer" + "description": { + "type": "string" } } }, - "workflow.ExecutionStatus": { + "relational.InheritedControlImplementation": { "type": "object", "properties": { - "blockedSteps": { - "type": "integer" - }, - "cancelledSteps": { - "type": "integer" - }, - "completedAt": { - "type": "string" - }, - "completedSteps": { - "type": "integer" - }, - "executionID": { + "byComponentId": { "type": "string" }, - "failedAt": { + "description": { + "description": "required", "type": "string" }, - "failedSteps": { - "type": "integer" - }, - "failureReason": { + "id": { "type": "string" }, - "inProgressSteps": { - "type": "integer" - }, - "overdueSteps": { - "type": "integer" - }, - "pendingSteps": { - "type": "integer" + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Link" + } }, - "startedAt": { - "type": "string" + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Prop" + } }, - "status": { + "provided-uuid": { "type": "string" }, - "totalSteps": { - "type": "integer" - } - } - }, - "workflows.BulkReassignRoleResponse": { - "type": "object", - "properties": { - "data": { - "$ref": "#/definitions/workflows.BulkReassignRoleResponseData" + "responsible-roles": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.ResponsibleRole" + } } } }, - "workflows.BulkReassignRoleResponseData": { + "relational.InventoryItem": { "type": "object", "properties": { - "execution-id": { + "description": { + "type": "string" + }, + "evidence": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Evidence" + } + }, + "id": { "type": "string" }, - "reassigned-count": { - "type": "integer" + "implemented-components": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.ImplementedComponent" + } + }, + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Link" + } + }, + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Prop" + } + }, + "remarks": { + "type": "string" }, - "reassigned-step-execution-ids": { + "responsible-parties": { "type": "array", "items": { - "type": "string" + "$ref": "#/definitions/relational.ResponsibleParty" } }, - "role-name": { + "systemImplementationId": { "type": "string" } } }, - "workflows.CancelWorkflowExecutionRequest": { + "relational.Labels": { "type": "object", "properties": { - "reason": { + "name": { + "type": "string" + }, + "value": { "type": "string" } } }, - "workflows.ControlRelationship": { + "relational.Link": { "type": "object", "properties": { - "catalog_id": { - "description": "Link to catalog if available", + "href": { "type": "string" }, - "control_id": { - "description": "Control Information", + "media-type": { "type": "string" }, - "control_source": { - "description": "e.g., \"NIST 800-53 Rev 5\", \"ISO 27001\"", + "rel": { "type": "string" }, - "created-at": { + "resource-fragment": { "type": "string" }, - "deleted_at": { - "$ref": "#/definitions/gorm.DeletedAt" - }, - "id": { + "text": { "type": "string" + } + } + }, + "relational.Location": { + "type": "object", + "properties": { + "address": { + "$ref": "#/definitions/datatypes.JSONType-relational_Address" }, - "is_active": { - "type": "boolean" + "email-addresses": { + "type": "array", + "items": { + "type": "string" + } }, - "relationship_type": { - "description": "Relationship Information", + "id": { "type": "string" }, - "strength": { - "description": "primary, secondary, supporting", - "type": "string" + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Link" + } }, - "updated-at": { + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Prop" + } + }, + "remarks": { "type": "string" }, - "workflow_definition": { - "description": "Relationships", - "allOf": [ - { - "$ref": "#/definitions/workflows.WorkflowDefinition" - } - ] + "telephone-numbers": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.TelephoneNumber" + } }, - "workflow_definition_id": { - "description": "Foreign Keys", + "title": { "type": "string" - } - } - }, - "workflows.ControlRelationshipListResponse": { - "type": "object", - "properties": { - "data": { + }, + "urls": { "type": "array", "items": { - "$ref": "#/definitions/workflows.ControlRelationship" + "type": "string" } } } }, - "workflows.ControlRelationshipResponse": { - "type": "object", - "properties": { - "data": { - "$ref": "#/definitions/workflows.ControlRelationship" - } - } - }, - "workflows.CreateControlRelationshipRequest": { + "relational.Metadata": { "type": "object", - "required": [ - "catalog-id", - "control-id", - "workflow-definition-id" - ], "properties": { - "catalog-id": { - "type": "string" + "actions": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Action" + } }, - "control-id": { + "document-ids": { + "description": "-\u003e DocumentID", + "type": "array", + "items": { + "$ref": "#/definitions/relational.DocumentID" + } + }, + "id": { "type": "string" }, - "description": { + "last-modified": { "type": "string" }, - "is-active": { - "type": "boolean" + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Link" + } }, - "relationship-type": { - "description": "If not provided - 'satisfies' is used", - "type": "string" + "locations": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Location" + } }, - "strength": { - "description": "If not provided - 'primary' is used", + "oscal-version": { "type": "string" }, - "workflow-definition-id": { - "type": "string" - } - } - }, - "workflows.CreateRoleAssignmentRequest": { - "type": "object", - "required": [ - "assigned-to-id", - "assigned-to-type", - "role-name", - "workflow-instance-id" - ], - "properties": { - "assigned-to-id": { + "parentID": { + "description": "Metadata is shared across many resources, and so it mapped using a polymorphic relationship", "type": "string" }, - "assigned-to-type": { + "parentType": { "type": "string" }, - "is-active": { - "type": "boolean" + "parties": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Party" + } }, - "role-name": { - "type": "string" + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Prop" + } }, - "workflow-instance-id": { - "type": "string" - } - } - }, - "workflows.CreateWorkflowDefinitionRequest": { - "type": "object", - "required": [ - "name" - ], - "properties": { - "description": { + "published": { "type": "string" }, - "evidence-required": { + "remarks": { "type": "string" }, - "grace-period-days": { - "type": "integer" + "responsibleParties": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.ResponsibleParty" + } }, - "name": { - "type": "string" + "revisions": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Revision" + } + }, + "roles": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Role" + } }, - "suggested-cadence": { + "title": { "type": "string" }, "version": { @@ -33462,1041 +24282,893 @@ const docTemplate = `{ } } }, - "workflows.CreateWorkflowInstanceRequest": { + "relational.Origin": { "type": "object", - "required": [ - "name", - "system-id", - "workflow-definition-id" - ], "properties": { - "cadence": { - "type": "string" - }, - "description": { - "type": "string" - }, - "grace-period-days": { - "type": "integer" - }, - "is-active": { - "type": "boolean" - }, - "name": { - "type": "string" - }, - "system-id": { - "type": "string" + "actors": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.OriginActor" + } }, - "workflow-definition-id": { - "type": "string" + "related-tasks": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.RelatedTask" + } } } }, - "workflows.CreateWorkflowStepDefinitionRequest": { + "relational.Parameter": { "type": "object", - "required": [ - "name", - "responsible-role", - "workflow-definition-id" - ], "properties": { - "depends-on": { - "description": "Array of step IDs this step depends on", + "class": { + "type": "string" + }, + "constraints": { "type": "array", "items": { - "type": "string" + "$ref": "#/definitions/relational.ParameterConstraint" } }, - "description": { + "guidelines": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.ParameterGuideline" + } + }, + "id": { "type": "string" }, - "estimated-duration": { - "type": "integer" + "label": { + "type": "string" }, - "evidence-required": { + "links": { "type": "array", "items": { - "$ref": "#/definitions/workflows.EvidenceRequirement" + "$ref": "#/definitions/relational.Link" } }, - "grace-period-days": { - "type": "integer" + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Prop" + } }, - "name": { + "remarks": { "type": "string" }, - "responsible-role": { - "type": "string" + "select": { + "$ref": "#/definitions/datatypes.JSONType-relational_ParameterSelection" }, - "workflow-definition-id": { - "type": "string" - } - } - }, - "workflows.EvidenceRequirement": { - "type": "object", - "properties": { - "description": { + "usage": { "type": "string" }, - "required": { - "type": "boolean" - }, - "type": { - "type": "string" - } - } - }, - "workflows.FailStepRequest": { - "type": "object", - "required": [ - "reason" - ], - "properties": { - "reason": { - "type": "string" + "values": { + "type": "array", + "items": { + "type": "string" + } } } }, - "workflows.MyAssignmentsResponse": { + "relational.ParameterConstraint": { "type": "object", "properties": { - "data": { + "description": { + "type": "string" + }, + "tests": { "type": "array", "items": { - "$ref": "#/definitions/workflows.StepExecution" + "$ref": "#/definitions/relational.ParameterConstraintTest" } - }, - "has-more": { - "type": "boolean" - }, - "limit": { - "type": "integer" - }, - "offset": { - "type": "integer" - }, - "total": { - "type": "integer" } } }, - "workflows.ReassignRoleRequest": { + "relational.ParameterConstraintTest": { "type": "object", - "required": [ - "new-assigned-to-id", - "new-assigned-to-type", - "role-name" - ], "properties": { - "new-assigned-to-id": { - "type": "string" - }, - "new-assigned-to-type": { - "type": "string", - "enum": [ - "user", - "group", - "email" - ] - }, - "reason": { + "expression": { "type": "string" }, - "role-name": { + "remarks": { "type": "string" } } }, - "workflows.ReassignStepRequest": { + "relational.ParameterGuideline": { "type": "object", - "required": [ - "assigned-to-id", - "assigned-to-type" - ], "properties": { - "assigned-to-id": { - "type": "string" - }, - "assigned-to-type": { - "type": "string", - "enum": [ - "user", - "group", - "email" - ] - }, - "reason": { + "prose": { "type": "string" } } }, - "workflows.RoleAssignment": { + "relational.Part": { "type": "object", "properties": { - "assigned_to_id": { - "description": "User ID, group ID, or email", + "class": { "type": "string" }, - "assigned_to_type": { - "description": "user, group, email", + "id": { "type": "string" }, - "id": { + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Link" + } + }, + "name": { "type": "string" }, - "is_active": { - "type": "boolean" + "ns": { + "type": "string" }, - "role_name": { + "part_id": { "type": "string" }, - "workflow_instance": { - "description": "Relationships", - "allOf": [ - { - "$ref": "#/definitions/workflows.WorkflowInstance" - } - ] + "parts": { + "description": "-\u003e Part", + "type": "array", + "items": { + "$ref": "#/definitions/relational.Part" + } + }, + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Prop" + } + }, + "prose": { + "type": "string" }, - "workflow_instance_id": { + "title": { "type": "string" } } }, - "workflows.RoleAssignmentListResponse": { + "relational.Party": { "type": "object", "properties": { - "data": { + "addresses": { "type": "array", "items": { - "$ref": "#/definitions/workflows.RoleAssignment" + "$ref": "#/definitions/relational.Address" } - } - } - }, - "workflows.RoleAssignmentResponse": { - "type": "object", - "properties": { - "data": { - "$ref": "#/definitions/workflows.RoleAssignment" - } - } - }, - "workflows.StartWorkflowExecutionRequest": { - "type": "object", - "required": [ - "triggered-by", - "workflow-instance-id" - ], - "properties": { - "triggered-by": { + }, + "email-addresses": { + "type": "array", + "items": { + "type": "string" + } + }, + "external-ids": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.PartyExternalID" + } + }, + "id": { + "type": "string" + }, + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Link" + } + }, + "locations": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Location" + } + }, + "member-of-organizations": { + "description": "-\u003e Party", + "type": "array", + "items": { + "$ref": "#/definitions/relational.Party" + } + }, + "name": { "type": "string" }, - "triggered-by-id": { + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Prop" + } + }, + "remarks": { "type": "string" }, - "workflow-instance-id": { + "short-name": { "type": "string" + }, + "telephone-numbers": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.TelephoneNumber" + } + }, + "type": { + "$ref": "#/definitions/relational.PartyType" } } }, - "workflows.StepDependency": { + "relational.PartyExternalID": { "type": "object", "properties": { - "depends_on_step": { - "$ref": "#/definitions/workflows.WorkflowStepDefinition" - }, - "depends_on_step_id": { - "type": "string" - }, "id": { "type": "string" }, - "workflow_step_definition": { - "description": "Relationships", - "allOf": [ - { - "$ref": "#/definitions/workflows.WorkflowStepDefinition" - } - ] - }, - "workflow_step_definition_id": { - "type": "string" + "scheme": { + "$ref": "#/definitions/relational.PartyExternalIDScheme" } } }, - "workflows.StepEvidence": { + "relational.PartyExternalIDScheme": { + "type": "string", + "enum": [ + "http://orcid.org/" + ], + "x-enum-varnames": [ + "PartyExternalIDSchemeOrchid" + ] + }, + "relational.PartyType": { + "type": "string", + "enum": [ + "person", + "organization" + ], + "x-enum-varnames": [ + "PartyTypePerson", + "PartyTypeOrganization" + ] + }, + "relational.Prop": { "type": "object", "properties": { - "created-at": { - "type": "string" - }, - "deleted_at": { - "$ref": "#/definitions/gorm.DeletedAt" - }, - "description": { + "class": { "type": "string" }, - "evidence": { - "$ref": "#/definitions/relational.Evidence" - }, - "evidence_id": { - "description": "Link to main evidence table", + "group": { "type": "string" }, - "evidence_type": { - "description": "document, attestation, screenshot, log", + "name": { "type": "string" }, - "file-size": { - "description": "File size in bytes", - "type": "integer" - }, - "file_hash": { - "description": "SHA-256 hash of file", + "ns": { "type": "string" }, - "file_path": { - "description": "Path to stored file", + "remarks": { "type": "string" }, - "id": { + "uuid": { "type": "string" }, - "metadata": { - "description": "JSON metadata", + "value": { "type": "string" - }, + } + } + }, + "relational.Protocol": { + "type": "object", + "properties": { "name": { - "description": "Evidence Information", "type": "string" }, - "step_execution": { - "description": "Relationships", - "allOf": [ - { - "$ref": "#/definitions/workflows.StepExecution" - } - ] + "port-ranges": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.PortRange" + } }, - "step_execution_id": { - "description": "Foreign Keys", + "title": { "type": "string" }, - "updated-at": { + "uuid": { "type": "string" } } }, - "workflows.StepExecution": { + "relational.ProvidedControlImplementation": { "type": "object", "properties": { - "assigned-at": { - "type": "string" - }, - "assigned_to_id": { - "description": "User ID, group ID, or email", + "description": { "type": "string" }, - "assigned_to_type": { - "description": "Assignment Information", + "exportId": { "type": "string" }, - "completed-at": { + "id": { "type": "string" }, - "created-at": { - "type": "string" + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Link" + } }, - "deleted_at": { - "$ref": "#/definitions/gorm.DeletedAt" + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Prop" + } }, - "due_date": { + "remarks": { "type": "string" }, - "failed-at": { - "type": "string" + "responsible-roles": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.ResponsibleRole" + } + } + } + }, + "relational.ResourceLink": { + "type": "object", + "properties": { + "hashes": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Hash" + } }, - "failure_reason": { + "href": { + "description": "required", "type": "string" }, - "id": { + "media-type": { "type": "string" - }, - "overdue-at": { + } + } + }, + "relational.ResponsibleParty": { + "type": "object", + "properties": { + "id": { "type": "string" }, - "reassignment_history": { + "links": { "type": "array", "items": { - "$ref": "#/definitions/workflows.StepReassignmentHistory" + "$ref": "#/definitions/relational.Link" } }, - "started-at": { + "parentID": { + "description": "Polymorphic relationship - allows ResponsibleParty to belong to different parent types", "type": "string" }, - "status": { - "description": "Execution Information", + "parentType": { "type": "string" }, - "step_evidence": { + "parties": { "type": "array", "items": { - "$ref": "#/definitions/workflows.StepEvidence" + "$ref": "#/definitions/relational.ResponsiblePartyParties" } }, - "updated-at": { - "type": "string" - }, - "workflow_execution": { - "description": "Relationships", - "allOf": [ - { - "$ref": "#/definitions/workflows.WorkflowExecution" - } - ] + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Prop" + } }, - "workflow_execution_id": { - "description": "Foreign Keys", + "remarks": { "type": "string" }, - "workflow_step_definition": { - "$ref": "#/definitions/workflows.WorkflowStepDefinition" + "role": { + "$ref": "#/definitions/relational.Role" }, - "workflow_step_definition_id": { + "role-id": { + "description": "required", "type": "string" } } }, - "workflows.StepExecutionListResponse": { - "type": "object", - "properties": { - "data": { - "type": "array", - "items": { - "$ref": "#/definitions/workflows.StepExecution" - } - } - } - }, - "workflows.StepExecutionResponse": { + "relational.ResponsiblePartyParties": { "type": "object", "properties": { - "data": { - "$ref": "#/definitions/workflows.StepExecution" + "partyID": { + "type": "string" + }, + "responsiblePartyID": { + "type": "string" } } }, - "workflows.StepReassignmentHistory": { + "relational.ResponsibleRole": { "type": "object", "properties": { - "created-at": { - "type": "string" - }, - "deleted_at": { - "$ref": "#/definitions/gorm.DeletedAt" - }, "id": { "type": "string" }, - "new_assigned_to_id": { - "type": "string" + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Link" + } }, - "new_assigned_to_type": { + "parentID": { "type": "string" }, - "previous_assigned_to_id": { + "parentType": { "type": "string" }, - "previous_assigned_to_type": { - "type": "string" + "parties": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Party" + } }, - "reason": { - "type": "string" + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Prop" + } }, - "reassigned_by_email": { + "remarks": { "type": "string" }, - "reassigned_by_user_id": { + "role": { + "$ref": "#/definitions/relational.Role" + }, + "role-id": { + "description": "required", "type": "string" + } + } + }, + "relational.ReviewedControls": { + "type": "object", + "properties": { + "controlObjectiveSelections": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.ControlObjectiveSelection" + } }, - "step_execution": { - "$ref": "#/definitions/workflows.StepExecution" + "controlSelections": { + "description": "required", + "type": "array", + "items": { + "$ref": "#/definitions/relational.ControlSelection" + } }, - "step_execution_id": { + "description": { "type": "string" }, - "updated-at": { + "id": { "type": "string" }, - "workflow_execution_id": { + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Link" + } + }, + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Prop" + } + }, + "remarks": { "type": "string" } } }, - "workflows.StepTrigger": { + "relational.Revision": { "type": "object", "properties": { "id": { "type": "string" }, - "is_active": { - "type": "boolean" - }, - "trigger_condition": { - "description": "JSON condition expression", + "last-modified": { "type": "string" }, - "trigger_type": { - "description": "evidence_stream, time_based, external_event", - "type": "string" + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Link" + } }, - "workflow_step_definition": { - "description": "Relationships", - "allOf": [ - { - "$ref": "#/definitions/workflows.WorkflowStepDefinition" - } - ] + "metadata-id": { + "description": "Revision only exist on a metadata object. We'll link them straight there with a BelongsTo relationship", + "type": "string" }, - "workflow_step_definition_id": { + "oscal-version": { "type": "string" - } - } - }, - "workflows.TransitionStepRequest": { - "type": "object", - "required": [ - "status", - "user-id", - "user-type" - ], - "properties": { - "evidence": { + }, + "props": { "type": "array", "items": { - "$ref": "#/definitions/workflow.EvidenceSubmission" + "$ref": "#/definitions/relational.Prop" } }, - "notes": { + "published": { "type": "string" }, - "status": { - "type": "string", - "enum": [ - "in_progress", - "completed" - ] + "remarks": { + "type": "string" }, - "user-id": { + "title": { "type": "string" }, - "user-type": { - "type": "string", - "enum": [ - "user", - "group", - "email" - ] + "version": { + "description": "required", + "type": "string" } } }, - "workflows.UpdateControlRelationshipRequest": { + "relational.Role": { "type": "object", "properties": { "description": { "type": "string" }, - "relationship-type": { + "id": { "type": "string" }, - "strength": { + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Link" + } + }, + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Prop" + } + }, + "remarks": { "type": "string" - } - } - }, - "workflows.UpdateRoleAssignmentRequest": { - "type": "object", - "properties": { - "assigned-to-id": { + }, + "short-name": { "type": "string" }, - "assigned-to-type": { + "title": { "type": "string" } } }, - "workflows.UpdateWorkflowDefinitionRequest": { + "relational.SatisfiedControlImplementationResponsibility": { "type": "object", "properties": { + "by-component-id": { + "type": "string" + }, "description": { "type": "string" }, - "evidence-required": { + "id": { "type": "string" }, - "grace-period-days": { - "type": "integer" + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Link" + } }, - "name": { - "type": "string" + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Prop" + } }, - "suggested-cadence": { + "remarks": { "type": "string" }, - "version": { + "responsibility-uuid": { "type": "string" + }, + "responsible-roles": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.ResponsibleRole" + } } } }, - "workflows.UpdateWorkflowInstanceRequest": { + "relational.SelectObjectiveById": { "type": "object", "properties": { - "cadence": { + "id": { "type": "string" }, - "description": { + "objective": { + "description": "required", "type": "string" }, - "grace-period-days": { - "type": "integer" - }, - "is-active": { - "type": "boolean" + "parentID": { + "type": "string" }, - "name": { + "parentType": { "type": "string" } } }, - "workflows.UpdateWorkflowStepDefinitionRequest": { + "relational.SelectSubjectById": { "type": "object", "properties": { - "depends-on": { - "type": "array", - "items": { - "type": "string" - } - }, - "description": { + "assessmentSubjectID": { "type": "string" }, - "estimated-duration": { - "type": "integer" + "id": { + "type": "string" }, - "evidence-required": { + "links": { "type": "array", "items": { - "$ref": "#/definitions/workflows.EvidenceRequirement" + "$ref": "#/definitions/relational.Link" } }, - "grace-period-days": { - "type": "integer" + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Prop" + } }, - "name": { + "remarks": { "type": "string" }, - "responsible-role": { + "subjectUUID": { + "description": "SubjectUUID technically represents a UUID of a component, party, location, user, or inventory item.\nIt will likely be updated once we can map it correctly", "type": "string" } } }, - "workflows.WorkflowDefinition": { + "relational.SetParameter": { "type": "object", "properties": { - "control_relationships": { - "type": "array", - "items": { - "$ref": "#/definitions/workflows.ControlRelationship" - } - }, - "created-at": { - "type": "string" - }, - "created_by_id": { - "description": "Audit Fields", - "type": "string" - }, - "deleted_at": { - "$ref": "#/definitions/gorm.DeletedAt" - }, - "description": { + "param-id": { "type": "string" }, - "evidence_required": { - "description": "JSON array of required evidence types", + "remarks": { "type": "string" }, - "grace-period-days": { - "description": "Override global default if set", - "type": "integer" + "values": { + "type": "array", + "items": { + "type": "string" + } + } + } + }, + "relational.Statement": { + "type": "object", + "properties": { + "by-components": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.ByComponent" + } }, "id": { "type": "string" }, - "instances": { + "implementedRequirementId": { + "type": "string" + }, + "links": { "type": "array", "items": { - "$ref": "#/definitions/workflows.WorkflowInstance" + "$ref": "#/definitions/relational.Link" } }, - "name": { - "description": "Basic Information", - "type": "string" - }, - "steps": { - "description": "Relationships", + "props": { "type": "array", "items": { - "$ref": "#/definitions/workflows.WorkflowStepDefinition" + "$ref": "#/definitions/relational.Prop" } }, - "suggested_cadence": { - "description": "Workflow Configuration", - "type": "string" - }, - "updated-at": { - "type": "string" - }, - "updated_by_id": { + "remarks": { "type": "string" }, - "version": { - "type": "string" - } - } - }, - "workflows.WorkflowDefinitionListResponse": { - "type": "object", - "properties": { - "data": { + "responsible-roles": { "type": "array", "items": { - "$ref": "#/definitions/workflows.WorkflowDefinition" + "$ref": "#/definitions/relational.ResponsibleRole" } + }, + "statement-id": { + "type": "string" } } }, - "workflows.WorkflowDefinitionResponse": { - "type": "object", - "properties": { - "data": { - "$ref": "#/definitions/workflows.WorkflowDefinition" - } - } - }, - "workflows.WorkflowExecution": { + "relational.Step": { "type": "object", "properties": { - "completed-at": { - "type": "string" - }, - "created-at": { - "type": "string" - }, - "created_by_id": { - "description": "Audit Fields", - "type": "string" - }, - "deleted_at": { - "$ref": "#/definitions/gorm.DeletedAt" - }, - "due_date": { - "type": "string" - }, - "failed-at": { + "activityID": { "type": "string" }, - "failure_reason": { + "description": { + "description": "required", "type": "string" }, "id": { "type": "string" }, - "overdue-at": { - "type": "string" - }, - "period_label": { - "description": "Scheduling Context", - "type": "string" - }, - "started-at": { - "type": "string" - }, - "status": { - "description": "Execution Information", - "type": "string" + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Link" + } }, - "step_executions": { + "props": { "type": "array", "items": { - "$ref": "#/definitions/workflows.StepExecution" + "$ref": "#/definitions/relational.Prop" } }, - "triggered_by": { - "description": "Execution Context", + "remarks": { "type": "string" }, - "triggered_by_id": { - "description": "User ID or system identifier", - "type": "string" + "responsible-roles": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.ResponsibleRole" + } }, - "updated-at": { - "type": "string" + "reviewed-controls": { + "$ref": "#/definitions/relational.ReviewedControls" }, - "updated_by_id": { + "reviewedControlsID": { "type": "string" }, - "workflow_instance": { - "description": "Relationships", - "allOf": [ - { - "$ref": "#/definitions/workflows.WorkflowInstance" - } - ] - }, - "workflow_instance_id": { - "description": "Foreign Keys", + "title": { "type": "string" } } }, - "workflows.WorkflowExecutionListResponse": { - "type": "object", - "properties": { - "data": { - "type": "array", - "items": { - "$ref": "#/definitions/workflows.WorkflowExecution" - } - } - } - }, - "workflows.WorkflowExecutionMetricsResponse": { - "type": "object", - "properties": { - "data": { - "$ref": "#/definitions/workflow.ExecutionMetrics" - } - } - }, - "workflows.WorkflowExecutionResponse": { - "type": "object", - "properties": { - "data": { - "$ref": "#/definitions/workflows.WorkflowExecution" - } - } - }, - "workflows.WorkflowExecutionStatusResponse": { - "type": "object", - "properties": { - "data": { - "$ref": "#/definitions/workflow.ExecutionStatus" - } - } - }, - "workflows.WorkflowInstance": { + "relational.SystemComponent": { "type": "object", "properties": { - "cadence": { - "description": "Instance Configuration", - "type": "string" - }, - "created-at": { - "type": "string" - }, - "created_by_id": { - "description": "Audit Fields", - "type": "string" - }, - "deleted_at": { - "$ref": "#/definitions/gorm.DeletedAt" - }, "description": { "type": "string" }, - "executions": { + "evidence": { "type": "array", "items": { - "$ref": "#/definitions/workflows.WorkflowExecution" + "$ref": "#/definitions/relational.Evidence" } }, - "grace-period-days": { - "description": "Override definition/global default if set", - "type": "integer" + "filters": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Filter" + } }, "id": { "type": "string" }, - "is_active": { - "type": "boolean" + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Link" + } }, - "last-executed-at": { - "type": "string" + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Prop" + } }, - "name": { - "description": "Basic Information", + "protocols": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Protocol" + } + }, + "purpose": { "type": "string" }, - "next-scheduled-at": { - "description": "Scheduling", + "remarks": { "type": "string" }, - "role_assignments": { + "responsible-roles": { "type": "array", "items": { - "$ref": "#/definitions/workflows.RoleAssignment" + "$ref": "#/definitions/relational.ResponsibleRole" } }, - "system_id": { - "type": "string" - }, - "system_security_plan": { - "description": "Relationships", - "allOf": [ - { - "$ref": "#/definitions/relational.SystemSecurityPlan" - } - ] + "status": { + "$ref": "#/definitions/datatypes.JSONType-relational_SystemComponentStatus" }, - "updated-at": { + "systemImplementationId": { "type": "string" }, - "updated_by_id": { + "title": { "type": "string" }, - "workflow_definition": { - "$ref": "#/definitions/workflows.WorkflowDefinition" - }, - "workflow_definition_id": { - "description": "Foreign Keys", + "type": { "type": "string" } } }, - "workflows.WorkflowInstanceListResponse": { + "relational.TelephoneNumber": { "type": "object", "properties": { - "data": { - "type": "array", - "items": { - "$ref": "#/definitions/workflows.WorkflowInstance" - } + "number": { + "type": "string" + }, + "type": { + "$ref": "#/definitions/relational.TelephoneNumberType" } } }, - "workflows.WorkflowInstanceResponse": { - "type": "object", - "properties": { - "data": { - "$ref": "#/definitions/workflows.WorkflowInstance" - } - } + "relational.TelephoneNumberType": { + "type": "string", + "enum": [ + "home", + "office", + "mobile" + ], + "x-enum-varnames": [ + "TelephoneNumberTypeHome", + "TelephoneNumberTypeOffice", + "TelephoneNumberTypeMobile" + ] }, - "workflows.WorkflowStepDefinition": { + "relational.User": { "type": "object", "properties": { - "created-at": { + "authMethod": { "type": "string" }, - "deleted_at": { - "$ref": "#/definitions/gorm.DeletedAt" + "createdAt": { + "type": "string" }, - "dependent_steps": { - "type": "array", - "items": { - "$ref": "#/definitions/workflows.StepDependency" - } + "deletedAt": { + "description": "Soft delete", + "allOf": [ + { + "$ref": "#/definitions/gorm.DeletedAt" + } + ] }, - "depends_on": { - "type": "array", - "items": { - "$ref": "#/definitions/workflows.StepDependency" - } + "digestSubscribed": { + "description": "DigestSubscribed indicates if the user wants to receive evidence digest emails", + "type": "boolean" }, - "description": { + "email": { "type": "string" }, - "estimated_duration": { - "description": "Estimated duration in minutes", + "failedLogins": { "type": "integer" }, - "evidence_required": { - "description": "JSON array of required evidence types", - "type": "array", - "items": { - "$ref": "#/definitions/workflows.EvidenceRequirement" - } - }, - "grace-period-days": { - "description": "Override default grace for this specific step", - "type": "integer" + "firstName": { + "type": "string" }, "id": { "type": "string" }, - "name": { - "description": "Basic Information", - "type": "string" + "isActive": { + "type": "boolean" }, - "order": { - "description": "Step Configuration", - "type": "integer" + "isLocked": { + "type": "boolean" }, - "responsible_role": { - "description": "Role responsible for this step", + "lastLogin": { "type": "string" }, - "step_executions": { - "type": "array", - "items": { - "$ref": "#/definitions/workflows.StepExecution" - } - }, - "triggers": { - "type": "array", - "items": { - "$ref": "#/definitions/workflows.StepTrigger" - } - }, - "updated-at": { + "lastName": { "type": "string" }, - "workflow_definition": { - "description": "Relationships", - "allOf": [ - { - "$ref": "#/definitions/workflows.WorkflowDefinition" - } - ] + "updatedAt": { + "type": "string" }, - "workflow_definition_id": { - "description": "Foreign Keys", + "userAttributes": { "type": "string" } } - }, - "workflows.WorkflowStepDefinitionListResponse": { - "type": "object", - "properties": { - "data": { - "type": "array", - "items": { - "$ref": "#/definitions/workflows.WorkflowStepDefinition" - } - } - } - }, - "workflows.WorkflowStepDefinitionResponse": { - "type": "object", - "properties": { - "data": { - "$ref": "#/definitions/workflows.WorkflowStepDefinition" - } - } } }, "securityDefinitions": { diff --git a/docs/swagger.json b/docs/swagger.json index 4165d632..6311b1ce 100644 --- a/docs/swagger.json +++ b/docs/swagger.json @@ -730,285 +730,6 @@ ] } }, - "/evidence-templates": { - "get": { - "description": "List evidence templates with optional filters and pagination.", - "produces": [ - "application/json" - ], - "tags": [ - "Evidence Templates" - ], - "summary": "List evidence templates", - "parameters": [ - { - "type": "string", - "description": "Plugin ID", - "name": "pluginId", - "in": "query" - }, - { - "type": "string", - "description": "Policy package", - "name": "policyPackage", - "in": "query" - }, - { - "type": "boolean", - "description": "Active flag", - "name": "isActive", - "in": "query" - }, - { - "type": "integer", - "description": "Page number", - "name": "page", - "in": "query" - }, - { - "type": "integer", - "description": "Page size", - "name": "limit", - "in": "query" - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/service.ListResponse-templates_evidenceTemplateResponse" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - }, - "post": { - "description": "Create an evidence template with selector labels, label schema, and linked risk/subject template IDs.", - "consumes": [ - "application/json" - ], - "produces": [ - "application/json" - ], - "tags": [ - "Evidence Templates" - ], - "summary": "Create evidence template", - "parameters": [ - { - "description": "Evidence template payload", - "name": "template", - "in": "body", - "required": true, - "schema": { - "$ref": "#/definitions/templates.upsertEvidenceTemplateRequest" - } - } - ], - "responses": { - "201": { - "description": "Created", - "schema": { - "$ref": "#/definitions/templates.evidenceTemplateDataResponse" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - } - }, - "/evidence-templates/{id}": { - "get": { - "description": "Get an evidence template by ID.", - "produces": [ - "application/json" - ], - "tags": [ - "Evidence Templates" - ], - "summary": "Get evidence template", - "parameters": [ - { - "type": "string", - "description": "Evidence Template ID", - "name": "id", - "in": "path", - "required": true - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/templates.evidenceTemplateDataResponse" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - }, - "put": { - "description": "Update an evidence template and atomically replace selector labels, label schema, and linked IDs.", - "consumes": [ - "application/json" - ], - "produces": [ - "application/json" - ], - "tags": [ - "Evidence Templates" - ], - "summary": "Update evidence template", - "parameters": [ - { - "type": "string", - "description": "Evidence Template ID", - "name": "id", - "in": "path", - "required": true - }, - { - "description": "Evidence template payload", - "name": "template", - "in": "body", - "required": true, - "schema": { - "$ref": "#/definitions/templates.upsertEvidenceTemplateRequest" - } - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/templates.evidenceTemplateDataResponse" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - }, - "delete": { - "description": "Delete an evidence template and its associated selector labels, label schema, and join rows.", - "produces": [ - "application/json" - ], - "tags": [ - "Evidence Templates" - ], - "summary": "Delete evidence template", - "parameters": [ - { - "type": "string", - "description": "Evidence Template ID", - "name": "id", - "in": "path", - "required": true - } - ], - "responses": { - "204": { - "description": "No Content" - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - } - }, "/evidence/compliance-by-control/{id}": { "get": { "description": "Retrieves the count of evidence statuses for filters associated with a specific Control ID.", @@ -1032,7 +753,7 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/handler.GenericDataListResponse-evidence_StatusCount" + "$ref": "#/definitions/handler.GenericDataListResponse-handler_ComplianceByControl_StatusCount" } }, "500": { @@ -1067,7 +788,7 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/handler.GenericDataListResponse-evidence_StatusCount" + "$ref": "#/definitions/handler.GenericDataListResponse-handler_ComplianceByControl_StatusCount" } }, "400": { @@ -6814,16 +6535,16 @@ ] } }, - "/oscal/catalogs/{id}/all-controls": { + "/oscal/catalogs/{id}/back-matter": { "get": { - "description": "Retrieves the top-level controls for a given Catalog.", + "description": "Retrieves the back-matter for a given Catalog.", "produces": [ "application/json" ], "tags": [ "Catalog" ], - "summary": "List controls for a Catalog", + "summary": "Get back-matter for a Catalog", "parameters": [ { "type": "string", @@ -6837,7 +6558,7 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_Control" + "$ref": "#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_BackMatter" } }, "400": { @@ -6872,16 +6593,16 @@ ] } }, - "/oscal/catalogs/{id}/back-matter": { + "/oscal/catalogs/{id}/controls": { "get": { - "description": "Retrieves the back-matter for a given Catalog.", + "description": "Retrieves the top-level controls for a given Catalog.", "produces": [ "application/json" ], "tags": [ "Catalog" ], - "summary": "Get back-matter for a Catalog", + "summary": "List controls for a Catalog", "parameters": [ { "type": "string", @@ -6895,65 +6616,7 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_BackMatter" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "401": { - "description": "Unauthorized", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - } - }, - "/oscal/catalogs/{id}/controls": { - "get": { - "description": "Retrieves the top-level controls for a given Catalog.", - "produces": [ - "application/json" - ], - "tags": [ - "Catalog" - ], - "summary": "List controls for a Catalog", - "parameters": [ - { - "type": "string", - "description": "Catalog ID", - "name": "id", - "in": "path", - "required": true - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_Control" + "$ref": "#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_Control" } }, "400": { @@ -10965,63 +10628,6 @@ } } } - }, - "put": { - "description": "Updates local-definitions for a given POA\u0026M with special handling of array and object fields.\n- Components and inventory-items arrays are treated as full replacements: the existing values on the POA\u0026M are overwritten by the arrays provided in the request body (no per-element merge is performed).\n- Sending an empty array [] for components or inventory-items clears that specific field (resulting in an empty array on the POA\u0026M).\n- Omitting a field in the request body leaves the existing value for that field unchanged.\n- Sending an empty JSON object {} as the payload deletes the entire local-definitions object for the POA\u0026M.", - "consumes": [ - "application/json" - ], - "produces": [ - "application/json" - ], - "tags": [ - "Plan Of Action and Milestones" - ], - "summary": "Update POA\u0026M local-definitions", - "parameters": [ - { - "type": "string", - "description": "POA\u0026M ID", - "name": "id", - "in": "path", - "required": true - }, - { - "description": "Local definitions data", - "name": "local-definitions", - "in": "body", - "required": true, - "schema": { - "$ref": "#/definitions/oscalTypes_1_1_3.PlanOfActionAndMilestonesLocalDefinitions" - } - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_PlanOfActionAndMilestonesLocalDefinitions" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - } } }, "/oscal/plan-of-action-and-milestones/{id}/metadata": { @@ -12055,7 +11661,7 @@ "in": "body", "required": true, "schema": { - "$ref": "#/definitions/oscal.BuildByPropsRequest" + "$ref": "#/definitions/oscal.ProfileHandler" } } ], @@ -12063,7 +11669,7 @@ "201": { "description": "Created", "schema": { - "$ref": "#/definitions/handler.GenericDataResponse-oscal_BuildByPropsResponse" + "$ref": "#/definitions/handler.GenericDataResponse-oscal_ProfileHandler" } }, "400": { @@ -12214,76 +11820,6 @@ ] } }, - "/oscal/profiles/{id}/compliance-progress": { - "get": { - "description": "Returns aggregated compliance progress for controls in a Profile, including summary, optional per-control rows, and group rollups.", - "produces": [ - "application/json" - ], - "tags": [ - "Profile" - ], - "summary": "Get compliance progress for a Profile", - "parameters": [ - { - "type": "string", - "description": "Profile ID", - "name": "id", - "in": "path", - "required": true - }, - { - "type": "boolean", - "description": "Include per-control breakdown (default true)", - "name": "includeControls", - "in": "query" - }, - { - "type": "string", - "description": "System Security Plan ID for implementation coverage", - "name": "sspId", - "in": "query" - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/handler.GenericDataResponse-oscal_ProfileComplianceProgress" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "401": { - "description": "Unauthorized", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - } - }, "/oscal/profiles/{id}/full": { "get": { "description": "Retrieves the full OSCAL Profile, including all nested content.", @@ -13643,52 +13179,6 @@ } } }, - "/oscal/system-security-plans/{id}/bulk-apply-component-suggestions": { - "post": { - "description": "For each ImplementedRequirement, creates SystemComponents from matching DefinedComponents and links them via ByComponent.", - "tags": [ - "System Security Plans" - ], - "summary": "Bulk apply component suggestions for all implemented requirements in an SSP", - "parameters": [ - { - "type": "string", - "description": "SSP ID", - "name": "id", - "in": "path", - "required": true - } - ], - "responses": { - "204": { - "description": "No Content" - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - } - }, "/oscal/system-security-plans/{id}/control-implementation": { "get": { "description": "Retrieves the Control Implementation for a given System Security Plan.", @@ -14020,13 +13510,19 @@ } } }, - "/oscal/system-security-plans/{id}/control-implementation/implemented-requirements/{reqId}/apply-suggestion": { - "post": { - "description": "Creates SystemComponents from DefinedComponents that implement the same control and links them via ByComponent.", + "/oscal/system-security-plans/{id}/control-implementation/implemented-requirements/{reqId}/by-components/{byComponentId}": { + "put": { + "description": "Updates an existing by-component that belongs to an implemented requirement for a given SSP.", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], "tags": [ "System Security Plans" ], - "summary": "Apply component suggestions for an implemented requirement", + "summary": "Update a by-component within an implemented requirement", "parameters": [ { "type": "string", @@ -14037,15 +13533,34 @@ }, { "type": "string", - "description": "Implemented Requirement ID", + "description": "Requirement ID", "name": "reqId", "in": "path", "required": true + }, + { + "type": "string", + "description": "By-Component ID", + "name": "byComponentId", + "in": "path", + "required": true + }, + { + "description": "By-Component data", + "name": "by-component", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/oscalTypes_1_1_3.ByComponent" + } } ], "responses": { - "204": { - "description": "No Content" + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_ByComponent" + } }, "400": { "description": "Bad Request", @@ -14065,85 +13580,7 @@ "$ref": "#/definitions/api.Error" } } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - } - }, - "/oscal/system-security-plans/{id}/control-implementation/implemented-requirements/{reqId}/by-components/{byComponentId}": { - "put": { - "description": "Updates an existing by-component that belongs to an implemented requirement for a given SSP.", - "consumes": [ - "application/json" - ], - "produces": [ - "application/json" - ], - "tags": [ - "System Security Plans" - ], - "summary": "Update a by-component within an implemented requirement", - "parameters": [ - { - "type": "string", - "description": "SSP ID", - "name": "id", - "in": "path", - "required": true - }, - { - "type": "string", - "description": "Requirement ID", - "name": "reqId", - "in": "path", - "required": true - }, - { - "type": "string", - "description": "By-Component ID", - "name": "byComponentId", - "in": "path", - "required": true - }, - { - "description": "By-Component data", - "name": "by-component", - "in": "body", - "required": true, - "schema": { - "$ref": "#/definitions/oscalTypes_1_1_3.ByComponent" - } - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_ByComponent" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - } + } } }, "/oscal/system-security-plans/{id}/control-implementation/implemented-requirements/{reqId}/statements": { @@ -14285,66 +13722,6 @@ } } }, - "/oscal/system-security-plans/{id}/control-implementation/implemented-requirements/{reqId}/statements/{stmtId}/apply-suggestion": { - "post": { - "description": "Creates SystemComponents from DefinedComponents that implement the statement's parent control and links them via ByComponent to the statement.", - "tags": [ - "System Security Plans" - ], - "summary": "Apply component suggestions for a statement", - "parameters": [ - { - "type": "string", - "description": "SSP ID", - "name": "id", - "in": "path", - "required": true - }, - { - "type": "string", - "description": "Implemented Requirement ID", - "name": "reqId", - "in": "path", - "required": true - }, - { - "type": "string", - "description": "Statement ID", - "name": "stmtId", - "in": "path", - "required": true - } - ], - "responses": { - "204": { - "description": "No Content" - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - } - }, "/oscal/system-security-plans/{id}/control-implementation/implemented-requirements/{reqId}/statements/{stmtId}/by-components": { "post": { "description": "Create a by-component within an existing statement within an implemented requirement for a given SSP.", @@ -14567,131 +13944,6 @@ } } }, - "/oscal/system-security-plans/{id}/control-implementation/implemented-requirements/{reqId}/statements/{stmtId}/suggest-components": { - "post": { - "description": "Returns DefinedComponents that implement the statement's parent control and are not yet present in the SSP.", - "produces": [ - "application/json" - ], - "tags": [ - "System Security Plans" - ], - "summary": "Suggest system components for a statement", - "parameters": [ - { - "type": "string", - "description": "SSP ID", - "name": "id", - "in": "path", - "required": true - }, - { - "type": "string", - "description": "Implemented Requirement ID", - "name": "reqId", - "in": "path", - "required": true - }, - { - "type": "string", - "description": "Statement ID", - "name": "stmtId", - "in": "path", - "required": true - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/handler.GenericDataListResponse-relational_SystemComponentSuggestion" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - } - }, - "/oscal/system-security-plans/{id}/control-implementation/implemented-requirements/{reqId}/suggest-components": { - "post": { - "description": "Returns DefinedComponents that implement the same control and are not yet present in the SSP.", - "produces": [ - "application/json" - ], - "tags": [ - "System Security Plans" - ], - "summary": "Suggest system components for an implemented requirement", - "parameters": [ - { - "type": "string", - "description": "SSP ID", - "name": "id", - "in": "path", - "required": true - }, - { - "type": "string", - "description": "Implemented Requirement ID", - "name": "reqId", - "in": "path", - "required": true - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/handler.GenericDataListResponse-relational_SystemComponentSuggestion" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - } - }, "/oscal/system-security-plans/{id}/import-profile": { "get": { "description": "Retrieves import-profile for a given SSP.", @@ -16120,7 +15372,7 @@ ] }, "post": { - "description": "Creates a new system component for a given SSP. Accepts an optional definedComponentId field to link to a DefinedComponent.", + "description": "Creates a new system component for a given SSP.", "consumes": [ "application/json" ], @@ -16140,12 +15392,12 @@ "required": true }, { - "description": "System Component data with optional definedComponentId field", + "description": "System Component data", "name": "component", "in": "body", "required": true, "schema": { - "$ref": "#/definitions/oscal.SystemComponentRequest" + "$ref": "#/definitions/oscalTypes_1_1_3.SystemComponent" } } ], @@ -16242,7 +15494,7 @@ ] }, "put": { - "description": "Updates an existing system component for a given SSP. Accepts an optional definedComponentId field to link to a DefinedComponent.", + "description": "Updates an existing system component for a given SSP.", "consumes": [ "application/json" ], @@ -16269,12 +15521,12 @@ "required": true }, { - "description": "System Component data with optional definedComponentId field", + "description": "System Component data", "name": "component", "in": "body", "required": true, "schema": { - "$ref": "#/definitions/oscal.SystemComponentRequest" + "$ref": "#/definitions/oscalTypes_1_1_3.SystemComponent" } } ], @@ -17033,57 +16285,31 @@ } } }, - "/risk-templates": { + "/users/me": { "get": { - "description": "List risk templates with optional filters and pagination.", + "description": "Retrieves the details of the currently logged-in user", "produces": [ "application/json" ], "tags": [ - "Risk Templates" - ], - "summary": "List risk templates", - "parameters": [ - { - "type": "string", - "description": "Plugin ID", - "name": "pluginId", - "in": "query" - }, - { - "type": "string", - "description": "Policy package", - "name": "policyPackage", - "in": "query" - }, - { - "type": "boolean", - "description": "Active flag", - "name": "isActive", - "in": "query" - }, - { - "type": "integer", - "description": "Page number", - "name": "page", - "in": "query" - }, - { - "type": "integer", - "description": "Page size", - "name": "limit", - "in": "query" - } + "Users" ], + "summary": "Get logged-in user details", "responses": { "200": { "description": "OK", "schema": { - "$ref": "#/definitions/service.ListResponse-templates_riskTemplateResponse" + "$ref": "#/definitions/handler.GenericDataResponse-relational_User" } }, - "400": { - "description": "Bad Request", + "401": { + "description": "Unauthorized", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", "schema": { "$ref": "#/definitions/api.Error" } @@ -17100,9 +16326,11 @@ "OAuth2Password": [] } ] - }, + } + }, + "/users/me/change-password": { "post": { - "description": "Create a risk template with threat references and remediation template/tasks.", + "description": "Changes the password for the currently logged-in user", "consumes": [ "application/json" ], @@ -17110,26 +16338,23 @@ "application/json" ], "tags": [ - "Risk Templates" + "Users" ], - "summary": "Create risk template", + "summary": "Change password for logged-in user", "parameters": [ { - "description": "Risk template payload", - "name": "template", + "description": "Change Password Request", + "name": "changePasswordRequest", "in": "body", "required": true, "schema": { - "$ref": "#/definitions/templates.upsertRiskTemplateRequest" + "$ref": "#/definitions/handler.UserHandler" } } ], "responses": { - "201": { - "description": "Created", - "schema": { - "$ref": "#/definitions/templates.riskTemplateDataResponse" - } + "204": { + "description": "No Content" }, "400": { "description": "Bad Request", @@ -17137,6 +16362,12 @@ "$ref": "#/definitions/api.Error" } }, + "401": { + "description": "Unauthorized", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, "500": { "description": "Internal Server Error", "schema": { @@ -17151,34 +16382,25 @@ ] } }, - "/risk-templates/{id}": { + "/users/me/digest-subscription": { "get": { - "description": "Get a risk template by ID.", + "description": "Gets the current user's digest email subscription status", "produces": [ "application/json" ], "tags": [ - "Risk Templates" - ], - "summary": "Get risk template", - "parameters": [ - { - "type": "string", - "description": "Risk Template ID", - "name": "id", - "in": "path", - "required": true - } + "Users" ], + "summary": "Get digest subscription status", "responses": { "200": { "description": "OK", "schema": { - "$ref": "#/definitions/templates.riskTemplateDataResponse" + "$ref": "#/definitions/handler.GenericDataResponse-handler_UserHandler" } }, - "400": { - "description": "Bad Request", + "401": { + "description": "Unauthorized", "schema": { "$ref": "#/definitions/api.Error" } @@ -17203,7 +16425,7 @@ ] }, "put": { - "description": "Update a risk template and atomically replace threat refs and remediation tasks.", + "description": "Updates the current user's digest email subscription status", "consumes": [ "application/json" ], @@ -17211,24 +16433,17 @@ "application/json" ], "tags": [ - "Risk Templates" + "Users" ], - "summary": "Update risk template", + "summary": "Update digest subscription status", "parameters": [ { - "type": "string", - "description": "Risk Template ID", - "name": "id", - "in": "path", - "required": true - }, - { - "description": "Risk template payload", - "name": "template", + "description": "Subscription status", + "name": "subscription", "in": "body", "required": true, "schema": { - "$ref": "#/definitions/templates.upsertRiskTemplateRequest" + "$ref": "#/definitions/handler.UserHandler" } } ], @@ -17236,7 +16451,7 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/templates.riskTemplateDataResponse" + "$ref": "#/definitions/handler.GenericDataResponse-handler_UserHandler" } }, "400": { @@ -17245,49 +16460,8 @@ "$ref": "#/definitions/api.Error" } }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - }, - "delete": { - "description": "Delete a risk template and its associated threat references and remediation data.", - "produces": [ - "application/json" - ], - "tags": [ - "Risk Templates" - ], - "summary": "Delete risk template", - "parameters": [ - { - "type": "string", - "description": "Risk Template ID", - "name": "id", - "in": "path", - "required": true - } - ], - "responses": { - "204": { - "description": "No Content" - }, - "400": { - "description": "Bad Request", + "401": { + "description": "Unauthorized", "schema": { "$ref": "#/definitions/api.Error" } @@ -17312,124 +16486,9 @@ ] } }, - "/risks": { - "get": { - "description": "Lists risk register entries with filtering, sorting, and pagination.", - "produces": [ - "application/json" - ], - "tags": [ - "Risks" - ], - "summary": "List risks", - "parameters": [ - { - "type": "string", - "description": "Risk status", - "name": "status", - "in": "query" - }, - { - "type": "string", - "description": "Risk likelihood", - "name": "likelihood", - "in": "query" - }, - { - "type": "string", - "description": "Risk impact", - "name": "impact", - "in": "query" - }, - { - "type": "string", - "description": "SSP ID", - "name": "sspId", - "in": "query" - }, - { - "type": "string", - "description": "Control ID", - "name": "controlId", - "in": "query" - }, - { - "type": "string", - "description": "Evidence ID", - "name": "evidenceId", - "in": "query" - }, - { - "type": "string", - "description": "Owner kind", - "name": "ownerKind", - "in": "query" - }, - { - "type": "string", - "description": "Owner reference", - "name": "ownerRef", - "in": "query" - }, - { - "type": "string", - "description": "Review deadline upper bound (RFC3339)", - "name": "reviewDeadlineBefore", - "in": "query" - }, - { - "type": "integer", - "description": "Page number", - "name": "page", - "in": "query" - }, - { - "type": "integer", - "description": "Page size", - "name": "limit", - "in": "query" - }, - { - "type": "string", - "description": "Sort field", - "name": "sort", - "in": "query" - }, - { - "type": "string", - "description": "Sort order (asc|desc)", - "name": "order", - "in": "query" - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/service.ListResponse-handler_riskResponse" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - }, + "/users/{id}/change-password": { "post": { - "description": "Creates a risk register entry.", + "description": "Changes the password for a user by ID", "consumes": [ "application/json" ], @@ -17437,26 +16496,30 @@ "application/json" ], "tags": [ - "Risks" + "Users" ], - "summary": "Create risk", + "summary": "Change password for a specific user", "parameters": [ { - "description": "Risk payload", - "name": "risk", + "type": "string", + "description": "User ID", + "name": "id", + "in": "path", + "required": true + }, + { + "description": "Change Password Request", + "name": "changePasswordRequest", "in": "body", "required": true, "schema": { - "$ref": "#/definitions/handler.createRiskRequest" + "$ref": "#/definitions/handler.UserHandler" } } ], "responses": { - "201": { - "description": "Created", - "schema": { - "$ref": "#/definitions/handler.GenericDataResponse-handler_riskResponse" - } + "204": { + "description": "No Content" }, "400": { "description": "Bad Request", @@ -17470,6 +16533,12 @@ "$ref": "#/definitions/api.Error" } }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, "500": { "description": "Internal Server Error", "schema": { @@ -17483,7362 +16552,94 @@ } ] } + } + }, + "definitions": { + "api.Error": { + "type": "object", + "properties": { + "errors": { + "type": "object", + "additionalProperties": {} + } + } }, - "/risks/{id}": { - "get": { - "description": "Retrieves a risk register entry by ID.", - "produces": [ - "application/json" - ], - "tags": [ - "Risks" - ], - "summary": "Get risk", - "parameters": [ - { - "type": "string", - "description": "Risk ID", - "name": "id", - "in": "path", - "required": true - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/handler.GenericDataResponse-handler_riskResponse" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - }, - "put": { - "description": "Updates a risk register entry by ID.", - "consumes": [ - "application/json" - ], - "produces": [ - "application/json" - ], - "tags": [ - "Risks" - ], - "summary": "Update risk", - "parameters": [ - { - "type": "string", - "description": "Risk ID", - "name": "id", - "in": "path", - "required": true - }, - { - "description": "Risk payload", - "name": "risk", - "in": "body", - "required": true, - "schema": { - "$ref": "#/definitions/handler.updateRiskRequest" - } - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/handler.GenericDataResponse-handler_riskResponse" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - }, - "delete": { - "description": "Deletes a risk register entry and link rows by ID.", - "tags": [ - "Risks" - ], - "summary": "Delete risk", - "parameters": [ - { - "type": "string", - "description": "Risk ID", - "name": "id", - "in": "path", - "required": true - } - ], - "responses": { - "204": { - "description": "No Content" - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - } - }, - "/risks/{id}/accept": { - "post": { - "description": "Accepts a risk with required justification and a future review deadline.", - "consumes": [ - "application/json" - ], - "produces": [ - "application/json" - ], - "tags": [ - "Risks" - ], - "summary": "Accept risk", - "parameters": [ - { - "type": "string", - "description": "Risk ID", - "name": "id", - "in": "path", - "required": true - }, - { - "description": "Accept payload", - "name": "body", - "in": "body", - "required": true, - "schema": { - "$ref": "#/definitions/handler.acceptRiskRequest" - } - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/handler.GenericDataResponse-handler_riskResponse" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - } - }, - "/risks/{id}/components": { - "get": { - "description": "Lists components linked to a risk.", - "produces": [ - "application/json" - ], - "tags": [ - "Risks" - ], - "summary": "List risk component links", - "parameters": [ - { - "type": "string", - "description": "Risk ID", - "name": "id", - "in": "path", - "required": true - }, - { - "type": "integer", - "description": "Page number", - "name": "page", - "in": "query" - }, - { - "type": "integer", - "description": "Page size", - "name": "limit", - "in": "query" - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/service.ListResponse-risks_RiskComponentLink" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - }, - "post": { - "description": "Idempotently links a component to a risk.", - "consumes": [ - "application/json" - ], - "produces": [ - "application/json" - ], - "tags": [ - "Risks" - ], - "summary": "Link component to risk", - "parameters": [ - { - "type": "string", - "description": "Risk ID", - "name": "id", - "in": "path", - "required": true - }, - { - "description": "Component link payload", - "name": "link", - "in": "body", - "required": true, - "schema": { - "$ref": "#/definitions/handler.addComponentLinkRequest" - } - } - ], - "responses": { - "201": { - "description": "Created", - "schema": { - "$ref": "#/definitions/handler.GenericDataResponse-risks_RiskComponentLink" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - } - }, - "/risks/{id}/controls": { - "get": { - "description": "Lists controls linked to a risk.", - "produces": [ - "application/json" - ], - "tags": [ - "Risks" - ], - "summary": "List risk control links", - "parameters": [ - { - "type": "string", - "description": "Risk ID", - "name": "id", - "in": "path", - "required": true - }, - { - "type": "integer", - "description": "Page number", - "name": "page", - "in": "query" - }, - { - "type": "integer", - "description": "Page size", - "name": "limit", - "in": "query" - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/service.ListResponse-risks_RiskControlLink" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - }, - "post": { - "description": "Idempotently links a control to a risk.", - "consumes": [ - "application/json" - ], - "produces": [ - "application/json" - ], - "tags": [ - "Risks" - ], - "summary": "Link control to risk", - "parameters": [ - { - "type": "string", - "description": "Risk ID", - "name": "id", - "in": "path", - "required": true - }, - { - "description": "Control link payload", - "name": "link", - "in": "body", - "required": true, - "schema": { - "$ref": "#/definitions/handler.addControlLinkRequest" - } - } - ], - "responses": { - "201": { - "description": "Created", - "schema": { - "$ref": "#/definitions/handler.GenericDataResponse-risks_RiskControlLink" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - } - }, - "/risks/{id}/evidence": { - "get": { - "description": "Lists evidence IDs linked to a risk.", - "produces": [ - "application/json" - ], - "tags": [ - "Risks" - ], - "summary": "List risk evidence links", - "parameters": [ - { - "type": "string", - "description": "Risk ID", - "name": "id", - "in": "path", - "required": true - }, - { - "type": "integer", - "description": "Page number", - "name": "page", - "in": "query" - }, - { - "type": "integer", - "description": "Page size", - "name": "limit", - "in": "query" - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/service.ListResponse-uuid_UUID" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - }, - "post": { - "description": "Idempotently links an evidence item to a risk.", - "consumes": [ - "application/json" - ], - "produces": [ - "application/json" - ], - "tags": [ - "Risks" - ], - "summary": "Link evidence to risk", - "parameters": [ - { - "type": "string", - "description": "Risk ID", - "name": "id", - "in": "path", - "required": true - }, - { - "description": "Evidence link payload", - "name": "link", - "in": "body", - "required": true, - "schema": { - "$ref": "#/definitions/handler.addEvidenceLinkRequest" - } - } - ], - "responses": { - "201": { - "description": "Created", - "schema": { - "$ref": "#/definitions/handler.GenericDataResponse-risks_RiskEvidenceLink" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - } - }, - "/risks/{id}/evidence/{evidenceId}": { - "delete": { - "description": "Deletes the link between a risk and evidence item.", - "tags": [ - "Risks" - ], - "summary": "Delete risk evidence link", - "parameters": [ - { - "type": "string", - "description": "Risk ID", - "name": "id", - "in": "path", - "required": true - }, - { - "type": "string", - "description": "Evidence ID", - "name": "evidenceId", - "in": "path", - "required": true - } - ], - "responses": { - "204": { - "description": "No Content" - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - } - }, - "/risks/{id}/review": { - "post": { - "description": "Records a structured review for an accepted risk. nextReviewDeadline is required for decision=extend and must be omitted for decision=reopen.", - "consumes": [ - "application/json" - ], - "produces": [ - "application/json" - ], - "tags": [ - "Risks" - ], - "summary": "Review risk", - "parameters": [ - { - "type": "string", - "description": "Risk ID", - "name": "id", - "in": "path", - "required": true - }, - { - "description": "Review payload", - "name": "body", - "in": "body", - "required": true, - "schema": { - "$ref": "#/definitions/handler.reviewRiskRequest" - } - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/handler.GenericDataResponse-handler_riskResponse" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - } - }, - "/risks/{id}/subjects": { - "get": { - "description": "Lists subjects linked to a risk.", - "produces": [ - "application/json" - ], - "tags": [ - "Risks" - ], - "summary": "List risk subject links", - "parameters": [ - { - "type": "string", - "description": "Risk ID", - "name": "id", - "in": "path", - "required": true - }, - { - "type": "integer", - "description": "Page number", - "name": "page", - "in": "query" - }, - { - "type": "integer", - "description": "Page size", - "name": "limit", - "in": "query" - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/service.ListResponse-risks_RiskSubjectLink" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - }, - "post": { - "description": "Idempotently links a subject to a risk.", - "consumes": [ - "application/json" - ], - "produces": [ - "application/json" - ], - "tags": [ - "Risks" - ], - "summary": "Link subject to risk", - "parameters": [ - { - "type": "string", - "description": "Risk ID", - "name": "id", - "in": "path", - "required": true - }, - { - "description": "Subject link payload", - "name": "link", - "in": "body", - "required": true, - "schema": { - "$ref": "#/definitions/handler.addSubjectLinkRequest" - } - } - ], - "responses": { - "201": { - "description": "Created", - "schema": { - "$ref": "#/definitions/handler.GenericDataResponse-risks_RiskSubjectLink" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - } - }, - "/ssp/{sspId}/risks": { - "get": { - "description": "Lists risk register entries scoped to an SSP.", - "produces": [ - "application/json" - ], - "tags": [ - "Risks" - ], - "summary": "List risks for SSP", - "parameters": [ - { - "type": "string", - "description": "SSP ID", - "name": "sspId", - "in": "path", - "required": true - }, - { - "type": "string", - "description": "Risk status", - "name": "status", - "in": "query" - }, - { - "type": "string", - "description": "Risk likelihood", - "name": "likelihood", - "in": "query" - }, - { - "type": "string", - "description": "Risk impact", - "name": "impact", - "in": "query" - }, - { - "type": "string", - "description": "Control ID", - "name": "controlId", - "in": "query" - }, - { - "type": "string", - "description": "Evidence ID", - "name": "evidenceId", - "in": "query" - }, - { - "type": "string", - "description": "Owner kind", - "name": "ownerKind", - "in": "query" - }, - { - "type": "string", - "description": "Owner reference", - "name": "ownerRef", - "in": "query" - }, - { - "type": "string", - "description": "Review deadline upper bound (RFC3339)", - "name": "reviewDeadlineBefore", - "in": "query" - }, - { - "type": "integer", - "description": "Page number", - "name": "page", - "in": "query" - }, - { - "type": "integer", - "description": "Page size", - "name": "limit", - "in": "query" - }, - { - "type": "string", - "description": "Sort field", - "name": "sort", - "in": "query" - }, - { - "type": "string", - "description": "Sort order (asc|desc)", - "name": "order", - "in": "query" - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/service.ListResponse-handler_riskResponse" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - }, - "post": { - "description": "Creates a risk register entry scoped to an SSP.", - "consumes": [ - "application/json" - ], - "produces": [ - "application/json" - ], - "tags": [ - "Risks" - ], - "summary": "Create risk for SSP", - "parameters": [ - { - "type": "string", - "description": "SSP ID", - "name": "sspId", - "in": "path", - "required": true - }, - { - "description": "Risk payload", - "name": "risk", - "in": "body", - "required": true, - "schema": { - "$ref": "#/definitions/handler.createRiskRequest" - } - } - ], - "responses": { - "201": { - "description": "Created", - "schema": { - "$ref": "#/definitions/handler.GenericDataResponse-handler_riskResponse" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - } - }, - "/ssp/{sspId}/risks/{id}": { - "get": { - "description": "Retrieves a risk register entry by ID scoped to an SSP.", - "produces": [ - "application/json" - ], - "tags": [ - "Risks" - ], - "summary": "Get risk for SSP", - "parameters": [ - { - "type": "string", - "description": "SSP ID", - "name": "sspId", - "in": "path", - "required": true - }, - { - "type": "string", - "description": "Risk ID", - "name": "id", - "in": "path", - "required": true - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/handler.GenericDataResponse-handler_riskResponse" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - }, - "put": { - "description": "Updates a risk register entry by ID scoped to an SSP.", - "consumes": [ - "application/json" - ], - "produces": [ - "application/json" - ], - "tags": [ - "Risks" - ], - "summary": "Update risk for SSP", - "parameters": [ - { - "type": "string", - "description": "SSP ID", - "name": "sspId", - "in": "path", - "required": true - }, - { - "type": "string", - "description": "Risk ID", - "name": "id", - "in": "path", - "required": true - }, - { - "description": "Risk payload", - "name": "risk", - "in": "body", - "required": true, - "schema": { - "$ref": "#/definitions/handler.updateRiskRequest" - } - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/handler.GenericDataResponse-handler_riskResponse" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - }, - "delete": { - "description": "Deletes a risk register entry by ID scoped to an SSP.", - "tags": [ - "Risks" - ], - "summary": "Delete risk for SSP", - "parameters": [ - { - "type": "string", - "description": "SSP ID", - "name": "sspId", - "in": "path", - "required": true - }, - { - "type": "string", - "description": "Risk ID", - "name": "id", - "in": "path", - "required": true - } - ], - "responses": { - "204": { - "description": "No Content" - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - } - }, - "/ssp/{sspId}/risks/{id}/accept": { - "post": { - "description": "Accepts a risk by ID scoped to an SSP.", - "consumes": [ - "application/json" - ], - "produces": [ - "application/json" - ], - "tags": [ - "Risks" - ], - "summary": "Accept risk for SSP", - "parameters": [ - { - "type": "string", - "description": "SSP ID", - "name": "sspId", - "in": "path", - "required": true - }, - { - "type": "string", - "description": "Risk ID", - "name": "id", - "in": "path", - "required": true - }, - { - "description": "Accept payload", - "name": "body", - "in": "body", - "required": true, - "schema": { - "$ref": "#/definitions/handler.acceptRiskRequest" - } - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/handler.GenericDataResponse-handler_riskResponse" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - } - }, - "/ssp/{sspId}/risks/{id}/review": { - "post": { - "description": "Records a risk review by ID scoped to an SSP. nextReviewDeadline is required for decision=extend and must be omitted for decision=reopen.", - "consumes": [ - "application/json" - ], - "produces": [ - "application/json" - ], - "tags": [ - "Risks" - ], - "summary": "Review risk for SSP", - "parameters": [ - { - "type": "string", - "description": "SSP ID", - "name": "sspId", - "in": "path", - "required": true - }, - { - "type": "string", - "description": "Risk ID", - "name": "id", - "in": "path", - "required": true - }, - { - "description": "Review payload", - "name": "body", - "in": "body", - "required": true, - "schema": { - "$ref": "#/definitions/handler.reviewRiskRequest" - } - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/handler.GenericDataResponse-handler_riskResponse" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - } - }, - "/subject-templates": { - "get": { - "description": "List subject templates with optional filters and pagination.", - "produces": [ - "application/json" - ], - "tags": [ - "Subject Templates" - ], - "summary": "List subject templates", - "parameters": [ - { - "type": "string", - "description": "Subject type", - "name": "type", - "in": "query" - }, - { - "type": "string", - "description": "Source mode", - "name": "sourceMode", - "in": "query" - }, - { - "type": "integer", - "description": "Page number", - "name": "page", - "in": "query" - }, - { - "type": "integer", - "description": "Page size", - "name": "limit", - "in": "query" - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/service.ListResponse-templates_subjectTemplateResponse" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - }, - "post": { - "description": "Create a subject template with selector labels and label schema.", - "consumes": [ - "application/json" - ], - "produces": [ - "application/json" - ], - "tags": [ - "Subject Templates" - ], - "summary": "Create subject template", - "parameters": [ - { - "description": "Subject template payload", - "name": "template", - "in": "body", - "required": true, - "schema": { - "$ref": "#/definitions/templates.upsertSubjectTemplateRequest" - } - } - ], - "responses": { - "201": { - "description": "Created", - "schema": { - "$ref": "#/definitions/templates.subjectTemplateDataResponse" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - } - }, - "/subject-templates/{id}": { - "get": { - "description": "Get a subject template by ID.", - "produces": [ - "application/json" - ], - "tags": [ - "Subject Templates" - ], - "summary": "Get subject template", - "parameters": [ - { - "type": "string", - "description": "Subject Template ID", - "name": "id", - "in": "path", - "required": true - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/templates.subjectTemplateDataResponse" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - }, - "put": { - "description": "Update a subject template and atomically replace selector labels and label schema.", - "consumes": [ - "application/json" - ], - "produces": [ - "application/json" - ], - "tags": [ - "Subject Templates" - ], - "summary": "Update subject template", - "parameters": [ - { - "type": "string", - "description": "Subject Template ID", - "name": "id", - "in": "path", - "required": true - }, - { - "description": "Subject template payload", - "name": "template", - "in": "body", - "required": true, - "schema": { - "$ref": "#/definitions/templates.upsertSubjectTemplateRequest" - } - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/templates.subjectTemplateDataResponse" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - } - }, - "/users/me": { - "get": { - "description": "Retrieves the details of the currently logged-in user", - "produces": [ - "application/json" - ], - "tags": [ - "Users" - ], - "summary": "Get logged-in user details", - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/handler.GenericDataResponse-relational_User" - } - }, - "401": { - "description": "Unauthorized", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - } - }, - "/users/me/change-password": { - "post": { - "description": "Changes the password for the currently logged-in user", - "consumes": [ - "application/json" - ], - "produces": [ - "application/json" - ], - "tags": [ - "Users" - ], - "summary": "Change password for logged-in user", - "parameters": [ - { - "description": "Change Password Request", - "name": "changePasswordRequest", - "in": "body", - "required": true, - "schema": { - "$ref": "#/definitions/handler.UserHandler" - } - } - ], - "responses": { - "204": { - "description": "No Content" - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "401": { - "description": "Unauthorized", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - } - }, - "/users/me/subscriptions": { - "get": { - "description": "Gets the current user's digest and workflow notification email preferences", - "produces": [ - "application/json" - ], - "tags": [ - "Users" - ], - "summary": "Get notification preferences", - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/handler.GenericDataResponse-handler_SubscriptionsResponse" - } - }, - "401": { - "description": "Unauthorized", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - }, - "put": { - "description": "Updates the current user's digest and workflow notification email preferences", - "consumes": [ - "application/json" - ], - "produces": [ - "application/json" - ], - "tags": [ - "Users" - ], - "summary": "Update notification preferences", - "parameters": [ - { - "description": "Notification preferences", - "name": "subscription", - "in": "body", - "required": true, - "schema": { - "$ref": "#/definitions/handler.UpdateSubscriptionsRequest" - } - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/handler.GenericDataResponse-handler_SubscriptionsResponse" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "401": { - "description": "Unauthorized", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - } - }, - "/users/{id}/change-password": { - "post": { - "description": "Changes the password for a user by ID", - "consumes": [ - "application/json" - ], - "produces": [ - "application/json" - ], - "tags": [ - "Users" - ], - "summary": "Change password for a specific user", - "parameters": [ - { - "type": "string", - "description": "User ID", - "name": "id", - "in": "path", - "required": true - }, - { - "description": "Change Password Request", - "name": "changePasswordRequest", - "in": "body", - "required": true, - "schema": { - "$ref": "#/definitions/handler.UserHandler" - } - } - ], - "responses": { - "204": { - "description": "No Content" - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "401": { - "description": "Unauthorized", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - } - }, - "/workflows/control-relationships": { - "get": { - "description": "List all control relationships, optionally filtered by workflow definition", - "produces": [ - "application/json" - ], - "tags": [ - "Control Relationships" - ], - "summary": "List control relationships", - "parameters": [ - { - "type": "string", - "description": "Workflow Definition ID", - "name": "workflow_definition_id", - "in": "query" - }, - { - "type": "string", - "description": "Control ID", - "name": "control_id", - "in": "query" - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/workflows.ControlRelationshipListResponse" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "401": { - "description": "Unauthorized", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - }, - "post": { - "description": "Create a new control relationship for a workflow", - "consumes": [ - "application/json" - ], - "produces": [ - "application/json" - ], - "tags": [ - "Control Relationships" - ], - "summary": "Create control relationship", - "parameters": [ - { - "description": "Control relationship details", - "name": "request", - "in": "body", - "required": true, - "schema": { - "$ref": "#/definitions/workflows.CreateControlRelationshipRequest" - } - } - ], - "responses": { - "201": { - "description": "Created", - "schema": { - "$ref": "#/definitions/workflows.ControlRelationshipResponse" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "401": { - "description": "Unauthorized", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - } - }, - "/workflows/control-relationships/{id}": { - "get": { - "description": "Get control relationship by ID", - "produces": [ - "application/json" - ], - "tags": [ - "Control Relationships" - ], - "summary": "Get control relationship", - "parameters": [ - { - "type": "string", - "description": "Control Relationship ID", - "name": "id", - "in": "path", - "required": true - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/workflows.ControlRelationshipResponse" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "401": { - "description": "Unauthorized", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - }, - "put": { - "description": "Update an existing control relationship", - "consumes": [ - "application/json" - ], - "produces": [ - "application/json" - ], - "tags": [ - "Control Relationships" - ], - "summary": "Update control relationship", - "parameters": [ - { - "type": "string", - "description": "Control Relationship ID", - "name": "id", - "in": "path", - "required": true - }, - { - "description": "Update details", - "name": "request", - "in": "body", - "required": true, - "schema": { - "$ref": "#/definitions/workflows.UpdateControlRelationshipRequest" - } - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/workflows.ControlRelationshipResponse" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "401": { - "description": "Unauthorized", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - }, - "delete": { - "description": "Delete a control relationship", - "tags": [ - "Control Relationships" - ], - "summary": "Delete control relationship", - "parameters": [ - { - "type": "string", - "description": "Control Relationship ID", - "name": "id", - "in": "path", - "required": true - } - ], - "responses": { - "204": { - "description": "No Content" - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "401": { - "description": "Unauthorized", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - } - }, - "/workflows/control-relationships/{id}/activate": { - "put": { - "description": "Activate a control relationship", - "produces": [ - "application/json" - ], - "tags": [ - "Control Relationships" - ], - "summary": "Activate control relationship", - "parameters": [ - { - "type": "string", - "description": "Control Relationship ID", - "name": "id", - "in": "path", - "required": true - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/workflows.ControlRelationshipResponse" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "401": { - "description": "Unauthorized", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - } - }, - "/workflows/control-relationships/{id}/deactivate": { - "put": { - "description": "Deactivate a control relationship", - "produces": [ - "application/json" - ], - "tags": [ - "Control Relationships" - ], - "summary": "Deactivate control relationship", - "parameters": [ - { - "type": "string", - "description": "Control Relationship ID", - "name": "id", - "in": "path", - "required": true - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/workflows.ControlRelationshipResponse" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "401": { - "description": "Unauthorized", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - } - }, - "/workflows/definitions": { - "get": { - "description": "List all workflow definition templates", - "produces": [ - "application/json" - ], - "tags": [ - "Workflow Definitions" - ], - "summary": "List workflow definitions", - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/workflows.WorkflowDefinitionListResponse" - } - }, - "401": { - "description": "Unauthorized", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - }, - "post": { - "description": "Create a new workflow definition template", - "consumes": [ - "application/json" - ], - "produces": [ - "application/json" - ], - "tags": [ - "Workflow Definitions" - ], - "summary": "Create workflow definition", - "parameters": [ - { - "description": "Workflow definition details", - "name": "request", - "in": "body", - "required": true, - "schema": { - "$ref": "#/definitions/workflows.CreateWorkflowDefinitionRequest" - } - } - ], - "responses": { - "201": { - "description": "Created", - "schema": { - "$ref": "#/definitions/workflows.WorkflowDefinitionResponse" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "401": { - "description": "Unauthorized", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - } - }, - "/workflows/definitions/{id}": { - "get": { - "description": "Get workflow definition by ID", - "produces": [ - "application/json" - ], - "tags": [ - "Workflow Definitions" - ], - "summary": "Get workflow definition", - "parameters": [ - { - "type": "string", - "description": "Workflow Definition ID", - "name": "id", - "in": "path", - "required": true - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/workflows.WorkflowDefinitionResponse" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "401": { - "description": "Unauthorized", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - }, - "put": { - "description": "Update workflow definition by ID", - "consumes": [ - "application/json" - ], - "produces": [ - "application/json" - ], - "tags": [ - "Workflow Definitions" - ], - "summary": "Update workflow definition", - "parameters": [ - { - "type": "string", - "description": "Workflow Definition ID", - "name": "id", - "in": "path", - "required": true - }, - { - "description": "Updated workflow definition details", - "name": "request", - "in": "body", - "required": true, - "schema": { - "$ref": "#/definitions/workflows.UpdateWorkflowDefinitionRequest" - } - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/workflows.WorkflowDefinitionResponse" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "401": { - "description": "Unauthorized", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - }, - "delete": { - "description": "Delete workflow definition by ID", - "produces": [ - "application/json" - ], - "tags": [ - "Workflow Definitions" - ], - "summary": "Delete workflow definition", - "parameters": [ - { - "type": "string", - "description": "Workflow Definition ID", - "name": "id", - "in": "path", - "required": true - } - ], - "responses": { - "204": { - "description": "No Content" - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "401": { - "description": "Unauthorized", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - } - }, - "/workflows/executions": { - "get": { - "description": "List all executions for a workflow instance", - "produces": [ - "application/json" - ], - "tags": [ - "Workflow Executions" - ], - "summary": "List workflow executions", - "parameters": [ - { - "type": "string", - "description": "Workflow Instance ID", - "name": "workflow_instance_id", - "in": "query", - "required": true - }, - { - "type": "integer", - "description": "Limit", - "name": "limit", - "in": "query" - }, - { - "type": "integer", - "description": "Offset", - "name": "offset", - "in": "query" - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/workflows.WorkflowExecutionListResponse" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "401": { - "description": "Unauthorized", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - }, - "post": { - "description": "Start a new execution of a workflow instance", - "consumes": [ - "application/json" - ], - "produces": [ - "application/json" - ], - "tags": [ - "Workflow Executions" - ], - "summary": "Start workflow execution", - "parameters": [ - { - "description": "Execution details", - "name": "request", - "in": "body", - "required": true, - "schema": { - "$ref": "#/definitions/workflows.StartWorkflowExecutionRequest" - } - } - ], - "responses": { - "201": { - "description": "Created", - "schema": { - "$ref": "#/definitions/workflows.WorkflowExecutionResponse" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "401": { - "description": "Unauthorized", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - } - }, - "/workflows/executions/{id}": { - "get": { - "description": "Get workflow execution by ID", - "produces": [ - "application/json" - ], - "tags": [ - "Workflow Executions" - ], - "summary": "Get workflow execution", - "parameters": [ - { - "type": "string", - "description": "Workflow Execution ID", - "name": "id", - "in": "path", - "required": true - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/workflows.WorkflowExecutionResponse" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "401": { - "description": "Unauthorized", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - } - }, - "/workflows/executions/{id}/cancel": { - "put": { - "description": "Cancel a running workflow execution", - "consumes": [ - "application/json" - ], - "produces": [ - "application/json" - ], - "tags": [ - "Workflow Executions" - ], - "summary": "Cancel workflow execution", - "parameters": [ - { - "type": "string", - "description": "Workflow Execution ID", - "name": "id", - "in": "path", - "required": true - }, - { - "description": "Cancel details", - "name": "request", - "in": "body", - "required": true, - "schema": { - "$ref": "#/definitions/workflows.CancelWorkflowExecutionRequest" - } - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/workflows.WorkflowExecutionResponse" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "401": { - "description": "Unauthorized", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - } - }, - "/workflows/executions/{id}/metrics": { - "get": { - "description": "Get performance metrics for a workflow execution", - "produces": [ - "application/json" - ], - "tags": [ - "Workflow Executions" - ], - "summary": "Get workflow execution metrics", - "parameters": [ - { - "type": "string", - "description": "Workflow Execution ID", - "name": "id", - "in": "path", - "required": true - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/workflows.WorkflowExecutionMetricsResponse" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "401": { - "description": "Unauthorized", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - } - }, - "/workflows/executions/{id}/reassign-role": { - "put": { - "description": "Reassign eligible steps in an execution for a given role", - "consumes": [ - "application/json" - ], - "produces": [ - "application/json" - ], - "tags": [ - "Workflow Executions" - ], - "summary": "Bulk reassign steps by role", - "parameters": [ - { - "type": "string", - "description": "Workflow Execution ID", - "name": "id", - "in": "path", - "required": true - }, - { - "description": "Bulk reassignment details", - "name": "request", - "in": "body", - "required": true, - "schema": { - "$ref": "#/definitions/workflows.ReassignRoleRequest" - } - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/workflows.BulkReassignRoleResponse" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "401": { - "description": "Unauthorized", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - } - }, - "/workflows/executions/{id}/retry": { - "post": { - "description": "Create a new execution to retry a failed workflow", - "produces": [ - "application/json" - ], - "tags": [ - "Workflow Executions" - ], - "summary": "Retry workflow execution", - "parameters": [ - { - "type": "string", - "description": "Workflow Execution ID", - "name": "id", - "in": "path", - "required": true - } - ], - "responses": { - "201": { - "description": "Created", - "schema": { - "$ref": "#/definitions/workflows.WorkflowExecutionResponse" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "401": { - "description": "Unauthorized", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - } - }, - "/workflows/executions/{id}/status": { - "get": { - "description": "Get detailed status of a workflow execution including step counts", - "produces": [ - "application/json" - ], - "tags": [ - "Workflow Executions" - ], - "summary": "Get workflow execution status", - "parameters": [ - { - "type": "string", - "description": "Workflow Execution ID", - "name": "id", - "in": "path", - "required": true - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/workflows.WorkflowExecutionStatusResponse" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "401": { - "description": "Unauthorized", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - } - }, - "/workflows/instances": { - "get": { - "description": "List all workflow instances with optional filtering", - "produces": [ - "application/json" - ], - "tags": [ - "Workflow Instances" - ], - "summary": "List workflow instances", - "parameters": [ - { - "type": "string", - "description": "Filter by Workflow Definition ID", - "name": "workflow_definition_id", - "in": "query" - }, - { - "type": "string", - "description": "Filter by System Security Plan ID", - "name": "system_security_plan_id", - "in": "query" - }, - { - "type": "boolean", - "description": "Filter by Active Status", - "name": "is_active", - "in": "query" - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/workflows.WorkflowInstanceListResponse" - } - }, - "401": { - "description": "Unauthorized", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - }, - "post": { - "description": "Create a new workflow instance for a specific system", - "consumes": [ - "application/json" - ], - "produces": [ - "application/json" - ], - "tags": [ - "Workflow Instances" - ], - "summary": "Create workflow instance", - "parameters": [ - { - "description": "Workflow instance details", - "name": "request", - "in": "body", - "required": true, - "schema": { - "$ref": "#/definitions/workflows.CreateWorkflowInstanceRequest" - } - } - ], - "responses": { - "201": { - "description": "Created", - "schema": { - "$ref": "#/definitions/workflows.WorkflowInstanceResponse" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "401": { - "description": "Unauthorized", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - } - }, - "/workflows/instances/{id}": { - "get": { - "description": "Get workflow instance by ID", - "produces": [ - "application/json" - ], - "tags": [ - "Workflow Instances" - ], - "summary": "Get workflow instance", - "parameters": [ - { - "type": "string", - "description": "Workflow Instance ID", - "name": "id", - "in": "path", - "required": true - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/workflows.WorkflowInstanceResponse" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "401": { - "description": "Unauthorized", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - }, - "put": { - "description": "Update workflow instance by ID", - "consumes": [ - "application/json" - ], - "produces": [ - "application/json" - ], - "tags": [ - "Workflow Instances" - ], - "summary": "Update workflow instance", - "parameters": [ - { - "type": "string", - "description": "Workflow Instance ID", - "name": "id", - "in": "path", - "required": true - }, - { - "description": "Updated workflow instance details", - "name": "request", - "in": "body", - "required": true, - "schema": { - "$ref": "#/definitions/workflows.UpdateWorkflowInstanceRequest" - } - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/workflows.WorkflowInstanceResponse" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "401": { - "description": "Unauthorized", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - }, - "delete": { - "description": "Delete workflow instance by ID", - "produces": [ - "application/json" - ], - "tags": [ - "Workflow Instances" - ], - "summary": "Delete workflow instance", - "parameters": [ - { - "type": "string", - "description": "Workflow Instance ID", - "name": "id", - "in": "path", - "required": true - } - ], - "responses": { - "204": { - "description": "No Content" - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "401": { - "description": "Unauthorized", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - } - }, - "/workflows/instances/{id}/activate": { - "put": { - "description": "Activate a workflow instance to enable scheduled executions", - "produces": [ - "application/json" - ], - "tags": [ - "Workflow Instances" - ], - "summary": "Activate workflow instance", - "parameters": [ - { - "type": "string", - "description": "Workflow Instance ID", - "name": "id", - "in": "path", - "required": true - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/workflows.WorkflowInstanceResponse" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "401": { - "description": "Unauthorized", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - } - }, - "/workflows/instances/{id}/deactivate": { - "put": { - "description": "Deactivate a workflow instance to disable scheduled executions", - "produces": [ - "application/json" - ], - "tags": [ - "Workflow Instances" - ], - "summary": "Deactivate workflow instance", - "parameters": [ - { - "type": "string", - "description": "Workflow Instance ID", - "name": "id", - "in": "path", - "required": true - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/workflows.WorkflowInstanceResponse" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "401": { - "description": "Unauthorized", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - } - }, - "/workflows/role-assignments": { - "get": { - "description": "List all role assignments, optionally filtered by workflow instance", - "produces": [ - "application/json" - ], - "tags": [ - "Role Assignments" - ], - "summary": "List role assignments", - "parameters": [ - { - "type": "string", - "description": "Workflow Instance ID", - "name": "workflow_instance_id", - "in": "query" - }, - { - "type": "string", - "description": "Role Name", - "name": "role_name", - "in": "query" - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/workflows.RoleAssignmentListResponse" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "401": { - "description": "Unauthorized", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - }, - "post": { - "description": "Create a new role assignment for a workflow instance", - "consumes": [ - "application/json" - ], - "produces": [ - "application/json" - ], - "tags": [ - "Role Assignments" - ], - "summary": "Create role assignment", - "parameters": [ - { - "description": "Role assignment details", - "name": "request", - "in": "body", - "required": true, - "schema": { - "$ref": "#/definitions/workflows.CreateRoleAssignmentRequest" - } - } - ], - "responses": { - "201": { - "description": "Created", - "schema": { - "$ref": "#/definitions/workflows.RoleAssignmentResponse" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "401": { - "description": "Unauthorized", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - } - }, - "/workflows/role-assignments/{id}": { - "get": { - "description": "Get role assignment by ID", - "produces": [ - "application/json" - ], - "tags": [ - "Role Assignments" - ], - "summary": "Get role assignment", - "parameters": [ - { - "type": "string", - "description": "Role Assignment ID", - "name": "id", - "in": "path", - "required": true - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/workflows.RoleAssignmentResponse" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "401": { - "description": "Unauthorized", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - }, - "put": { - "description": "Update an existing role assignment", - "consumes": [ - "application/json" - ], - "produces": [ - "application/json" - ], - "tags": [ - "Role Assignments" - ], - "summary": "Update role assignment", - "parameters": [ - { - "type": "string", - "description": "Role Assignment ID", - "name": "id", - "in": "path", - "required": true - }, - { - "description": "Update details", - "name": "request", - "in": "body", - "required": true, - "schema": { - "$ref": "#/definitions/workflows.UpdateRoleAssignmentRequest" - } - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/workflows.RoleAssignmentResponse" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "401": { - "description": "Unauthorized", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - }, - "delete": { - "description": "Delete a role assignment", - "tags": [ - "Role Assignments" - ], - "summary": "Delete role assignment", - "parameters": [ - { - "type": "string", - "description": "Role Assignment ID", - "name": "id", - "in": "path", - "required": true - } - ], - "responses": { - "204": { - "description": "No Content" - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "401": { - "description": "Unauthorized", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - } - }, - "/workflows/role-assignments/{id}/activate": { - "put": { - "description": "Activate a role assignment", - "produces": [ - "application/json" - ], - "tags": [ - "Role Assignments" - ], - "summary": "Activate role assignment", - "parameters": [ - { - "type": "string", - "description": "Role Assignment ID", - "name": "id", - "in": "path", - "required": true - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/workflows.RoleAssignmentResponse" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "401": { - "description": "Unauthorized", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - } - }, - "/workflows/role-assignments/{id}/deactivate": { - "put": { - "description": "Deactivate a role assignment", - "produces": [ - "application/json" - ], - "tags": [ - "Role Assignments" - ], - "summary": "Deactivate role assignment", - "parameters": [ - { - "type": "string", - "description": "Role Assignment ID", - "name": "id", - "in": "path", - "required": true - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/workflows.RoleAssignmentResponse" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "401": { - "description": "Unauthorized", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - } - }, - "/workflows/step-executions": { - "get": { - "description": "List all step executions for a workflow execution", - "produces": [ - "application/json" - ], - "tags": [ - "Step Executions" - ], - "summary": "List step executions", - "parameters": [ - { - "type": "string", - "description": "Workflow Execution ID", - "name": "workflow_execution_id", - "in": "query", - "required": true - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/workflows.StepExecutionListResponse" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "401": { - "description": "Unauthorized", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - } - }, - "/workflows/step-executions/my": { - "get": { - "description": "List all step executions assigned to the current user with optional filters and pagination", - "produces": [ - "application/json" - ], - "tags": [ - "Step Executions" - ], - "summary": "List my step assignments", - "parameters": [ - { - "type": "string", - "description": "Filter by status (pending, in_progress, blocked)", - "name": "status", - "in": "query" - }, - { - "type": "string", - "description": "Filter by due date before (RFC3339 format)", - "name": "due_before", - "in": "query" - }, - { - "type": "string", - "description": "Filter by due date after (RFC3339 format)", - "name": "due_after", - "in": "query" - }, - { - "type": "string", - "description": "Filter by workflow definition ID", - "name": "workflow_definition_id", - "in": "query" - }, - { - "type": "integer", - "description": "Limit (default 20, max 100)", - "name": "limit", - "in": "query" - }, - { - "type": "integer", - "description": "Offset (default 0)", - "name": "offset", - "in": "query" - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/workflows.MyAssignmentsResponse" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "401": { - "description": "Unauthorized", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - } - }, - "/workflows/step-executions/{id}": { - "get": { - "description": "Get step execution by ID", - "produces": [ - "application/json" - ], - "tags": [ - "Step Executions" - ], - "summary": "Get step execution", - "parameters": [ - { - "type": "string", - "description": "Step Execution ID", - "name": "id", - "in": "path", - "required": true - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/workflows.StepExecutionResponse" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "401": { - "description": "Unauthorized", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - } - }, - "/workflows/step-executions/{id}/can-transition": { - "get": { - "description": "Check if a user has permission to transition a step execution", - "produces": [ - "application/json" - ], - "tags": [ - "Step Executions" - ], - "summary": "Check if user can transition step", - "parameters": [ - { - "type": "string", - "description": "Step Execution ID", - "name": "id", - "in": "path", - "required": true - }, - { - "type": "string", - "description": "User ID", - "name": "user_id", - "in": "query", - "required": true - }, - { - "type": "string", - "description": "User Type (user, group, email)", - "name": "user_type", - "in": "query", - "required": true - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "type": "object", - "additionalProperties": true - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - } - }, - "/workflows/step-executions/{id}/evidence-requirements": { - "get": { - "description": "Get the evidence requirements for a step execution", - "produces": [ - "application/json" - ], - "tags": [ - "Step Executions" - ], - "summary": "Get evidence requirements for step", - "parameters": [ - { - "type": "string", - "description": "Step Execution ID", - "name": "id", - "in": "path", - "required": true - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "type": "object", - "additionalProperties": true - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - } - }, - "/workflows/step-executions/{id}/fail": { - "put": { - "description": "Mark a step execution as failed with a reason", - "consumes": [ - "application/json" - ], - "produces": [ - "application/json" - ], - "tags": [ - "Step Executions" - ], - "summary": "Fail step execution", - "parameters": [ - { - "type": "string", - "description": "Step Execution ID", - "name": "id", - "in": "path", - "required": true - }, - { - "description": "Failure details", - "name": "request", - "in": "body", - "required": true, - "schema": { - "$ref": "#/definitions/workflows.FailStepRequest" - } - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/workflows.StepExecutionResponse" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "401": { - "description": "Unauthorized", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - } - }, - "/workflows/step-executions/{id}/reassign": { - "put": { - "description": "Reassign a step execution to a new assignee", - "consumes": [ - "application/json" - ], - "produces": [ - "application/json" - ], - "tags": [ - "Step Executions" - ], - "summary": "Reassign step execution", - "parameters": [ - { - "type": "string", - "description": "Step Execution ID", - "name": "id", - "in": "path", - "required": true - }, - { - "description": "Reassignment details", - "name": "request", - "in": "body", - "required": true, - "schema": { - "$ref": "#/definitions/workflows.ReassignStepRequest" - } - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/workflows.StepExecutionResponse" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "401": { - "description": "Unauthorized", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - } - }, - "/workflows/step-executions/{id}/transition": { - "put": { - "description": "Transition a step execution status with role verification and evidence validation", - "consumes": [ - "application/json" - ], - "produces": [ - "application/json" - ], - "tags": [ - "Step Executions" - ], - "summary": "Transition step execution status", - "parameters": [ - { - "type": "string", - "description": "Step Execution ID", - "name": "id", - "in": "path", - "required": true - }, - { - "description": "Transition request", - "name": "request", - "in": "body", - "required": true, - "schema": { - "$ref": "#/definitions/workflows.TransitionStepRequest" - } - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/workflows.StepExecutionResponse" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "401": { - "description": "Unauthorized", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "403": { - "description": "Forbidden", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - } - }, - "/workflows/steps": { - "get": { - "description": "List all step definitions for a workflow definition", - "produces": [ - "application/json" - ], - "tags": [ - "Workflow Step Definitions" - ], - "summary": "List workflow step definitions", - "parameters": [ - { - "type": "string", - "description": "Workflow Definition ID", - "name": "workflow_definition_id", - "in": "query", - "required": true - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/workflows.WorkflowStepDefinitionListResponse" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "401": { - "description": "Unauthorized", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - }, - "post": { - "description": "Create a new step definition for a workflow", - "consumes": [ - "application/json" - ], - "produces": [ - "application/json" - ], - "tags": [ - "Workflow Step Definitions" - ], - "summary": "Create workflow step definition", - "parameters": [ - { - "description": "Step definition details", - "name": "request", - "in": "body", - "required": true, - "schema": { - "$ref": "#/definitions/workflows.CreateWorkflowStepDefinitionRequest" - } - } - ], - "responses": { - "201": { - "description": "Created", - "schema": { - "$ref": "#/definitions/workflows.WorkflowStepDefinitionResponse" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "401": { - "description": "Unauthorized", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - } - }, - "/workflows/steps/{id}": { - "get": { - "description": "Get workflow step definition by ID", - "produces": [ - "application/json" - ], - "tags": [ - "Workflow Step Definitions" - ], - "summary": "Get workflow step definition", - "parameters": [ - { - "type": "string", - "description": "Step Definition ID", - "name": "id", - "in": "path", - "required": true - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/workflows.WorkflowStepDefinitionResponse" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "401": { - "description": "Unauthorized", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - }, - "put": { - "description": "Update workflow step definition by ID", - "consumes": [ - "application/json" - ], - "produces": [ - "application/json" - ], - "tags": [ - "Workflow Step Definitions" - ], - "summary": "Update workflow step definition", - "parameters": [ - { - "type": "string", - "description": "Step Definition ID", - "name": "id", - "in": "path", - "required": true - }, - { - "description": "Updated step definition details", - "name": "request", - "in": "body", - "required": true, - "schema": { - "$ref": "#/definitions/workflows.UpdateWorkflowStepDefinitionRequest" - } - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/workflows.WorkflowStepDefinitionResponse" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "401": { - "description": "Unauthorized", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - }, - "delete": { - "description": "Delete workflow step definition by ID", - "produces": [ - "application/json" - ], - "tags": [ - "Workflow Step Definitions" - ], - "summary": "Delete workflow step definition", - "parameters": [ - { - "type": "string", - "description": "Step Definition ID", - "name": "id", - "in": "path", - "required": true - } - ], - "responses": { - "204": { - "description": "No Content" - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "401": { - "description": "Unauthorized", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - } - }, - "/workflows/steps/{id}/dependencies": { - "get": { - "description": "Get all dependencies for a workflow step definition", - "produces": [ - "application/json" - ], - "tags": [ - "Workflow Step Definitions" - ], - "summary": "Get step dependencies", - "parameters": [ - { - "type": "string", - "description": "Step Definition ID", - "name": "id", - "in": "path", - "required": true - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/workflows.WorkflowStepDefinitionListResponse" - } - }, - "400": { - "description": "Bad Request", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "401": { - "description": "Unauthorized", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "404": { - "description": "Not Found", - "schema": { - "$ref": "#/definitions/api.Error" - } - }, - "500": { - "description": "Internal Server Error", - "schema": { - "$ref": "#/definitions/api.Error" - } - } - }, - "security": [ - { - "OAuth2Password": [] - } - ] - } - } - }, - "definitions": { - "api.Error": { - "type": "object", - "properties": { - "errors": { - "type": "object", - "additionalProperties": {} - } - } - }, - "auth.AuthHandler": { - "type": "object" - }, - "authn.JWK": { - "type": "object", - "properties": { - "alg": { - "type": "string" - }, - "e": { - "type": "string" - }, - "kid": { - "type": "string" - }, - "kty": { - "type": "string" - }, - "n": { - "type": "string" - }, - "use": { - "type": "string" - } - } - }, - "datatypes.JSONType-labelfilter_Filter": { - "type": "object" - }, - "datatypes.JSONType-oscalTypes_1_1_3_ObjectiveStatus": { - "type": "object" - }, - "datatypes.JSONType-relational_Address": { - "type": "object" - }, - "datatypes.JSONType-relational_Base64": { - "type": "object" - }, - "datatypes.JSONType-relational_Citation": { - "type": "object" - }, - "datatypes.JSONType-relational_CombinationRule": { - "type": "object" - }, - "datatypes.JSONType-relational_FlatWithoutGrouping": { - "type": "object" - }, - "datatypes.JSONType-relational_ImplementationStatus": { - "type": "object" - }, - "datatypes.JSONType-relational_ImportProfile": { - "type": "object" - }, - "datatypes.JSONType-relational_IncludeAll": { - "type": "object" - }, - "datatypes.JSONType-relational_ParameterSelection": { - "type": "object" - }, - "datatypes.JSONType-relational_SecurityImpactLevel": { - "type": "object" - }, - "datatypes.JSONType-relational_Status": { - "type": "object" - }, - "datatypes.JSONType-relational_SystemComponentStatus": { - "type": "object" - }, - "datatypes.JSONType-relational_SystemInformation": { - "type": "object" - }, - "digest.EvidenceItem": { - "type": "object", - "properties": { - "description": { - "type": "string" - }, - "expiresAt": { - "description": "Formatted expiration date string (empty if no expiration)", - "type": "string" - }, - "id": { - "type": "string" - }, - "labels": { - "type": "array", - "items": { - "type": "string" - } - }, - "status": { - "type": "string" - }, - "title": { - "type": "string" - }, - "uuid": { - "type": "string" - } - } - }, - "digest.EvidenceSummary": { - "type": "object", - "properties": { - "expiredCount": { - "type": "integer", - "format": "int64" - }, - "notSatisfiedCount": { - "type": "integer", - "format": "int64" - }, - "otherCount": { - "type": "integer", - "format": "int64" - }, - "satisfiedCount": { - "type": "integer", - "format": "int64" - }, - "topExpired": { - "description": "Top items for the digest email", - "type": "array", - "items": { - "$ref": "#/definitions/digest.EvidenceItem" - } - }, - "topNotSatisfied": { - "type": "array", - "items": { - "$ref": "#/definitions/digest.EvidenceItem" - } - }, - "totalCount": { - "type": "integer", - "format": "int64" - } - } - }, - "evidence.StatusCount": { - "type": "object", - "properties": { - "count": { - "type": "integer" - }, - "status": { - "type": "string" - } - } - }, - "gorm.DeletedAt": { - "type": "object", - "properties": { - "time": { - "type": "string" - }, - "valid": { - "description": "Valid is true if Time is not NULL", - "type": "boolean" - } - } - }, - "handler.EvidenceActivity": { - "type": "object", - "properties": { - "description": { - "type": "string" - }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" - } - }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" - } - }, - "remarks": { - "type": "string" - }, - "steps": { - "type": "array", - "items": { - "$ref": "#/definitions/handler.EvidenceActivityStep" - } - }, - "title": { - "type": "string" - }, - "uuid": { - "type": "string" - } - } - }, - "handler.EvidenceActivityStep": { - "type": "object", - "properties": { - "description": { - "type": "string" - }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" - } - }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" - } - }, - "remarks": { - "type": "string" - }, - "title": { - "type": "string" - }, - "uuid": { - "type": "string" - } - } - }, - "handler.EvidenceComponent": { - "type": "object", - "properties": { - "description": { - "type": "string" - }, - "identifier": { - "description": "components/common/ssh\ncomponents/common/github-repository\ncomponents/common/github-organisation\ncomponents/common/ubuntu-22\ncomponents/internal/auth-policy", - "type": "string" - }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" - } - }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" - } - }, - "protocols": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Protocol" - } - }, - "purpose": { - "type": "string" - }, - "remarks": { - "type": "string" - }, - "title": { - "type": "string" - }, - "type": { - "description": "Software\nService", - "type": "string" - } - } - }, - "handler.EvidenceCreateRequest": { - "type": "object", - "properties": { - "activities": { - "description": "What steps did we take to create this evidence", - "type": "array", - "items": { - "$ref": "#/definitions/handler.EvidenceActivity" - } - }, - "back-matter": { - "$ref": "#/definitions/oscalTypes_1_1_3.BackMatter" - }, - "components": { - "description": "Which components of the subject are being observed. A tool, user, policy etc.", - "type": "array", - "items": { - "$ref": "#/definitions/handler.EvidenceComponent" - } - }, - "description": { - "type": "string" - }, - "end": { - "type": "string" - }, - "expires": { - "type": "string" - }, - "inventoryItems": { - "type": "array", - "items": { - "$ref": "#/definitions/handler.EvidenceInventoryItem" - } - }, - "labels": { - "description": "Assigning labels to Evidence makes it searchable and easily usable in the UI", - "type": "object", - "additionalProperties": { - "type": "string" - } - }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" - } - }, - "origins": { - "description": "Who or What is generating this evidence", - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Origin" - } - }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" - } - }, - "remarks": { - "type": "string" - }, - "start": { - "description": "When did we start collecting the evidence, and when did the process end, and how long is it valid for ?", - "type": "string" - }, - "status": { - "description": "Did we satisfy what was being tested for, or did we fail ?", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.ObjectiveStatus" - } - ] - }, - "subjects": { - "description": "Who or What are we providing evidence for. What's under test.", - "type": "array", - "items": { - "$ref": "#/definitions/handler.EvidenceSubject" - } - }, - "title": { - "type": "string" - }, - "uuid": { - "description": "UUID needs to remain consistent for a piece of evidence being collected periodically.\nIt represents the \"stream\" of the same observation being made over time.\nFor the same checks, performed on the same machine, the UUID for each check should remain the same.\nFor the same check, performed on two different machines, the UUID should differ.", - "type": "string" - } - } - }, - "handler.EvidenceInventoryItem": { - "type": "object", - "properties": { - "description": { - "type": "string" - }, - "identifier": { - "description": "user/chris@linguine.tech\noperating-system/ubuntu/22.4\nweb-server/ec2/i-12345", - "type": "string" - }, - "implementedComponents": { - "type": "array", - "items": { - "type": "object", - "properties": { - "identifier": { - "type": "string" - } - } - } - }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" - } - }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" - } - }, - "remarks": { - "type": "string" - }, - "title": { - "type": "string" - }, - "type": { - "description": "\"operating-system\"\tdescription=\"System software that manages computer hardware, software resources, and provides common services for computer programs.\"\n\"database\"\t\t\tdescription=\"An electronic collection of data, or information, that is specially organized for rapid search and retrieval.\"\n\"web-server\"\t\t\tdescription=\"A system that delivers content or services to end users over the Internet or an intranet.\"\n\"dns-server\"\t\t\tdescription=\"A system that resolves domain names to internet protocol (IP) addresses.\"\n\"email-server\"\t\tdescription=\"A computer system that sends and receives electronic mail messages.\"\n\"directory-server\"\tdescription=\"A system that stores, organizes and provides access to directory information in order to unify network resources.\"\n\"pbx\"\t\t\t\tdescription=\"A private branch exchange (PBX) provides a a private telephone switchboard.\"\n\"firewall\"\t\t\tdescription=\"A network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules.\"\n\"router\"\t\t\t\tdescription=\"A physical or virtual networking device that forwards data packets between computer networks.\"\n\"switch\"\t\t\t\tdescription=\"A physical or virtual networking device that connects devices within a computer network by using packet switching to receive and forward data to the destination device.\"\n\"storage-array\"\t\tdescription=\"A consolidated, block-level data storage capability.\"\n\"appliance\"\t\t\tdescription=\"A physical or virtual machine that centralizes hardware, software, or services for a specific purpose.\"", - "type": "string" - } - } - }, - "handler.EvidenceSubject": { - "type": "object", - "properties": { - "description": { - "type": "string" - }, - "identifier": { - "type": "string" - }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" - } - }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" - } - }, - "remarks": { - "type": "string" - }, - "type": { - "description": "InventoryItem\nComponent", - "type": "string" - } - } - }, - "handler.FilterImportFileResult": { - "type": "object", - "properties": { - "count": { - "type": "integer" - }, - "filename": { - "type": "string" - }, - "message": { - "type": "string" - }, - "success": { - "type": "boolean" - } - } - }, - "handler.FilterImportResponse": { - "type": "object", - "properties": { - "failed_count": { - "type": "integer" - }, - "results": { - "type": "array", - "items": { - "$ref": "#/definitions/handler.FilterImportFileResult" - } - }, - "successful_count": { - "type": "integer" - }, - "total_dashboards": { - "type": "integer" - }, - "total_files": { - "type": "integer" - } - } - }, - "handler.FilterWithAssociations": { - "type": "object", - "properties": { - "components": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.SystemComponent" - } - }, - "controls": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Control" - } - }, - "filter": { - "$ref": "#/definitions/datatypes.JSONType-labelfilter_Filter" - }, - "id": { - "type": "string" - }, - "name": { - "type": "string" - } - } - }, - "handler.ForControl.EvidenceDataListResponse": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "type": "array", - "items": { - "$ref": "#/definitions/handler.OscalLikeEvidence" - } - }, - "metadata": { - "$ref": "#/definitions/handler.ForControl.responseMetadata" - } - } - }, - "handler.ForControl.responseMetadata": { - "type": "object", - "properties": { - "control": { - "$ref": "#/definitions/oscalTypes_1_1_3.Control" - } - } - }, - "handler.GenericDataListResponse-array_oscalTypes_1_1_3_Control": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "type": "array", - "items": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Control" - } - } - } - } - }, - "handler.GenericDataListResponse-evidence_StatusCount": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "type": "array", - "items": { - "$ref": "#/definitions/evidence.StatusCount" - } - } - } - }, - "handler.GenericDataListResponse-handler_FilterWithAssociations": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "type": "array", - "items": { - "$ref": "#/definitions/handler.FilterWithAssociations" - } - } - } - }, - "handler.GenericDataListResponse-handler_OscalLikeEvidence": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "type": "array", - "items": { - "$ref": "#/definitions/handler.OscalLikeEvidence" - } - } - } - }, - "handler.GenericDataListResponse-handler_OverTime_HeartbeatInterval": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "type": "array", - "items": { - "$ref": "#/definitions/handler.OverTime.HeartbeatInterval" - } - } - } - }, - "handler.GenericDataListResponse-handler_StatusInterval": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "type": "array", - "items": { - "$ref": "#/definitions/handler.StatusInterval" - } - } - } - }, - "handler.GenericDataListResponse-oscalTypes_1_1_3_AssessmentPlan": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentPlan" - } - } - } - }, - "handler.GenericDataListResponse-oscalTypes_1_1_3_AssessmentResults": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentResults" - } - } - } - }, - "handler.GenericDataListResponse-oscalTypes_1_1_3_AssociatedActivity": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.AssociatedActivity" - } - } - } - }, - "handler.GenericDataListResponse-oscalTypes_1_1_3_AttestationStatements": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.AttestationStatements" - } - } - } - }, - "handler.GenericDataListResponse-oscalTypes_1_1_3_Capability": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Capability" - } - } - } - }, - "handler.GenericDataListResponse-oscalTypes_1_1_3_Catalog": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Catalog" - } - } - } - }, - "handler.GenericDataListResponse-oscalTypes_1_1_3_ComponentDefinition": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ComponentDefinition" - } - } - } - }, - "handler.GenericDataListResponse-oscalTypes_1_1_3_Control": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Control" - } - } - } - }, - "handler.GenericDataListResponse-oscalTypes_1_1_3_ControlImplementationSet": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ControlImplementationSet" - } - } - } - }, - "handler.GenericDataListResponse-oscalTypes_1_1_3_ControlStatementImplementation": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ControlStatementImplementation" - } - } - } - }, - "handler.GenericDataListResponse-oscalTypes_1_1_3_DefinedComponent": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.DefinedComponent" - } - } - } - }, - "handler.GenericDataListResponse-oscalTypes_1_1_3_Finding": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Finding" - } - } - } - }, - "handler.GenericDataListResponse-oscalTypes_1_1_3_Group": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Group" - } - } - } - }, - "handler.GenericDataListResponse-oscalTypes_1_1_3_ImplementedRequirement": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ImplementedRequirement" - } - } - } - }, - "handler.GenericDataListResponse-oscalTypes_1_1_3_ImplementedRequirementControlImplementation": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ImplementedRequirementControlImplementation" - } - } - } - }, - "handler.GenericDataListResponse-oscalTypes_1_1_3_Import": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Import" - } - } - } - }, - "handler.GenericDataListResponse-oscalTypes_1_1_3_ImportComponentDefinition": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ImportComponentDefinition" - } - } - } - }, - "handler.GenericDataListResponse-oscalTypes_1_1_3_IncorporatesComponent": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.IncorporatesComponent" - } - } - } - }, - "handler.GenericDataListResponse-oscalTypes_1_1_3_InventoryItem": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.InventoryItem" - } - } - } - }, - "handler.GenericDataListResponse-oscalTypes_1_1_3_LeveragedAuthorization": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.LeveragedAuthorization" - } - } - } - }, - "handler.GenericDataListResponse-oscalTypes_1_1_3_Observation": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Observation" - } - } - } - }, - "handler.GenericDataListResponse-oscalTypes_1_1_3_Party": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Party" - } - } - } - }, - "handler.GenericDataListResponse-oscalTypes_1_1_3_PlanOfActionAndMilestones": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.PlanOfActionAndMilestones" - } - } - } - }, - "handler.GenericDataListResponse-oscalTypes_1_1_3_PoamItem": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.PoamItem" - } - } - } - }, - "handler.GenericDataListResponse-oscalTypes_1_1_3_Resource": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Resource" - } - } - } - }, - "handler.GenericDataListResponse-oscalTypes_1_1_3_Result": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Result" - } - } - } - }, - "handler.GenericDataListResponse-oscalTypes_1_1_3_Risk": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Risk" - } - } - } - }, - "handler.GenericDataListResponse-oscalTypes_1_1_3_Role": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Role" - } - } - } - }, - "handler.GenericDataListResponse-oscalTypes_1_1_3_SystemComponent": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.SystemComponent" - } - } - } - }, - "handler.GenericDataListResponse-oscalTypes_1_1_3_SystemSecurityPlan": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.SystemSecurityPlan" - } - } - } - }, - "handler.GenericDataListResponse-oscalTypes_1_1_3_SystemUser": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.SystemUser" - } - } - } - }, - "handler.GenericDataListResponse-oscal_InventoryItemWithSource": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "type": "array", - "items": { - "$ref": "#/definitions/oscal.InventoryItemWithSource" - } - } - } - }, - "handler.GenericDataListResponse-oscal_ProfileHandler": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "type": "array", - "items": { - "$ref": "#/definitions/oscal.ProfileHandler" - } - } - } - }, - "handler.GenericDataListResponse-relational_Evidence": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "type": "array", - "items": { - "$ref": "#/definitions/relational.Evidence" - } - } - } - }, - "handler.GenericDataListResponse-relational_SystemComponentSuggestion": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "type": "array", - "items": { - "$ref": "#/definitions/relational.SystemComponentSuggestion" - } - } - } - }, - "handler.GenericDataListResponse-relational_User": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "type": "array", - "items": { - "$ref": "#/definitions/relational.User" - } - } - } - }, - "handler.GenericDataResponse-array_oscalTypes_1_1_3_AssessmentAssets": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentAssets" - } - } - } - }, - "handler.GenericDataResponse-array_oscalTypes_1_1_3_AssessmentSubject": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentSubject" - } - } - } - }, - "handler.GenericDataResponse-array_oscalTypes_1_1_3_Task": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Task" - } - } - } - }, - "handler.GenericDataResponse-auth_AuthHandler": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/auth.AuthHandler" - } - ] - } - } - }, - "handler.GenericDataResponse-digest_EvidenceSummary": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/digest.EvidenceSummary" - } - ] - } - } - }, - "handler.GenericDataResponse-handler_FilterImportResponse": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/handler.FilterImportResponse" - } - ] - } - } - }, - "handler.GenericDataResponse-handler_FilterWithAssociations": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/handler.FilterWithAssociations" - } - ] - } - } - }, - "handler.GenericDataResponse-handler_OscalLikeEvidence": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/handler.OscalLikeEvidence" - } - ] - } - } - }, - "handler.GenericDataResponse-handler_SubscriptionsResponse": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/handler.SubscriptionsResponse" - } - ] - } - } - }, - "handler.GenericDataResponse-handler_riskResponse": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/handler.riskResponse" - } - ] - } - } - }, - "handler.GenericDataResponse-oscalTypes_1_1_3_Activity": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.Activity" - } - ] - } - } - }, - "handler.GenericDataResponse-oscalTypes_1_1_3_AssessmentAssets": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentAssets" - } - ] - } - } - }, - "handler.GenericDataResponse-oscalTypes_1_1_3_AssessmentPlan": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentPlan" - } - ] - } - } - }, - "handler.GenericDataResponse-oscalTypes_1_1_3_AssessmentPlanTermsAndConditions": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentPlanTermsAndConditions" - } - ] - } - } - }, - "handler.GenericDataResponse-oscalTypes_1_1_3_AssessmentResults": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentResults" - } - ] - } - } - }, - "handler.GenericDataResponse-oscalTypes_1_1_3_AssessmentSubject": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentSubject" - } - ] - } - } - }, - "handler.GenericDataResponse-oscalTypes_1_1_3_AttestationStatements": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.AttestationStatements" - } - ] - } - } - }, - "handler.GenericDataResponse-oscalTypes_1_1_3_AuthorizationBoundary": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.AuthorizationBoundary" - } - ] - } - } - }, - "handler.GenericDataResponse-oscalTypes_1_1_3_BackMatter": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.BackMatter" - } - ] - } - } - }, - "handler.GenericDataResponse-oscalTypes_1_1_3_ByComponent": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.ByComponent" - } - ] - } - } - }, - "handler.GenericDataResponse-oscalTypes_1_1_3_Capability": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.Capability" - } - ] - } - } - }, - "handler.GenericDataResponse-oscalTypes_1_1_3_Catalog": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.Catalog" - } - ] - } - } - }, - "handler.GenericDataResponse-oscalTypes_1_1_3_ComponentDefinition": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.ComponentDefinition" - } - ] - } - } - }, - "handler.GenericDataResponse-oscalTypes_1_1_3_Control": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.Control" - } - ] - } - } - }, - "handler.GenericDataResponse-oscalTypes_1_1_3_ControlImplementation": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.ControlImplementation" - } - ] - } - } - }, - "handler.GenericDataResponse-oscalTypes_1_1_3_ControlImplementationSet": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.ControlImplementationSet" - } - ] - } - } - }, - "handler.GenericDataResponse-oscalTypes_1_1_3_DataFlow": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.DataFlow" - } - ] - } - } - }, - "handler.GenericDataResponse-oscalTypes_1_1_3_DefinedComponent": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.DefinedComponent" - } - ] - } - } - }, - "handler.GenericDataResponse-oscalTypes_1_1_3_Diagram": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.Diagram" - } - ] - } - } - }, - "handler.GenericDataResponse-oscalTypes_1_1_3_Finding": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.Finding" - } - ] - } - } - }, - "handler.GenericDataResponse-oscalTypes_1_1_3_Group": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.Group" - } - ] - } - } - }, - "handler.GenericDataResponse-oscalTypes_1_1_3_ImplementedRequirement": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.ImplementedRequirement" - } - ] - } - } - }, - "handler.GenericDataResponse-oscalTypes_1_1_3_Import": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.Import" - } - ] - } - } - }, - "handler.GenericDataResponse-oscalTypes_1_1_3_ImportAp": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.ImportAp" - } - ] - } - } - }, - "handler.GenericDataResponse-oscalTypes_1_1_3_ImportProfile": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.ImportProfile" - } - ] - } - } - }, - "handler.GenericDataResponse-oscalTypes_1_1_3_ImportSsp": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.ImportSsp" - } - ] - } - } - }, - "handler.GenericDataResponse-oscalTypes_1_1_3_InventoryItem": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.InventoryItem" - } - ] - } - } - }, - "handler.GenericDataResponse-oscalTypes_1_1_3_LeveragedAuthorization": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.LeveragedAuthorization" - } - ] - } - } - }, - "handler.GenericDataResponse-oscalTypes_1_1_3_LocalDefinitions": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.LocalDefinitions" - } - ] - } - } - }, - "handler.GenericDataResponse-oscalTypes_1_1_3_Merge": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.Merge" - } - ] - } - } - }, - "handler.GenericDataResponse-oscalTypes_1_1_3_Metadata": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.Metadata" - } - ] - } - } - }, - "handler.GenericDataResponse-oscalTypes_1_1_3_Modify": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.Modify" - } - ] - } - } - }, - "handler.GenericDataResponse-oscalTypes_1_1_3_NetworkArchitecture": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.NetworkArchitecture" - } - ] - } - } - }, - "handler.GenericDataResponse-oscalTypes_1_1_3_Observation": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.Observation" - } - ] - } - } - }, - "handler.GenericDataResponse-oscalTypes_1_1_3_Party": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.Party" - } - ] - } - } - }, - "handler.GenericDataResponse-oscalTypes_1_1_3_PlanOfActionAndMilestones": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.PlanOfActionAndMilestones" - } - ] - } - } - }, - "handler.GenericDataResponse-oscalTypes_1_1_3_PlanOfActionAndMilestonesLocalDefinitions": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.PlanOfActionAndMilestonesLocalDefinitions" - } - ] - } - } - }, - "handler.GenericDataResponse-oscalTypes_1_1_3_PoamItem": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.PoamItem" - } - ] - } - } - }, - "handler.GenericDataResponse-oscalTypes_1_1_3_Profile": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.Profile" - } - ] - } - } - }, - "handler.GenericDataResponse-oscalTypes_1_1_3_Resource": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.Resource" - } - ] - } - } - }, - "handler.GenericDataResponse-oscalTypes_1_1_3_Result": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.Result" - } - ] - } - } - }, - "handler.GenericDataResponse-oscalTypes_1_1_3_Risk": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.Risk" - } - ] - } - } - }, - "handler.GenericDataResponse-oscalTypes_1_1_3_Role": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.Role" - } - ] - } - } - }, - "handler.GenericDataResponse-oscalTypes_1_1_3_Statement": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.Statement" - } - ] - } - } - }, - "handler.GenericDataResponse-oscalTypes_1_1_3_SystemCharacteristics": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.SystemCharacteristics" - } - ] - } - } - }, - "handler.GenericDataResponse-oscalTypes_1_1_3_SystemComponent": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.SystemComponent" - } - ] - } - } - }, - "handler.GenericDataResponse-oscalTypes_1_1_3_SystemId": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.SystemId" - } - ] - } - } - }, - "handler.GenericDataResponse-oscalTypes_1_1_3_SystemImplementation": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.SystemImplementation" - } - ] - } - } - }, - "handler.GenericDataResponse-oscalTypes_1_1_3_SystemSecurityPlan": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.SystemSecurityPlan" - } - ] - } - } - }, - "handler.GenericDataResponse-oscalTypes_1_1_3_SystemUser": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.SystemUser" - } - ] - } - } - }, - "handler.GenericDataResponse-oscalTypes_1_1_3_Task": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.Task" - } - ] - } - } - }, - "handler.GenericDataResponse-oscal_BuildByPropsResponse": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscal.BuildByPropsResponse" - } - ] - } - } - }, - "handler.GenericDataResponse-oscal_ImportResponse": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscal.ImportResponse" - } - ] - } - } - }, - "handler.GenericDataResponse-oscal_InventoryItemWithSource": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscal.InventoryItemWithSource" - } - ] - } - } - }, - "handler.GenericDataResponse-oscal_ProfileComplianceProgress": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscal.ProfileComplianceProgress" - } - ] - } - } - }, - "handler.GenericDataResponse-oscal_ProfileHandler": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscal.ProfileHandler" - } - ] - } - } - }, - "handler.GenericDataResponse-relational_Evidence": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/relational.Evidence" - } - ] - } - } - }, - "handler.GenericDataResponse-relational_Filter": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/relational.Filter" - } - ] - } - } - }, - "handler.GenericDataResponse-relational_User": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/relational.User" - } - ] - } - } - }, - "handler.GenericDataResponse-risks_RiskComponentLink": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/risks.RiskComponentLink" - } - ] - } - } - }, - "handler.GenericDataResponse-risks_RiskControlLink": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/risks.RiskControlLink" - } - ] - } - } - }, - "handler.GenericDataResponse-risks_RiskEvidenceLink": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/risks.RiskEvidenceLink" - } - ] - } - } - }, - "handler.GenericDataResponse-risks_RiskSubjectLink": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/risks.RiskSubjectLink" - } - ] - } - } - }, - "handler.GenericDataResponse-string": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "type": "string" - } - } - }, - "handler.HeartbeatCreateRequest": { - "type": "object", - "required": [ - "created_at", - "uuid" - ], - "properties": { - "created_at": { - "type": "string" - }, - "uuid": { - "type": "string" - } - } - }, - "handler.OscalLikeEvidence": { - "type": "object", - "properties": { - "activities": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Activity" - } - }, - "back-matter": { - "$ref": "#/definitions/oscalTypes_1_1_3.BackMatter" - }, - "components": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.SystemComponent" - } - }, - "description": { - "type": "string" - }, - "end": { - "type": "string" - }, - "expires": { - "type": "string" - }, - "id": { - "type": "string" - }, - "inventory-items": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.InventoryItem" - } - }, - "labels": { - "description": "Assigning labels to Evidence makes it searchable and easily usable in the UI", - "type": "array", - "items": { - "$ref": "#/definitions/relational.Labels" - } - }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" - } - }, - "origins": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Origin" - } - }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" - } - }, - "remarks": { - "type": "string" - }, - "start": { - "description": "When did we start collecting the evidence, and when did the process end, and how long is it valid for ?", - "type": "string" - }, - "status": { - "$ref": "#/definitions/oscalTypes_1_1_3.ObjectiveStatus" - }, - "subjects": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentSubject" - } - }, - "title": { - "type": "string" - }, - "uuid": { - "description": "UUID needs to remain consistent when automation runs again, but unique for each subject.\nIt represents the \"stream\" of the same observation being made over time.", - "type": "string" - } - } - }, - "handler.OverTime.HeartbeatInterval": { - "type": "object", - "properties": { - "interval": { - "type": "string" - }, - "total": { - "type": "integer" - } - } - }, - "handler.StatusInterval": { - "type": "object", - "properties": { - "interval": { - "type": "string" - }, - "statuses": { - "type": "array", - "items": { - "$ref": "#/definitions/evidence.StatusCount" - } - } - } - }, - "handler.SubscriptionsResponse": { - "type": "object", - "properties": { - "subscribed": { - "type": "boolean" - }, - "taskAvailableEmailSubscribed": { - "type": "boolean" - }, - "taskDailyDigestSubscribed": { - "type": "boolean" - } - } - }, - "handler.UpdateSubscriptionsRequest": { - "type": "object", - "properties": { - "subscribed": { - "type": "boolean" - }, - "taskAvailableEmailSubscribed": { - "type": "boolean" - }, - "taskDailyDigestSubscribed": { - "type": "boolean" - } - } - }, - "handler.UserHandler": { - "type": "object" - }, - "handler.acceptRiskRequest": { - "type": "object", - "properties": { - "justification": { - "type": "string" - }, - "reviewDeadline": { - "type": "string" - } - } - }, - "handler.addComponentLinkRequest": { - "type": "object", - "properties": { - "componentId": { - "type": "string" - } - } - }, - "handler.addControlLinkRequest": { - "type": "object", - "properties": { - "catalogId": { - "type": "string" - }, - "controlId": { - "type": "string" - } - } - }, - "handler.addEvidenceLinkRequest": { - "type": "object", - "properties": { - "evidenceId": { - "type": "string" - } - } - }, - "handler.addSubjectLinkRequest": { - "type": "object", - "properties": { - "subjectId": { - "type": "string" - } - } - }, - "handler.createFilterRequest": { - "type": "object", - "required": [ - "filter", - "name" - ], - "properties": { - "components": { - "type": "array", - "items": { - "type": "string" - } - }, - "controls": { - "type": "array", - "items": { - "type": "string" - } - }, - "filter": { - "$ref": "#/definitions/labelfilter.Filter" - }, - "name": { - "type": "string" - } - } - }, - "handler.createRiskRequest": { - "type": "object", - "properties": { - "acceptanceJustification": { - "type": "string" - }, - "description": { - "type": "string" - }, - "impact": { - "type": "string" - }, - "lastReviewedAt": { - "type": "string" - }, - "likelihood": { - "type": "string" - }, - "ownerAssignments": { - "type": "array", - "items": { - "$ref": "#/definitions/handler.riskOwnerAssignmentRequest" - } - }, - "primaryOwnerUserId": { - "type": "string" - }, - "reviewDeadline": { - "type": "string" - }, - "riskTemplateId": { - "type": "string" - }, - "sspId": { - "type": "string" - }, - "status": { - "type": "string" - }, - "title": { - "type": "string" - } - } - }, - "handler.reviewRiskRequest": { - "type": "object", - "properties": { - "decision": { - "type": "string" - }, - "nextReviewDeadline": { - "type": "string" - }, - "notes": { - "type": "string" - }, - "reviewedAt": { - "type": "string" - } - } - }, - "handler.riskControlLinkResponse": { - "type": "object", - "properties": { - "catalogId": { - "type": "string" - }, - "controlId": { - "type": "string" - } - } - }, - "handler.riskOwnerAssignmentRequest": { - "type": "object", - "properties": { - "isPrimary": { - "type": "boolean" - }, - "ownerKind": { - "type": "string" - }, - "ownerRef": { - "type": "string" - } - } - }, - "handler.riskOwnerAssignmentResponse": { - "type": "object", - "properties": { - "isPrimary": { - "type": "boolean" - }, - "ownerKind": { - "type": "string" - }, - "ownerRef": { - "type": "string" - } - } - }, - "handler.riskResponse": { - "type": "object", - "properties": { - "acceptanceJustification": { - "type": "string" - }, - "componentIds": { - "type": "array", - "items": { - "type": "string" - } - }, - "controlLinks": { - "type": "array", - "items": { - "$ref": "#/definitions/handler.riskControlLinkResponse" - } - }, - "createdAt": { - "type": "string" - }, - "dedupeKey": { - "type": "string" - }, - "description": { - "type": "string" - }, - "evidenceIds": { - "type": "array", - "items": { - "type": "string" - } - }, - "firstSeenAt": { - "type": "string" - }, - "id": { - "type": "string" - }, - "impact": { - "type": "string" - }, - "lastReviewedAt": { - "type": "string" - }, - "lastSeenAt": { - "type": "string" - }, - "likelihood": { - "type": "string" - }, - "ownerAssignments": { - "type": "array", - "items": { - "$ref": "#/definitions/handler.riskOwnerAssignmentResponse" - } - }, - "primaryOwnerUserId": { - "type": "string" - }, - "reviewDeadline": { - "type": "string" - }, - "riskTemplateId": { - "type": "string" - }, - "sourceType": { - "type": "string" - }, - "sspId": { - "type": "string" - }, - "status": { - "type": "string" - }, - "subjectIds": { - "type": "array", - "items": { - "type": "string" - } - }, - "title": { - "type": "string" - }, - "updatedAt": { - "type": "string" - } - } + "auth.AuthHandler": { + "type": "object" }, - "handler.updateRiskRequest": { + "authn.JWK": { "type": "object", "properties": { - "acceptanceJustification": { - "type": "string" - }, - "description": { - "type": "string" - }, - "impact": { - "type": "string" - }, - "lastReviewedAt": { - "type": "string" - }, - "likelihood": { - "type": "string" - }, - "ownerAssignments": { - "type": "array", - "items": { - "$ref": "#/definitions/handler.riskOwnerAssignmentRequest" - } - }, - "primaryOwnerUserId": { + "alg": { "type": "string" }, - "reviewDeadline": { + "e": { "type": "string" }, - "reviewJustification": { + "kid": { "type": "string" }, - "riskTemplateId": { + "kty": { "type": "string" }, - "status": { + "n": { "type": "string" }, - "title": { + "use": { "type": "string" } } }, - "labelfilter.Condition": { - "type": "object", - "properties": { - "label": { - "description": "Label name (e.g., \"type\", \"group\", \"app\").", - "type": "string" - }, - "operator": { - "description": "Operator (e.g., \"=\", \"!=\", etc.).", - "type": "string" - }, - "value": { - "description": "Value for the condition (e.g., \"ssh\", \"prod\").", - "type": "string" - } - } + "datatypes.JSONType-labelfilter_Filter": { + "type": "object" }, - "labelfilter.Filter": { - "type": "object", - "properties": { - "scope": { - "$ref": "#/definitions/labelfilter.Scope" - } - } + "datatypes.JSONType-oscalTypes_1_1_3_ObjectiveStatus": { + "type": "object" }, - "labelfilter.Query": { - "type": "object", - "properties": { - "operator": { - "description": "Logical operator (e.g., \"AND\", \"OR\").", - "type": "string" - }, - "scopes": { - "description": "Scopes can be either `Condition` or nested `Query`.", - "type": "array", - "items": { - "$ref": "#/definitions/labelfilter.Scope" - } - } - } + "datatypes.JSONType-relational_Address": { + "type": "object" }, - "labelfilter.Scope": { - "type": "object", - "properties": { - "condition": { - "$ref": "#/definitions/labelfilter.Condition" - }, - "query": { - "$ref": "#/definitions/labelfilter.Query" - } - } + "datatypes.JSONType-relational_Base64": { + "type": "object" }, - "oscal.BuildByPropsRequest": { - "type": "object", - "required": [ - "catalog-id", - "match-strategy", - "rules", - "title" - ], - "properties": { - "catalog-id": { - "type": "string", - "example": "9b0c9c43-2722-4bbb-b132-13d34fb94d45" - }, - "match-strategy": { - "allOf": [ - { - "$ref": "#/definitions/oscal.MatchStrategy" - } - ], - "example": "all" - }, - "rules": { - "type": "array", - "minItems": 1, - "items": { - "$ref": "#/definitions/oscal.rule" - } - }, - "title": { - "type": "string", - "example": "My Custom Profile" - }, - "version": { - "type": "string", - "example": "1.0.0" - } - } + "datatypes.JSONType-relational_Citation": { + "type": "object" }, - "oscal.BuildByPropsResponse": { - "type": "object", - "properties": { - "control-ids": { - "type": "array", - "items": { - "type": "string" - } - }, - "profile": { - "$ref": "#/definitions/oscalTypes_1_1_3.Profile" - }, - "profile-id": { - "type": "string" - } - } + "datatypes.JSONType-relational_ImplementationStatus": { + "type": "object" }, - "oscal.CreateInventoryItemRequest": { - "type": "object", - "properties": { - "destination": { - "description": "\"ssp\", \"poam\", or \"unattached\"", - "type": "string" - }, - "destination_id": { - "type": "string" - }, - "inventory_item": { - "$ref": "#/definitions/oscalTypes_1_1_3.InventoryItem" - } - } + "datatypes.JSONType-relational_IncludeAll": { + "type": "object" }, - "oscal.ImportFileResult": { - "type": "object", - "properties": { - "filename": { - "type": "string" - }, - "message": { - "type": "string" - }, - "success": { - "type": "boolean" - }, - "title": { - "type": "string" - }, - "type": { - "type": "string" - } - } + "datatypes.JSONType-relational_ParameterSelection": { + "type": "object" }, - "oscal.ImportResponse": { - "type": "object", - "properties": { - "failed_count": { - "type": "integer" - }, - "results": { - "type": "array", - "items": { - "$ref": "#/definitions/oscal.ImportFileResult" - } - }, - "successful_count": { - "type": "integer" - }, - "total_files": { - "type": "integer" - } - } + "datatypes.JSONType-relational_SystemComponentStatus": { + "type": "object" }, - "oscal.InventoryItemWithSource": { + "digest.EvidenceItem": { "type": "object", "properties": { - "description": { - "type": "string" - }, - "implemented-components": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ImplementedComponent" - } - }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" - } + "description": { + "type": "string" }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" - } + "expiresAt": { + "description": "Formatted expiration date string (empty if no expiration)", + "type": "string" }, - "remarks": { + "id": { "type": "string" }, - "responsible-parties": { + "labels": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleParty" + "type": "string" } }, - "source": { - "type": "string" - }, - "source_id": { + "status": { "type": "string" }, - "source_type": { + "title": { "type": "string" }, "uuid": { @@ -24846,191 +16647,139 @@ } } }, - "oscal.MatchStrategy": { - "type": "string", - "enum": [ - "all", - "any" - ], - "x-enum-varnames": [ - "MatchStrategyAll", - "MatchStrategyAny" - ] - }, - "oscal.ProfileComplianceControl": { + "digest.EvidenceSummary": { "type": "object", "properties": { - "catalogId": { - "type": "string" - }, - "computedStatus": { - "type": "string" + "expiredCount": { + "type": "integer", + "format": "int64" }, - "controlId": { - "type": "string" + "notSatisfiedCount": { + "type": "integer", + "format": "int64" }, - "groupId": { - "type": "string" + "otherCount": { + "type": "integer", + "format": "int64" }, - "groupTitle": { - "type": "string" + "satisfiedCount": { + "type": "integer", + "format": "int64" }, - "implemented": { - "type": "boolean" + "topExpired": { + "description": "Top items for the digest email", + "type": "array", + "items": { + "$ref": "#/definitions/digest.EvidenceItem" + } }, - "statusCounts": { + "topNotSatisfied": { "type": "array", "items": { - "$ref": "#/definitions/oscal.ProfileComplianceStatusCount" + "$ref": "#/definitions/digest.EvidenceItem" } }, - "title": { - "type": "string" + "totalCount": { + "type": "integer", + "format": "int64" } } }, - "oscal.ProfileComplianceGroup": { + "gorm.DeletedAt": { "type": "object", "properties": { - "compliancePercent": { - "type": "integer" - }, - "id": { - "type": "string" - }, - "notSatisfied": { - "type": "integer" - }, - "satisfied": { - "type": "integer" - }, - "title": { + "time": { "type": "string" }, - "totalControls": { - "type": "integer" - }, - "unknown": { - "type": "integer" + "valid": { + "description": "Valid is true if Time is not NULL", + "type": "boolean" } } }, - "oscal.ProfileComplianceImplementation": { + "handler.ComplianceByControl.StatusCount": { "type": "object", "properties": { - "implementationPercent": { - "type": "integer" - }, - "implementedControls": { + "count": { "type": "integer" }, - "unimplementedControls": { - "type": "integer" + "status": { + "type": "string" } } }, - "oscal.ProfileComplianceProgress": { + "handler.EvidenceActivity": { "type": "object", "properties": { - "controls": { + "description": { + "type": "string" + }, + "links": { "type": "array", "items": { - "$ref": "#/definitions/oscal.ProfileComplianceControl" + "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, - "groups": { + "props": { "type": "array", "items": { - "$ref": "#/definitions/oscal.ProfileComplianceGroup" + "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, - "implementation": { - "$ref": "#/definitions/oscal.ProfileComplianceImplementation" - }, - "scope": { - "$ref": "#/definitions/oscal.ProfileComplianceScope" - }, - "summary": { - "$ref": "#/definitions/oscal.ProfileComplianceSummary" - } - } - }, - "oscal.ProfileComplianceScope": { - "type": "object", - "properties": { - "id": { + "remarks": { "type": "string" }, + "steps": { + "type": "array", + "items": { + "$ref": "#/definitions/handler.EvidenceActivityStep" + } + }, "title": { "type": "string" }, - "type": { + "uuid": { "type": "string" } } }, - "oscal.ProfileComplianceStatusCount": { + "handler.EvidenceActivityStep": { "type": "object", "properties": { - "count": { - "type": "integer" - }, - "status": { + "description": { "type": "string" - } - } - }, - "oscal.ProfileComplianceSummary": { - "type": "object", - "properties": { - "assessedPercent": { - "type": "integer" - }, - "compliancePercent": { - "type": "integer" }, - "implementedControls": { - "type": "integer" + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Link" + } }, - "notSatisfied": { - "type": "integer" + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Property" + } }, - "satisfied": { - "type": "integer" + "remarks": { + "type": "string" }, - "totalControls": { - "type": "integer" + "title": { + "type": "string" }, - "unknown": { - "type": "integer" + "uuid": { + "type": "string" } } }, - "oscal.ProfileHandler": { - "type": "object" - }, - "oscal.RuleOperator": { - "type": "string", - "enum": [ - "equals", - "contains", - "regex", - "in" - ], - "x-enum-varnames": [ - "RuleOperatorEquals", - "RuleOperatorContains", - "RuleOperatorRegex", - "RuleOperatorIn" - ] - }, - "oscal.SystemComponentRequest": { + "handler.EvidenceComponent": { "type": "object", "properties": { - "definedComponentId": { + "description": { "type": "string" }, - "description": { + "identifier": { + "description": "components/common/ssh\ncomponents/common/github-repository\ncomponents/common/github-organisation\ncomponents/common/ubuntu-22\ncomponents/internal/auth-policy", "type": "string" }, "links": { @@ -25057,67 +16806,70 @@ "remarks": { "type": "string" }, - "responsible-roles": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleRole" - } - }, - "status": { - "$ref": "#/definitions/oscalTypes_1_1_3.SystemComponentStatus" - }, "title": { "type": "string" }, "type": { - "type": "string" - }, - "uuid": { + "description": "Software\nService", "type": "string" } } }, - "oscal.rule": { + "handler.EvidenceCreateRequest": { "type": "object", - "required": [ - "operator", - "value" - ], "properties": { - "name": { - "type": "string", - "example": "class" + "activities": { + "description": "What steps did we take to create this evidence", + "type": "array", + "items": { + "$ref": "#/definitions/handler.EvidenceActivity" + } }, - "ns": { - "type": "string", - "example": "http://csrc.nist.gov/ns/oscal" + "back-matter": { + "$ref": "#/definitions/oscalTypes_1_1_3.BackMatter" }, - "operator": { - "allOf": [ - { - "$ref": "#/definitions/oscal.RuleOperator" - } - ], - "example": "equals" + "components": { + "description": "Which components of the subject are being observed. A tool, user, policy etc.", + "type": "array", + "items": { + "$ref": "#/definitions/handler.EvidenceComponent" + } }, - "value": { - "type": "string", - "example": "technical" - } - } - }, - "oscalTypes_1_1_3.Action": { - "type": "object", - "properties": { - "date": { + "description": { + "type": "string" + }, + "end": { + "type": "string" + }, + "expires": { "type": "string" }, + "inventoryItems": { + "type": "array", + "items": { + "$ref": "#/definitions/handler.EvidenceInventoryItem" + } + }, + "labels": { + "description": "Assigning labels to Evidence makes it searchable and easily usable in the UI", + "type": "object", + "additionalProperties": { + "type": "string" + } + }, "links": { "type": "array", "items": { "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, + "origins": { + "description": "Who or What is generating this evidence", + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Origin" + } + }, "props": { "type": "array", "items": { @@ -25127,29 +16879,55 @@ "remarks": { "type": "string" }, - "responsible-parties": { + "start": { + "description": "When did we start collecting the evidence, and when did the process end, and how long is it valid for ?", + "type": "string" + }, + "status": { + "description": "Did we satisfy what was being tested for, or did we fail ?", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.ObjectiveStatus" + } + ] + }, + "subjects": { + "description": "Who or What are we providing evidence for. What's under test.", "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleParty" - } - }, - "system": { - "type": "string" + "$ref": "#/definitions/handler.EvidenceSubject" + } }, - "type": { + "title": { "type": "string" }, "uuid": { + "description": "UUID needs to remain consistent for a piece of evidence being collected periodically.\nIt represents the \"stream\" of the same observation being made over time.\nFor the same checks, performed on the same machine, the UUID for each check should remain the same.\nFor the same check, performed on two different machines, the UUID should differ.", "type": "string" } } }, - "oscalTypes_1_1_3.Activity": { + "handler.EvidenceInventoryItem": { "type": "object", "properties": { "description": { "type": "string" }, + "identifier": { + "description": "user/chris@linguine.tech\noperating-system/ubuntu/22.4\nweb-server/ec2/i-12345", + "type": "string" + }, + "implementedComponents": { + "type": "array", + "items": { + "type": "object", + "properties": { + "identifier": { + "type": "string" + } + } + } + }, "links": { "type": "array", "items": { @@ -25162,36 +16940,25 @@ "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, - "related-controls": { - "$ref": "#/definitions/oscalTypes_1_1_3.ReviewedControls" - }, "remarks": { "type": "string" }, - "responsible-roles": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleRole" - } - }, - "steps": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Step" - } - }, "title": { "type": "string" }, - "uuid": { + "type": { + "description": "\"operating-system\"\tdescription=\"System software that manages computer hardware, software resources, and provides common services for computer programs.\"\n\"database\"\t\t\tdescription=\"An electronic collection of data, or information, that is specially organized for rapid search and retrieval.\"\n\"web-server\"\t\t\tdescription=\"A system that delivers content or services to end users over the Internet or an intranet.\"\n\"dns-server\"\t\t\tdescription=\"A system that resolves domain names to internet protocol (IP) addresses.\"\n\"email-server\"\t\tdescription=\"A computer system that sends and receives electronic mail messages.\"\n\"directory-server\"\tdescription=\"A system that stores, organizes and provides access to directory information in order to unify network resources.\"\n\"pbx\"\t\t\t\tdescription=\"A private branch exchange (PBX) provides a a private telephone switchboard.\"\n\"firewall\"\t\t\tdescription=\"A network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules.\"\n\"router\"\t\t\t\tdescription=\"A physical or virtual networking device that forwards data packets between computer networks.\"\n\"switch\"\t\t\t\tdescription=\"A physical or virtual networking device that connects devices within a computer network by using packet switching to receive and forward data to the destination device.\"\n\"storage-array\"\t\tdescription=\"A consolidated, block-level data storage capability.\"\n\"appliance\"\t\t\tdescription=\"A physical or virtual machine that centralizes hardware, software, or services for a specific purpose.\"", "type": "string" } } }, - "oscalTypes_1_1_3.Addition": { + "handler.EvidenceSubject": { "type": "object", "properties": { - "by-id": { + "description": { + "type": "string" + }, + "identifier": { "type": "string" }, "links": { @@ -25200,507 +16967,478 @@ "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, - "params": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Parameter" - } - }, - "parts": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Part" - } - }, - "position": { - "type": "string" - }, "props": { "type": "array", "items": { "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, - "title": { + "remarks": { + "type": "string" + }, + "type": { + "description": "InventoryItem\nComponent", "type": "string" } } }, - "oscalTypes_1_1_3.Address": { + "handler.FilterImportFileResult": { "type": "object", "properties": { - "addr-lines": { - "type": "array", - "items": { - "type": "string" - } - }, - "city": { - "type": "string" - }, - "country": { - "type": "string" + "count": { + "type": "integer" }, - "postal-code": { + "filename": { "type": "string" }, - "state": { + "message": { "type": "string" }, - "type": { - "type": "string" + "success": { + "type": "boolean" } } }, - "oscalTypes_1_1_3.Alteration": { + "handler.FilterImportResponse": { "type": "object", "properties": { - "adds": { + "failed_count": { + "type": "integer" + }, + "results": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Addition" + "$ref": "#/definitions/handler.FilterImportFileResult" } }, - "control-id": { - "type": "string" + "successful_count": { + "type": "integer" }, - "removes": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Removal" - } + "total_dashboards": { + "type": "integer" + }, + "total_files": { + "type": "integer" } } }, - "oscalTypes_1_1_3.AssessedControls": { + "handler.FilterWithAssociations": { "type": "object", "properties": { - "description": { - "type": "string" - }, - "exclude-controls": { + "components": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.AssessedControlsSelectControlById" + "$ref": "#/definitions/oscalTypes_1_1_3.SystemComponent" } }, - "include-all": { - "$ref": "#/definitions/oscalTypes_1_1_3.IncludeAll" - }, - "include-controls": { + "controls": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.AssessedControlsSelectControlById" + "$ref": "#/definitions/oscalTypes_1_1_3.Control" } }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" - } + "filter": { + "$ref": "#/definitions/datatypes.JSONType-labelfilter_Filter" }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" - } + "id": { + "type": "string" }, - "remarks": { + "name": { "type": "string" } } }, - "oscalTypes_1_1_3.AssessedControlsSelectControlById": { + "handler.ForControl.EvidenceDataListResponse": { "type": "object", "properties": { - "control-id": { - "type": "string" - }, - "statement-ids": { + "data": { + "description": "Items from the list response", "type": "array", "items": { - "type": "string" + "$ref": "#/definitions/handler.OscalLikeEvidence" } + }, + "metadata": { + "$ref": "#/definitions/handler.ForControl.responseMetadata" } } }, - "oscalTypes_1_1_3.AssessmentAssets": { + "handler.ForControl.responseMetadata": { "type": "object", "properties": { - "assessment-platforms": { + "control": { + "$ref": "#/definitions/oscalTypes_1_1_3.Control" + } + } + }, + "handler.GenericDataListResponse-array_oscalTypes_1_1_3_Control": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentPlatform" + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Control" + } } - }, - "components": { + } + } + }, + "handler.GenericDataListResponse-handler_ComplianceByControl_StatusCount": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.SystemComponent" + "$ref": "#/definitions/handler.ComplianceByControl.StatusCount" } } } }, - "oscalTypes_1_1_3.AssessmentLog": { + "handler.GenericDataListResponse-handler_FilterWithAssociations": { "type": "object", "properties": { - "entries": { + "data": { + "description": "Items from the list response", "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentLogEntry" + "$ref": "#/definitions/handler.FilterWithAssociations" } } } }, - "oscalTypes_1_1_3.AssessmentLogEntry": { + "handler.GenericDataListResponse-handler_OscalLikeEvidence": { "type": "object", "properties": { - "description": { - "type": "string" - }, - "end": { - "type": "string" - }, - "links": { + "data": { + "description": "Items from the list response", "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" + "$ref": "#/definitions/handler.OscalLikeEvidence" } - }, - "logged-by": { + } + } + }, + "handler.GenericDataListResponse-handler_OverTime_HeartbeatInterval": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.LoggedBy" + "$ref": "#/definitions/handler.OverTime.HeartbeatInterval" } - }, - "props": { + } + } + }, + "handler.GenericDataListResponse-handler_StatusInterval": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" + "$ref": "#/definitions/handler.StatusInterval" } - }, - "related-tasks": { + } + } + }, + "handler.GenericDataListResponse-oscalTypes_1_1_3_AssessmentPlan": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.RelatedTask" - } - }, - "remarks": { - "type": "string" - }, - "start": { - "type": "string" - }, - "title": { - "type": "string" - }, - "uuid": { - "type": "string" + "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentPlan" + } } } }, - "oscalTypes_1_1_3.AssessmentPart": { + "handler.GenericDataListResponse-oscalTypes_1_1_3_AssessmentResults": { "type": "object", "properties": { - "class": { - "type": "string" - }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" - } - }, - "name": { - "type": "string" - }, - "ns": { - "type": "string" - }, - "parts": { + "data": { + "description": "Items from the list response", "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentPart" + "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentResults" } - }, - "props": { + } + } + }, + "handler.GenericDataListResponse-oscalTypes_1_1_3_AssociatedActivity": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" + "$ref": "#/definitions/oscalTypes_1_1_3.AssociatedActivity" } - }, - "prose": { - "type": "string" - }, - "title": { - "type": "string" - }, - "uuid": { - "type": "string" } } }, - "oscalTypes_1_1_3.AssessmentPlan": { + "handler.GenericDataListResponse-oscalTypes_1_1_3_AttestationStatements": { "type": "object", "properties": { - "assessment-assets": { - "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentAssets" - }, - "assessment-subjects": { + "data": { + "description": "Items from the list response", "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentSubject" + "$ref": "#/definitions/oscalTypes_1_1_3.AttestationStatements" } - }, - "back-matter": { - "$ref": "#/definitions/oscalTypes_1_1_3.BackMatter" - }, - "import-ssp": { - "$ref": "#/definitions/oscalTypes_1_1_3.ImportSsp" - }, - "local-definitions": { - "$ref": "#/definitions/oscalTypes_1_1_3.LocalDefinitions" - }, - "metadata": { - "$ref": "#/definitions/oscalTypes_1_1_3.Metadata" - }, - "reviewed-controls": { - "$ref": "#/definitions/oscalTypes_1_1_3.ReviewedControls" - }, - "tasks": { + } + } + }, + "handler.GenericDataListResponse-oscalTypes_1_1_3_Capability": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Task" + "$ref": "#/definitions/oscalTypes_1_1_3.Capability" } - }, - "terms-and-conditions": { - "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentPlanTermsAndConditions" - }, - "uuid": { - "type": "string" } } }, - "oscalTypes_1_1_3.AssessmentPlanTermsAndConditions": { + "handler.GenericDataListResponse-oscalTypes_1_1_3_Catalog": { "type": "object", "properties": { - "parts": { + "data": { + "description": "Items from the list response", "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentPart" + "$ref": "#/definitions/oscalTypes_1_1_3.Catalog" } } } }, - "oscalTypes_1_1_3.AssessmentPlatform": { + "handler.GenericDataListResponse-oscalTypes_1_1_3_ComponentDefinition": { "type": "object", "properties": { - "links": { + "data": { + "description": "Items from the list response", "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" + "$ref": "#/definitions/oscalTypes_1_1_3.ComponentDefinition" } - }, - "props": { + } + } + }, + "handler.GenericDataListResponse-oscalTypes_1_1_3_Control": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" + "$ref": "#/definitions/oscalTypes_1_1_3.Control" } - }, - "remarks": { - "type": "string" - }, - "title": { - "type": "string" - }, - "uses-components": { + } + } + }, + "handler.GenericDataListResponse-oscalTypes_1_1_3_ControlImplementationSet": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.UsesComponent" + "$ref": "#/definitions/oscalTypes_1_1_3.ControlImplementationSet" } - }, - "uuid": { - "type": "string" } } }, - "oscalTypes_1_1_3.AssessmentResults": { + "handler.GenericDataListResponse-oscalTypes_1_1_3_ControlStatementImplementation": { "type": "object", "properties": { - "back-matter": { - "$ref": "#/definitions/oscalTypes_1_1_3.BackMatter" - }, - "import-ap": { - "$ref": "#/definitions/oscalTypes_1_1_3.ImportAp" - }, - "local-definitions": { - "$ref": "#/definitions/oscalTypes_1_1_3.LocalDefinitions" - }, - "metadata": { - "$ref": "#/definitions/oscalTypes_1_1_3.Metadata" - }, - "results": { + "data": { + "description": "Items from the list response", "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Result" + "$ref": "#/definitions/oscalTypes_1_1_3.ControlStatementImplementation" } - }, - "uuid": { - "type": "string" } } }, - "oscalTypes_1_1_3.AssessmentSubject": { + "handler.GenericDataListResponse-oscalTypes_1_1_3_DefinedComponent": { "type": "object", "properties": { - "description": { - "type": "string" - }, - "exclude-subjects": { + "data": { + "description": "Items from the list response", "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.SelectSubjectById" + "$ref": "#/definitions/oscalTypes_1_1_3.DefinedComponent" } - }, - "include-all": { - "$ref": "#/definitions/oscalTypes_1_1_3.IncludeAll" - }, - "include-subjects": { + } + } + }, + "handler.GenericDataListResponse-oscalTypes_1_1_3_Finding": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.SelectSubjectById" + "$ref": "#/definitions/oscalTypes_1_1_3.Finding" } - }, - "links": { + } + } + }, + "handler.GenericDataListResponse-oscalTypes_1_1_3_Group": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" + "$ref": "#/definitions/oscalTypes_1_1_3.Group" } - }, - "props": { + } + } + }, + "handler.GenericDataListResponse-oscalTypes_1_1_3_ImplementedRequirement": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" + "$ref": "#/definitions/oscalTypes_1_1_3.ImplementedRequirement" } - }, - "remarks": { - "type": "string" - }, - "type": { - "type": "string" } } }, - "oscalTypes_1_1_3.AssociatedActivity": { + "handler.GenericDataListResponse-oscalTypes_1_1_3_ImplementedRequirementControlImplementation": { "type": "object", "properties": { - "activity-uuid": { - "type": "string" - }, - "links": { + "data": { + "description": "Items from the list response", "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" + "$ref": "#/definitions/oscalTypes_1_1_3.ImplementedRequirementControlImplementation" } - }, - "props": { + } + } + }, + "handler.GenericDataListResponse-oscalTypes_1_1_3_Import": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" + "$ref": "#/definitions/oscalTypes_1_1_3.Import" } - }, - "remarks": { - "type": "string" - }, - "responsible-roles": { + } + } + }, + "handler.GenericDataListResponse-oscalTypes_1_1_3_ImportComponentDefinition": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleRole" + "$ref": "#/definitions/oscalTypes_1_1_3.ImportComponentDefinition" } - }, - "subjects": { + } + } + }, + "handler.GenericDataListResponse-oscalTypes_1_1_3_IncorporatesComponent": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentSubject" + "$ref": "#/definitions/oscalTypes_1_1_3.IncorporatesComponent" } } } }, - "oscalTypes_1_1_3.AssociatedRisk": { + "handler.GenericDataListResponse-oscalTypes_1_1_3_InventoryItem": { "type": "object", "properties": { - "risk-uuid": { - "type": "string" + "data": { + "description": "Items from the list response", + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.InventoryItem" + } } } }, - "oscalTypes_1_1_3.AttestationStatements": { + "handler.GenericDataListResponse-oscalTypes_1_1_3_LeveragedAuthorization": { "type": "object", "properties": { - "parts": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentPart" - } - }, - "responsible-parties": { + "data": { + "description": "Items from the list response", "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleParty" + "$ref": "#/definitions/oscalTypes_1_1_3.LeveragedAuthorization" } } } }, - "oscalTypes_1_1_3.AuthorizationBoundary": { + "handler.GenericDataListResponse-oscalTypes_1_1_3_Observation": { "type": "object", "properties": { - "description": { - "type": "string" - }, - "diagrams": { + "data": { + "description": "Items from the list response", "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Diagram" + "$ref": "#/definitions/oscalTypes_1_1_3.Observation" } - }, - "links": { + } + } + }, + "handler.GenericDataListResponse-oscalTypes_1_1_3_Party": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" + "$ref": "#/definitions/oscalTypes_1_1_3.Party" } - }, - "props": { + } + } + }, + "handler.GenericDataListResponse-oscalTypes_1_1_3_PlanOfActionAndMilestones": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" + "$ref": "#/definitions/oscalTypes_1_1_3.PlanOfActionAndMilestones" } - }, - "remarks": { - "type": "string" } } }, - "oscalTypes_1_1_3.AuthorizedPrivilege": { + "handler.GenericDataListResponse-oscalTypes_1_1_3_PoamItem": { "type": "object", "properties": { - "description": { - "type": "string" - }, - "functions-performed": { + "data": { + "description": "Items from the list response", "type": "array", "items": { - "type": "string" + "$ref": "#/definitions/oscalTypes_1_1_3.PoamItem" } - }, - "title": { - "type": "string" } } }, - "oscalTypes_1_1_3.BackMatter": { + "handler.GenericDataListResponse-oscalTypes_1_1_3_Resource": { "type": "object", "properties": { - "resources": { + "data": { + "description": "Items from the list response", "type": "array", "items": { "$ref": "#/definitions/oscalTypes_1_1_3.Resource" @@ -25708,1965 +17446,1046 @@ } } }, - "oscalTypes_1_1_3.Base64": { + "handler.GenericDataListResponse-oscalTypes_1_1_3_Result": { "type": "object", "properties": { - "filename": { - "type": "string" - }, - "media-type": { - "type": "string" - }, - "value": { - "type": "string" + "data": { + "description": "Items from the list response", + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Result" + } } } }, - "oscalTypes_1_1_3.ByComponent": { + "handler.GenericDataListResponse-oscalTypes_1_1_3_Risk": { "type": "object", "properties": { - "component-uuid": { - "type": "string" - }, - "description": { - "type": "string" - }, - "export": { - "$ref": "#/definitions/oscalTypes_1_1_3.Export" - }, - "implementation-status": { - "$ref": "#/definitions/oscalTypes_1_1_3.ImplementationStatus" - }, - "inherited": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.InheritedControlImplementation" - } - }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" - } - }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" - } - }, - "remarks": { - "type": "string" - }, - "responsible-roles": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleRole" - } - }, - "satisfied": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.SatisfiedControlImplementationResponsibility" - } - }, - "set-parameters": { + "data": { + "description": "Items from the list response", "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.SetParameter" + "$ref": "#/definitions/oscalTypes_1_1_3.Risk" } - }, - "uuid": { - "type": "string" } } }, - "oscalTypes_1_1_3.Capability": { + "handler.GenericDataListResponse-oscalTypes_1_1_3_Role": { "type": "object", "properties": { - "control-implementations": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ControlImplementationSet" - } - }, - "description": { - "type": "string" - }, - "incorporates-components": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.IncorporatesComponent" - } - }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" - } - }, - "name": { - "type": "string" - }, - "props": { + "data": { + "description": "Items from the list response", "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" + "$ref": "#/definitions/oscalTypes_1_1_3.Role" } - }, - "remarks": { - "type": "string" - }, - "uuid": { - "type": "string" } } }, - "oscalTypes_1_1_3.Catalog": { + "handler.GenericDataListResponse-oscalTypes_1_1_3_SystemComponent": { "type": "object", "properties": { - "back-matter": { - "$ref": "#/definitions/oscalTypes_1_1_3.BackMatter" - }, - "controls": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Control" - } - }, - "groups": { + "data": { + "description": "Items from the list response", "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Group" + "$ref": "#/definitions/oscalTypes_1_1_3.SystemComponent" } - }, - "metadata": { - "$ref": "#/definitions/oscalTypes_1_1_3.Metadata" - }, - "params": { + } + } + }, + "handler.GenericDataListResponse-oscalTypes_1_1_3_SystemSecurityPlan": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Parameter" + "$ref": "#/definitions/oscalTypes_1_1_3.SystemSecurityPlan" } - }, - "uuid": { - "type": "string" } } }, - "oscalTypes_1_1_3.Characterization": { + "handler.GenericDataListResponse-oscalTypes_1_1_3_SystemUser": { "type": "object", "properties": { - "facets": { + "data": { + "description": "Items from the list response", "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Facet" + "$ref": "#/definitions/oscalTypes_1_1_3.SystemUser" } - }, - "links": { + } + } + }, + "handler.GenericDataListResponse-oscal_InventoryItemWithSource": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" + "$ref": "#/definitions/oscal.InventoryItemWithSource" } - }, - "origin": { - "$ref": "#/definitions/oscalTypes_1_1_3.Origin" - }, - "props": { + } + } + }, + "handler.GenericDataListResponse-oscal_ProfileHandler": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" + "$ref": "#/definitions/oscal.ProfileHandler" } } } }, - "oscalTypes_1_1_3.Citation": { + "handler.GenericDataListResponse-relational_Evidence": { "type": "object", "properties": { - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" - } - }, - "props": { + "data": { + "description": "Items from the list response", "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" + "$ref": "#/definitions/relational.Evidence" } - }, - "text": { - "type": "string" } } }, - "oscalTypes_1_1_3.CombinationRule": { + "handler.GenericDataListResponse-relational_User": { "type": "object", "properties": { - "method": { - "type": "string" + "data": { + "description": "Items from the list response", + "type": "array", + "items": { + "$ref": "#/definitions/relational.User" + } } } }, - "oscalTypes_1_1_3.ComponentDefinition": { + "handler.GenericDataResponse-array_oscalTypes_1_1_3_AssessmentAssets": { "type": "object", "properties": { - "back-matter": { - "$ref": "#/definitions/oscalTypes_1_1_3.BackMatter" - }, - "capabilities": { + "data": { + "description": "Items from the list response", "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Capability" + "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentAssets" } - }, - "components": { + } + } + }, + "handler.GenericDataResponse-array_oscalTypes_1_1_3_AssessmentSubject": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.DefinedComponent" + "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentSubject" } - }, - "import-component-definitions": { + } + } + }, + "handler.GenericDataResponse-array_oscalTypes_1_1_3_Task": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ImportComponentDefinition" + "$ref": "#/definitions/oscalTypes_1_1_3.Task" } - }, - "metadata": { - "$ref": "#/definitions/oscalTypes_1_1_3.Metadata" - }, - "uuid": { - "type": "string" } } }, - "oscalTypes_1_1_3.ConstraintTest": { + "handler.GenericDataResponse-auth_AuthHandler": { "type": "object", "properties": { - "expression": { - "type": "string" - }, - "remarks": { - "type": "string" + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/auth.AuthHandler" + } + ] } } }, - "oscalTypes_1_1_3.Control": { + "handler.GenericDataResponse-digest_EvidenceSummary": { "type": "object", "properties": { - "class": { - "type": "string" - }, - "controls": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Control" - } - }, - "id": { - "type": "string" - }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" - } - }, - "params": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Parameter" - } - }, - "parts": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Part" - } - }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" - } - }, - "title": { - "type": "string" + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/digest.EvidenceSummary" + } + ] } } }, - "oscalTypes_1_1_3.ControlImplementation": { + "handler.GenericDataResponse-handler_FilterImportResponse": { "type": "object", "properties": { - "description": { - "type": "string" - }, - "implemented-requirements": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ImplementedRequirement" - } - }, - "set-parameters": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.SetParameter" - } + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/handler.FilterImportResponse" + } + ] } } }, - "oscalTypes_1_1_3.ControlImplementationResponsibility": { + "handler.GenericDataResponse-handler_FilterWithAssociations": { "type": "object", "properties": { - "description": { - "type": "string" - }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" - } - }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" - } - }, - "provided-uuid": { - "type": "string" - }, - "remarks": { - "type": "string" - }, - "responsible-roles": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleRole" - } - }, - "uuid": { - "type": "string" + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/handler.FilterWithAssociations" + } + ] } } }, - "oscalTypes_1_1_3.ControlImplementationSet": { + "handler.GenericDataResponse-handler_OscalLikeEvidence": { "type": "object", "properties": { - "description": { - "type": "string" - }, - "implemented-requirements": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ImplementedRequirementControlImplementation" - } - }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" - } - }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" - } - }, - "set-parameters": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.SetParameter" - } - }, - "source": { - "type": "string" - }, - "uuid": { - "type": "string" + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/handler.OscalLikeEvidence" + } + ] + } + } + }, + "handler.GenericDataResponse-handler_UserHandler": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/handler.UserHandler" + } + ] + } + } + }, + "handler.GenericDataResponse-oscalTypes_1_1_3_Activity": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.Activity" + } + ] } } }, - "oscalTypes_1_1_3.ControlStatementImplementation": { + "handler.GenericDataResponse-oscalTypes_1_1_3_AssessmentAssets": { "type": "object", "properties": { - "description": { - "type": "string" - }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" - } - }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" - } - }, - "remarks": { - "type": "string" - }, - "responsible-roles": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleRole" - } - }, - "statement-id": { - "type": "string" - }, - "uuid": { - "type": "string" + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentAssets" + } + ] } } }, - "oscalTypes_1_1_3.CustomGrouping": { + "handler.GenericDataResponse-oscalTypes_1_1_3_AssessmentPlan": { "type": "object", "properties": { - "groups": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.CustomGroupingGroup" - } - }, - "insert-controls": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.InsertControls" - } + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentPlan" + } + ] } } }, - "oscalTypes_1_1_3.CustomGroupingGroup": { + "handler.GenericDataResponse-oscalTypes_1_1_3_AssessmentPlanTermsAndConditions": { "type": "object", "properties": { - "class": { - "type": "string" - }, - "groups": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.CustomGroupingGroup" - } - }, - "id": { - "type": "string" - }, - "insert-controls": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.InsertControls" - } - }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" - } - }, - "params": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Parameter" - } - }, - "parts": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Part" - } - }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" - } - }, - "title": { - "type": "string" + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentPlanTermsAndConditions" + } + ] } } }, - "oscalTypes_1_1_3.DataFlow": { + "handler.GenericDataResponse-oscalTypes_1_1_3_AssessmentResults": { "type": "object", "properties": { - "description": { - "type": "string" - }, - "diagrams": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Diagram" - } - }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" - } - }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" - } - }, - "remarks": { - "type": "string" + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentResults" + } + ] } } }, - "oscalTypes_1_1_3.DefinedComponent": { + "handler.GenericDataResponse-oscalTypes_1_1_3_AssessmentSubject": { "type": "object", "properties": { - "control-implementations": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ControlImplementationSet" - } - }, - "description": { - "type": "string" - }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" - } - }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" - } - }, - "protocols": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Protocol" - } - }, - "purpose": { - "type": "string" - }, - "remarks": { - "type": "string" - }, - "responsible-roles": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleRole" - } - }, - "title": { - "type": "string" - }, - "type": { - "type": "string" - }, - "uuid": { - "type": "string" + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentSubject" + } + ] } } }, - "oscalTypes_1_1_3.Diagram": { + "handler.GenericDataResponse-oscalTypes_1_1_3_AttestationStatements": { "type": "object", "properties": { - "caption": { - "type": "string" - }, - "description": { - "type": "string" - }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" - } - }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" - } - }, - "remarks": { - "type": "string" - }, - "uuid": { - "type": "string" + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.AttestationStatements" + } + ] } } }, - "oscalTypes_1_1_3.DocumentId": { + "handler.GenericDataResponse-oscalTypes_1_1_3_AuthorizationBoundary": { "type": "object", "properties": { - "identifier": { - "type": "string" - }, - "scheme": { - "type": "string" + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.AuthorizationBoundary" + } + ] } } }, - "oscalTypes_1_1_3.EventTiming": { + "handler.GenericDataResponse-oscalTypes_1_1_3_BackMatter": { "type": "object", "properties": { - "at-frequency": { - "$ref": "#/definitions/oscalTypes_1_1_3.FrequencyCondition" - }, - "on-date": { - "$ref": "#/definitions/oscalTypes_1_1_3.OnDateCondition" - }, - "within-date-range": { - "$ref": "#/definitions/oscalTypes_1_1_3.OnDateRangeCondition" + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.BackMatter" + } + ] } } }, - "oscalTypes_1_1_3.Export": { + "handler.GenericDataResponse-oscalTypes_1_1_3_ByComponent": { "type": "object", "properties": { - "description": { - "type": "string" - }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" - } - }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" - } - }, - "provided": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ProvidedControlImplementation" - } - }, - "remarks": { - "type": "string" - }, - "responsibilities": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ControlImplementationResponsibility" - } + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.ByComponent" + } + ] } } }, - "oscalTypes_1_1_3.Facet": { + "handler.GenericDataResponse-oscalTypes_1_1_3_Capability": { "type": "object", "properties": { - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" - } - }, - "name": { - "type": "string" - }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" - } - }, - "remarks": { - "type": "string" - }, - "system": { - "type": "string" - }, - "value": { - "type": "string" + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.Capability" + } + ] } } }, - "oscalTypes_1_1_3.Finding": { + "handler.GenericDataResponse-oscalTypes_1_1_3_Catalog": { "type": "object", "properties": { - "description": { - "type": "string" - }, - "implementation-statement-uuid": { - "type": "string" - }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" - } - }, - "origins": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Origin" - } - }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" - } - }, - "related-observations": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.RelatedObservation" - } - }, - "related-risks": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.AssociatedRisk" - } - }, - "remarks": { - "type": "string" - }, - "target": { - "$ref": "#/definitions/oscalTypes_1_1_3.FindingTarget" - }, - "title": { - "type": "string" - }, - "uuid": { - "type": "string" + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.Catalog" + } + ] } } }, - "oscalTypes_1_1_3.FindingTarget": { + "handler.GenericDataResponse-oscalTypes_1_1_3_ComponentDefinition": { "type": "object", "properties": { - "description": { - "type": "string" - }, - "implementation-status": { - "$ref": "#/definitions/oscalTypes_1_1_3.ImplementationStatus" - }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" - } - }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" - } - }, - "remarks": { - "type": "string" - }, - "status": { - "$ref": "#/definitions/oscalTypes_1_1_3.ObjectiveStatus" - }, - "target-id": { - "type": "string" - }, - "title": { - "type": "string" - }, - "type": { - "type": "string" + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.ComponentDefinition" + } + ] } } }, - "oscalTypes_1_1_3.FlatWithoutGrouping": { - "type": "object", - "additionalProperties": true - }, - "oscalTypes_1_1_3.FrequencyCondition": { + "handler.GenericDataResponse-oscalTypes_1_1_3_Control": { "type": "object", "properties": { - "period": { - "type": "integer" - }, - "unit": { - "type": "string" + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.Control" + } + ] } } }, - "oscalTypes_1_1_3.Group": { + "handler.GenericDataResponse-oscalTypes_1_1_3_ControlImplementation": { "type": "object", "properties": { - "class": { - "type": "string" - }, - "controls": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Control" - } - }, - "groups": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Group" - } - }, - "id": { - "type": "string" - }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" - } - }, - "params": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Parameter" - } - }, - "parts": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Part" - } - }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" - } - }, - "title": { - "type": "string" + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.ControlImplementation" + } + ] } } }, - "oscalTypes_1_1_3.Hash": { + "handler.GenericDataResponse-oscalTypes_1_1_3_ControlImplementationSet": { "type": "object", "properties": { - "algorithm": { - "type": "string" - }, - "value": { - "type": "string" + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.ControlImplementationSet" + } + ] } } }, - "oscalTypes_1_1_3.IdentifiedSubject": { + "handler.GenericDataResponse-oscalTypes_1_1_3_DataFlow": { "type": "object", "properties": { - "subject-placeholder-uuid": { - "type": "string" - }, - "subjects": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentSubject" - } + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.DataFlow" + } + ] } } }, - "oscalTypes_1_1_3.Impact": { + "handler.GenericDataResponse-oscalTypes_1_1_3_DefinedComponent": { "type": "object", "properties": { - "adjustment-justification": { - "type": "string" - }, - "base": { - "type": "string" - }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" - } - }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" - } - }, - "selected": { - "type": "string" + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.DefinedComponent" + } + ] } } }, - "oscalTypes_1_1_3.ImplementationStatus": { + "handler.GenericDataResponse-oscalTypes_1_1_3_Diagram": { "type": "object", "properties": { - "remarks": { - "type": "string" - }, - "state": { - "type": "string" + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.Diagram" + } + ] } } }, - "oscalTypes_1_1_3.ImplementedComponent": { + "handler.GenericDataResponse-oscalTypes_1_1_3_Finding": { "type": "object", "properties": { - "component-uuid": { - "type": "string" - }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" - } - }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" - } - }, - "remarks": { - "type": "string" - }, - "responsible-parties": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleParty" - } + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.Finding" + } + ] } } }, - "oscalTypes_1_1_3.ImplementedRequirement": { + "handler.GenericDataResponse-oscalTypes_1_1_3_Group": { "type": "object", "properties": { - "by-components": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ByComponent" - } - }, - "control-id": { - "type": "string" - }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" - } - }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" - } - }, - "remarks": { - "type": "string" - }, - "responsible-roles": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleRole" - } - }, - "set-parameters": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.SetParameter" - } - }, - "statements": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Statement" - } - }, - "uuid": { - "type": "string" + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.Group" + } + ] } } }, - "oscalTypes_1_1_3.ImplementedRequirementControlImplementation": { + "handler.GenericDataResponse-oscalTypes_1_1_3_ImplementedRequirement": { "type": "object", "properties": { - "control-id": { - "type": "string" - }, - "description": { - "type": "string" - }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" - } - }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" - } - }, - "remarks": { - "type": "string" - }, - "responsible-roles": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleRole" - } - }, - "set-parameters": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.SetParameter" - } - }, - "statements": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ControlStatementImplementation" - } - }, - "uuid": { - "type": "string" + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.ImplementedRequirement" + } + ] } } }, - "oscalTypes_1_1_3.Import": { + "handler.GenericDataResponse-oscalTypes_1_1_3_Import": { "type": "object", "properties": { - "exclude-controls": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.SelectControlById" - } - }, - "href": { - "type": "string" - }, - "include-all": { - "$ref": "#/definitions/oscalTypes_1_1_3.IncludeAll" - }, - "include-controls": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.SelectControlById" - } + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.Import" + } + ] } } }, - "oscalTypes_1_1_3.ImportAp": { + "handler.GenericDataResponse-oscalTypes_1_1_3_ImportAp": { "type": "object", "properties": { - "href": { - "type": "string" - }, - "remarks": { - "type": "string" + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.ImportAp" + } + ] } } }, - "oscalTypes_1_1_3.ImportComponentDefinition": { + "handler.GenericDataResponse-oscalTypes_1_1_3_ImportProfile": { "type": "object", "properties": { - "href": { - "type": "string" + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.ImportProfile" + } + ] } } }, - "oscalTypes_1_1_3.ImportProfile": { + "handler.GenericDataResponse-oscalTypes_1_1_3_ImportSsp": { "type": "object", - "properties": { - "href": { - "type": "string" - }, - "remarks": { - "type": "string" + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.ImportSsp" + } + ] } } }, - "oscalTypes_1_1_3.ImportSsp": { + "handler.GenericDataResponse-oscalTypes_1_1_3_InventoryItem": { "type": "object", "properties": { - "href": { - "type": "string" - }, - "remarks": { - "type": "string" + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.InventoryItem" + } + ] } } }, - "oscalTypes_1_1_3.IncludeAll": { - "type": "object", - "additionalProperties": true - }, - "oscalTypes_1_1_3.IncorporatesComponent": { + "handler.GenericDataResponse-oscalTypes_1_1_3_LeveragedAuthorization": { "type": "object", "properties": { - "component-uuid": { - "type": "string" - }, - "description": { - "type": "string" + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.LeveragedAuthorization" + } + ] } } }, - "oscalTypes_1_1_3.InformationType": { + "handler.GenericDataResponse-oscalTypes_1_1_3_LocalDefinitions": { "type": "object", "properties": { - "availability-impact": { - "$ref": "#/definitions/oscalTypes_1_1_3.Impact" - }, - "categorizations": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.InformationTypeCategorization" - } - }, - "confidentiality-impact": { - "$ref": "#/definitions/oscalTypes_1_1_3.Impact" - }, - "description": { - "type": "string" - }, - "integrity-impact": { - "$ref": "#/definitions/oscalTypes_1_1_3.Impact" - }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" - } - }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" - } - }, - "title": { - "type": "string" - }, - "uuid": { - "type": "string" + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.LocalDefinitions" + } + ] } } }, - "oscalTypes_1_1_3.InformationTypeCategorization": { + "handler.GenericDataResponse-oscalTypes_1_1_3_Merge": { "type": "object", "properties": { - "information-type-ids": { - "type": "array", - "items": { - "type": "string" - } - }, - "system": { - "type": "string" + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.Merge" + } + ] } } }, - "oscalTypes_1_1_3.InheritedControlImplementation": { + "handler.GenericDataResponse-oscalTypes_1_1_3_Metadata": { "type": "object", "properties": { - "description": { - "type": "string" - }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" - } - }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" - } - }, - "provided-uuid": { - "type": "string" - }, - "responsible-roles": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleRole" - } - }, - "uuid": { - "type": "string" + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.Metadata" + } + ] } } }, - "oscalTypes_1_1_3.InsertControls": { + "handler.GenericDataResponse-oscalTypes_1_1_3_Modify": { "type": "object", "properties": { - "exclude-controls": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.SelectControlById" - } - }, - "include-all": { - "$ref": "#/definitions/oscalTypes_1_1_3.IncludeAll" - }, - "include-controls": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.SelectControlById" - } - }, - "order": { - "type": "string" + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.Modify" + } + ] } } }, - "oscalTypes_1_1_3.InventoryItem": { + "handler.GenericDataResponse-oscalTypes_1_1_3_NetworkArchitecture": { "type": "object", "properties": { - "description": { - "type": "string" - }, - "implemented-components": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ImplementedComponent" - } - }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" - } - }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" - } - }, - "remarks": { - "type": "string" - }, - "responsible-parties": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleParty" - } - }, - "uuid": { - "type": "string" + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.NetworkArchitecture" + } + ] } } }, - "oscalTypes_1_1_3.LeveragedAuthorization": { + "handler.GenericDataResponse-oscalTypes_1_1_3_Observation": { "type": "object", "properties": { - "date-authorized": { - "type": "string" - }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" - } - }, - "party-uuid": { - "type": "string" - }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" - } - }, - "remarks": { - "type": "string" - }, - "title": { - "type": "string" - }, - "uuid": { - "type": "string" + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.Observation" + } + ] } } }, - "oscalTypes_1_1_3.Link": { - "type": "object", - "properties": { - "href": { - "type": "string" - }, - "media-type": { - "type": "string" - }, - "rel": { - "type": "string" - }, - "resource-fragment": { - "type": "string" - }, - "text": { - "type": "string" + "handler.GenericDataResponse-oscalTypes_1_1_3_Party": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.Party" + } + ] } } }, - "oscalTypes_1_1_3.LocalDefinitions": { + "handler.GenericDataResponse-oscalTypes_1_1_3_PlanOfActionAndMilestones": { "type": "object", "properties": { - "activities": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Activity" - } - }, - "components": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.SystemComponent" - } - }, - "inventory-items": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.InventoryItem" - } - }, - "objectives-and-methods": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.LocalObjective" - } - }, - "remarks": { - "type": "string" - }, - "users": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.SystemUser" - } + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.PlanOfActionAndMilestones" + } + ] } } }, - "oscalTypes_1_1_3.LocalObjective": { + "handler.GenericDataResponse-oscalTypes_1_1_3_PlanOfActionAndMilestonesLocalDefinitions": { "type": "object", "properties": { - "control-id": { - "type": "string" - }, - "description": { - "type": "string" - }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" - } - }, - "parts": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Part" - } - }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" - } - }, - "remarks": { - "type": "string" + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.PlanOfActionAndMilestonesLocalDefinitions" + } + ] } } }, - "oscalTypes_1_1_3.Location": { + "handler.GenericDataResponse-oscalTypes_1_1_3_PoamItem": { "type": "object", "properties": { - "address": { - "$ref": "#/definitions/oscalTypes_1_1_3.Address" - }, - "email-addresses": { - "type": "array", - "items": { - "type": "string" - } - }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" - } - }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" - } - }, - "remarks": { - "type": "string" - }, - "telephone-numbers": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.TelephoneNumber" - } - }, - "title": { - "type": "string" - }, - "urls": { - "type": "array", - "items": { - "type": "string" - } - }, - "uuid": { - "type": "string" + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.PoamItem" + } + ] } } }, - "oscalTypes_1_1_3.LoggedBy": { + "handler.GenericDataResponse-oscalTypes_1_1_3_Profile": { "type": "object", "properties": { - "party-uuid": { - "type": "string" - }, - "role-id": { - "type": "string" + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.Profile" + } + ] } } }, - "oscalTypes_1_1_3.Matching": { + "handler.GenericDataResponse-oscalTypes_1_1_3_Resource": { "type": "object", "properties": { - "pattern": { - "type": "string" + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.Resource" + } + ] } } }, - "oscalTypes_1_1_3.Merge": { + "handler.GenericDataResponse-oscalTypes_1_1_3_Result": { "type": "object", "properties": { - "as-is": { - "type": "boolean" - }, - "combine": { - "$ref": "#/definitions/oscalTypes_1_1_3.CombinationRule" - }, - "custom": { - "$ref": "#/definitions/oscalTypes_1_1_3.CustomGrouping" - }, - "flat": { - "$ref": "#/definitions/oscalTypes_1_1_3.FlatWithoutGrouping" + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.Result" + } + ] } } }, - "oscalTypes_1_1_3.Metadata": { + "handler.GenericDataResponse-oscalTypes_1_1_3_Risk": { "type": "object", "properties": { - "actions": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Action" - } - }, - "document-ids": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.DocumentId" - } - }, - "last-modified": { - "type": "string" - }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" - } - }, - "locations": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Location" - } - }, - "oscal-version": { - "type": "string" - }, - "parties": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Party" - } - }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" - } - }, - "published": { - "type": "string" - }, - "remarks": { - "type": "string" - }, - "responsible-parties": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleParty" - } - }, - "revisions": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.RevisionHistoryEntry" - } - }, - "roles": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Role" - } - }, - "title": { - "type": "string" - }, - "version": { - "type": "string" + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.Risk" + } + ] } } }, - "oscalTypes_1_1_3.MitigatingFactor": { + "handler.GenericDataResponse-oscalTypes_1_1_3_Role": { "type": "object", "properties": { - "description": { - "type": "string" - }, - "implementation-uuid": { - "type": "string" - }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" - } - }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" - } - }, - "subjects": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.SubjectReference" - } - }, - "uuid": { - "type": "string" + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.Role" + } + ] } } }, - "oscalTypes_1_1_3.Modify": { + "handler.GenericDataResponse-oscalTypes_1_1_3_Statement": { "type": "object", "properties": { - "alters": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Alteration" - } - }, - "set-parameters": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ParameterSetting" - } + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.Statement" + } + ] } } }, - "oscalTypes_1_1_3.NetworkArchitecture": { + "handler.GenericDataResponse-oscalTypes_1_1_3_SystemCharacteristics": { "type": "object", "properties": { - "description": { - "type": "string" - }, - "diagrams": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Diagram" - } - }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" - } - }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" - } - }, - "remarks": { - "type": "string" + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.SystemCharacteristics" + } + ] } } }, - "oscalTypes_1_1_3.ObjectiveStatus": { + "handler.GenericDataResponse-oscalTypes_1_1_3_SystemComponent": { "type": "object", "properties": { - "reason": { - "type": "string" - }, - "remarks": { - "type": "string" - }, - "state": { - "type": "string" + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.SystemComponent" + } + ] } } }, - "oscalTypes_1_1_3.Observation": { + "handler.GenericDataResponse-oscalTypes_1_1_3_SystemId": { "type": "object", "properties": { - "collected": { - "type": "string" - }, - "description": { - "type": "string" - }, - "expires": { - "type": "string" - }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" - } - }, - "methods": { - "type": "array", - "items": { - "type": "string" - } - }, - "origins": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Origin" - } - }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" - } - }, - "relevant-evidence": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.RelevantEvidence" - } - }, - "remarks": { - "type": "string" - }, - "subjects": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.SubjectReference" - } - }, - "title": { - "type": "string" - }, - "types": { - "type": "array", - "items": { - "type": "string" - } - }, - "uuid": { - "type": "string" + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.SystemId" + } + ] } } }, - "oscalTypes_1_1_3.OnDateCondition": { + "handler.GenericDataResponse-oscalTypes_1_1_3_SystemImplementation": { "type": "object", "properties": { - "date": { - "type": "string" + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.SystemImplementation" + } + ] } } }, - "oscalTypes_1_1_3.OnDateRangeCondition": { + "handler.GenericDataResponse-oscalTypes_1_1_3_SystemSecurityPlan": { "type": "object", "properties": { - "end": { - "type": "string" - }, - "start": { - "type": "string" + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.SystemSecurityPlan" + } + ] } } }, - "oscalTypes_1_1_3.Origin": { + "handler.GenericDataResponse-oscalTypes_1_1_3_SystemUser": { "type": "object", "properties": { - "actors": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.OriginActor" - } - }, - "related-tasks": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.RelatedTask" - } + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.SystemUser" + } + ] + } + } + }, + "handler.GenericDataResponse-oscalTypes_1_1_3_Task": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.Task" + } + ] + } + } + }, + "handler.GenericDataResponse-oscal_ImportResponse": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscal.ImportResponse" + } + ] + } + } + }, + "handler.GenericDataResponse-oscal_InventoryItemWithSource": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscal.InventoryItemWithSource" + } + ] } } }, - "oscalTypes_1_1_3.OriginActor": { + "handler.GenericDataResponse-oscal_ProfileHandler": { "type": "object", "properties": { - "actor-uuid": { - "type": "string" - }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" - } - }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" - } - }, - "role-id": { - "type": "string" - }, - "type": { - "type": "string" + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscal.ProfileHandler" + } + ] } } }, - "oscalTypes_1_1_3.Parameter": { + "handler.GenericDataResponse-relational_Evidence": { "type": "object", "properties": { - "class": { - "type": "string" - }, - "constraints": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ParameterConstraint" - } - }, - "depends-on": { - "type": "string" - }, - "guidelines": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ParameterGuideline" - } - }, - "id": { - "type": "string" - }, - "label": { - "type": "string" - }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" - } - }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" - } - }, - "remarks": { - "type": "string" - }, - "select": { - "$ref": "#/definitions/oscalTypes_1_1_3.ParameterSelection" - }, - "usage": { - "type": "string" - }, - "values": { - "type": "array", - "items": { - "type": "string" - } + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/relational.Evidence" + } + ] } } }, - "oscalTypes_1_1_3.ParameterConstraint": { + "handler.GenericDataResponse-relational_Filter": { "type": "object", "properties": { - "description": { - "type": "string" - }, - "tests": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ConstraintTest" - } + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/relational.Filter" + } + ] } } }, - "oscalTypes_1_1_3.ParameterGuideline": { + "handler.GenericDataResponse-relational_User": { "type": "object", "properties": { - "prose": { - "type": "string" + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/relational.User" + } + ] } } }, - "oscalTypes_1_1_3.ParameterSelection": { + "handler.GenericDataResponse-string": { "type": "object", "properties": { - "choice": { - "type": "array", - "items": { - "type": "string" - } - }, - "how-many": { + "data": { + "description": "Items from the list response", "type": "string" } } }, - "oscalTypes_1_1_3.ParameterSetting": { + "handler.HeartbeatCreateRequest": { "type": "object", + "required": [ + "created_at", + "uuid" + ], "properties": { - "class": { - "type": "string" - }, - "constraints": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ParameterConstraint" - } - }, - "depends-on": { - "type": "string" - }, - "guidelines": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ParameterGuideline" - } - }, - "label": { - "type": "string" - }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" - } - }, - "param-id": { + "created_at": { "type": "string" }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" - } - }, - "select": { - "$ref": "#/definitions/oscalTypes_1_1_3.ParameterSelection" - }, - "usage": { + "uuid": { "type": "string" - }, - "values": { - "type": "array", - "items": { - "type": "string" - } } } }, - "oscalTypes_1_1_3.Part": { + "handler.OscalLikeEvidence": { "type": "object", "properties": { - "class": { - "type": "string" - }, - "id": { - "type": "string" - }, - "links": { + "activities": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" + "$ref": "#/definitions/oscalTypes_1_1_3.Activity" } }, - "name": { - "type": "string" - }, - "ns": { - "type": "string" + "back-matter": { + "$ref": "#/definitions/oscalTypes_1_1_3.BackMatter" }, - "parts": { + "components": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Part" + "$ref": "#/definitions/oscalTypes_1_1_3.SystemComponent" } }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" - } + "description": { + "type": "string" }, - "prose": { + "end": { "type": "string" }, - "title": { + "expires": { "type": "string" - } - } - }, - "oscalTypes_1_1_3.Party": { - "type": "object", - "properties": { - "addresses": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Address" - } }, - "email-addresses": { + "id": { + "type": "string" + }, + "inventory-items": { "type": "array", "items": { - "type": "string" + "$ref": "#/definitions/oscalTypes_1_1_3.InventoryItem" } }, - "external-ids": { + "labels": { + "description": "Assigning labels to Evidence makes it searchable and easily usable in the UI", "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.PartyExternalIdentifier" + "$ref": "#/definitions/relational.Labels" } }, "links": { @@ -27675,21 +18494,12 @@ "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, - "location-uuids": { - "type": "array", - "items": { - "type": "string" - } - }, - "member-of-organizations": { + "origins": { "type": "array", "items": { - "type": "string" + "$ref": "#/definitions/oscalTypes_1_1_3.Origin" } }, - "name": { - "type": "string" - }, "props": { "type": "array", "items": { @@ -27699,247 +18509,282 @@ "remarks": { "type": "string" }, - "short-name": { + "start": { + "description": "When did we start collecting the evidence, and when did the process end, and how long is it valid for ?", "type": "string" }, - "telephone-numbers": { + "status": { + "$ref": "#/definitions/oscalTypes_1_1_3.ObjectiveStatus" + }, + "subjects": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.TelephoneNumber" + "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentSubject" } }, - "type": { + "title": { "type": "string" }, "uuid": { + "description": "UUID needs to remain consistent when automation runs again, but unique for each subject.\nIt represents the \"stream\" of the same observation being made over time.", "type": "string" } } }, - "oscalTypes_1_1_3.PartyExternalIdentifier": { + "handler.OverTime.HeartbeatInterval": { "type": "object", "properties": { - "id": { + "interval": { "type": "string" }, - "scheme": { - "type": "string" + "total": { + "type": "integer" } } }, - "oscalTypes_1_1_3.PlanOfActionAndMilestones": { + "handler.StatusCount": { "type": "object", "properties": { - "back-matter": { - "$ref": "#/definitions/oscalTypes_1_1_3.BackMatter" - }, - "findings": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Finding" - } - }, - "import-ssp": { - "$ref": "#/definitions/oscalTypes_1_1_3.ImportSsp" - }, - "local-definitions": { - "$ref": "#/definitions/oscalTypes_1_1_3.PlanOfActionAndMilestonesLocalDefinitions" + "count": { + "type": "integer" }, - "metadata": { - "$ref": "#/definitions/oscalTypes_1_1_3.Metadata" + "status": { + "type": "string" + } + } + }, + "handler.StatusInterval": { + "type": "object", + "properties": { + "interval": { + "type": "string" }, - "observations": { + "statuses": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Observation" + "$ref": "#/definitions/handler.StatusCount" } - }, - "poam-items": { + } + } + }, + "handler.UserHandler": { + "type": "object" + }, + "handler.createFilterRequest": { + "type": "object", + "required": [ + "filter", + "name" + ], + "properties": { + "components": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.PoamItem" + "type": "string" } }, - "risks": { + "controls": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Risk" + "type": "string" } }, - "system-id": { - "$ref": "#/definitions/oscalTypes_1_1_3.SystemId" + "filter": { + "$ref": "#/definitions/labelfilter.Filter" }, - "uuid": { + "name": { "type": "string" } } }, - "oscalTypes_1_1_3.PlanOfActionAndMilestonesLocalDefinitions": { + "labelfilter.Condition": { "type": "object", "properties": { - "assessment-assets": { - "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentAssets" - }, - "components": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.SystemComponent" - } + "label": { + "description": "Label name (e.g., \"type\", \"group\", \"app\").", + "type": "string" }, - "inventory-items": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.InventoryItem" - } + "operator": { + "description": "Operator (e.g., \"=\", \"!=\", etc.).", + "type": "string" }, - "remarks": { + "value": { + "description": "Value for the condition (e.g., \"ssh\", \"prod\").", "type": "string" } } }, - "oscalTypes_1_1_3.PoamItem": { + "labelfilter.Filter": { "type": "object", "properties": { - "description": { + "scope": { + "$ref": "#/definitions/labelfilter.Scope" + } + } + }, + "labelfilter.Query": { + "type": "object", + "properties": { + "operator": { + "description": "Logical operator (e.g., \"AND\", \"OR\").", "type": "string" }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" - } - }, - "origins": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.PoamItemOrigin" - } - }, - "props": { + "scopes": { + "description": "Scopes can be either `Condition` or nested `Query`.", "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" + "$ref": "#/definitions/labelfilter.Scope" } + } + } + }, + "labelfilter.Scope": { + "type": "object", + "properties": { + "condition": { + "$ref": "#/definitions/labelfilter.Condition" }, - "related-findings": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.RelatedFinding" - } + "query": { + "$ref": "#/definitions/labelfilter.Query" + } + } + }, + "oscal.CreateInventoryItemRequest": { + "type": "object", + "properties": { + "destination": { + "description": "\"ssp\", \"poam\", or \"unattached\"", + "type": "string" }, - "related-observations": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.RelatedObservation" - } + "destination_id": { + "type": "string" }, - "related-risks": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.AssociatedRisk" - } + "inventory_item": { + "$ref": "#/definitions/oscalTypes_1_1_3.InventoryItem" + } + } + }, + "oscal.ImportFileResult": { + "type": "object", + "properties": { + "filename": { + "type": "string" }, - "remarks": { + "message": { "type": "string" }, + "success": { + "type": "boolean" + }, "title": { "type": "string" }, - "uuid": { + "type": { "type": "string" } } }, - "oscalTypes_1_1_3.PoamItemOrigin": { + "oscal.ImportResponse": { "type": "object", "properties": { - "actors": { + "failed_count": { + "type": "integer" + }, + "results": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.OriginActor" + "$ref": "#/definitions/oscal.ImportFileResult" } - } - } - }, - "oscalTypes_1_1_3.PortRange": { - "type": "object", - "properties": { - "end": { - "type": "integer" }, - "start": { + "successful_count": { "type": "integer" }, - "transport": { - "type": "string" + "total_files": { + "type": "integer" } } }, - "oscalTypes_1_1_3.Profile": { + "oscal.InventoryItemWithSource": { "type": "object", "properties": { - "back-matter": { - "$ref": "#/definitions/oscalTypes_1_1_3.BackMatter" + "description": { + "type": "string" }, - "imports": { + "implemented-components": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Import" + "$ref": "#/definitions/oscalTypes_1_1_3.ImplementedComponent" } }, - "merge": { - "$ref": "#/definitions/oscalTypes_1_1_3.Merge" - }, - "metadata": { - "$ref": "#/definitions/oscalTypes_1_1_3.Metadata" + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Link" + } }, - "modify": { - "$ref": "#/definitions/oscalTypes_1_1_3.Modify" + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Property" + } }, - "uuid": { - "type": "string" - } - } - }, - "oscalTypes_1_1_3.Property": { - "type": "object", - "properties": { - "class": { + "remarks": { "type": "string" }, - "group": { - "type": "string" + "responsible-parties": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleParty" + } }, - "name": { + "source": { "type": "string" }, - "ns": { + "source_id": { "type": "string" }, - "remarks": { + "source_type": { "type": "string" }, "uuid": { "type": "string" - }, - "value": { - "type": "string" } } }, - "oscalTypes_1_1_3.Protocol": { + "oscal.ProfileHandler": { + "type": "object" + }, + "oscalTypes_1_1_3.Action": { "type": "object", "properties": { - "name": { + "date": { "type": "string" }, - "port-ranges": { + "links": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.PortRange" + "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, - "title": { + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Property" + } + }, + "remarks": { + "type": "string" + }, + "responsible-parties": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleParty" + } + }, + "system": { + "type": "string" + }, + "type": { "type": "string" }, "uuid": { @@ -27947,7 +18792,7 @@ } } }, - "oscalTypes_1_1_3.ProvidedControlImplementation": { + "oscalTypes_1_1_3.Activity": { "type": "object", "properties": { "description": { @@ -27965,6 +18810,9 @@ "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, + "related-controls": { + "$ref": "#/definitions/oscalTypes_1_1_3.ReviewedControls" + }, "remarks": { "type": "string" }, @@ -27974,70 +18822,124 @@ "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleRole" } }, + "steps": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Step" + } + }, + "title": { + "type": "string" + }, "uuid": { "type": "string" } } }, - "oscalTypes_1_1_3.ReferencedControlObjectives": { + "oscalTypes_1_1_3.Addition": { "type": "object", "properties": { - "description": { + "by-id": { "type": "string" }, - "exclude-objectives": { + "links": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.SelectObjectiveById" + "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, - "include-all": { - "$ref": "#/definitions/oscalTypes_1_1_3.IncludeAll" - }, - "include-objectives": { + "params": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.SelectObjectiveById" + "$ref": "#/definitions/oscalTypes_1_1_3.Parameter" } }, - "links": { + "parts": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" + "$ref": "#/definitions/oscalTypes_1_1_3.Part" } }, + "position": { + "type": "string" + }, "props": { "type": "array", "items": { "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, - "remarks": { + "title": { "type": "string" } } }, - "oscalTypes_1_1_3.RelatedFinding": { + "oscalTypes_1_1_3.Address": { "type": "object", "properties": { - "finding-uuid": { + "addr-lines": { + "type": "array", + "items": { + "type": "string" + } + }, + "city": { + "type": "string" + }, + "country": { + "type": "string" + }, + "postal-code": { + "type": "string" + }, + "state": { + "type": "string" + }, + "type": { "type": "string" } } }, - "oscalTypes_1_1_3.RelatedObservation": { + "oscalTypes_1_1_3.Alteration": { "type": "object", "properties": { - "observation-uuid": { + "adds": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Addition" + } + }, + "control-id": { "type": "string" + }, + "removes": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Removal" + } } } }, - "oscalTypes_1_1_3.RelatedTask": { + "oscalTypes_1_1_3.AssessedControls": { "type": "object", "properties": { - "identified-subject": { - "$ref": "#/definitions/oscalTypes_1_1_3.IdentifiedSubject" + "description": { + "type": "string" + }, + "exclude-controls": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.AssessedControlsSelectControlById" + } + }, + "include-all": { + "$ref": "#/definitions/oscalTypes_1_1_3.IncludeAll" + }, + "include-controls": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.AssessedControlsSelectControlById" + } }, "links": { "type": "array", @@ -28053,31 +18955,58 @@ }, "remarks": { "type": "string" + } + } + }, + "oscalTypes_1_1_3.AssessedControlsSelectControlById": { + "type": "object", + "properties": { + "control-id": { + "type": "string" }, - "responsible-parties": { + "statement-ids": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleParty" + "type": "string" } - }, - "subjects": { + } + } + }, + "oscalTypes_1_1_3.AssessmentAssets": { + "type": "object", + "properties": { + "assessment-platforms": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentSubject" + "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentPlatform" } }, - "task-uuid": { - "type": "string" + "components": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.SystemComponent" + } } } }, - "oscalTypes_1_1_3.RelevantEvidence": { + "oscalTypes_1_1_3.AssessmentLog": { + "type": "object", + "properties": { + "entries": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentLogEntry" + } + } + } + }, + "oscalTypes_1_1_3.AssessmentLogEntry": { "type": "object", "properties": { "description": { "type": "string" }, - "href": { + "end": { "type": "string" }, "links": { @@ -28086,41 +19015,42 @@ "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, + "logged-by": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.LoggedBy" + } + }, "props": { "type": "array", "items": { "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, - "remarks": { - "type": "string" - } - } - }, - "oscalTypes_1_1_3.Removal": { - "type": "object", - "properties": { - "by-class": { - "type": "string" + "related-tasks": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.RelatedTask" + } }, - "by-id": { + "remarks": { "type": "string" }, - "by-item-name": { + "start": { "type": "string" }, - "by-name": { + "title": { "type": "string" }, - "by-ns": { + "uuid": { "type": "string" } } }, - "oscalTypes_1_1_3.RequiredAsset": { + "oscalTypes_1_1_3.AssessmentPart": { "type": "object", "properties": { - "description": { + "class": { "type": "string" }, "links": { @@ -28129,21 +19059,27 @@ "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, - "props": { + "name": { + "type": "string" + }, + "ns": { + "type": "string" + }, + "parts": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" + "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentPart" } }, - "remarks": { - "type": "string" - }, - "subjects": { + "props": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.SubjectReference" + "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, + "prose": { + "type": "string" + }, "title": { "type": "string" }, @@ -28152,85 +19088,67 @@ } } }, - "oscalTypes_1_1_3.Resource": { + "oscalTypes_1_1_3.AssessmentPlan": { "type": "object", "properties": { - "base64": { - "$ref": "#/definitions/oscalTypes_1_1_3.Base64" - }, - "citation": { - "$ref": "#/definitions/oscalTypes_1_1_3.Citation" - }, - "description": { - "type": "string" + "assessment-assets": { + "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentAssets" }, - "document-ids": { + "assessment-subjects": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.DocumentId" + "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentSubject" } }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" - } + "back-matter": { + "$ref": "#/definitions/oscalTypes_1_1_3.BackMatter" + }, + "import-ssp": { + "$ref": "#/definitions/oscalTypes_1_1_3.ImportSsp" + }, + "local-definitions": { + "$ref": "#/definitions/oscalTypes_1_1_3.LocalDefinitions" + }, + "metadata": { + "$ref": "#/definitions/oscalTypes_1_1_3.Metadata" }, - "remarks": { - "type": "string" + "reviewed-controls": { + "$ref": "#/definitions/oscalTypes_1_1_3.ReviewedControls" }, - "rlinks": { + "tasks": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ResourceLink" + "$ref": "#/definitions/oscalTypes_1_1_3.Task" } }, - "title": { - "type": "string" + "terms-and-conditions": { + "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentPlanTermsAndConditions" }, "uuid": { "type": "string" } } }, - "oscalTypes_1_1_3.ResourceLink": { + "oscalTypes_1_1_3.AssessmentPlanTermsAndConditions": { "type": "object", "properties": { - "hashes": { + "parts": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Hash" + "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentPart" } - }, - "href": { - "type": "string" - }, - "media-type": { - "type": "string" } } }, - "oscalTypes_1_1_3.Response": { + "oscalTypes_1_1_3.AssessmentPlatform": { "type": "object", "properties": { - "description": { - "type": "string" - }, - "lifecycle": { - "type": "string" - }, "links": { "type": "array", "items": { "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, - "origins": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Origin" - } - }, "props": { "type": "array", "items": { @@ -28240,68 +19158,71 @@ "remarks": { "type": "string" }, - "required-assets": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.RequiredAsset" - } + "title": { + "type": "string" }, - "tasks": { + "uses-components": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Task" + "$ref": "#/definitions/oscalTypes_1_1_3.UsesComponent" } }, - "title": { - "type": "string" - }, "uuid": { "type": "string" } } }, - "oscalTypes_1_1_3.ResponsibleParty": { + "oscalTypes_1_1_3.AssessmentResults": { "type": "object", "properties": { - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" - } + "back-matter": { + "$ref": "#/definitions/oscalTypes_1_1_3.BackMatter" }, - "party-uuids": { - "type": "array", - "items": { - "type": "string" - } + "import-ap": { + "$ref": "#/definitions/oscalTypes_1_1_3.ImportAp" }, - "props": { + "local-definitions": { + "$ref": "#/definitions/oscalTypes_1_1_3.LocalDefinitions" + }, + "metadata": { + "$ref": "#/definitions/oscalTypes_1_1_3.Metadata" + }, + "results": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" + "$ref": "#/definitions/oscalTypes_1_1_3.Result" } }, - "remarks": { - "type": "string" - }, - "role-id": { + "uuid": { "type": "string" } } }, - "oscalTypes_1_1_3.ResponsibleRole": { + "oscalTypes_1_1_3.AssessmentSubject": { "type": "object", "properties": { - "links": { + "description": { + "type": "string" + }, + "exclude-subjects": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" + "$ref": "#/definitions/oscalTypes_1_1_3.SelectSubjectById" } }, - "party-uuids": { + "include-all": { + "$ref": "#/definitions/oscalTypes_1_1_3.IncludeAll" + }, + "include-subjects": { "type": "array", "items": { - "type": "string" + "$ref": "#/definitions/oscalTypes_1_1_3.SelectSubjectById" + } + }, + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, "props": { @@ -28313,50 +19234,23 @@ "remarks": { "type": "string" }, - "role-id": { + "type": { "type": "string" } } }, - "oscalTypes_1_1_3.Result": { + "oscalTypes_1_1_3.AssociatedActivity": { "type": "object", "properties": { - "assessment-log": { - "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentLog" - }, - "attestations": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.AttestationStatements" - } - }, - "description": { - "type": "string" - }, - "end": { + "activity-uuid": { "type": "string" }, - "findings": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Finding" - } - }, "links": { "type": "array", "items": { "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, - "local-definitions": { - "$ref": "#/definitions/oscalTypes_1_1_3.LocalDefinitions" - }, - "observations": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Observation" - } - }, "props": { "type": "array", "items": { @@ -28366,44 +19260,57 @@ "remarks": { "type": "string" }, - "reviewed-controls": { - "$ref": "#/definitions/oscalTypes_1_1_3.ReviewedControls" - }, - "risks": { + "responsible-roles": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Risk" + "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleRole" } }, - "start": { - "type": "string" - }, - "title": { - "type": "string" - }, - "uuid": { + "subjects": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentSubject" + } + } + } + }, + "oscalTypes_1_1_3.AssociatedRisk": { + "type": "object", + "properties": { + "risk-uuid": { "type": "string" } } }, - "oscalTypes_1_1_3.ReviewedControls": { + "oscalTypes_1_1_3.AttestationStatements": { "type": "object", "properties": { - "control-objective-selections": { + "parts": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ReferencedControlObjectives" + "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentPart" } }, - "control-selections": { + "responsible-parties": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.AssessedControls" + "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleParty" } - }, + } + } + }, + "oscalTypes_1_1_3.AuthorizationBoundary": { + "type": "object", + "properties": { "description": { "type": "string" }, + "diagrams": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Diagram" + } + }, "links": { "type": "array", "items": { @@ -28421,72 +19328,73 @@ } } }, - "oscalTypes_1_1_3.RevisionHistoryEntry": { + "oscalTypes_1_1_3.AuthorizedPrivilege": { "type": "object", "properties": { - "last-modified": { + "description": { "type": "string" }, - "links": { + "functions-performed": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" + "type": "string" } }, - "oscal-version": { + "title": { "type": "string" - }, - "props": { + } + } + }, + "oscalTypes_1_1_3.BackMatter": { + "type": "object", + "properties": { + "resources": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" + "$ref": "#/definitions/oscalTypes_1_1_3.Resource" } - }, - "published": { - "type": "string" - }, - "remarks": { + } + } + }, + "oscalTypes_1_1_3.Base64": { + "type": "object", + "properties": { + "filename": { "type": "string" }, - "title": { + "media-type": { "type": "string" }, - "version": { + "value": { "type": "string" } } }, - "oscalTypes_1_1_3.Risk": { + "oscalTypes_1_1_3.ByComponent": { "type": "object", "properties": { - "characterizations": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Characterization" - } - }, - "deadline": { + "component-uuid": { "type": "string" }, "description": { "type": "string" }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" - } + "export": { + "$ref": "#/definitions/oscalTypes_1_1_3.Export" }, - "mitigating-factors": { + "implementation-status": { + "$ref": "#/definitions/oscalTypes_1_1_3.ImplementationStatus" + }, + "inherited": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.MitigatingFactor" + "$ref": "#/definitions/oscalTypes_1_1_3.InheritedControlImplementation" } }, - "origins": { + "links": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Origin" + "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, "props": { @@ -28495,139 +19403,113 @@ "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, - "related-observations": { + "remarks": { + "type": "string" + }, + "responsible-roles": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.RelatedObservation" + "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleRole" } }, - "remediations": { + "satisfied": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Response" + "$ref": "#/definitions/oscalTypes_1_1_3.SatisfiedControlImplementationResponsibility" } }, - "risk-log": { - "$ref": "#/definitions/oscalTypes_1_1_3.RiskLog" - }, - "statement": { - "type": "string" - }, - "status": { - "type": "string" - }, - "threat-ids": { + "set-parameters": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ThreatId" + "$ref": "#/definitions/oscalTypes_1_1_3.SetParameter" } }, - "title": { - "type": "string" - }, "uuid": { "type": "string" } } }, - "oscalTypes_1_1_3.RiskLog": { + "oscalTypes_1_1_3.Capability": { "type": "object", "properties": { - "entries": { + "control-implementations": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.RiskLogEntry" + "$ref": "#/definitions/oscalTypes_1_1_3.ControlImplementationSet" } - } - } - }, - "oscalTypes_1_1_3.RiskLogEntry": { - "type": "object", - "properties": { - "description": { - "type": "string" }, - "end": { + "description": { "type": "string" }, - "links": { + "incorporates-components": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" + "$ref": "#/definitions/oscalTypes_1_1_3.IncorporatesComponent" } }, - "logged-by": { + "links": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.LoggedBy" + "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, + "name": { + "type": "string" + }, "props": { "type": "array", "items": { "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, - "related-responses": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.RiskResponseReference" - } - }, "remarks": { "type": "string" }, - "start": { - "type": "string" - }, - "status-change": { - "type": "string" - }, - "title": { - "type": "string" - }, "uuid": { "type": "string" } } }, - "oscalTypes_1_1_3.RiskResponseReference": { + "oscalTypes_1_1_3.Catalog": { "type": "object", "properties": { - "links": { + "back-matter": { + "$ref": "#/definitions/oscalTypes_1_1_3.BackMatter" + }, + "controls": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" + "$ref": "#/definitions/oscalTypes_1_1_3.Control" } }, - "props": { + "groups": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" + "$ref": "#/definitions/oscalTypes_1_1_3.Group" } }, - "related-tasks": { + "metadata": { + "$ref": "#/definitions/oscalTypes_1_1_3.Metadata" + }, + "params": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.RelatedTask" + "$ref": "#/definitions/oscalTypes_1_1_3.Parameter" } }, - "remarks": { - "type": "string" - }, - "response-uuid": { + "uuid": { "type": "string" } } }, - "oscalTypes_1_1_3.Role": { + "oscalTypes_1_1_3.Characterization": { "type": "object", "properties": { - "description": { - "type": "string" - }, - "id": { - "type": "string" + "facets": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Facet" + } }, "links": { "type": "array", @@ -28635,29 +19517,20 @@ "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, + "origin": { + "$ref": "#/definitions/oscalTypes_1_1_3.Origin" + }, "props": { "type": "array", "items": { "$ref": "#/definitions/oscalTypes_1_1_3.Property" } - }, - "remarks": { - "type": "string" - }, - "short-name": { - "type": "string" - }, - "title": { - "type": "string" } } }, - "oscalTypes_1_1_3.SatisfiedControlImplementationResponsibility": { + "oscalTypes_1_1_3.Citation": { "type": "object", "properties": { - "description": { - "type": "string" - }, "links": { "type": "array", "items": { @@ -28670,68 +19543,132 @@ "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, - "remarks": { + "text": { "type": "string" - }, - "responsibility-uuid": { + } + } + }, + "oscalTypes_1_1_3.CombinationRule": { + "type": "object", + "properties": { + "method": { "type": "string" + } + } + }, + "oscalTypes_1_1_3.ComponentDefinition": { + "type": "object", + "properties": { + "back-matter": { + "$ref": "#/definitions/oscalTypes_1_1_3.BackMatter" }, - "responsible-roles": { + "capabilities": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleRole" + "$ref": "#/definitions/oscalTypes_1_1_3.Capability" + } + }, + "components": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.DefinedComponent" + } + }, + "import-component-definitions": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.ImportComponentDefinition" } }, + "metadata": { + "$ref": "#/definitions/oscalTypes_1_1_3.Metadata" + }, "uuid": { "type": "string" } } }, - "oscalTypes_1_1_3.SecurityImpactLevel": { + "oscalTypes_1_1_3.ConstraintTest": { "type": "object", "properties": { - "security-objective-availability": { - "type": "string" - }, - "security-objective-confidentiality": { + "expression": { "type": "string" }, - "security-objective-integrity": { + "remarks": { "type": "string" } } }, - "oscalTypes_1_1_3.SelectControlById": { + "oscalTypes_1_1_3.Control": { "type": "object", "properties": { - "matching": { + "class": { + "type": "string" + }, + "controls": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Matching" + "$ref": "#/definitions/oscalTypes_1_1_3.Control" } }, - "with-child-controls": { + "id": { "type": "string" }, - "with-ids": { + "links": { "type": "array", "items": { - "type": "string" + "$ref": "#/definitions/oscalTypes_1_1_3.Link" + } + }, + "params": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Parameter" + } + }, + "parts": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Part" } + }, + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Property" + } + }, + "title": { + "type": "string" } } }, - "oscalTypes_1_1_3.SelectObjectiveById": { + "oscalTypes_1_1_3.ControlImplementation": { "type": "object", "properties": { - "objective-id": { + "description": { "type": "string" + }, + "implemented-requirements": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.ImplementedRequirement" + } + }, + "set-parameters": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.SetParameter" + } } } }, - "oscalTypes_1_1_3.SelectSubjectById": { + "oscalTypes_1_1_3.ControlImplementationResponsibility": { "type": "object", "properties": { + "description": { + "type": "string" + }, "links": { "type": "array", "items": { @@ -28744,41 +19681,33 @@ "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, - "remarks": { - "type": "string" - }, - "subject-uuid": { - "type": "string" - }, - "type": { - "type": "string" - } - } - }, - "oscalTypes_1_1_3.SetParameter": { - "type": "object", - "properties": { - "param-id": { + "provided-uuid": { "type": "string" }, "remarks": { "type": "string" }, - "values": { + "responsible-roles": { "type": "array", "items": { - "type": "string" + "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleRole" } + }, + "uuid": { + "type": "string" } } }, - "oscalTypes_1_1_3.Statement": { + "oscalTypes_1_1_3.ControlImplementationSet": { "type": "object", "properties": { - "by-components": { + "description": { + "type": "string" + }, + "implemented-requirements": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ByComponent" + "$ref": "#/definitions/oscalTypes_1_1_3.ImplementedRequirementControlImplementation" } }, "links": { @@ -28793,16 +19722,13 @@ "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, - "remarks": { - "type": "string" - }, - "responsible-roles": { + "set-parameters": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleRole" + "$ref": "#/definitions/oscalTypes_1_1_3.SetParameter" } }, - "statement-id": { + "source": { "type": "string" }, "uuid": { @@ -28810,18 +19736,7 @@ } } }, - "oscalTypes_1_1_3.Status": { - "type": "object", - "properties": { - "remarks": { - "type": "string" - }, - "state": { - "type": "string" - } - } - }, - "oscalTypes_1_1_3.Step": { + "oscalTypes_1_1_3.ControlStatementImplementation": { "type": "object", "properties": { "description": { @@ -28848,10 +19763,7 @@ "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleRole" } }, - "reviewed-controls": { - "$ref": "#/definitions/oscalTypes_1_1_3.ReviewedControls" - }, - "title": { + "statement-id": { "type": "string" }, "uuid": { @@ -28859,49 +19771,43 @@ } } }, - "oscalTypes_1_1_3.SubjectReference": { + "oscalTypes_1_1_3.CustomGrouping": { "type": "object", "properties": { - "links": { + "groups": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" + "$ref": "#/definitions/oscalTypes_1_1_3.CustomGroupingGroup" } }, - "props": { + "insert-controls": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" + "$ref": "#/definitions/oscalTypes_1_1_3.InsertControls" } - }, - "remarks": { - "type": "string" - }, - "subject-uuid": { - "type": "string" - }, - "title": { - "type": "string" - }, - "type": { - "type": "string" } } }, - "oscalTypes_1_1_3.SystemCharacteristics": { + "oscalTypes_1_1_3.CustomGroupingGroup": { "type": "object", "properties": { - "authorization-boundary": { - "$ref": "#/definitions/oscalTypes_1_1_3.AuthorizationBoundary" + "class": { + "type": "string" }, - "data-flow": { - "$ref": "#/definitions/oscalTypes_1_1_3.DataFlow" + "groups": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.CustomGroupingGroup" + } }, - "date-authorized": { + "id": { "type": "string" }, - "description": { - "type": "string" + "insert-controls": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.InsertControls" + } }, "links": { "type": "array", @@ -28909,8 +19815,17 @@ "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, - "network-architecture": { - "$ref": "#/definitions/oscalTypes_1_1_3.NetworkArchitecture" + "params": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Parameter" + } + }, + "parts": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Part" + } }, "props": { "type": "array", @@ -28918,44 +19833,49 @@ "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, - "remarks": { + "title": { + "type": "string" + } + } + }, + "oscalTypes_1_1_3.DataFlow": { + "type": "object", + "properties": { + "description": { "type": "string" }, - "responsible-parties": { + "diagrams": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleParty" + "$ref": "#/definitions/oscalTypes_1_1_3.Diagram" } }, - "security-impact-level": { - "$ref": "#/definitions/oscalTypes_1_1_3.SecurityImpactLevel" - }, - "security-sensitivity-level": { - "type": "string" - }, - "status": { - "$ref": "#/definitions/oscalTypes_1_1_3.Status" - }, - "system-ids": { + "links": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.SystemId" + "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, - "system-information": { - "$ref": "#/definitions/oscalTypes_1_1_3.SystemInformation" - }, - "system-name": { - "type": "string" + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Property" + } }, - "system-name-short": { + "remarks": { "type": "string" } } }, - "oscalTypes_1_1_3.SystemComponent": { + "oscalTypes_1_1_3.DefinedComponent": { "type": "object", "properties": { + "control-implementations": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.ControlImplementationSet" + } + }, "description": { "type": "string" }, @@ -28989,9 +19909,6 @@ "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleRole" } }, - "status": { - "$ref": "#/definitions/oscalTypes_1_1_3.SystemComponentStatus" - }, "title": { "type": "string" }, @@ -29003,55 +19920,107 @@ } } }, - "oscalTypes_1_1_3.SystemComponentStatus": { + "oscalTypes_1_1_3.Diagram": { "type": "object", "properties": { + "caption": { + "type": "string" + }, + "description": { + "type": "string" + }, + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Link" + } + }, + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Property" + } + }, "remarks": { "type": "string" }, - "state": { + "uuid": { "type": "string" } } }, - "oscalTypes_1_1_3.SystemId": { + "oscalTypes_1_1_3.DocumentId": { "type": "object", "properties": { - "id": { + "identifier": { "type": "string" }, - "identifier-type": { + "scheme": { "type": "string" } } }, - "oscalTypes_1_1_3.SystemImplementation": { + "oscalTypes_1_1_3.EventTiming": { "type": "object", "properties": { - "components": { + "at-frequency": { + "$ref": "#/definitions/oscalTypes_1_1_3.FrequencyCondition" + }, + "on-date": { + "$ref": "#/definitions/oscalTypes_1_1_3.OnDateCondition" + }, + "within-date-range": { + "$ref": "#/definitions/oscalTypes_1_1_3.OnDateRangeCondition" + } + } + }, + "oscalTypes_1_1_3.Export": { + "type": "object", + "properties": { + "description": { + "type": "string" + }, + "links": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.SystemComponent" + "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, - "inventory-items": { + "props": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.InventoryItem" + "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, - "leveraged-authorizations": { + "provided": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.LeveragedAuthorization" + "$ref": "#/definitions/oscalTypes_1_1_3.ProvidedControlImplementation" } }, + "remarks": { + "type": "string" + }, + "responsibilities": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.ControlImplementationResponsibility" + } + } + } + }, + "oscalTypes_1_1_3.Facet": { + "type": "object", + "properties": { "links": { "type": "array", "items": { "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, + "name": { + "type": "string" + }, "props": { "type": "array", "items": { @@ -29061,27 +20030,33 @@ "remarks": { "type": "string" }, - "users": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.SystemUser" - } + "system": { + "type": "string" + }, + "value": { + "type": "string" } } }, - "oscalTypes_1_1_3.SystemInformation": { + "oscalTypes_1_1_3.Finding": { "type": "object", "properties": { - "information-types": { + "description": { + "type": "string" + }, + "implementation-statement-uuid": { + "type": "string" + }, + "links": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.InformationType" + "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, - "links": { + "origins": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" + "$ref": "#/definitions/oscalTypes_1_1_3.Origin" } }, "props": { @@ -29089,47 +20064,42 @@ "items": { "$ref": "#/definitions/oscalTypes_1_1_3.Property" } - } - } - }, - "oscalTypes_1_1_3.SystemSecurityPlan": { - "type": "object", - "properties": { - "back-matter": { - "$ref": "#/definitions/oscalTypes_1_1_3.BackMatter" }, - "control-implementation": { - "$ref": "#/definitions/oscalTypes_1_1_3.ControlImplementation" + "related-observations": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.RelatedObservation" + } }, - "import-profile": { - "$ref": "#/definitions/oscalTypes_1_1_3.ImportProfile" + "related-risks": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.AssociatedRisk" + } }, - "metadata": { - "$ref": "#/definitions/oscalTypes_1_1_3.Metadata" + "remarks": { + "type": "string" }, - "system-characteristics": { - "$ref": "#/definitions/oscalTypes_1_1_3.SystemCharacteristics" + "target": { + "$ref": "#/definitions/oscalTypes_1_1_3.FindingTarget" }, - "system-implementation": { - "$ref": "#/definitions/oscalTypes_1_1_3.SystemImplementation" + "title": { + "type": "string" }, "uuid": { "type": "string" } } }, - "oscalTypes_1_1_3.SystemUser": { + "oscalTypes_1_1_3.FindingTarget": { "type": "object", "properties": { - "authorized-privileges": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.AuthorizedPrivilege" - } - }, "description": { "type": "string" }, + "implementation-status": { + "$ref": "#/definitions/oscalTypes_1_1_3.ImplementationStatus" + }, "links": { "type": "array", "items": { @@ -29145,39 +20115,54 @@ "remarks": { "type": "string" }, - "role-ids": { - "type": "array", - "items": { - "type": "string" - } + "status": { + "$ref": "#/definitions/oscalTypes_1_1_3.ObjectiveStatus" }, - "short-name": { + "target-id": { "type": "string" }, "title": { "type": "string" }, - "uuid": { + "type": { "type": "string" } } }, - "oscalTypes_1_1_3.Task": { + "oscalTypes_1_1_3.FlatWithoutGrouping": { + "type": "object", + "additionalProperties": true + }, + "oscalTypes_1_1_3.FrequencyCondition": { "type": "object", "properties": { - "associated-activities": { + "period": { + "type": "integer" + }, + "unit": { + "type": "string" + } + } + }, + "oscalTypes_1_1_3.Group": { + "type": "object", + "properties": { + "class": { + "type": "string" + }, + "controls": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.AssociatedActivity" + "$ref": "#/definitions/oscalTypes_1_1_3.Control" } }, - "dependencies": { + "groups": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.TaskDependency" + "$ref": "#/definitions/oscalTypes_1_1_3.Group" } }, - "description": { + "id": { "type": "string" }, "links": { @@ -29186,87 +20171,61 @@ "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" - } - }, - "remarks": { - "type": "string" - }, - "responsible-roles": { + "params": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleRole" + "$ref": "#/definitions/oscalTypes_1_1_3.Parameter" } }, - "subjects": { + "parts": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentSubject" + "$ref": "#/definitions/oscalTypes_1_1_3.Part" } }, - "tasks": { + "props": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Task" + "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, - "timing": { - "$ref": "#/definitions/oscalTypes_1_1_3.EventTiming" - }, "title": { "type": "string" - }, - "type": { - "type": "string" - }, - "uuid": { - "type": "string" } } }, - "oscalTypes_1_1_3.TaskDependency": { + "oscalTypes_1_1_3.Hash": { "type": "object", "properties": { - "remarks": { + "algorithm": { "type": "string" }, - "task-uuid": { + "value": { "type": "string" } } }, - "oscalTypes_1_1_3.TelephoneNumber": { + "oscalTypes_1_1_3.IdentifiedSubject": { "type": "object", "properties": { - "number": { + "subject-placeholder-uuid": { "type": "string" }, - "type": { - "type": "string" + "subjects": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentSubject" + } } } }, - "oscalTypes_1_1_3.ThreatId": { + "oscalTypes_1_1_3.Impact": { "type": "object", "properties": { - "href": { - "type": "string" - }, - "id": { + "adjustment-justification": { "type": "string" }, - "system": { - "type": "string" - } - } - }, - "oscalTypes_1_1_3.UsesComponent": { - "type": "object", - "properties": { - "component-uuid": { + "base": { "type": "string" }, "links": { @@ -29281,1122 +20240,1025 @@ "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, - "remarks": { + "selected": { "type": "string" - }, - "responsible-parties": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleParty" - } } } }, - "relational.Action": { + "oscalTypes_1_1_3.ImplementationStatus": { "type": "object", "properties": { - "date": { + "remarks": { "type": "string" }, - "id": { + "state": { + "type": "string" + } + } + }, + "oscalTypes_1_1_3.ImplementedComponent": { + "type": "object", + "properties": { + "component-uuid": { "type": "string" }, "links": { "type": "array", "items": { - "$ref": "#/definitions/relational.Link" + "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, - "metadata-id": { - "description": "Actions only exist on a metadata object. We'll link them straight there with a BelongsTo relationship", - "type": "string" - }, "props": { "type": "array", "items": { - "$ref": "#/definitions/relational.Prop" + "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, "remarks": { "type": "string" }, - "responsibleParties": { + "responsible-parties": { "type": "array", "items": { - "$ref": "#/definitions/relational.ResponsibleParty" + "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleParty" } - }, - "system": { - "description": "required", - "type": "string" - }, - "type": { - "description": "required", - "type": "string" } } }, - "relational.Activity": { + "oscalTypes_1_1_3.ImplementedRequirement": { "type": "object", "properties": { - "description": { - "description": "required", - "type": "string" + "by-components": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.ByComponent" + } }, - "id": { + "control-id": { "type": "string" }, "links": { "type": "array", "items": { - "$ref": "#/definitions/relational.Link" + "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, "props": { "type": "array", "items": { - "$ref": "#/definitions/relational.Prop" + "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, - "related-controls": { - "$ref": "#/definitions/relational.ReviewedControls" - }, - "relatedControlsID": { - "type": "string" - }, "remarks": { - "description": "required", "type": "string" }, "responsible-roles": { "type": "array", "items": { - "$ref": "#/definitions/relational.ResponsibleRole" + "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleRole" } }, - "steps": { + "set-parameters": { "type": "array", "items": { - "$ref": "#/definitions/relational.Step" + "$ref": "#/definitions/oscalTypes_1_1_3.SetParameter" } }, - "title": { + "statements": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Statement" + } + }, + "uuid": { "type": "string" } } }, - "relational.Addition": { + "oscalTypes_1_1_3.ImplementedRequirementControlImplementation": { "type": "object", "properties": { - "alterationID": { - "type": "string" - }, - "by-id": { + "control-id": { "type": "string" }, - "id": { + "description": { "type": "string" }, "links": { "type": "array", "items": { - "$ref": "#/definitions/relational.Link" + "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, - "params": { + "props": { "type": "array", "items": { - "$ref": "#/definitions/relational.Parameter" + "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, - "parts": { + "remarks": { + "type": "string" + }, + "responsible-roles": { "type": "array", "items": { - "$ref": "#/definitions/relational.Part" + "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleRole" } }, - "position": { - "type": "string" - }, - "props": { + "set-parameters": { "type": "array", "items": { - "$ref": "#/definitions/relational.Prop" + "$ref": "#/definitions/oscalTypes_1_1_3.SetParameter" } }, - "title": { - "type": "string" - } - } - }, - "relational.Address": { - "type": "object", - "properties": { - "city": { - "type": "string" - }, - "country": { - "type": "string" - }, - "lines": { + "statements": { "type": "array", "items": { - "type": "string" + "$ref": "#/definitions/oscalTypes_1_1_3.ControlStatementImplementation" } }, - "postal-code": { - "type": "string" - }, - "state": { + "uuid": { "type": "string" - }, - "type": { - "$ref": "#/definitions/relational.AddressType" } } }, - "relational.AddressType": { - "type": "string", - "enum": [ - "work", - "home" - ], - "x-enum-varnames": [ - "AddressTypeWork", - "AddressTypeHome" - ] - }, - "relational.Alteration": { + "oscalTypes_1_1_3.Import": { "type": "object", "properties": { - "adds": { + "exclude-controls": { "type": "array", "items": { - "$ref": "#/definitions/relational.Addition" + "$ref": "#/definitions/oscalTypes_1_1_3.SelectControlById" } }, - "control-id": { - "description": "required", - "type": "string" - }, - "id": { + "href": { "type": "string" }, - "modify-id": { - "type": "string" + "include-all": { + "$ref": "#/definitions/oscalTypes_1_1_3.IncludeAll" }, - "removes": { + "include-controls": { "type": "array", "items": { - "$ref": "#/definitions/relational.Removal" + "$ref": "#/definitions/oscalTypes_1_1_3.SelectControlById" } } } }, - "relational.AssessedControlsSelectControlById": { + "oscalTypes_1_1_3.ImportAp": { "type": "object", "properties": { - "control": { - "$ref": "#/definitions/relational.Control" + "href": { + "type": "string" }, - "controlID": { + "remarks": { + "type": "string" + } + } + }, + "oscalTypes_1_1_3.ImportComponentDefinition": { + "type": "object", + "properties": { + "href": { + "type": "string" + } + } + }, + "oscalTypes_1_1_3.ImportProfile": { + "type": "object", + "properties": { + "href": { "type": "string" }, - "id": { + "remarks": { + "type": "string" + } + } + }, + "oscalTypes_1_1_3.ImportSsp": { + "type": "object", + "properties": { + "href": { "type": "string" }, - "statements": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.Statement" - } + "remarks": { + "type": "string" } } }, - "relational.AssessmentSubject": { + "oscalTypes_1_1_3.IncludeAll": { + "type": "object", + "additionalProperties": true + }, + "oscalTypes_1_1_3.IncorporatesComponent": { "type": "object", "properties": { + "component-uuid": { + "type": "string" + }, "description": { "type": "string" + } + } + }, + "oscalTypes_1_1_3.InformationType": { + "type": "object", + "properties": { + "availability-impact": { + "$ref": "#/definitions/oscalTypes_1_1_3.Impact" }, - "evidence": { + "categorizations": { "type": "array", "items": { - "$ref": "#/definitions/relational.Evidence" + "$ref": "#/definitions/oscalTypes_1_1_3.InformationTypeCategorization" } }, - "excludeSubjects": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.SelectSubjectById" - } + "confidentiality-impact": { + "$ref": "#/definitions/oscalTypes_1_1_3.Impact" }, - "id": { + "description": { "type": "string" }, - "includeAll": { - "$ref": "#/definitions/datatypes.JSONType-relational_IncludeAll" - }, - "includeSubjects": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.SelectSubjectById" - } + "integrity-impact": { + "$ref": "#/definitions/oscalTypes_1_1_3.Impact" }, "links": { "type": "array", "items": { - "$ref": "#/definitions/relational.Link" + "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, "props": { "type": "array", "items": { - "$ref": "#/definitions/relational.Prop" + "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, - "remarks": { - "type": "string" - }, - "sspId": { + "title": { "type": "string" }, - "type": { - "description": "Type represents a component, party, location, user, or inventory item.\nIt will likely be updated once we can map it correctly", + "uuid": { "type": "string" } } }, - "relational.AuthorizationBoundary": { + "oscalTypes_1_1_3.InformationTypeCategorization": { "type": "object", "properties": { - "description": { - "type": "string" - }, - "diagrams": { + "information-type-ids": { "type": "array", "items": { - "$ref": "#/definitions/relational.Diagram" + "type": "string" } }, - "id": { + "system": { + "type": "string" + } + } + }, + "oscalTypes_1_1_3.InheritedControlImplementation": { + "type": "object", + "properties": { + "description": { "type": "string" }, "links": { "type": "array", "items": { - "$ref": "#/definitions/relational.Link" + "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, "props": { "type": "array", "items": { - "$ref": "#/definitions/relational.Prop" + "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, - "remarks": { - "type": "string" - }, - "systemCharacteristicsId": { - "type": "string" - } - } - }, - "relational.AuthorizedPrivilege": { - "type": "object", - "properties": { - "description": { + "provided-uuid": { "type": "string" }, - "functions-performed": { + "responsible-roles": { "type": "array", "items": { - "type": "string" + "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleRole" } }, - "id": { - "type": "string" - }, - "systemUserId": { - "type": "string" - }, - "title": { + "uuid": { "type": "string" } } }, - "relational.BackMatter": { + "oscalTypes_1_1_3.InsertControls": { "type": "object", "properties": { - "id": { - "type": "string" - }, - "parentID": { - "type": "string" + "exclude-controls": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.SelectControlById" + } }, - "parentType": { - "type": "string" + "include-all": { + "$ref": "#/definitions/oscalTypes_1_1_3.IncludeAll" }, - "resources": { + "include-controls": { "type": "array", "items": { - "$ref": "#/definitions/relational.BackMatterResource" + "$ref": "#/definitions/oscalTypes_1_1_3.SelectControlById" } + }, + "order": { + "type": "string" } } }, - "relational.BackMatterResource": { + "oscalTypes_1_1_3.InventoryItem": { "type": "object", "properties": { - "backMatterID": { - "type": "string" - }, - "base64": { - "$ref": "#/definitions/datatypes.JSONType-relational_Base64" - }, - "citation": { - "$ref": "#/definitions/datatypes.JSONType-relational_Citation" - }, "description": { "type": "string" }, - "document-ids": { + "implemented-components": { "type": "array", "items": { - "$ref": "#/definitions/relational.DocumentID" + "$ref": "#/definitions/oscalTypes_1_1_3.ImplementedComponent" } }, - "id": { - "description": "required", - "type": "string" + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Link" + } }, "props": { "type": "array", "items": { - "$ref": "#/definitions/relational.Prop" + "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, "remarks": { "type": "string" }, - "rlinks": { + "responsible-parties": { "type": "array", "items": { - "$ref": "#/definitions/relational.ResourceLink" + "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleParty" } }, - "title": { + "uuid": { "type": "string" } } }, - "relational.ByComponent": { + "oscalTypes_1_1_3.LeveragedAuthorization": { "type": "object", "properties": { - "component-uuid": { - "type": "string" - }, - "description": { - "type": "string" - }, - "export": { - "$ref": "#/definitions/relational.Export" - }, - "id": { + "date-authorized": { "type": "string" }, - "implementation-status": { - "$ref": "#/definitions/datatypes.JSONType-relational_ImplementationStatus" - }, - "inherited-control-implementations": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.InheritedControlImplementation" - } - }, "links": { "type": "array", "items": { - "$ref": "#/definitions/relational.Link" + "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, - "parentID": { - "description": "As ByComponent can be found in Implemented Requirements \u0026 Statements, using GORM polymorphism to tell us where to attach", - "type": "string" - }, - "parentType": { + "party-uuid": { "type": "string" }, "props": { "type": "array", "items": { - "$ref": "#/definitions/relational.Prop" + "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, "remarks": { "type": "string" }, - "responsible-parties": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.ResponsibleRole" - } - }, - "satisfied": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.SatisfiedControlImplementationResponsibility" - } + "title": { + "type": "string" }, - "set-parameters": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.SetParameter" - } + "uuid": { + "type": "string" } } }, - "relational.Capability": { + "oscalTypes_1_1_3.Link": { "type": "object", "properties": { - "componentDefinition": { - "$ref": "#/definitions/relational.ComponentDefinition" - }, - "componentDefinitionId": { + "href": { "type": "string" }, - "control-implementations": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.ControlImplementationSet" - } + "media-type": { + "type": "string" }, - "description": { - "description": "required", + "rel": { "type": "string" }, - "id": { + "resource-fragment": { "type": "string" }, - "incorporates-components": { + "text": { + "type": "string" + } + } + }, + "oscalTypes_1_1_3.LocalDefinitions": { + "type": "object", + "properties": { + "activities": { "type": "array", "items": { - "$ref": "#/definitions/relational.IncorporatesComponents" + "$ref": "#/definitions/oscalTypes_1_1_3.Activity" } }, - "links": { + "components": { "type": "array", "items": { - "$ref": "#/definitions/relational.Link" + "$ref": "#/definitions/oscalTypes_1_1_3.SystemComponent" } }, - "name": { - "description": "required", - "type": "string" + "inventory-items": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.InventoryItem" + } }, - "props": { + "objectives-and-methods": { "type": "array", "items": { - "$ref": "#/definitions/relational.Prop" + "$ref": "#/definitions/oscalTypes_1_1_3.LocalObjective" } }, "remarks": { "type": "string" + }, + "users": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.SystemUser" + } } } }, - "relational.ComponentDefinition": { + "oscalTypes_1_1_3.LocalObjective": { "type": "object", "properties": { - "back-matter": { - "$ref": "#/definitions/relational.BackMatter" + "control-id": { + "type": "string" }, - "capabilities": { + "description": { + "type": "string" + }, + "links": { "type": "array", "items": { - "$ref": "#/definitions/relational.Capability" + "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, - "components": { + "parts": { "type": "array", "items": { - "$ref": "#/definitions/relational.DefinedComponent" + "$ref": "#/definitions/oscalTypes_1_1_3.Part" } }, - "id": { - "type": "string" - }, - "import-component-definitions": { + "props": { "type": "array", "items": { - "$ref": "#/definitions/relational.ImportComponentDefinition" + "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, - "metadata": { - "description": "required", - "allOf": [ - { - "$ref": "#/definitions/relational.Metadata" - } - ] + "remarks": { + "type": "string" } } }, - "relational.Control": { + "oscalTypes_1_1_3.Location": { "type": "object", "properties": { - "catalogID": { - "type": "string" - }, - "class": { - "type": "string" - }, - "controls": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.Control" - } + "address": { + "$ref": "#/definitions/oscalTypes_1_1_3.Address" }, - "filters": { + "email-addresses": { "type": "array", "items": { - "$ref": "#/definitions/relational.Filter" + "type": "string" } }, - "id": { - "description": "required", - "type": "string" - }, "links": { "type": "array", "items": { - "$ref": "#/definitions/relational.Link" + "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, - "params": { + "props": { "type": "array", "items": { - "$ref": "#/definitions/relational.Parameter" + "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, - "parentID": { - "type": "string" - }, - "parentType": { + "remarks": { "type": "string" }, - "parts": { + "telephone-numbers": { "type": "array", "items": { - "$ref": "#/definitions/relational.Part" + "$ref": "#/definitions/oscalTypes_1_1_3.TelephoneNumber" } }, - "props": { + "title": { + "type": "string" + }, + "urls": { "type": "array", "items": { - "$ref": "#/definitions/relational.Prop" + "type": "string" } }, - "title": { - "description": "required", + "uuid": { "type": "string" } } }, - "relational.ControlImplementation": { + "oscalTypes_1_1_3.LoggedBy": { "type": "object", "properties": { - "description": { + "party-uuid": { "type": "string" }, - "id": { + "role-id": { + "type": "string" + } + } + }, + "oscalTypes_1_1_3.Matching": { + "type": "object", + "properties": { + "pattern": { "type": "string" + } + } + }, + "oscalTypes_1_1_3.Merge": { + "type": "object", + "properties": { + "as-is": { + "type": "boolean" }, - "implemented-requirements": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.ImplementedRequirement" - } + "combine": { + "$ref": "#/definitions/oscalTypes_1_1_3.CombinationRule" }, - "set-parameters": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.SetParameter" - } + "custom": { + "$ref": "#/definitions/oscalTypes_1_1_3.CustomGrouping" }, - "systemSecurityPlanId": { - "type": "string" + "flat": { + "$ref": "#/definitions/oscalTypes_1_1_3.FlatWithoutGrouping" } } }, - "relational.ControlImplementationResponsibility": { + "oscalTypes_1_1_3.Metadata": { "type": "object", "properties": { - "description": { - "description": "required", - "type": "string" + "actions": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Action" + } }, - "exportId": { - "type": "string" + "document-ids": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.DocumentId" + } }, - "id": { + "last-modified": { "type": "string" }, "links": { "type": "array", "items": { - "$ref": "#/definitions/relational.Link" + "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, - "props": { + "locations": { "type": "array", "items": { - "$ref": "#/definitions/relational.Prop" + "$ref": "#/definitions/oscalTypes_1_1_3.Location" } }, - "provided-uuid": { - "type": "string" - }, - "remarks": { + "oscal-version": { "type": "string" }, - "responsible-roles": { + "parties": { "type": "array", "items": { - "$ref": "#/definitions/relational.ResponsibleRole" + "$ref": "#/definitions/oscalTypes_1_1_3.Party" } - } - } - }, - "relational.ControlImplementationSet": { - "type": "object", - "properties": { - "definedComponent": { - "$ref": "#/definitions/relational.DefinedComponent" }, - "definedComponentID": { - "type": "string" + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Property" + } }, - "description": { - "description": "required", + "published": { "type": "string" }, - "id": { + "remarks": { "type": "string" }, - "implemented-requirements": { - "description": "required", - "type": "array", - "items": { - "$ref": "#/definitions/relational.ImplementedRequirementControlImplementation" - } - }, - "links": { + "responsible-parties": { "type": "array", "items": { - "$ref": "#/definitions/relational.Link" + "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleParty" } }, - "props": { + "revisions": { "type": "array", "items": { - "$ref": "#/definitions/relational.Prop" + "$ref": "#/definitions/oscalTypes_1_1_3.RevisionHistoryEntry" } }, - "set-parameters": { + "roles": { "type": "array", "items": { - "$ref": "#/definitions/relational.SetParameter" + "$ref": "#/definitions/oscalTypes_1_1_3.Role" } }, - "source": { - "description": "required", + "title": { + "type": "string" + }, + "version": { "type": "string" } } }, - "relational.ControlObjectiveSelection": { + "oscalTypes_1_1_3.MitigatingFactor": { "type": "object", "properties": { "description": { "type": "string" }, - "excludeObjectives": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.SelectObjectiveById" - } - }, - "id": { + "implementation-uuid": { "type": "string" }, - "includeAll": { - "$ref": "#/definitions/datatypes.JSONType-relational_IncludeAll" - }, - "includeObjectives": { + "links": { "type": "array", "items": { - "$ref": "#/definitions/relational.SelectObjectiveById" + "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, - "links": { + "props": { "type": "array", "items": { - "$ref": "#/definitions/relational.Link" + "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, - "props": { + "subjects": { "type": "array", "items": { - "$ref": "#/definitions/relational.Prop" + "$ref": "#/definitions/oscalTypes_1_1_3.SubjectReference" } }, - "remarks": { - "type": "string" - }, - "reviewedControlsID": { + "uuid": { "type": "string" } } }, - "relational.ControlSelection": { + "oscalTypes_1_1_3.Modify": { "type": "object", "properties": { - "description": { - "type": "string" - }, - "excludeControls": { + "alters": { "type": "array", "items": { - "$ref": "#/definitions/relational.AssessedControlsSelectControlById" + "$ref": "#/definitions/oscalTypes_1_1_3.Alteration" } }, - "id": { + "set-parameters": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.ParameterSetting" + } + } + } + }, + "oscalTypes_1_1_3.NetworkArchitecture": { + "type": "object", + "properties": { + "description": { "type": "string" }, - "includeAll": { - "$ref": "#/definitions/datatypes.JSONType-relational_IncludeAll" - }, - "includeControls": { + "diagrams": { "type": "array", "items": { - "$ref": "#/definitions/relational.AssessedControlsSelectControlById" + "$ref": "#/definitions/oscalTypes_1_1_3.Diagram" } }, "links": { "type": "array", "items": { - "$ref": "#/definitions/relational.Link" + "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, "props": { "type": "array", "items": { - "$ref": "#/definitions/relational.Prop" + "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, + "remarks": { + "type": "string" + } + } + }, + "oscalTypes_1_1_3.ObjectiveStatus": { + "type": "object", + "properties": { + "reason": { + "type": "string" + }, "remarks": { "type": "string" }, - "reviewedControlsID": { + "state": { "type": "string" } } }, - "relational.ControlStatementImplementation": { + "oscalTypes_1_1_3.Observation": { "type": "object", "properties": { - "description": { - "description": "required", + "collected": { "type": "string" }, - "id": { + "description": { "type": "string" }, - "implementedRequirementControlImplementationId": { + "expires": { "type": "string" }, "links": { "type": "array", "items": { - "$ref": "#/definitions/relational.Link" + "$ref": "#/definitions/oscalTypes_1_1_3.Link" + } + }, + "methods": { + "type": "array", + "items": { + "type": "string" + } + }, + "origins": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Origin" } }, "props": { "type": "array", "items": { - "$ref": "#/definitions/relational.Prop" + "$ref": "#/definitions/oscalTypes_1_1_3.Property" + } + }, + "relevant-evidence": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.RelevantEvidence" } }, "remarks": { "type": "string" }, - "responsible-roles": { + "subjects": { "type": "array", "items": { - "$ref": "#/definitions/relational.ResponsibleRole" + "$ref": "#/definitions/oscalTypes_1_1_3.SubjectReference" } }, - "statement-id": { - "description": "required", + "title": { + "type": "string" + }, + "types": { + "type": "array", + "items": { + "type": "string" + } + }, + "uuid": { "type": "string" } } }, - "relational.DataFlow": { + "oscalTypes_1_1_3.OnDateCondition": { "type": "object", "properties": { - "description": { + "date": { + "type": "string" + } + } + }, + "oscalTypes_1_1_3.OnDateRangeCondition": { + "type": "object", + "properties": { + "end": { "type": "string" }, - "diagrams": { + "start": { + "type": "string" + } + } + }, + "oscalTypes_1_1_3.Origin": { + "type": "object", + "properties": { + "actors": { "type": "array", "items": { - "$ref": "#/definitions/relational.Diagram" + "$ref": "#/definitions/oscalTypes_1_1_3.OriginActor" } }, - "id": { + "related-tasks": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.RelatedTask" + } + } + } + }, + "oscalTypes_1_1_3.OriginActor": { + "type": "object", + "properties": { + "actor-uuid": { "type": "string" }, "links": { "type": "array", "items": { - "$ref": "#/definitions/relational.Link" + "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, "props": { "type": "array", "items": { - "$ref": "#/definitions/relational.Prop" + "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, - "remarks": { + "role-id": { "type": "string" }, - "systemCharacteristicsId": { + "type": { "type": "string" } } }, - "relational.DefinedComponent": { + "oscalTypes_1_1_3.Parameter": { "type": "object", "properties": { - "componentDefinition": { - "$ref": "#/definitions/relational.ComponentDefinition" - }, - "componentDefinitionID": { + "class": { "type": "string" }, - "control-implementations": { + "constraints": { "type": "array", "items": { - "$ref": "#/definitions/relational.ControlImplementationSet" + "$ref": "#/definitions/oscalTypes_1_1_3.ParameterConstraint" } }, - "description": { - "description": "required", + "depends-on": { "type": "string" }, + "guidelines": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.ParameterGuideline" + } + }, "id": { "type": "string" }, + "label": { + "type": "string" + }, "links": { "type": "array", "items": { - "$ref": "#/definitions/relational.Link" + "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, "props": { "type": "array", "items": { - "$ref": "#/definitions/relational.Prop" - } - }, - "protocols": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.Protocol" + "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, - "purpose": { + "remarks": { "type": "string" }, - "remarks": { + "select": { + "$ref": "#/definitions/oscalTypes_1_1_3.ParameterSelection" + }, + "usage": { "type": "string" }, - "responsible-roles": { + "values": { "type": "array", "items": { - "$ref": "#/definitions/relational.ResponsibleRole" + "type": "string" } - }, - "title": { - "description": "required", - "type": "string" - }, - "type": { - "description": "required", - "type": "string" } } }, - "relational.Diagram": { + "oscalTypes_1_1_3.ParameterConstraint": { "type": "object", - "properties": { - "caption": { - "type": "string" - }, - "description": { - "type": "string" - }, - "id": { - "type": "string" - }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.Link" - } - }, - "parentID": { - "type": "string" - }, - "parentType": { + "properties": { + "description": { "type": "string" }, - "props": { + "tests": { "type": "array", "items": { - "$ref": "#/definitions/relational.Prop" + "$ref": "#/definitions/oscalTypes_1_1_3.ConstraintTest" } - }, - "remarks": { - "type": "string" } } }, - "relational.DocumentID": { + "oscalTypes_1_1_3.ParameterGuideline": { "type": "object", "properties": { - "identifier": { + "prose": { "type": "string" - }, - "scheme": { - "$ref": "#/definitions/relational.DocumentIDScheme" } } }, - "relational.DocumentIDScheme": { - "type": "string", - "enum": [ - "http://www.doi.org/" - ], - "x-enum-varnames": [ - "DocumentIDSchemeDoi" - ] - }, - "relational.Evidence": { + "oscalTypes_1_1_3.ParameterSelection": { "type": "object", "properties": { - "activities": { - "description": "What steps did we take to create this evidence", + "choice": { "type": "array", "items": { - "$ref": "#/definitions/relational.Activity" + "type": "string" } }, - "back-matter": { - "$ref": "#/definitions/relational.BackMatter" + "how-many": { + "type": "string" + } + } + }, + "oscalTypes_1_1_3.ParameterSetting": { + "type": "object", + "properties": { + "class": { + "type": "string" }, - "components": { - "description": "Which components of the subject are being observed. A tool, user, policy etc.", + "constraints": { "type": "array", "items": { - "$ref": "#/definitions/relational.SystemComponent" + "$ref": "#/definitions/oscalTypes_1_1_3.ParameterConstraint" } }, - "description": { - "type": "string" - }, - "end": { - "type": "string" - }, - "expires": { - "type": "string" - }, - "id": { + "depends-on": { "type": "string" }, - "inventory-items": { + "guidelines": { "type": "array", "items": { - "$ref": "#/definitions/relational.InventoryItem" + "$ref": "#/definitions/oscalTypes_1_1_3.ParameterGuideline" } }, - "labels": { - "description": "Assigning labels to Evidence makes it searchable and easily usable in the UI", - "type": "array", - "items": { - "$ref": "#/definitions/relational.Labels" - } + "label": { + "type": "string" }, "links": { "type": "array", "items": { - "$ref": "#/definitions/relational.Link" + "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, - "origins": { - "description": "Who or What is generating this evidence", - "type": "array", - "items": { - "$ref": "#/definitions/relational.Origin" - } + "param-id": { + "type": "string" }, "props": { "type": "array", "items": { - "$ref": "#/definitions/relational.Prop" + "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, - "remarks": { - "type": "string" + "select": { + "$ref": "#/definitions/oscalTypes_1_1_3.ParameterSelection" }, - "start": { - "description": "When did we start collecting the evidence, and when did the process end, and how long is it valid for ?", + "usage": { "type": "string" }, - "status": { - "description": "Did we satisfy what was being tested for, or did we fail ?", - "allOf": [ - { - "$ref": "#/definitions/datatypes.JSONType-oscalTypes_1_1_3_ObjectiveStatus" - } - ] - }, - "subjects": { - "description": "Who or What are we providing evidence for. What's under test.", + "values": { "type": "array", "items": { - "$ref": "#/definitions/relational.AssessmentSubject" + "type": "string" } - }, - "title": { - "type": "string" - }, - "uuid": { - "description": "UUID needs to remain consistent when automation runs again, but unique for each subject.\nIt represents the \"stream\" of the same observation being made over time.", - "type": "string" } } }, - "relational.Export": { + "oscalTypes_1_1_3.Part": { "type": "object", "properties": { - "byComponentId": { - "type": "string" - }, - "description": { + "class": { "type": "string" }, "id": { @@ -30405,378 +21267,307 @@ "links": { "type": "array", "items": { - "$ref": "#/definitions/relational.Link" + "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, - "props": { + "name": { + "type": "string" + }, + "ns": { + "type": "string" + }, + "parts": { "type": "array", "items": { - "$ref": "#/definitions/relational.Prop" + "$ref": "#/definitions/oscalTypes_1_1_3.Part" } }, - "provided": { + "props": { "type": "array", "items": { - "$ref": "#/definitions/relational.ProvidedControlImplementation" + "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, - "remarks": { + "prose": { "type": "string" }, - "responsibilities": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.ControlImplementationResponsibility" - } + "title": { + "type": "string" } } }, - "relational.Filter": { + "oscalTypes_1_1_3.Party": { "type": "object", "properties": { - "components": { + "addresses": { "type": "array", "items": { - "$ref": "#/definitions/relational.SystemComponent" + "$ref": "#/definitions/oscalTypes_1_1_3.Address" } }, - "controls": { + "email-addresses": { "type": "array", "items": { - "$ref": "#/definitions/relational.Control" + "type": "string" } }, - "filter": { - "$ref": "#/definitions/datatypes.JSONType-labelfilter_Filter" + "external-ids": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.PartyExternalIdentifier" + } }, - "id": { - "type": "string" + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Link" + } }, - "name": { - "type": "string" - } - } - }, - "relational.Hash": { - "type": "object", - "properties": { - "algorithm": { - "description": "required", - "allOf": [ - { - "$ref": "#/definitions/relational.HashAlgorithm" - } - ] + "location-uuids": { + "type": "array", + "items": { + "type": "string" + } }, - "value": { - "description": "required", - "type": "string" - } - } - }, - "relational.HashAlgorithm": { - "type": "string", - "enum": [ - "SHA-224", - "SHA-256", - "SHA-384", - "SHA-512", - "SHA3-224", - "SHA3-256", - "SHA3-384", - "SHA3-512" - ], - "x-enum-varnames": [ - "HashAlgorithmSHA_224", - "HashAlgorithmSHA_256", - "HashAlgorithmSHA_384", - "HashAlgorithmSHA_512", - "HashAlgorithmSHA3_224", - "HashAlgorithmSHA3_256", - "HashAlgorithmSHA3_384", - "HashAlgorithmSHA3_512" - ] - }, - "relational.ImplementedComponent": { - "type": "object", - "properties": { - "component": { - "$ref": "#/definitions/relational.DefinedComponent" + "member-of-organizations": { + "type": "array", + "items": { + "type": "string" + } }, - "component-uuid": { + "name": { "type": "string" }, - "id": { + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Property" + } + }, + "remarks": { "type": "string" }, - "inventoryItemId": { + "short-name": { "type": "string" }, - "links": { + "telephone-numbers": { "type": "array", "items": { - "$ref": "#/definitions/relational.Link" + "$ref": "#/definitions/oscalTypes_1_1_3.TelephoneNumber" } }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.Prop" - } + "type": { + "type": "string" }, - "remarks": { + "uuid": { + "type": "string" + } + } + }, + "oscalTypes_1_1_3.PartyExternalIdentifier": { + "type": "object", + "properties": { + "id": { "type": "string" }, - "responsible-parties": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.ResponsibleParty" - } + "scheme": { + "type": "string" } } }, - "relational.ImplementedRequirement": { + "oscalTypes_1_1_3.PlanOfActionAndMilestones": { "type": "object", "properties": { - "by-components": { + "back-matter": { + "$ref": "#/definitions/oscalTypes_1_1_3.BackMatter" + }, + "findings": { "type": "array", "items": { - "$ref": "#/definitions/relational.ByComponent" + "$ref": "#/definitions/oscalTypes_1_1_3.Finding" } }, - "control-id": { - "type": "string" + "import-ssp": { + "$ref": "#/definitions/oscalTypes_1_1_3.ImportSsp" }, - "controlImplementationId": { - "type": "string" + "local-definitions": { + "$ref": "#/definitions/oscalTypes_1_1_3.PlanOfActionAndMilestonesLocalDefinitions" }, - "id": { - "type": "string" + "metadata": { + "$ref": "#/definitions/oscalTypes_1_1_3.Metadata" }, - "links": { + "observations": { "type": "array", "items": { - "$ref": "#/definitions/relational.Link" + "$ref": "#/definitions/oscalTypes_1_1_3.Observation" } }, - "props": { + "poam-items": { "type": "array", "items": { - "$ref": "#/definitions/relational.Prop" + "$ref": "#/definitions/oscalTypes_1_1_3.PoamItem" } }, - "remarks": { - "type": "string" - }, - "responsible-roles": { + "risks": { "type": "array", "items": { - "$ref": "#/definitions/relational.ResponsibleRole" + "$ref": "#/definitions/oscalTypes_1_1_3.Risk" } }, - "set-parameters": { + "system-id": { + "$ref": "#/definitions/oscalTypes_1_1_3.SystemId" + }, + "uuid": { + "type": "string" + } + } + }, + "oscalTypes_1_1_3.PlanOfActionAndMilestonesLocalDefinitions": { + "type": "object", + "properties": { + "assessment-assets": { + "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentAssets" + }, + "components": { "type": "array", "items": { - "$ref": "#/definitions/relational.SetParameter" + "$ref": "#/definitions/oscalTypes_1_1_3.SystemComponent" } }, - "statements": { + "inventory-items": { "type": "array", "items": { - "$ref": "#/definitions/relational.Statement" + "$ref": "#/definitions/oscalTypes_1_1_3.InventoryItem" } + }, + "remarks": { + "type": "string" } } }, - "relational.ImplementedRequirementControlImplementation": { + "oscalTypes_1_1_3.PoamItem": { "type": "object", "properties": { - "control-id": { - "description": "required", - "type": "string" - }, - "controlImplementationSetID": { - "type": "string" - }, "description": { - "description": "required", - "type": "string" - }, - "id": { "type": "string" }, "links": { "type": "array", "items": { - "$ref": "#/definitions/relational.Link" + "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, - "props": { + "origins": { "type": "array", "items": { - "$ref": "#/definitions/relational.Prop" + "$ref": "#/definitions/oscalTypes_1_1_3.PoamItemOrigin" } }, - "remarks": { - "type": "string" - }, - "responsible-roles": { - "description": "required", + "props": { "type": "array", "items": { - "$ref": "#/definitions/relational.ResponsibleRole" + "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, - "set-parameters": { + "related-findings": { "type": "array", "items": { - "$ref": "#/definitions/relational.SetParameter" + "$ref": "#/definitions/oscalTypes_1_1_3.RelatedFinding" } }, - "statements": { + "related-observations": { "type": "array", "items": { - "$ref": "#/definitions/relational.ControlStatementImplementation" + "$ref": "#/definitions/oscalTypes_1_1_3.RelatedObservation" } - } - } - }, - "relational.Import": { - "type": "object", - "properties": { - "exclude-controls": { + }, + "related-risks": { "type": "array", "items": { - "$ref": "#/definitions/relational.SelectControlById" + "$ref": "#/definitions/oscalTypes_1_1_3.AssociatedRisk" } }, - "href": { - "description": "Href as per the OSCAL docs can be an absolute network path (potentially remote), relative or a URI fragment\nfor the moment to make the system's life easier, it should be a URI fragment to back-matter and try and resolve\nback to an ingested catalog.", + "remarks": { "type": "string" }, - "id": { + "title": { "type": "string" }, - "include-all": { - "$ref": "#/definitions/datatypes.JSONType-relational_IncludeAll" - }, - "include-controls": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.SelectControlById" - } - }, - "profileID": { + "uuid": { "type": "string" } } }, - "relational.ImportComponentDefinition": { + "oscalTypes_1_1_3.PoamItemOrigin": { "type": "object", "properties": { - "href": { - "type": "string" + "actors": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.OriginActor" + } } } }, - "relational.IncorporatesComponents": { + "oscalTypes_1_1_3.PortRange": { "type": "object", "properties": { - "component-uuid": { - "type": "string" + "end": { + "type": "integer" }, - "description": { + "start": { + "type": "integer" + }, + "transport": { "type": "string" } } }, - "relational.InheritedControlImplementation": { + "oscalTypes_1_1_3.Profile": { "type": "object", "properties": { - "byComponentId": { - "type": "string" - }, - "description": { - "description": "required", - "type": "string" - }, - "id": { - "type": "string" + "back-matter": { + "$ref": "#/definitions/oscalTypes_1_1_3.BackMatter" }, - "links": { + "imports": { "type": "array", "items": { - "$ref": "#/definitions/relational.Link" + "$ref": "#/definitions/oscalTypes_1_1_3.Import" } }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.Prop" - } + "merge": { + "$ref": "#/definitions/oscalTypes_1_1_3.Merge" }, - "provided-uuid": { - "type": "string" + "metadata": { + "$ref": "#/definitions/oscalTypes_1_1_3.Metadata" }, - "responsible-roles": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.ResponsibleRole" - } + "modify": { + "$ref": "#/definitions/oscalTypes_1_1_3.Modify" + }, + "uuid": { + "type": "string" } } }, - "relational.InventoryItem": { + "oscalTypes_1_1_3.Property": { "type": "object", "properties": { - "description": { + "class": { "type": "string" }, - "evidence": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.Evidence" - } - }, - "id": { + "group": { "type": "string" }, - "implemented-components": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.ImplementedComponent" - } - }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.Link" - } + "name": { + "type": "string" }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.Prop" - } + "ns": { + "type": "string" }, "remarks": { "type": "string" }, - "responsible-parties": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.ResponsibleParty" - } - }, - "systemImplementationId": { - "type": "string" - } - } - }, - "relational.Labels": { - "type": "object", - "properties": { - "name": { + "uuid": { "type": "string" }, "value": { @@ -30784,1321 +21575,1321 @@ } } }, - "relational.LeveragedAuthorization": { + "oscalTypes_1_1_3.Protocol": { "type": "object", "properties": { - "date-authorized": { - "type": "string" - }, - "id": { - "type": "string" - }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.Link" - } - }, - "party-uuid": { + "name": { "type": "string" }, - "props": { + "port-ranges": { "type": "array", "items": { - "$ref": "#/definitions/relational.Prop" + "$ref": "#/definitions/oscalTypes_1_1_3.PortRange" } }, - "remarks": { - "type": "string" - }, - "systemImplementationId": { + "title": { "type": "string" }, - "title": { + "uuid": { "type": "string" } } }, - "relational.Link": { + "oscalTypes_1_1_3.ProvidedControlImplementation": { "type": "object", "properties": { - "href": { + "description": { "type": "string" }, - "media-type": { - "type": "string" + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Link" + } }, - "rel": { - "type": "string" + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Property" + } }, - "resource-fragment": { + "remarks": { "type": "string" }, - "text": { + "responsible-roles": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleRole" + } + }, + "uuid": { "type": "string" } } }, - "relational.Location": { + "oscalTypes_1_1_3.ReferencedControlObjectives": { "type": "object", "properties": { - "address": { - "$ref": "#/definitions/datatypes.JSONType-relational_Address" + "description": { + "type": "string" }, - "email-addresses": { + "exclude-objectives": { "type": "array", "items": { - "type": "string" + "$ref": "#/definitions/oscalTypes_1_1_3.SelectObjectiveById" } }, - "id": { - "type": "string" + "include-all": { + "$ref": "#/definitions/oscalTypes_1_1_3.IncludeAll" }, - "links": { + "include-objectives": { "type": "array", "items": { - "$ref": "#/definitions/relational.Link" + "$ref": "#/definitions/oscalTypes_1_1_3.SelectObjectiveById" } }, - "props": { + "links": { "type": "array", "items": { - "$ref": "#/definitions/relational.Prop" + "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, - "remarks": { - "type": "string" - }, - "telephone-numbers": { + "props": { "type": "array", "items": { - "$ref": "#/definitions/relational.TelephoneNumber" + "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, - "title": { + "remarks": { "type": "string" - }, - "urls": { - "type": "array", - "items": { - "type": "string" - } } } }, - "relational.Matching": { + "oscalTypes_1_1_3.RelatedFinding": { "type": "object", "properties": { - "pattern": { + "finding-uuid": { "type": "string" } } }, - "relational.Merge": { + "oscalTypes_1_1_3.RelatedObservation": { "type": "object", "properties": { - "as-is": { - "type": "boolean" - }, - "combine": { - "$ref": "#/definitions/datatypes.JSONType-relational_CombinationRule" - }, - "flat": { - "$ref": "#/definitions/datatypes.JSONType-relational_FlatWithoutGrouping" - }, - "id": { - "type": "string" - }, - "profileID": { + "observation-uuid": { "type": "string" } } }, - "relational.Metadata": { + "oscalTypes_1_1_3.RelatedTask": { "type": "object", "properties": { - "actions": { + "identified-subject": { + "$ref": "#/definitions/oscalTypes_1_1_3.IdentifiedSubject" + }, + "links": { "type": "array", "items": { - "$ref": "#/definitions/relational.Action" + "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, - "document-ids": { - "description": "-\u003e DocumentID", + "props": { "type": "array", "items": { - "$ref": "#/definitions/relational.DocumentID" + "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, - "id": { - "type": "string" - }, - "last-modified": { + "remarks": { "type": "string" }, - "links": { + "responsible-parties": { "type": "array", "items": { - "$ref": "#/definitions/relational.Link" + "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleParty" } }, - "locations": { + "subjects": { "type": "array", "items": { - "$ref": "#/definitions/relational.Location" + "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentSubject" } }, - "oscal-version": { + "task-uuid": { "type": "string" - }, - "parentID": { - "description": "Metadata is shared across many resources, and so it mapped using a polymorphic relationship", + } + } + }, + "oscalTypes_1_1_3.RelevantEvidence": { + "type": "object", + "properties": { + "description": { "type": "string" }, - "parentType": { + "href": { "type": "string" }, - "parties": { + "links": { "type": "array", "items": { - "$ref": "#/definitions/relational.Party" + "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, "props": { "type": "array", "items": { - "$ref": "#/definitions/relational.Prop" + "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, - "published": { - "type": "string" - }, "remarks": { "type": "string" + } + } + }, + "oscalTypes_1_1_3.Removal": { + "type": "object", + "properties": { + "by-class": { + "type": "string" }, - "responsibleParties": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.ResponsibleParty" - } - }, - "revisions": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.Revision" - } + "by-id": { + "type": "string" }, - "roles": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.Role" - } + "by-item-name": { + "type": "string" }, - "title": { + "by-name": { "type": "string" }, - "version": { + "by-ns": { "type": "string" } } }, - "relational.Modify": { + "oscalTypes_1_1_3.RequiredAsset": { "type": "object", "properties": { - "alters": { + "description": { + "type": "string" + }, + "links": { "type": "array", "items": { - "$ref": "#/definitions/relational.Alteration" + "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, - "id": { - "type": "string" + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Property" + } }, - "profileID": { + "remarks": { "type": "string" }, - "set-parameters": { + "subjects": { "type": "array", "items": { - "$ref": "#/definitions/relational.ParameterSetting" + "$ref": "#/definitions/oscalTypes_1_1_3.SubjectReference" } + }, + "title": { + "type": "string" + }, + "uuid": { + "type": "string" } } }, - "relational.NetworkArchitecture": { + "oscalTypes_1_1_3.Resource": { "type": "object", "properties": { + "base64": { + "$ref": "#/definitions/oscalTypes_1_1_3.Base64" + }, + "citation": { + "$ref": "#/definitions/oscalTypes_1_1_3.Citation" + }, "description": { "type": "string" }, - "diagrams": { + "document-ids": { "type": "array", "items": { - "$ref": "#/definitions/relational.Diagram" + "$ref": "#/definitions/oscalTypes_1_1_3.DocumentId" } }, - "id": { - "type": "string" - }, - "links": { + "props": { "type": "array", "items": { - "$ref": "#/definitions/relational.Link" + "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, - "props": { + "remarks": { + "type": "string" + }, + "rlinks": { "type": "array", "items": { - "$ref": "#/definitions/relational.Prop" + "$ref": "#/definitions/oscalTypes_1_1_3.ResourceLink" } }, - "remarks": { + "title": { "type": "string" }, - "systemCharacteristicsId": { + "uuid": { "type": "string" } } }, - "relational.Origin": { + "oscalTypes_1_1_3.ResourceLink": { "type": "object", "properties": { - "actors": { + "hashes": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.OriginActor" + "$ref": "#/definitions/oscalTypes_1_1_3.Hash" } }, - "related-tasks": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.RelatedTask" - } + "href": { + "type": "string" + }, + "media-type": { + "type": "string" } } }, - "relational.Parameter": { + "oscalTypes_1_1_3.Response": { "type": "object", "properties": { - "class": { + "description": { "type": "string" }, - "constraints": { + "lifecycle": { + "type": "string" + }, + "links": { "type": "array", "items": { - "$ref": "#/definitions/relational.ParameterConstraint" + "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, - "guidelines": { + "origins": { "type": "array", "items": { - "$ref": "#/definitions/relational.ParameterGuideline" + "$ref": "#/definitions/oscalTypes_1_1_3.Origin" } }, - "id": { - "type": "string" + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Property" + } }, - "label": { + "remarks": { "type": "string" }, - "links": { + "required-assets": { "type": "array", "items": { - "$ref": "#/definitions/relational.Link" + "$ref": "#/definitions/oscalTypes_1_1_3.RequiredAsset" } }, - "props": { + "tasks": { "type": "array", "items": { - "$ref": "#/definitions/relational.Prop" + "$ref": "#/definitions/oscalTypes_1_1_3.Task" } }, - "remarks": { + "title": { "type": "string" }, - "select": { - "$ref": "#/definitions/datatypes.JSONType-relational_ParameterSelection" - }, - "usage": { + "uuid": { "type": "string" - }, - "values": { - "type": "array", - "items": { - "type": "string" - } } } }, - "relational.ParameterConstraint": { + "oscalTypes_1_1_3.ResponsibleParty": { "type": "object", "properties": { - "description": { - "type": "string" + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Link" + } }, - "tests": { + "party-uuids": { "type": "array", "items": { - "$ref": "#/definitions/relational.ParameterConstraintTest" + "type": "string" + } + }, + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Property" } - } - } - }, - "relational.ParameterConstraintTest": { - "type": "object", - "properties": { - "expression": { - "type": "string" }, "remarks": { "type": "string" - } - } - }, - "relational.ParameterGuideline": { - "type": "object", - "properties": { - "prose": { + }, + "role-id": { "type": "string" } } }, - "relational.ParameterSetting": { + "oscalTypes_1_1_3.ResponsibleRole": { "type": "object", "properties": { - "class": { - "type": "string" - }, - "constraints": { + "links": { "type": "array", "items": { - "$ref": "#/definitions/relational.ParameterConstraint" + "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, - "depends-on": { - "type": "string" + "party-uuids": { + "type": "array", + "items": { + "type": "string" + } }, - "guidelines": { + "props": { "type": "array", "items": { - "$ref": "#/definitions/relational.ParameterGuideline" + "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, - "id": { + "remarks": { "type": "string" }, - "label": { + "role-id": { "type": "string" + } + } + }, + "oscalTypes_1_1_3.Result": { + "type": "object", + "properties": { + "assessment-log": { + "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentLog" }, - "links": { + "attestations": { "type": "array", "items": { - "$ref": "#/definitions/relational.Link" + "$ref": "#/definitions/oscalTypes_1_1_3.AttestationStatements" } }, - "modifyID": { + "description": { "type": "string" }, - "param-id": { - "description": "required", + "end": { "type": "string" }, - "props": { + "findings": { "type": "array", "items": { - "$ref": "#/definitions/relational.Prop" + "$ref": "#/definitions/oscalTypes_1_1_3.Finding" } }, - "select": { - "$ref": "#/definitions/datatypes.JSONType-relational_ParameterSelection" - }, - "values": { + "links": { "type": "array", "items": { - "type": "string" + "$ref": "#/definitions/oscalTypes_1_1_3.Link" } - } - } - }, - "relational.Part": { - "type": "object", - "properties": { - "class": { - "type": "string" }, - "id": { - "type": "string" + "local-definitions": { + "$ref": "#/definitions/oscalTypes_1_1_3.LocalDefinitions" }, - "links": { + "observations": { "type": "array", "items": { - "$ref": "#/definitions/relational.Link" + "$ref": "#/definitions/oscalTypes_1_1_3.Observation" } }, - "name": { - "type": "string" - }, - "ns": { - "type": "string" - }, - "part_id": { - "type": "string" - }, - "parts": { - "description": "-\u003e Part", + "props": { "type": "array", "items": { - "$ref": "#/definitions/relational.Part" + "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, - "props": { + "remarks": { + "type": "string" + }, + "reviewed-controls": { + "$ref": "#/definitions/oscalTypes_1_1_3.ReviewedControls" + }, + "risks": { "type": "array", "items": { - "$ref": "#/definitions/relational.Prop" + "$ref": "#/definitions/oscalTypes_1_1_3.Risk" } }, - "prose": { + "start": { "type": "string" }, "title": { "type": "string" + }, + "uuid": { + "type": "string" } } }, - "relational.Party": { + "oscalTypes_1_1_3.ReviewedControls": { "type": "object", "properties": { - "addresses": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.Address" - } - }, - "email-addresses": { + "control-objective-selections": { "type": "array", "items": { - "type": "string" + "$ref": "#/definitions/oscalTypes_1_1_3.ReferencedControlObjectives" } }, - "external-ids": { + "control-selections": { "type": "array", "items": { - "$ref": "#/definitions/relational.PartyExternalID" + "$ref": "#/definitions/oscalTypes_1_1_3.AssessedControls" } }, - "id": { + "description": { "type": "string" }, "links": { "type": "array", "items": { - "$ref": "#/definitions/relational.Link" + "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, - "locations": { + "props": { "type": "array", "items": { - "$ref": "#/definitions/relational.Location" + "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, - "member-of-organizations": { - "description": "-\u003e Party", + "remarks": { + "type": "string" + } + } + }, + "oscalTypes_1_1_3.RevisionHistoryEntry": { + "type": "object", + "properties": { + "last-modified": { + "type": "string" + }, + "links": { "type": "array", "items": { - "$ref": "#/definitions/relational.Party" + "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, - "name": { + "oscal-version": { "type": "string" }, "props": { "type": "array", "items": { - "$ref": "#/definitions/relational.Prop" + "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, - "remarks": { + "published": { "type": "string" }, - "short-name": { + "remarks": { "type": "string" }, - "telephone-numbers": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.TelephoneNumber" - } + "title": { + "type": "string" }, - "type": { - "$ref": "#/definitions/relational.PartyType" + "version": { + "type": "string" } } }, - "relational.PartyExternalID": { + "oscalTypes_1_1_3.Risk": { "type": "object", "properties": { - "id": { + "characterizations": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Characterization" + } + }, + "deadline": { "type": "string" }, - "scheme": { - "$ref": "#/definitions/relational.PartyExternalIDScheme" - } - } - }, - "relational.PartyExternalIDScheme": { - "type": "string", - "enum": [ - "http://orcid.org/" - ], - "x-enum-varnames": [ - "PartyExternalIDSchemeOrchid" - ] - }, - "relational.PartyType": { - "type": "string", - "enum": [ - "person", - "organization" - ], - "x-enum-varnames": [ - "PartyTypePerson", - "PartyTypeOrganization" - ] - }, - "relational.Profile": { - "type": "object", - "properties": { - "back-matter": { - "$ref": "#/definitions/relational.BackMatter" + "description": { + "type": "string" + }, + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Link" + } }, - "controls": { + "mitigating-factors": { "type": "array", "items": { - "$ref": "#/definitions/relational.Control" + "$ref": "#/definitions/oscalTypes_1_1_3.MitigatingFactor" } }, - "id": { - "type": "string" + "origins": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Origin" + } }, - "imports": { + "props": { "type": "array", "items": { - "$ref": "#/definitions/relational.Import" + "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, - "merge": { - "$ref": "#/definitions/relational.Merge" + "related-observations": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.RelatedObservation" + } }, - "metadata": { - "$ref": "#/definitions/relational.Metadata" + "remediations": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Response" + } }, - "modify": { - "$ref": "#/definitions/relational.Modify" - } - } - }, - "relational.Prop": { - "type": "object", - "properties": { - "class": { - "type": "string" + "risk-log": { + "$ref": "#/definitions/oscalTypes_1_1_3.RiskLog" }, - "group": { + "statement": { "type": "string" }, - "name": { + "status": { "type": "string" }, - "ns": { - "type": "string" + "threat-ids": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.ThreatId" + } }, - "remarks": { + "title": { "type": "string" }, "uuid": { "type": "string" - }, - "value": { - "type": "string" } } }, - "relational.Protocol": { + "oscalTypes_1_1_3.RiskLog": { "type": "object", "properties": { - "name": { - "type": "string" - }, - "port-ranges": { + "entries": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.PortRange" + "$ref": "#/definitions/oscalTypes_1_1_3.RiskLogEntry" } - }, - "title": { - "type": "string" - }, - "uuid": { - "type": "string" } } }, - "relational.ProvidedControlImplementation": { + "oscalTypes_1_1_3.RiskLogEntry": { "type": "object", "properties": { "description": { "type": "string" }, - "exportId": { - "type": "string" - }, - "id": { + "end": { "type": "string" }, "links": { "type": "array", "items": { - "$ref": "#/definitions/relational.Link" + "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, - "props": { + "logged-by": { "type": "array", "items": { - "$ref": "#/definitions/relational.Prop" + "$ref": "#/definitions/oscalTypes_1_1_3.LoggedBy" } }, - "remarks": { - "type": "string" + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Property" + } }, - "responsible-roles": { + "related-responses": { "type": "array", "items": { - "$ref": "#/definitions/relational.ResponsibleRole" + "$ref": "#/definitions/oscalTypes_1_1_3.RiskResponseReference" } - } - } - }, - "relational.Removal": { - "type": "object", - "properties": { - "by-class": { + }, + "remarks": { "type": "string" }, - "by-id": { + "start": { "type": "string" }, - "by-item-name": { + "status-change": { "type": "string" }, - "by-name": { + "title": { "type": "string" }, - "by-ns": { + "uuid": { "type": "string" } } }, - "relational.ResourceLink": { + "oscalTypes_1_1_3.RiskResponseReference": { "type": "object", "properties": { - "hashes": { + "links": { "type": "array", "items": { - "$ref": "#/definitions/relational.Hash" + "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, - "href": { - "description": "required", + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Property" + } + }, + "related-tasks": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.RelatedTask" + } + }, + "remarks": { "type": "string" }, - "media-type": { + "response-uuid": { "type": "string" } } }, - "relational.ResponsibleParty": { + "oscalTypes_1_1_3.Role": { "type": "object", "properties": { + "description": { + "type": "string" + }, "id": { "type": "string" }, "links": { "type": "array", "items": { - "$ref": "#/definitions/relational.Link" + "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, - "parentID": { - "description": "Polymorphic relationship - allows ResponsibleParty to belong to different parent types", + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Property" + } + }, + "remarks": { "type": "string" }, - "parentType": { + "short-name": { "type": "string" }, - "parties": { + "title": { + "type": "string" + } + } + }, + "oscalTypes_1_1_3.SatisfiedControlImplementationResponsibility": { + "type": "object", + "properties": { + "description": { + "type": "string" + }, + "links": { "type": "array", "items": { - "$ref": "#/definitions/relational.ResponsiblePartyParties" + "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, "props": { "type": "array", "items": { - "$ref": "#/definitions/relational.Prop" + "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, "remarks": { "type": "string" }, - "role": { - "$ref": "#/definitions/relational.Role" + "responsibility-uuid": { + "type": "string" }, - "role-id": { - "description": "required", + "responsible-roles": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleRole" + } + }, + "uuid": { "type": "string" } } }, - "relational.ResponsiblePartyParties": { + "oscalTypes_1_1_3.SecurityImpactLevel": { "type": "object", "properties": { - "partyID": { + "security-objective-availability": { "type": "string" }, - "responsiblePartyID": { + "security-objective-confidentiality": { + "type": "string" + }, + "security-objective-integrity": { "type": "string" } } }, - "relational.ResponsibleRole": { + "oscalTypes_1_1_3.SelectControlById": { "type": "object", "properties": { - "id": { - "type": "string" - }, - "links": { + "matching": { "type": "array", "items": { - "$ref": "#/definitions/relational.Link" + "$ref": "#/definitions/oscalTypes_1_1_3.Matching" } }, - "parentID": { + "with-child-controls": { "type": "string" }, - "parentType": { + "with-ids": { + "type": "array", + "items": { + "type": "string" + } + } + } + }, + "oscalTypes_1_1_3.SelectObjectiveById": { + "type": "object", + "properties": { + "objective-id": { "type": "string" - }, - "parties": { + } + } + }, + "oscalTypes_1_1_3.SelectSubjectById": { + "type": "object", + "properties": { + "links": { "type": "array", "items": { - "$ref": "#/definitions/relational.Party" + "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, "props": { "type": "array", "items": { - "$ref": "#/definitions/relational.Prop" + "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, "remarks": { "type": "string" }, - "role": { - "$ref": "#/definitions/relational.Role" + "subject-uuid": { + "type": "string" }, - "role-id": { - "description": "required", + "type": { "type": "string" } } }, - "relational.ReviewedControls": { + "oscalTypes_1_1_3.SetParameter": { "type": "object", "properties": { - "controlObjectiveSelections": { + "param-id": { + "type": "string" + }, + "remarks": { + "type": "string" + }, + "values": { "type": "array", "items": { - "$ref": "#/definitions/relational.ControlObjectiveSelection" + "type": "string" } - }, - "controlSelections": { - "description": "required", + } + } + }, + "oscalTypes_1_1_3.Statement": { + "type": "object", + "properties": { + "by-components": { "type": "array", "items": { - "$ref": "#/definitions/relational.ControlSelection" + "$ref": "#/definitions/oscalTypes_1_1_3.ByComponent" } }, - "description": { - "type": "string" - }, - "id": { - "type": "string" - }, "links": { "type": "array", "items": { - "$ref": "#/definitions/relational.Link" + "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, "props": { "type": "array", "items": { - "$ref": "#/definitions/relational.Prop" + "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, "remarks": { "type": "string" + }, + "responsible-roles": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleRole" + } + }, + "statement-id": { + "type": "string" + }, + "uuid": { + "type": "string" } } }, - "relational.Revision": { + "oscalTypes_1_1_3.Status": { "type": "object", "properties": { - "id": { + "remarks": { "type": "string" }, - "last-modified": { + "state": { + "type": "string" + } + } + }, + "oscalTypes_1_1_3.Step": { + "type": "object", + "properties": { + "description": { "type": "string" }, "links": { "type": "array", "items": { - "$ref": "#/definitions/relational.Link" + "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, - "metadata-id": { - "description": "Revision only exist on a metadata object. We'll link them straight there with a BelongsTo relationship", - "type": "string" - }, - "oscal-version": { - "type": "string" - }, "props": { "type": "array", "items": { - "$ref": "#/definitions/relational.Prop" + "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, - "published": { - "type": "string" - }, "remarks": { "type": "string" }, + "responsible-roles": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleRole" + } + }, + "reviewed-controls": { + "$ref": "#/definitions/oscalTypes_1_1_3.ReviewedControls" + }, "title": { "type": "string" }, - "version": { - "description": "required", + "uuid": { "type": "string" } } }, - "relational.Role": { + "oscalTypes_1_1_3.SubjectReference": { "type": "object", "properties": { - "description": { - "type": "string" - }, - "id": { - "type": "string" - }, "links": { "type": "array", "items": { - "$ref": "#/definitions/relational.Link" + "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, "props": { "type": "array", "items": { - "$ref": "#/definitions/relational.Prop" + "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, "remarks": { "type": "string" }, - "short-name": { + "subject-uuid": { "type": "string" }, "title": { "type": "string" + }, + "type": { + "type": "string" } } }, - "relational.SatisfiedControlImplementationResponsibility": { + "oscalTypes_1_1_3.SystemCharacteristics": { "type": "object", "properties": { - "by-component-id": { - "type": "string" + "authorization-boundary": { + "$ref": "#/definitions/oscalTypes_1_1_3.AuthorizationBoundary" }, - "description": { + "data-flow": { + "$ref": "#/definitions/oscalTypes_1_1_3.DataFlow" + }, + "date-authorized": { "type": "string" }, - "id": { + "description": { "type": "string" }, "links": { "type": "array", "items": { - "$ref": "#/definitions/relational.Link" + "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, + "network-architecture": { + "$ref": "#/definitions/oscalTypes_1_1_3.NetworkArchitecture" + }, "props": { "type": "array", "items": { - "$ref": "#/definitions/relational.Prop" + "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, "remarks": { "type": "string" }, - "responsibility-uuid": { + "responsible-parties": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleParty" + } + }, + "security-impact-level": { + "$ref": "#/definitions/oscalTypes_1_1_3.SecurityImpactLevel" + }, + "security-sensitivity-level": { "type": "string" }, - "responsible-roles": { + "status": { + "$ref": "#/definitions/oscalTypes_1_1_3.Status" + }, + "system-ids": { "type": "array", "items": { - "$ref": "#/definitions/relational.ResponsibleRole" + "$ref": "#/definitions/oscalTypes_1_1_3.SystemId" } + }, + "system-information": { + "$ref": "#/definitions/oscalTypes_1_1_3.SystemInformation" + }, + "system-name": { + "type": "string" + }, + "system-name-short": { + "type": "string" } } }, - "relational.SelectControlById": { + "oscalTypes_1_1_3.SystemComponent": { "type": "object", "properties": { - "id": { + "description": { "type": "string" }, - "matching": { + "links": { "type": "array", "items": { - "$ref": "#/definitions/relational.Matching" + "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, - "parentID": { - "type": "string" + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Property" + } }, - "parentType": { + "protocols": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Protocol" + } + }, + "purpose": { "type": "string" }, - "with-child-controls": { + "remarks": { "type": "string" }, - "with-ids": { + "responsible-roles": { "type": "array", "items": { - "type": "string" + "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleRole" } - } - } - }, - "relational.SelectObjectiveById": { - "type": "object", - "properties": { - "id": { - "type": "string" }, - "objective": { - "description": "required", + "status": { + "$ref": "#/definitions/oscalTypes_1_1_3.SystemComponentStatus" + }, + "title": { "type": "string" }, - "parentID": { + "type": { "type": "string" }, - "parentType": { + "uuid": { "type": "string" } } }, - "relational.SelectSubjectById": { + "oscalTypes_1_1_3.SystemComponentStatus": { "type": "object", "properties": { - "assessmentSubjectID": { - "type": "string" - }, - "id": { - "type": "string" - }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.Link" - } - }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.Prop" - } - }, "remarks": { "type": "string" }, - "subjectUUID": { - "description": "SubjectUUID technically represents a UUID of a component, party, location, user, or inventory item.\nIt will likely be updated once we can map it correctly", + "state": { "type": "string" } } }, - "relational.SetParameter": { + "oscalTypes_1_1_3.SystemId": { "type": "object", "properties": { - "param-id": { + "id": { "type": "string" }, - "remarks": { + "identifier-type": { "type": "string" - }, - "values": { - "type": "array", - "items": { - "type": "string" - } } } }, - "relational.Statement": { + "oscalTypes_1_1_3.SystemImplementation": { "type": "object", "properties": { - "by-components": { + "components": { "type": "array", "items": { - "$ref": "#/definitions/relational.ByComponent" + "$ref": "#/definitions/oscalTypes_1_1_3.SystemComponent" } }, - "id": { - "type": "string" + "inventory-items": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.InventoryItem" + } }, - "implementedRequirementId": { - "type": "string" + "leveraged-authorizations": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.LeveragedAuthorization" + } }, "links": { "type": "array", "items": { - "$ref": "#/definitions/relational.Link" + "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, "props": { "type": "array", "items": { - "$ref": "#/definitions/relational.Prop" + "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, "remarks": { "type": "string" }, - "responsible-roles": { + "users": { "type": "array", "items": { - "$ref": "#/definitions/relational.ResponsibleRole" + "$ref": "#/definitions/oscalTypes_1_1_3.SystemUser" } - }, - "statement-id": { - "type": "string" } } }, - "relational.Step": { + "oscalTypes_1_1_3.SystemInformation": { "type": "object", "properties": { - "activityID": { - "type": "string" - }, - "description": { - "description": "required", - "type": "string" - }, - "id": { - "type": "string" + "information-types": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.InformationType" + } }, "links": { "type": "array", "items": { - "$ref": "#/definitions/relational.Link" + "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, "props": { "type": "array", "items": { - "$ref": "#/definitions/relational.Prop" + "$ref": "#/definitions/oscalTypes_1_1_3.Property" } + } + } + }, + "oscalTypes_1_1_3.SystemSecurityPlan": { + "type": "object", + "properties": { + "back-matter": { + "$ref": "#/definitions/oscalTypes_1_1_3.BackMatter" }, - "remarks": { - "type": "string" + "control-implementation": { + "$ref": "#/definitions/oscalTypes_1_1_3.ControlImplementation" }, - "responsible-roles": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.ResponsibleRole" - } + "import-profile": { + "$ref": "#/definitions/oscalTypes_1_1_3.ImportProfile" }, - "reviewed-controls": { - "$ref": "#/definitions/relational.ReviewedControls" + "metadata": { + "$ref": "#/definitions/oscalTypes_1_1_3.Metadata" }, - "reviewedControlsID": { - "type": "string" + "system-characteristics": { + "$ref": "#/definitions/oscalTypes_1_1_3.SystemCharacteristics" }, - "title": { + "system-implementation": { + "$ref": "#/definitions/oscalTypes_1_1_3.SystemImplementation" + }, + "uuid": { "type": "string" } } }, - "relational.SystemCharacteristics": { + "oscalTypes_1_1_3.SystemUser": { "type": "object", "properties": { - "authorization-boundary": { - "$ref": "#/definitions/relational.AuthorizationBoundary" - }, - "dataFlow": { - "$ref": "#/definitions/relational.DataFlow" - }, - "date-authorized": { - "type": "string" + "authorized-privileges": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.AuthorizedPrivilege" + } }, "description": { "type": "string" }, - "id": { - "type": "string" - }, "links": { "type": "array", "items": { - "$ref": "#/definitions/relational.Link" + "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, - "networkArchitecture": { - "$ref": "#/definitions/relational.NetworkArchitecture" - }, "props": { "type": "array", "items": { - "$ref": "#/definitions/relational.Prop" + "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, "remarks": { "type": "string" }, - "responsible-parties": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.ResponsibleParty" - } - }, - "security-impact-level": { - "$ref": "#/definitions/datatypes.JSONType-relational_SecurityImpactLevel" - }, - "security-sensitivity-level": { - "type": "string" - }, - "status": { - "$ref": "#/definitions/datatypes.JSONType-relational_Status" - }, - "system-ids": { + "role-ids": { "type": "array", "items": { - "$ref": "#/definitions/relational.SystemId" + "type": "string" } }, - "system-information": { - "$ref": "#/definitions/datatypes.JSONType-relational_SystemInformation" - }, - "system-name": { + "short-name": { "type": "string" }, - "system-name-short": { + "title": { "type": "string" }, - "systemSecurityPlanId": { + "uuid": { "type": "string" } } }, - "relational.SystemComponent": { + "oscalTypes_1_1_3.Task": { "type": "object", "properties": { - "definedComponentId": { - "type": "string" - }, - "description": { - "type": "string" - }, - "evidence": { + "associated-activities": { "type": "array", "items": { - "$ref": "#/definitions/relational.Evidence" + "$ref": "#/definitions/oscalTypes_1_1_3.AssociatedActivity" } }, - "filters": { + "dependencies": { "type": "array", "items": { - "$ref": "#/definitions/relational.Filter" + "$ref": "#/definitions/oscalTypes_1_1_3.TaskDependency" } }, - "id": { + "description": { "type": "string" }, "links": { "type": "array", "items": { - "$ref": "#/definitions/relational.Link" + "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, "props": { "type": "array", "items": { - "$ref": "#/definitions/relational.Prop" - } - }, - "protocols": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.Protocol" + "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, - "purpose": { - "type": "string" - }, "remarks": { "type": "string" }, "responsible-roles": { "type": "array", "items": { - "$ref": "#/definitions/relational.ResponsibleRole" + "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleRole" } }, - "status": { - "$ref": "#/definitions/datatypes.JSONType-relational_SystemComponentStatus" + "subjects": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentSubject" + } }, - "systemImplementationId": { - "type": "string" + "tasks": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Task" + } + }, + "timing": { + "$ref": "#/definitions/oscalTypes_1_1_3.EventTiming" }, "title": { "type": "string" }, "type": { "type": "string" + }, + "uuid": { + "type": "string" } } }, - "relational.SystemComponentSuggestion": { + "oscalTypes_1_1_3.TaskDependency": { "type": "object", "properties": { - "componentDefinitionId": { - "type": "string" - }, - "definedComponentId": { - "type": "string" - }, - "description": { + "remarks": { "type": "string" }, - "name": { + "task-uuid": { "type": "string" - }, - "purpose": { + } + } + }, + "oscalTypes_1_1_3.TelephoneNumber": { + "type": "object", + "properties": { + "number": { "type": "string" }, "type": { @@ -32106,40 +22897,57 @@ } } }, - "relational.SystemId": { + "oscalTypes_1_1_3.ThreatId": { "type": "object", "properties": { + "href": { + "type": "string" + }, "id": { "type": "string" }, - "identifier-type": { + "system": { "type": "string" } } }, - "relational.SystemImplementation": { + "oscalTypes_1_1_3.UsesComponent": { "type": "object", "properties": { - "components": { + "component-uuid": { + "type": "string" + }, + "links": { "type": "array", "items": { - "$ref": "#/definitions/relational.SystemComponent" + "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, - "id": { - "type": "string" - }, - "inventory-items": { + "props": { "type": "array", "items": { - "$ref": "#/definitions/relational.InventoryItem" + "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, - "leveraged-authorizations": { + "remarks": { + "type": "string" + }, + "responsible-parties": { "type": "array", "items": { - "$ref": "#/definitions/relational.LeveragedAuthorization" + "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleParty" } + } + } + }, + "relational.Action": { + "type": "object", + "properties": { + "date": { + "type": "string" + }, + "id": { + "type": "string" }, "links": { "type": "array", @@ -32147,6 +22955,10 @@ "$ref": "#/definitions/relational.Link" } }, + "metadata-id": { + "description": "Actions only exist on a metadata object. We'll link them straight there with a BelongsTo relationship", + "type": "string" + }, "props": { "type": "array", "items": { @@ -32156,59 +22968,27 @@ "remarks": { "type": "string" }, - "systemSecurityPlanId": { - "type": "string" - }, - "users": { + "responsibleParties": { "type": "array", "items": { - "$ref": "#/definitions/relational.SystemUser" + "$ref": "#/definitions/relational.ResponsibleParty" } - } - } - }, - "relational.SystemSecurityPlan": { - "type": "object", - "properties": { - "back-matter": { - "$ref": "#/definitions/relational.BackMatter" - }, - "control-implementation": { - "$ref": "#/definitions/relational.ControlImplementation" }, - "id": { + "system": { + "description": "required", "type": "string" }, - "import-profile": { - "$ref": "#/definitions/datatypes.JSONType-relational_ImportProfile" - }, - "metadata": { - "$ref": "#/definitions/relational.Metadata" - }, - "profile": { - "$ref": "#/definitions/relational.Profile" - }, - "profileID": { + "type": { + "description": "required", "type": "string" - }, - "system-characteristics": { - "$ref": "#/definitions/relational.SystemCharacteristics" - }, - "system-implementation": { - "$ref": "#/definitions/relational.SystemImplementation" } } }, - "relational.SystemUser": { + "relational.Activity": { "type": "object", "properties": { - "authorized-privileges": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.AuthorizedPrivilege" - } - }, "description": { + "description": "required", "type": "string" }, "id": { @@ -32226,659 +23006,758 @@ "$ref": "#/definitions/relational.Prop" } }, - "remarks": { + "related-controls": { + "$ref": "#/definitions/relational.ReviewedControls" + }, + "relatedControlsID": { + "type": "string" + }, + "remarks": { + "description": "required", + "type": "string" + }, + "responsible-roles": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.ResponsibleRole" + } + }, + "steps": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Step" + } + }, + "title": { + "type": "string" + } + } + }, + "relational.Address": { + "type": "object", + "properties": { + "city": { + "type": "string" + }, + "country": { "type": "string" }, - "role-ids": { + "lines": { "type": "array", "items": { "type": "string" } }, - "short-name": { - "type": "string" - }, - "systemImplementationId": { + "postal-code": { "type": "string" }, - "title": { - "type": "string" - } - } - }, - "relational.TelephoneNumber": { - "type": "object", - "properties": { - "number": { + "state": { "type": "string" }, "type": { - "$ref": "#/definitions/relational.TelephoneNumberType" + "$ref": "#/definitions/relational.AddressType" } } }, - "relational.TelephoneNumberType": { + "relational.AddressType": { "type": "string", "enum": [ - "home", - "office", - "mobile" + "work", + "home" ], "x-enum-varnames": [ - "TelephoneNumberTypeHome", - "TelephoneNumberTypeOffice", - "TelephoneNumberTypeMobile" + "AddressTypeWork", + "AddressTypeHome" ] }, - "relational.User": { + "relational.AssessedControlsSelectControlById": { "type": "object", "properties": { - "authMethod": { - "type": "string" + "control": { + "$ref": "#/definitions/relational.Control" }, - "createdAt": { + "controlID": { "type": "string" }, - "deletedAt": { - "description": "Soft delete", - "allOf": [ - { - "$ref": "#/definitions/gorm.DeletedAt" - } - ] - }, - "digestSubscribed": { - "description": "DigestSubscribed indicates if the user wants to receive evidence digest emails", - "type": "boolean" + "id": { + "type": "string" }, - "email": { + "statements": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Statement" + } + } + } + }, + "relational.AssessmentSubject": { + "type": "object", + "properties": { + "description": { "type": "string" }, - "failedLogins": { - "type": "integer" + "evidence": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Evidence" + } }, - "firstName": { - "type": "string" + "excludeSubjects": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.SelectSubjectById" + } }, "id": { "type": "string" }, - "isActive": { - "type": "boolean" - }, - "isLocked": { - "type": "boolean" - }, - "lastLogin": { - "type": "string" + "includeAll": { + "$ref": "#/definitions/datatypes.JSONType-relational_IncludeAll" }, - "lastName": { - "type": "string" + "includeSubjects": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.SelectSubjectById" + } }, - "taskAvailableEmailSubscribed": { - "description": "TaskAvailableEmailSubscribed indicates if the user wants an email when tasks become available", - "type": "boolean" + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Link" + } }, - "taskDailyDigestSubscribed": { - "description": "TaskDailyDigestSubscribed indicates if the user wants to receive a daily task digest email", - "type": "boolean" + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Prop" + } }, - "updatedAt": { + "remarks": { "type": "string" }, - "userAttributes": { + "type": { + "description": "Type represents a component, party, location, user, or inventory item.\nIt will likely be updated once we can map it correctly", "type": "string" } } }, - "risks.RiskComponentLink": { + "relational.BackMatter": { "type": "object", "properties": { - "componentId": { + "id": { "type": "string" }, - "createdAt": { + "parentID": { "type": "string" }, - "createdById": { + "parentType": { "type": "string" }, - "riskId": { - "type": "string" + "resources": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.BackMatterResource" + } } } }, - "risks.RiskControlLink": { + "relational.BackMatterResource": { "type": "object", "properties": { - "catalogId": { + "backMatterID": { "type": "string" }, - "controlId": { - "type": "string" + "base64": { + "$ref": "#/definitions/datatypes.JSONType-relational_Base64" }, - "createdAt": { - "type": "string" + "citation": { + "$ref": "#/definitions/datatypes.JSONType-relational_Citation" }, - "createdById": { + "description": { "type": "string" }, - "riskId": { - "type": "string" - } - } - }, - "risks.RiskEvidenceLink": { - "type": "object", - "properties": { - "createdAt": { - "type": "string" + "document-ids": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.DocumentID" + } }, - "createdById": { + "id": { + "description": "required", "type": "string" }, - "evidenceId": { - "description": "EvidenceID stores the evidence stream UUID (evidences.uuid), not a single evidence row ID.", + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Prop" + } + }, + "remarks": { "type": "string" }, - "riskId": { + "rlinks": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.ResourceLink" + } + }, + "title": { "type": "string" } } }, - "risks.RiskSubjectLink": { + "relational.ByComponent": { "type": "object", "properties": { - "createdAt": { + "component-uuid": { "type": "string" }, - "createdById": { + "description": { "type": "string" }, - "riskId": { - "type": "string" + "export": { + "$ref": "#/definitions/relational.Export" }, - "subjectId": { + "id": { "type": "string" - } - } - }, - "service.ListResponse-handler_riskResponse": { - "type": "object", - "properties": { - "data": { + }, + "implementation-status": { + "$ref": "#/definitions/datatypes.JSONType-relational_ImplementationStatus" + }, + "inherited-control-implementations": { "type": "array", "items": { - "$ref": "#/definitions/handler.riskResponse" + "$ref": "#/definitions/relational.InheritedControlImplementation" } }, - "limit": { - "type": "integer" + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Link" + } }, - "page": { - "type": "integer" + "parentID": { + "description": "As ByComponent can be found in Implemented Requirements \u0026 Statements, using GORM polymorphism to tell us where to attach", + "type": "string" }, - "total": { - "type": "integer" + "parentType": { + "type": "string" }, - "totalPages": { - "type": "integer" - } - } - }, - "service.ListResponse-risks_RiskComponentLink": { - "type": "object", - "properties": { - "data": { + "props": { "type": "array", "items": { - "$ref": "#/definitions/risks.RiskComponentLink" + "$ref": "#/definitions/relational.Prop" } }, - "limit": { - "type": "integer" + "remarks": { + "type": "string" }, - "page": { - "type": "integer" + "responsible-parties": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.ResponsibleRole" + } }, - "total": { - "type": "integer" + "satisfied": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.SatisfiedControlImplementationResponsibility" + } }, - "totalPages": { - "type": "integer" + "set-parameters": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.SetParameter" + } } } }, - "service.ListResponse-risks_RiskControlLink": { + "relational.Capability": { "type": "object", "properties": { - "data": { + "componentDefinition": { + "$ref": "#/definitions/relational.ComponentDefinition" + }, + "componentDefinitionId": { + "type": "string" + }, + "control-implementations": { "type": "array", "items": { - "$ref": "#/definitions/risks.RiskControlLink" + "$ref": "#/definitions/relational.ControlImplementationSet" } }, - "limit": { - "type": "integer" - }, - "page": { - "type": "integer" - }, - "total": { - "type": "integer" - }, - "totalPages": { - "type": "integer" - } - } - }, - "service.ListResponse-risks_RiskSubjectLink": { - "type": "object", - "properties": { - "data": { + "description": { + "description": "required", + "type": "string" + }, + "id": { + "type": "string" + }, + "incorporates-components": { "type": "array", "items": { - "$ref": "#/definitions/risks.RiskSubjectLink" + "$ref": "#/definitions/relational.IncorporatesComponents" } }, - "limit": { - "type": "integer" + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Link" + } }, - "page": { - "type": "integer" + "name": { + "description": "required", + "type": "string" }, - "total": { - "type": "integer" + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Prop" + } }, - "totalPages": { - "type": "integer" + "remarks": { + "type": "string" } } }, - "service.ListResponse-templates_evidenceTemplateResponse": { + "relational.ComponentDefinition": { "type": "object", "properties": { - "data": { + "back-matter": { + "$ref": "#/definitions/relational.BackMatter" + }, + "capabilities": { "type": "array", "items": { - "$ref": "#/definitions/templates.evidenceTemplateResponse" + "$ref": "#/definitions/relational.Capability" } }, - "limit": { - "type": "integer" + "components": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.DefinedComponent" + } }, - "page": { - "type": "integer" + "id": { + "type": "string" }, - "total": { - "type": "integer" + "import-component-definitions": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.ImportComponentDefinition" + } }, - "totalPages": { - "type": "integer" + "metadata": { + "description": "required", + "allOf": [ + { + "$ref": "#/definitions/relational.Metadata" + } + ] } } }, - "service.ListResponse-templates_riskTemplateResponse": { + "relational.Control": { "type": "object", "properties": { - "data": { + "catalogID": { + "type": "string" + }, + "class": { + "type": "string" + }, + "controls": { "type": "array", "items": { - "$ref": "#/definitions/templates.riskTemplateResponse" + "$ref": "#/definitions/relational.Control" } }, - "limit": { - "type": "integer" - }, - "page": { - "type": "integer" + "filters": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Filter" + } }, - "total": { - "type": "integer" + "id": { + "description": "required", + "type": "string" }, - "totalPages": { - "type": "integer" - } - } - }, - "service.ListResponse-templates_subjectTemplateResponse": { - "type": "object", - "properties": { - "data": { + "links": { "type": "array", "items": { - "$ref": "#/definitions/templates.subjectTemplateResponse" + "$ref": "#/definitions/relational.Link" } }, - "limit": { - "type": "integer" + "params": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Parameter" + } }, - "page": { - "type": "integer" + "parentID": { + "type": "string" }, - "total": { - "type": "integer" + "parentType": { + "type": "string" }, - "totalPages": { - "type": "integer" - } - } - }, - "service.ListResponse-uuid_UUID": { - "type": "object", - "properties": { - "data": { + "parts": { "type": "array", "items": { - "type": "string" + "$ref": "#/definitions/relational.Part" } }, - "limit": { - "type": "integer" - }, - "page": { - "type": "integer" - }, - "total": { - "type": "integer" + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Prop" + } }, - "totalPages": { - "type": "integer" - } - } - }, - "templates.evidenceTemplateDataResponse": { - "type": "object", - "properties": { - "data": { - "$ref": "#/definitions/templates.evidenceTemplateResponse" + "title": { + "description": "required", + "type": "string" } } }, - "templates.evidenceTemplateLabelSchemaFieldRequest": { + "relational.ControlImplementationResponsibility": { "type": "object", "properties": { "description": { + "description": "required", "type": "string" }, - "key": { + "exportId": { "type": "string" }, - "required": { - "type": "boolean" - } - } - }, - "templates.evidenceTemplateLabelSchemaFieldResponse": { - "type": "object", - "properties": { - "description": { + "id": { "type": "string" }, - "key": { + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Link" + } + }, + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Prop" + } + }, + "provided-uuid": { "type": "string" }, - "required": { - "type": "boolean" + "remarks": { + "type": "string" + }, + "responsible-roles": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.ResponsibleRole" + } } } }, - "templates.evidenceTemplateResponse": { + "relational.ControlImplementationSet": { "type": "object", "properties": { - "createdAt": { + "definedComponent": { + "$ref": "#/definitions/relational.DefinedComponent" + }, + "definedComponentID": { "type": "string" }, "description": { + "description": "required", "type": "string" }, "id": { "type": "string" }, - "isActive": { - "type": "boolean" - }, - "labelSchema": { - "type": "array", - "items": { - "$ref": "#/definitions/templates.evidenceTemplateLabelSchemaFieldResponse" - } - }, - "methods": { + "implemented-requirements": { + "description": "required", "type": "array", "items": { - "type": "string" + "$ref": "#/definitions/relational.ImplementedRequirementControlImplementation" } }, - "pluginId": { - "type": "string" - }, - "policyPackage": { - "type": "string" - }, - "riskTemplateIds": { + "links": { "type": "array", "items": { - "type": "string" + "$ref": "#/definitions/relational.Link" } }, - "selectorLabels": { + "props": { "type": "array", "items": { - "$ref": "#/definitions/templates.evidenceTemplateSelectorLabelResponse" + "$ref": "#/definitions/relational.Prop" } }, - "subjectTemplateIds": { + "set-parameters": { "type": "array", "items": { - "type": "string" + "$ref": "#/definitions/relational.SetParameter" } }, - "title": { - "type": "string" - }, - "updatedAt": { - "type": "string" - } - } - }, - "templates.evidenceTemplateSelectorLabelRequest": { - "type": "object", - "properties": { - "key": { - "type": "string" - }, - "value": { + "source": { + "description": "required", "type": "string" } } }, - "templates.evidenceTemplateSelectorLabelResponse": { + "relational.ControlObjectiveSelection": { "type": "object", "properties": { - "key": { + "description": { "type": "string" }, - "value": { - "type": "string" - } - } - }, - "templates.remediationTaskRequest": { - "type": "object", - "properties": { - "orderIndex": { - "type": "integer" + "excludeObjectives": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.SelectObjectiveById" + } }, - "title": { - "type": "string" - } - } - }, - "templates.remediationTaskResponse": { - "type": "object", - "properties": { "id": { "type": "string" }, - "orderIndex": { - "type": "integer" + "includeAll": { + "$ref": "#/definitions/datatypes.JSONType-relational_IncludeAll" + }, + "includeObjectives": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.SelectObjectiveById" + } + }, + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Link" + } + }, + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Prop" + } + }, + "remarks": { + "type": "string" }, - "title": { + "reviewedControlsID": { "type": "string" } } }, - "templates.remediationTemplateRequest": { + "relational.ControlSelection": { "type": "object", "properties": { "description": { "type": "string" }, - "tasks": { + "excludeControls": { "type": "array", "items": { - "$ref": "#/definitions/templates.remediationTaskRequest" + "$ref": "#/definitions/relational.AssessedControlsSelectControlById" } }, - "title": { + "id": { + "type": "string" + }, + "includeAll": { + "$ref": "#/definitions/datatypes.JSONType-relational_IncludeAll" + }, + "includeControls": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.AssessedControlsSelectControlById" + } + }, + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Link" + } + }, + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Prop" + } + }, + "remarks": { + "type": "string" + }, + "reviewedControlsID": { "type": "string" } } }, - "templates.remediationTemplateResponse": { + "relational.ControlStatementImplementation": { "type": "object", "properties": { "description": { + "description": "required", "type": "string" }, "id": { "type": "string" }, - "tasks": { + "implementedRequirementControlImplementationId": { + "type": "string" + }, + "links": { "type": "array", "items": { - "$ref": "#/definitions/templates.remediationTaskResponse" + "$ref": "#/definitions/relational.Link" } }, - "title": { + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Prop" + } + }, + "remarks": { + "type": "string" + }, + "responsible-roles": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.ResponsibleRole" + } + }, + "statement-id": { + "description": "required", "type": "string" } } }, - "templates.riskTemplateDataResponse": { - "type": "object", - "properties": { - "data": { - "$ref": "#/definitions/templates.riskTemplateResponse" - } - } - }, - "templates.riskTemplateResponse": { + "relational.DefinedComponent": { "type": "object", "properties": { - "createdAt": { - "type": "string" - }, - "id": { - "type": "string" - }, - "impactHint": { - "type": "string" - }, - "isActive": { - "type": "boolean" + "componentDefinition": { + "$ref": "#/definitions/relational.ComponentDefinition" }, - "likelihoodHint": { + "componentDefinitionID": { "type": "string" }, - "name": { - "type": "string" + "control-implementations": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.ControlImplementationSet" + } }, - "pluginId": { + "description": { + "description": "required", "type": "string" }, - "policyPackage": { + "id": { "type": "string" }, - "remediationTemplate": { - "$ref": "#/definitions/templates.remediationTemplateResponse" + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Link" + } }, - "statement": { - "type": "string" + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Prop" + } }, - "threatIds": { + "protocols": { "type": "array", "items": { - "$ref": "#/definitions/templates.threatIDResponse" + "$ref": "#/definitions/relational.Protocol" } }, - "title": { + "purpose": { "type": "string" }, - "updatedAt": { + "remarks": { "type": "string" }, - "violationIds": { + "responsible-roles": { "type": "array", "items": { - "type": "string" + "$ref": "#/definitions/relational.ResponsibleRole" } - } - } - }, - "templates.subjectTemplateDataResponse": { - "type": "object", - "properties": { - "data": { - "$ref": "#/definitions/templates.subjectTemplateResponse" - } - } - }, - "templates.subjectTemplateLabelSchemaFieldRequest": { - "type": "object", - "properties": { - "description": { + }, + "title": { + "description": "required", "type": "string" }, - "key": { + "type": { + "description": "required", "type": "string" } } }, - "templates.subjectTemplateLabelSchemaFieldResponse": { + "relational.DocumentID": { "type": "object", "properties": { - "description": { + "identifier": { "type": "string" }, - "key": { - "type": "string" + "scheme": { + "$ref": "#/definitions/relational.DocumentIDScheme" } } }, - "templates.subjectTemplateResponse": { + "relational.DocumentIDScheme": { + "type": "string", + "enum": [ + "http://www.doi.org/" + ], + "x-enum-varnames": [ + "DocumentIDSchemeDoi" + ] + }, + "relational.Evidence": { "type": "object", "properties": { - "createdAt": { + "activities": { + "description": "What steps did we take to create this evidence", + "type": "array", + "items": { + "$ref": "#/definitions/relational.Activity" + } + }, + "back-matter": { + "$ref": "#/definitions/relational.BackMatter" + }, + "components": { + "description": "Which components of the subject are being observed. A tool, user, policy etc.", + "type": "array", + "items": { + "$ref": "#/definitions/relational.SystemComponent" + } + }, + "description": { "type": "string" }, - "descriptionTemplate": { + "end": { + "type": "string" + }, + "expires": { "type": "string" }, "id": { "type": "string" }, - "identityLabelKeys": { + "inventory-items": { "type": "array", "items": { - "type": "string" + "$ref": "#/definitions/relational.InventoryItem" } }, - "labelSchema": { + "labels": { + "description": "Assigning labels to Evidence makes it searchable and easily usable in the UI", "type": "array", "items": { - "$ref": "#/definitions/templates.subjectTemplateLabelSchemaFieldResponse" + "$ref": "#/definitions/relational.Labels" } }, "links": { @@ -32887,8 +23766,12 @@ "$ref": "#/definitions/relational.Link" } }, - "name": { - "type": "string" + "origins": { + "description": "Who or What is generating this evidence", + "type": "array", + "items": { + "$ref": "#/definitions/relational.Origin" + } }, "props": { "type": "array", @@ -32896,207 +23779,198 @@ "$ref": "#/definitions/relational.Prop" } }, - "purposeTemplate": { + "remarks": { "type": "string" }, - "remarksTemplate": { + "start": { + "description": "When did we start collecting the evidence, and when did the process end, and how long is it valid for ?", "type": "string" }, - "selectorLabels": { + "status": { + "description": "Did we satisfy what was being tested for, or did we fail ?", + "allOf": [ + { + "$ref": "#/definitions/datatypes.JSONType-oscalTypes_1_1_3_ObjectiveStatus" + } + ] + }, + "subjects": { + "description": "Who or What are we providing evidence for. What's under test.", "type": "array", "items": { - "$ref": "#/definitions/templates.subjectTemplateSelectorLabelResponse" + "$ref": "#/definitions/relational.AssessmentSubject" } }, - "sourceMode": { - "type": "string" - }, - "titleTemplate": { - "type": "string" - }, - "type": { - "type": "string" - }, - "updatedAt": { - "type": "string" - } - } - }, - "templates.subjectTemplateSelectorLabelRequest": { - "type": "object", - "properties": { - "key": { - "type": "string" - }, - "value": { - "type": "string" - } - } - }, - "templates.subjectTemplateSelectorLabelResponse": { - "type": "object", - "properties": { - "key": { - "type": "string" - }, - "value": { - "type": "string" - } - } - }, - "templates.threatIDRequest": { - "type": "object", - "properties": { - "id": { - "type": "string" - }, - "system": { - "type": "string" - }, - "title": { - "type": "string" - }, - "url": { - "type": "string" - } - } - }, - "templates.threatIDResponse": { - "type": "object", - "properties": { - "id": { - "type": "string" - }, - "system": { - "type": "string" - }, "title": { "type": "string" }, - "url": { + "uuid": { + "description": "UUID needs to remain consistent when automation runs again, but unique for each subject.\nIt represents the \"stream\" of the same observation being made over time.", "type": "string" } } }, - "templates.upsertEvidenceTemplateRequest": { + "relational.Export": { "type": "object", "properties": { + "byComponentId": { + "type": "string" + }, "description": { "type": "string" }, - "isActive": { - "type": "boolean" + "id": { + "type": "string" }, - "labelSchema": { + "links": { "type": "array", "items": { - "$ref": "#/definitions/templates.evidenceTemplateLabelSchemaFieldRequest" + "$ref": "#/definitions/relational.Link" } }, - "methods": { + "props": { "type": "array", "items": { - "type": "string" + "$ref": "#/definitions/relational.Prop" } }, - "pluginId": { - "type": "string" + "provided": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.ProvidedControlImplementation" + } }, - "policyPackage": { + "remarks": { "type": "string" }, - "riskTemplateIds": { + "responsibilities": { "type": "array", "items": { - "type": "string" + "$ref": "#/definitions/relational.ControlImplementationResponsibility" } - }, - "selectorLabels": { + } + } + }, + "relational.Filter": { + "type": "object", + "properties": { + "components": { "type": "array", "items": { - "$ref": "#/definitions/templates.evidenceTemplateSelectorLabelRequest" + "$ref": "#/definitions/relational.SystemComponent" } }, - "subjectTemplateIds": { + "controls": { "type": "array", "items": { - "type": "string" + "$ref": "#/definitions/relational.Control" } }, - "title": { + "filter": { + "$ref": "#/definitions/datatypes.JSONType-labelfilter_Filter" + }, + "id": { + "type": "string" + }, + "name": { "type": "string" } } }, - "templates.upsertRiskTemplateRequest": { + "relational.Hash": { "type": "object", "properties": { - "impactHint": { - "type": "string" - }, - "isActive": { - "type": "boolean" + "algorithm": { + "description": "required", + "allOf": [ + { + "$ref": "#/definitions/relational.HashAlgorithm" + } + ] }, - "likelihoodHint": { + "value": { + "description": "required", "type": "string" + } + } + }, + "relational.HashAlgorithm": { + "type": "string", + "enum": [ + "SHA-224", + "SHA-256", + "SHA-384", + "SHA-512", + "SHA3-224", + "SHA3-256", + "SHA3-384", + "SHA3-512" + ], + "x-enum-varnames": [ + "HashAlgorithmSHA_224", + "HashAlgorithmSHA_256", + "HashAlgorithmSHA_384", + "HashAlgorithmSHA_512", + "HashAlgorithmSHA3_224", + "HashAlgorithmSHA3_256", + "HashAlgorithmSHA3_384", + "HashAlgorithmSHA3_512" + ] + }, + "relational.ImplementedComponent": { + "type": "object", + "properties": { + "component": { + "$ref": "#/definitions/relational.DefinedComponent" }, - "name": { + "component-uuid": { "type": "string" }, - "pluginId": { + "id": { "type": "string" }, - "policyPackage": { + "inventoryItemId": { "type": "string" }, - "remediationTemplate": { - "$ref": "#/definitions/templates.remediationTemplateRequest" - }, - "statement": { - "type": "string" + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Link" + } }, - "threatIds": { + "props": { "type": "array", "items": { - "$ref": "#/definitions/templates.threatIDRequest" + "$ref": "#/definitions/relational.Prop" } }, - "title": { + "remarks": { "type": "string" }, - "violationIds": { + "responsible-parties": { "type": "array", "items": { - "type": "string" + "$ref": "#/definitions/relational.ResponsibleParty" } } } }, - "templates.upsertSubjectTemplateRequest": { + "relational.ImplementedRequirementControlImplementation": { "type": "object", - "required": [ - "identityLabelKeys", - "labelSchema", - "name", - "selectorLabels", - "sourceMode", - "type" - ], "properties": { - "descriptionTemplate": { + "control-id": { + "description": "required", "type": "string" }, - "identityLabelKeys": { - "type": "array", - "items": { - "type": "string" - } + "controlImplementationSetID": { + "type": "string" }, - "labelSchema": { - "type": "array", - "items": { - "$ref": "#/definitions/templates.subjectTemplateLabelSchemaFieldRequest" - } + "description": { + "description": "required", + "type": "string" + }, + "id": { + "type": "string" }, "links": { "type": "array", @@ -33104,351 +23978,297 @@ "$ref": "#/definitions/relational.Link" } }, - "name": { - "type": "string" - }, "props": { "type": "array", "items": { "$ref": "#/definitions/relational.Prop" } }, - "purposeTemplate": { - "type": "string" - }, - "remarksTemplate": { + "remarks": { "type": "string" }, - "selectorLabels": { + "responsible-roles": { + "description": "required", "type": "array", "items": { - "$ref": "#/definitions/templates.subjectTemplateSelectorLabelRequest" + "$ref": "#/definitions/relational.ResponsibleRole" } }, - "sourceMode": { - "type": "string" - }, - "titleTemplate": { - "type": "string" + "set-parameters": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.SetParameter" + } }, - "type": { - "type": "string" + "statements": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.ControlStatementImplementation" + } } } }, - "time.Duration": { - "type": "integer", - "format": "int64", - "enum": [ - -9223372036854775808, - 9223372036854775807, - 1, - 1000, - 1000000, - 1000000000, - 60000000000, - 3600000000000 - ], - "x-enum-varnames": [ - "minDuration", - "maxDuration", - "Nanosecond", - "Microsecond", - "Millisecond", - "Second", - "Minute", - "Hour" - ] - }, - "workflow.EvidenceSubmission": { + "relational.ImportComponentDefinition": { "type": "object", "properties": { - "description": { - "type": "string" - }, - "evidence-id": { - "type": "string" - }, - "evidence-type": { - "type": "string" - }, - "file-content": { - "description": "Base64 encoded file content", - "type": "string" - }, - "file-hash": { - "type": "string" - }, - "file-path": { - "type": "string" - }, - "file-size": { - "type": "integer" - }, - "media-type": { - "description": "MIME type (e.g., \"application/pdf\", \"image/png\")", - "type": "string" - }, - "metadata": { - "type": "string" - }, - "name": { + "href": { "type": "string" } } }, - "workflow.ExecutionMetrics": { + "relational.IncorporatesComponents": { "type": "object", "properties": { - "averageStepDuration": { - "$ref": "#/definitions/time.Duration" - }, - "duration": { - "$ref": "#/definitions/time.Duration" - }, - "executionID": { + "component-uuid": { "type": "string" }, - "longestStepDuration": { - "$ref": "#/definitions/time.Duration" - }, - "totalSteps": { - "type": "integer" + "description": { + "type": "string" } } }, - "workflow.ExecutionStatus": { + "relational.InheritedControlImplementation": { "type": "object", "properties": { - "blockedSteps": { - "type": "integer" - }, - "cancelledSteps": { - "type": "integer" - }, - "completedAt": { - "type": "string" - }, - "completedSteps": { - "type": "integer" - }, - "executionID": { + "byComponentId": { "type": "string" }, - "failedAt": { + "description": { + "description": "required", "type": "string" }, - "failedSteps": { - "type": "integer" - }, - "failureReason": { + "id": { "type": "string" }, - "inProgressSteps": { - "type": "integer" - }, - "overdueSteps": { - "type": "integer" - }, - "pendingSteps": { - "type": "integer" + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Link" + } }, - "startedAt": { - "type": "string" + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Prop" + } }, - "status": { + "provided-uuid": { "type": "string" }, - "totalSteps": { - "type": "integer" - } - } - }, - "workflows.BulkReassignRoleResponse": { - "type": "object", - "properties": { - "data": { - "$ref": "#/definitions/workflows.BulkReassignRoleResponseData" + "responsible-roles": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.ResponsibleRole" + } } } }, - "workflows.BulkReassignRoleResponseData": { + "relational.InventoryItem": { "type": "object", "properties": { - "execution-id": { + "description": { + "type": "string" + }, + "evidence": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Evidence" + } + }, + "id": { "type": "string" }, - "reassigned-count": { - "type": "integer" + "implemented-components": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.ImplementedComponent" + } + }, + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Link" + } + }, + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Prop" + } + }, + "remarks": { + "type": "string" }, - "reassigned-step-execution-ids": { + "responsible-parties": { "type": "array", "items": { - "type": "string" + "$ref": "#/definitions/relational.ResponsibleParty" } }, - "role-name": { + "systemImplementationId": { "type": "string" } } }, - "workflows.CancelWorkflowExecutionRequest": { + "relational.Labels": { "type": "object", "properties": { - "reason": { + "name": { + "type": "string" + }, + "value": { "type": "string" } } }, - "workflows.ControlRelationship": { + "relational.Link": { "type": "object", "properties": { - "catalog_id": { - "description": "Link to catalog if available", + "href": { "type": "string" }, - "control_id": { - "description": "Control Information", + "media-type": { "type": "string" }, - "control_source": { - "description": "e.g., \"NIST 800-53 Rev 5\", \"ISO 27001\"", + "rel": { "type": "string" }, - "created-at": { + "resource-fragment": { "type": "string" }, - "deleted_at": { - "$ref": "#/definitions/gorm.DeletedAt" - }, - "id": { + "text": { "type": "string" + } + } + }, + "relational.Location": { + "type": "object", + "properties": { + "address": { + "$ref": "#/definitions/datatypes.JSONType-relational_Address" }, - "is_active": { - "type": "boolean" + "email-addresses": { + "type": "array", + "items": { + "type": "string" + } }, - "relationship_type": { - "description": "Relationship Information", + "id": { "type": "string" }, - "strength": { - "description": "primary, secondary, supporting", - "type": "string" + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Link" + } }, - "updated-at": { + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Prop" + } + }, + "remarks": { "type": "string" }, - "workflow_definition": { - "description": "Relationships", - "allOf": [ - { - "$ref": "#/definitions/workflows.WorkflowDefinition" - } - ] + "telephone-numbers": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.TelephoneNumber" + } }, - "workflow_definition_id": { - "description": "Foreign Keys", + "title": { "type": "string" - } - } - }, - "workflows.ControlRelationshipListResponse": { - "type": "object", - "properties": { - "data": { + }, + "urls": { "type": "array", "items": { - "$ref": "#/definitions/workflows.ControlRelationship" + "type": "string" } } } }, - "workflows.ControlRelationshipResponse": { - "type": "object", - "properties": { - "data": { - "$ref": "#/definitions/workflows.ControlRelationship" - } - } - }, - "workflows.CreateControlRelationshipRequest": { + "relational.Metadata": { "type": "object", - "required": [ - "catalog-id", - "control-id", - "workflow-definition-id" - ], "properties": { - "catalog-id": { - "type": "string" + "actions": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Action" + } }, - "control-id": { + "document-ids": { + "description": "-\u003e DocumentID", + "type": "array", + "items": { + "$ref": "#/definitions/relational.DocumentID" + } + }, + "id": { "type": "string" }, - "description": { + "last-modified": { "type": "string" }, - "is-active": { - "type": "boolean" + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Link" + } }, - "relationship-type": { - "description": "If not provided - 'satisfies' is used", - "type": "string" + "locations": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Location" + } }, - "strength": { - "description": "If not provided - 'primary' is used", + "oscal-version": { "type": "string" }, - "workflow-definition-id": { - "type": "string" - } - } - }, - "workflows.CreateRoleAssignmentRequest": { - "type": "object", - "required": [ - "assigned-to-id", - "assigned-to-type", - "role-name", - "workflow-instance-id" - ], - "properties": { - "assigned-to-id": { + "parentID": { + "description": "Metadata is shared across many resources, and so it mapped using a polymorphic relationship", "type": "string" }, - "assigned-to-type": { + "parentType": { "type": "string" }, - "is-active": { - "type": "boolean" + "parties": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Party" + } }, - "role-name": { - "type": "string" + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Prop" + } }, - "workflow-instance-id": { - "type": "string" - } - } - }, - "workflows.CreateWorkflowDefinitionRequest": { - "type": "object", - "required": [ - "name" - ], - "properties": { - "description": { + "published": { "type": "string" }, - "evidence-required": { + "remarks": { "type": "string" }, - "grace-period-days": { - "type": "integer" + "responsibleParties": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.ResponsibleParty" + } }, - "name": { - "type": "string" + "revisions": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Revision" + } + }, + "roles": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Role" + } }, - "suggested-cadence": { + "title": { "type": "string" }, "version": { @@ -33456,1041 +24276,893 @@ } } }, - "workflows.CreateWorkflowInstanceRequest": { + "relational.Origin": { "type": "object", - "required": [ - "name", - "system-id", - "workflow-definition-id" - ], "properties": { - "cadence": { - "type": "string" - }, - "description": { - "type": "string" - }, - "grace-period-days": { - "type": "integer" - }, - "is-active": { - "type": "boolean" - }, - "name": { - "type": "string" - }, - "system-id": { - "type": "string" + "actors": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.OriginActor" + } }, - "workflow-definition-id": { - "type": "string" + "related-tasks": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.RelatedTask" + } } } }, - "workflows.CreateWorkflowStepDefinitionRequest": { + "relational.Parameter": { "type": "object", - "required": [ - "name", - "responsible-role", - "workflow-definition-id" - ], "properties": { - "depends-on": { - "description": "Array of step IDs this step depends on", + "class": { + "type": "string" + }, + "constraints": { "type": "array", "items": { - "type": "string" + "$ref": "#/definitions/relational.ParameterConstraint" } }, - "description": { + "guidelines": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.ParameterGuideline" + } + }, + "id": { "type": "string" }, - "estimated-duration": { - "type": "integer" + "label": { + "type": "string" }, - "evidence-required": { + "links": { "type": "array", "items": { - "$ref": "#/definitions/workflows.EvidenceRequirement" + "$ref": "#/definitions/relational.Link" } }, - "grace-period-days": { - "type": "integer" + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Prop" + } }, - "name": { + "remarks": { "type": "string" }, - "responsible-role": { - "type": "string" + "select": { + "$ref": "#/definitions/datatypes.JSONType-relational_ParameterSelection" }, - "workflow-definition-id": { - "type": "string" - } - } - }, - "workflows.EvidenceRequirement": { - "type": "object", - "properties": { - "description": { + "usage": { "type": "string" }, - "required": { - "type": "boolean" - }, - "type": { - "type": "string" - } - } - }, - "workflows.FailStepRequest": { - "type": "object", - "required": [ - "reason" - ], - "properties": { - "reason": { - "type": "string" + "values": { + "type": "array", + "items": { + "type": "string" + } } } }, - "workflows.MyAssignmentsResponse": { + "relational.ParameterConstraint": { "type": "object", "properties": { - "data": { + "description": { + "type": "string" + }, + "tests": { "type": "array", "items": { - "$ref": "#/definitions/workflows.StepExecution" + "$ref": "#/definitions/relational.ParameterConstraintTest" } - }, - "has-more": { - "type": "boolean" - }, - "limit": { - "type": "integer" - }, - "offset": { - "type": "integer" - }, - "total": { - "type": "integer" } } }, - "workflows.ReassignRoleRequest": { + "relational.ParameterConstraintTest": { "type": "object", - "required": [ - "new-assigned-to-id", - "new-assigned-to-type", - "role-name" - ], "properties": { - "new-assigned-to-id": { - "type": "string" - }, - "new-assigned-to-type": { - "type": "string", - "enum": [ - "user", - "group", - "email" - ] - }, - "reason": { + "expression": { "type": "string" }, - "role-name": { + "remarks": { "type": "string" } } }, - "workflows.ReassignStepRequest": { + "relational.ParameterGuideline": { "type": "object", - "required": [ - "assigned-to-id", - "assigned-to-type" - ], "properties": { - "assigned-to-id": { - "type": "string" - }, - "assigned-to-type": { - "type": "string", - "enum": [ - "user", - "group", - "email" - ] - }, - "reason": { + "prose": { "type": "string" } } }, - "workflows.RoleAssignment": { + "relational.Part": { "type": "object", "properties": { - "assigned_to_id": { - "description": "User ID, group ID, or email", + "class": { "type": "string" }, - "assigned_to_type": { - "description": "user, group, email", + "id": { "type": "string" }, - "id": { + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Link" + } + }, + "name": { "type": "string" }, - "is_active": { - "type": "boolean" + "ns": { + "type": "string" }, - "role_name": { + "part_id": { "type": "string" }, - "workflow_instance": { - "description": "Relationships", - "allOf": [ - { - "$ref": "#/definitions/workflows.WorkflowInstance" - } - ] + "parts": { + "description": "-\u003e Part", + "type": "array", + "items": { + "$ref": "#/definitions/relational.Part" + } + }, + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Prop" + } + }, + "prose": { + "type": "string" }, - "workflow_instance_id": { + "title": { "type": "string" } } }, - "workflows.RoleAssignmentListResponse": { + "relational.Party": { "type": "object", "properties": { - "data": { + "addresses": { "type": "array", "items": { - "$ref": "#/definitions/workflows.RoleAssignment" + "$ref": "#/definitions/relational.Address" } - } - } - }, - "workflows.RoleAssignmentResponse": { - "type": "object", - "properties": { - "data": { - "$ref": "#/definitions/workflows.RoleAssignment" - } - } - }, - "workflows.StartWorkflowExecutionRequest": { - "type": "object", - "required": [ - "triggered-by", - "workflow-instance-id" - ], - "properties": { - "triggered-by": { + }, + "email-addresses": { + "type": "array", + "items": { + "type": "string" + } + }, + "external-ids": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.PartyExternalID" + } + }, + "id": { + "type": "string" + }, + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Link" + } + }, + "locations": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Location" + } + }, + "member-of-organizations": { + "description": "-\u003e Party", + "type": "array", + "items": { + "$ref": "#/definitions/relational.Party" + } + }, + "name": { "type": "string" }, - "triggered-by-id": { + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Prop" + } + }, + "remarks": { "type": "string" }, - "workflow-instance-id": { + "short-name": { "type": "string" + }, + "telephone-numbers": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.TelephoneNumber" + } + }, + "type": { + "$ref": "#/definitions/relational.PartyType" } } }, - "workflows.StepDependency": { + "relational.PartyExternalID": { "type": "object", "properties": { - "depends_on_step": { - "$ref": "#/definitions/workflows.WorkflowStepDefinition" - }, - "depends_on_step_id": { - "type": "string" - }, "id": { "type": "string" }, - "workflow_step_definition": { - "description": "Relationships", - "allOf": [ - { - "$ref": "#/definitions/workflows.WorkflowStepDefinition" - } - ] - }, - "workflow_step_definition_id": { - "type": "string" + "scheme": { + "$ref": "#/definitions/relational.PartyExternalIDScheme" } } }, - "workflows.StepEvidence": { + "relational.PartyExternalIDScheme": { + "type": "string", + "enum": [ + "http://orcid.org/" + ], + "x-enum-varnames": [ + "PartyExternalIDSchemeOrchid" + ] + }, + "relational.PartyType": { + "type": "string", + "enum": [ + "person", + "organization" + ], + "x-enum-varnames": [ + "PartyTypePerson", + "PartyTypeOrganization" + ] + }, + "relational.Prop": { "type": "object", "properties": { - "created-at": { - "type": "string" - }, - "deleted_at": { - "$ref": "#/definitions/gorm.DeletedAt" - }, - "description": { + "class": { "type": "string" }, - "evidence": { - "$ref": "#/definitions/relational.Evidence" - }, - "evidence_id": { - "description": "Link to main evidence table", + "group": { "type": "string" }, - "evidence_type": { - "description": "document, attestation, screenshot, log", + "name": { "type": "string" }, - "file-size": { - "description": "File size in bytes", - "type": "integer" - }, - "file_hash": { - "description": "SHA-256 hash of file", + "ns": { "type": "string" }, - "file_path": { - "description": "Path to stored file", + "remarks": { "type": "string" }, - "id": { + "uuid": { "type": "string" }, - "metadata": { - "description": "JSON metadata", + "value": { "type": "string" - }, + } + } + }, + "relational.Protocol": { + "type": "object", + "properties": { "name": { - "description": "Evidence Information", "type": "string" }, - "step_execution": { - "description": "Relationships", - "allOf": [ - { - "$ref": "#/definitions/workflows.StepExecution" - } - ] + "port-ranges": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.PortRange" + } }, - "step_execution_id": { - "description": "Foreign Keys", + "title": { "type": "string" }, - "updated-at": { + "uuid": { "type": "string" } } }, - "workflows.StepExecution": { + "relational.ProvidedControlImplementation": { "type": "object", "properties": { - "assigned-at": { - "type": "string" - }, - "assigned_to_id": { - "description": "User ID, group ID, or email", + "description": { "type": "string" }, - "assigned_to_type": { - "description": "Assignment Information", + "exportId": { "type": "string" }, - "completed-at": { + "id": { "type": "string" }, - "created-at": { - "type": "string" + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Link" + } }, - "deleted_at": { - "$ref": "#/definitions/gorm.DeletedAt" + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Prop" + } }, - "due_date": { + "remarks": { "type": "string" }, - "failed-at": { - "type": "string" + "responsible-roles": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.ResponsibleRole" + } + } + } + }, + "relational.ResourceLink": { + "type": "object", + "properties": { + "hashes": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Hash" + } }, - "failure_reason": { + "href": { + "description": "required", "type": "string" }, - "id": { + "media-type": { "type": "string" - }, - "overdue-at": { + } + } + }, + "relational.ResponsibleParty": { + "type": "object", + "properties": { + "id": { "type": "string" }, - "reassignment_history": { + "links": { "type": "array", "items": { - "$ref": "#/definitions/workflows.StepReassignmentHistory" + "$ref": "#/definitions/relational.Link" } }, - "started-at": { + "parentID": { + "description": "Polymorphic relationship - allows ResponsibleParty to belong to different parent types", "type": "string" }, - "status": { - "description": "Execution Information", + "parentType": { "type": "string" }, - "step_evidence": { + "parties": { "type": "array", "items": { - "$ref": "#/definitions/workflows.StepEvidence" + "$ref": "#/definitions/relational.ResponsiblePartyParties" } }, - "updated-at": { - "type": "string" - }, - "workflow_execution": { - "description": "Relationships", - "allOf": [ - { - "$ref": "#/definitions/workflows.WorkflowExecution" - } - ] + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Prop" + } }, - "workflow_execution_id": { - "description": "Foreign Keys", + "remarks": { "type": "string" }, - "workflow_step_definition": { - "$ref": "#/definitions/workflows.WorkflowStepDefinition" + "role": { + "$ref": "#/definitions/relational.Role" }, - "workflow_step_definition_id": { + "role-id": { + "description": "required", "type": "string" } } }, - "workflows.StepExecutionListResponse": { - "type": "object", - "properties": { - "data": { - "type": "array", - "items": { - "$ref": "#/definitions/workflows.StepExecution" - } - } - } - }, - "workflows.StepExecutionResponse": { + "relational.ResponsiblePartyParties": { "type": "object", "properties": { - "data": { - "$ref": "#/definitions/workflows.StepExecution" + "partyID": { + "type": "string" + }, + "responsiblePartyID": { + "type": "string" } } }, - "workflows.StepReassignmentHistory": { + "relational.ResponsibleRole": { "type": "object", "properties": { - "created-at": { - "type": "string" - }, - "deleted_at": { - "$ref": "#/definitions/gorm.DeletedAt" - }, "id": { "type": "string" }, - "new_assigned_to_id": { - "type": "string" + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Link" + } }, - "new_assigned_to_type": { + "parentID": { "type": "string" }, - "previous_assigned_to_id": { + "parentType": { "type": "string" }, - "previous_assigned_to_type": { - "type": "string" + "parties": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Party" + } }, - "reason": { - "type": "string" + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Prop" + } }, - "reassigned_by_email": { + "remarks": { "type": "string" }, - "reassigned_by_user_id": { + "role": { + "$ref": "#/definitions/relational.Role" + }, + "role-id": { + "description": "required", "type": "string" + } + } + }, + "relational.ReviewedControls": { + "type": "object", + "properties": { + "controlObjectiveSelections": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.ControlObjectiveSelection" + } }, - "step_execution": { - "$ref": "#/definitions/workflows.StepExecution" + "controlSelections": { + "description": "required", + "type": "array", + "items": { + "$ref": "#/definitions/relational.ControlSelection" + } }, - "step_execution_id": { + "description": { "type": "string" }, - "updated-at": { + "id": { "type": "string" }, - "workflow_execution_id": { + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Link" + } + }, + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Prop" + } + }, + "remarks": { "type": "string" } } }, - "workflows.StepTrigger": { + "relational.Revision": { "type": "object", "properties": { "id": { "type": "string" }, - "is_active": { - "type": "boolean" - }, - "trigger_condition": { - "description": "JSON condition expression", + "last-modified": { "type": "string" }, - "trigger_type": { - "description": "evidence_stream, time_based, external_event", - "type": "string" + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Link" + } }, - "workflow_step_definition": { - "description": "Relationships", - "allOf": [ - { - "$ref": "#/definitions/workflows.WorkflowStepDefinition" - } - ] + "metadata-id": { + "description": "Revision only exist on a metadata object. We'll link them straight there with a BelongsTo relationship", + "type": "string" }, - "workflow_step_definition_id": { + "oscal-version": { "type": "string" - } - } - }, - "workflows.TransitionStepRequest": { - "type": "object", - "required": [ - "status", - "user-id", - "user-type" - ], - "properties": { - "evidence": { + }, + "props": { "type": "array", "items": { - "$ref": "#/definitions/workflow.EvidenceSubmission" + "$ref": "#/definitions/relational.Prop" } }, - "notes": { + "published": { "type": "string" }, - "status": { - "type": "string", - "enum": [ - "in_progress", - "completed" - ] + "remarks": { + "type": "string" }, - "user-id": { + "title": { "type": "string" }, - "user-type": { - "type": "string", - "enum": [ - "user", - "group", - "email" - ] + "version": { + "description": "required", + "type": "string" } } }, - "workflows.UpdateControlRelationshipRequest": { + "relational.Role": { "type": "object", "properties": { "description": { "type": "string" }, - "relationship-type": { + "id": { "type": "string" }, - "strength": { + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Link" + } + }, + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Prop" + } + }, + "remarks": { "type": "string" - } - } - }, - "workflows.UpdateRoleAssignmentRequest": { - "type": "object", - "properties": { - "assigned-to-id": { + }, + "short-name": { "type": "string" }, - "assigned-to-type": { + "title": { "type": "string" } } }, - "workflows.UpdateWorkflowDefinitionRequest": { + "relational.SatisfiedControlImplementationResponsibility": { "type": "object", "properties": { + "by-component-id": { + "type": "string" + }, "description": { "type": "string" }, - "evidence-required": { + "id": { "type": "string" }, - "grace-period-days": { - "type": "integer" + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Link" + } }, - "name": { - "type": "string" + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Prop" + } }, - "suggested-cadence": { + "remarks": { "type": "string" }, - "version": { + "responsibility-uuid": { "type": "string" + }, + "responsible-roles": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.ResponsibleRole" + } } } }, - "workflows.UpdateWorkflowInstanceRequest": { + "relational.SelectObjectiveById": { "type": "object", "properties": { - "cadence": { + "id": { "type": "string" }, - "description": { + "objective": { + "description": "required", "type": "string" }, - "grace-period-days": { - "type": "integer" - }, - "is-active": { - "type": "boolean" + "parentID": { + "type": "string" }, - "name": { + "parentType": { "type": "string" } } }, - "workflows.UpdateWorkflowStepDefinitionRequest": { + "relational.SelectSubjectById": { "type": "object", "properties": { - "depends-on": { - "type": "array", - "items": { - "type": "string" - } - }, - "description": { + "assessmentSubjectID": { "type": "string" }, - "estimated-duration": { - "type": "integer" + "id": { + "type": "string" }, - "evidence-required": { + "links": { "type": "array", "items": { - "$ref": "#/definitions/workflows.EvidenceRequirement" + "$ref": "#/definitions/relational.Link" } }, - "grace-period-days": { - "type": "integer" + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Prop" + } }, - "name": { + "remarks": { "type": "string" }, - "responsible-role": { + "subjectUUID": { + "description": "SubjectUUID technically represents a UUID of a component, party, location, user, or inventory item.\nIt will likely be updated once we can map it correctly", "type": "string" } } }, - "workflows.WorkflowDefinition": { + "relational.SetParameter": { "type": "object", "properties": { - "control_relationships": { - "type": "array", - "items": { - "$ref": "#/definitions/workflows.ControlRelationship" - } - }, - "created-at": { - "type": "string" - }, - "created_by_id": { - "description": "Audit Fields", - "type": "string" - }, - "deleted_at": { - "$ref": "#/definitions/gorm.DeletedAt" - }, - "description": { + "param-id": { "type": "string" }, - "evidence_required": { - "description": "JSON array of required evidence types", + "remarks": { "type": "string" }, - "grace-period-days": { - "description": "Override global default if set", - "type": "integer" + "values": { + "type": "array", + "items": { + "type": "string" + } + } + } + }, + "relational.Statement": { + "type": "object", + "properties": { + "by-components": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.ByComponent" + } }, "id": { "type": "string" }, - "instances": { + "implementedRequirementId": { + "type": "string" + }, + "links": { "type": "array", "items": { - "$ref": "#/definitions/workflows.WorkflowInstance" + "$ref": "#/definitions/relational.Link" } }, - "name": { - "description": "Basic Information", - "type": "string" - }, - "steps": { - "description": "Relationships", + "props": { "type": "array", "items": { - "$ref": "#/definitions/workflows.WorkflowStepDefinition" + "$ref": "#/definitions/relational.Prop" } }, - "suggested_cadence": { - "description": "Workflow Configuration", - "type": "string" - }, - "updated-at": { - "type": "string" - }, - "updated_by_id": { + "remarks": { "type": "string" }, - "version": { - "type": "string" - } - } - }, - "workflows.WorkflowDefinitionListResponse": { - "type": "object", - "properties": { - "data": { + "responsible-roles": { "type": "array", "items": { - "$ref": "#/definitions/workflows.WorkflowDefinition" + "$ref": "#/definitions/relational.ResponsibleRole" } + }, + "statement-id": { + "type": "string" } } }, - "workflows.WorkflowDefinitionResponse": { - "type": "object", - "properties": { - "data": { - "$ref": "#/definitions/workflows.WorkflowDefinition" - } - } - }, - "workflows.WorkflowExecution": { + "relational.Step": { "type": "object", "properties": { - "completed-at": { - "type": "string" - }, - "created-at": { - "type": "string" - }, - "created_by_id": { - "description": "Audit Fields", - "type": "string" - }, - "deleted_at": { - "$ref": "#/definitions/gorm.DeletedAt" - }, - "due_date": { - "type": "string" - }, - "failed-at": { + "activityID": { "type": "string" }, - "failure_reason": { + "description": { + "description": "required", "type": "string" }, "id": { "type": "string" }, - "overdue-at": { - "type": "string" - }, - "period_label": { - "description": "Scheduling Context", - "type": "string" - }, - "started-at": { - "type": "string" - }, - "status": { - "description": "Execution Information", - "type": "string" + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Link" + } }, - "step_executions": { + "props": { "type": "array", "items": { - "$ref": "#/definitions/workflows.StepExecution" + "$ref": "#/definitions/relational.Prop" } }, - "triggered_by": { - "description": "Execution Context", + "remarks": { "type": "string" }, - "triggered_by_id": { - "description": "User ID or system identifier", - "type": "string" + "responsible-roles": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.ResponsibleRole" + } }, - "updated-at": { - "type": "string" + "reviewed-controls": { + "$ref": "#/definitions/relational.ReviewedControls" }, - "updated_by_id": { + "reviewedControlsID": { "type": "string" }, - "workflow_instance": { - "description": "Relationships", - "allOf": [ - { - "$ref": "#/definitions/workflows.WorkflowInstance" - } - ] - }, - "workflow_instance_id": { - "description": "Foreign Keys", + "title": { "type": "string" } } }, - "workflows.WorkflowExecutionListResponse": { - "type": "object", - "properties": { - "data": { - "type": "array", - "items": { - "$ref": "#/definitions/workflows.WorkflowExecution" - } - } - } - }, - "workflows.WorkflowExecutionMetricsResponse": { - "type": "object", - "properties": { - "data": { - "$ref": "#/definitions/workflow.ExecutionMetrics" - } - } - }, - "workflows.WorkflowExecutionResponse": { - "type": "object", - "properties": { - "data": { - "$ref": "#/definitions/workflows.WorkflowExecution" - } - } - }, - "workflows.WorkflowExecutionStatusResponse": { - "type": "object", - "properties": { - "data": { - "$ref": "#/definitions/workflow.ExecutionStatus" - } - } - }, - "workflows.WorkflowInstance": { + "relational.SystemComponent": { "type": "object", "properties": { - "cadence": { - "description": "Instance Configuration", - "type": "string" - }, - "created-at": { - "type": "string" - }, - "created_by_id": { - "description": "Audit Fields", - "type": "string" - }, - "deleted_at": { - "$ref": "#/definitions/gorm.DeletedAt" - }, "description": { "type": "string" }, - "executions": { + "evidence": { "type": "array", "items": { - "$ref": "#/definitions/workflows.WorkflowExecution" + "$ref": "#/definitions/relational.Evidence" } }, - "grace-period-days": { - "description": "Override definition/global default if set", - "type": "integer" + "filters": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Filter" + } }, "id": { "type": "string" }, - "is_active": { - "type": "boolean" + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Link" + } }, - "last-executed-at": { - "type": "string" + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Prop" + } }, - "name": { - "description": "Basic Information", + "protocols": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Protocol" + } + }, + "purpose": { "type": "string" }, - "next-scheduled-at": { - "description": "Scheduling", + "remarks": { "type": "string" }, - "role_assignments": { + "responsible-roles": { "type": "array", "items": { - "$ref": "#/definitions/workflows.RoleAssignment" + "$ref": "#/definitions/relational.ResponsibleRole" } }, - "system_id": { - "type": "string" - }, - "system_security_plan": { - "description": "Relationships", - "allOf": [ - { - "$ref": "#/definitions/relational.SystemSecurityPlan" - } - ] + "status": { + "$ref": "#/definitions/datatypes.JSONType-relational_SystemComponentStatus" }, - "updated-at": { + "systemImplementationId": { "type": "string" }, - "updated_by_id": { + "title": { "type": "string" }, - "workflow_definition": { - "$ref": "#/definitions/workflows.WorkflowDefinition" - }, - "workflow_definition_id": { - "description": "Foreign Keys", + "type": { "type": "string" } } }, - "workflows.WorkflowInstanceListResponse": { + "relational.TelephoneNumber": { "type": "object", "properties": { - "data": { - "type": "array", - "items": { - "$ref": "#/definitions/workflows.WorkflowInstance" - } + "number": { + "type": "string" + }, + "type": { + "$ref": "#/definitions/relational.TelephoneNumberType" } } }, - "workflows.WorkflowInstanceResponse": { - "type": "object", - "properties": { - "data": { - "$ref": "#/definitions/workflows.WorkflowInstance" - } - } + "relational.TelephoneNumberType": { + "type": "string", + "enum": [ + "home", + "office", + "mobile" + ], + "x-enum-varnames": [ + "TelephoneNumberTypeHome", + "TelephoneNumberTypeOffice", + "TelephoneNumberTypeMobile" + ] }, - "workflows.WorkflowStepDefinition": { + "relational.User": { "type": "object", "properties": { - "created-at": { + "authMethod": { "type": "string" }, - "deleted_at": { - "$ref": "#/definitions/gorm.DeletedAt" + "createdAt": { + "type": "string" }, - "dependent_steps": { - "type": "array", - "items": { - "$ref": "#/definitions/workflows.StepDependency" - } + "deletedAt": { + "description": "Soft delete", + "allOf": [ + { + "$ref": "#/definitions/gorm.DeletedAt" + } + ] }, - "depends_on": { - "type": "array", - "items": { - "$ref": "#/definitions/workflows.StepDependency" - } + "digestSubscribed": { + "description": "DigestSubscribed indicates if the user wants to receive evidence digest emails", + "type": "boolean" }, - "description": { + "email": { "type": "string" }, - "estimated_duration": { - "description": "Estimated duration in minutes", + "failedLogins": { "type": "integer" }, - "evidence_required": { - "description": "JSON array of required evidence types", - "type": "array", - "items": { - "$ref": "#/definitions/workflows.EvidenceRequirement" - } - }, - "grace-period-days": { - "description": "Override default grace for this specific step", - "type": "integer" + "firstName": { + "type": "string" }, "id": { "type": "string" }, - "name": { - "description": "Basic Information", - "type": "string" + "isActive": { + "type": "boolean" }, - "order": { - "description": "Step Configuration", - "type": "integer" + "isLocked": { + "type": "boolean" }, - "responsible_role": { - "description": "Role responsible for this step", + "lastLogin": { "type": "string" }, - "step_executions": { - "type": "array", - "items": { - "$ref": "#/definitions/workflows.StepExecution" - } - }, - "triggers": { - "type": "array", - "items": { - "$ref": "#/definitions/workflows.StepTrigger" - } - }, - "updated-at": { + "lastName": { "type": "string" }, - "workflow_definition": { - "description": "Relationships", - "allOf": [ - { - "$ref": "#/definitions/workflows.WorkflowDefinition" - } - ] + "updatedAt": { + "type": "string" }, - "workflow_definition_id": { - "description": "Foreign Keys", + "userAttributes": { "type": "string" } } - }, - "workflows.WorkflowStepDefinitionListResponse": { - "type": "object", - "properties": { - "data": { - "type": "array", - "items": { - "$ref": "#/definitions/workflows.WorkflowStepDefinition" - } - } - } - }, - "workflows.WorkflowStepDefinitionResponse": { - "type": "object", - "properties": { - "data": { - "$ref": "#/definitions/workflows.WorkflowStepDefinition" - } - } } }, "securityDefinitions": { diff --git a/docs/swagger.yaml b/docs/swagger.yaml index c195c04b..05e28061 100644 --- a/docs/swagger.yaml +++ b/docs/swagger.yaml @@ -35,26 +35,14 @@ definitions: type: object datatypes.JSONType-relational_Citation: type: object - datatypes.JSONType-relational_CombinationRule: - type: object - datatypes.JSONType-relational_FlatWithoutGrouping: - type: object datatypes.JSONType-relational_ImplementationStatus: type: object - datatypes.JSONType-relational_ImportProfile: - type: object datatypes.JSONType-relational_IncludeAll: type: object datatypes.JSONType-relational_ParameterSelection: type: object - datatypes.JSONType-relational_SecurityImpactLevel: - type: object - datatypes.JSONType-relational_Status: - type: object datatypes.JSONType-relational_SystemComponentStatus: type: object - datatypes.JSONType-relational_SystemInformation: - type: object digest.EvidenceItem: properties: description: @@ -102,13 +90,6 @@ definitions: format: int64 type: integer type: object - evidence.StatusCount: - properties: - count: - type: integer - status: - type: string - type: object gorm.DeletedAt: properties: time: @@ -117,6 +98,13 @@ definitions: description: Valid is true if Time is not NULL type: boolean type: object + handler.ComplianceByControl.StatusCount: + properties: + count: + type: integer + status: + type: string + type: object handler.EvidenceActivity: properties: description: @@ -406,12 +394,12 @@ definitions: type: array type: array type: object - handler.GenericDataListResponse-evidence_StatusCount: + handler.GenericDataListResponse-handler_ComplianceByControl_StatusCount: properties: data: description: Items from the list response items: - $ref: '#/definitions/evidence.StatusCount' + $ref: '#/definitions/handler.ComplianceByControl.StatusCount' type: array type: object handler.GenericDataListResponse-handler_FilterWithAssociations: @@ -718,14 +706,6 @@ definitions: $ref: '#/definitions/relational.Evidence' type: array type: object - handler.GenericDataListResponse-relational_SystemComponentSuggestion: - properties: - data: - description: Items from the list response - items: - $ref: '#/definitions/relational.SystemComponentSuggestion' - type: array - type: object handler.GenericDataListResponse-relational_User: properties: data: @@ -793,25 +773,11 @@ definitions: - $ref: '#/definitions/handler.OscalLikeEvidence' description: Items from the list response type: object - handler.GenericDataResponse-handler_SubscriptionsResponse: - properties: - data: - allOf: - - $ref: '#/definitions/handler.SubscriptionsResponse' - description: Items from the list response - type: object - handler.GenericDataResponse-handler_riskResponse: - properties: - data: - allOf: - - $ref: '#/definitions/handler.riskResponse' - description: Items from the list response - type: object - handler.GenericDataResponse-oscal_BuildByPropsResponse: + handler.GenericDataResponse-handler_UserHandler: properties: data: allOf: - - $ref: '#/definitions/oscal.BuildByPropsResponse' + - $ref: '#/definitions/handler.UserHandler' description: Items from the list response type: object handler.GenericDataResponse-oscal_ImportResponse: @@ -828,13 +794,6 @@ definitions: - $ref: '#/definitions/oscal.InventoryItemWithSource' description: Items from the list response type: object - handler.GenericDataResponse-oscal_ProfileComplianceProgress: - properties: - data: - allOf: - - $ref: '#/definitions/oscal.ProfileComplianceProgress' - description: Items from the list response - type: object handler.GenericDataResponse-oscal_ProfileHandler: properties: data: @@ -1220,34 +1179,6 @@ definitions: - $ref: '#/definitions/relational.User' description: Items from the list response type: object - handler.GenericDataResponse-risks_RiskComponentLink: - properties: - data: - allOf: - - $ref: '#/definitions/risks.RiskComponentLink' - description: Items from the list response - type: object - handler.GenericDataResponse-risks_RiskControlLink: - properties: - data: - allOf: - - $ref: '#/definitions/risks.RiskControlLink' - description: Items from the list response - type: object - handler.GenericDataResponse-risks_RiskEvidenceLink: - properties: - data: - allOf: - - $ref: '#/definitions/risks.RiskEvidenceLink' - description: Items from the list response - type: object - handler.GenericDataResponse-risks_RiskSubjectLink: - properties: - data: - allOf: - - $ref: '#/definitions/risks.RiskSubjectLink' - description: Items from the list response - type: object handler.GenericDataResponse-string: properties: data: @@ -1333,64 +1264,24 @@ definitions: total: type: integer type: object + handler.StatusCount: + properties: + count: + type: integer + status: + type: string + type: object handler.StatusInterval: properties: interval: type: string statuses: items: - $ref: '#/definitions/evidence.StatusCount' + $ref: '#/definitions/handler.StatusCount' type: array type: object - handler.SubscriptionsResponse: - properties: - subscribed: - type: boolean - taskAvailableEmailSubscribed: - type: boolean - taskDailyDigestSubscribed: - type: boolean - type: object - handler.UpdateSubscriptionsRequest: - properties: - subscribed: - type: boolean - taskAvailableEmailSubscribed: - type: boolean - taskDailyDigestSubscribed: - type: boolean - type: object handler.UserHandler: type: object - handler.acceptRiskRequest: - properties: - justification: - type: string - reviewDeadline: - type: string - type: object - handler.addComponentLinkRequest: - properties: - componentId: - type: string - type: object - handler.addControlLinkRequest: - properties: - catalogId: - type: string - controlId: - type: string - type: object - handler.addEvidenceLinkRequest: - properties: - evidenceId: - type: string - type: object - handler.addSubjectLinkRequest: - properties: - subjectId: - type: string - type: object handler.createFilterRequest: properties: components: @@ -1409,159 +1300,6 @@ definitions: - filter - name type: object - handler.createRiskRequest: - properties: - acceptanceJustification: - type: string - description: - type: string - impact: - type: string - lastReviewedAt: - type: string - likelihood: - type: string - ownerAssignments: - items: - $ref: '#/definitions/handler.riskOwnerAssignmentRequest' - type: array - primaryOwnerUserId: - type: string - reviewDeadline: - type: string - riskTemplateId: - type: string - sspId: - type: string - status: - type: string - title: - type: string - type: object - handler.reviewRiskRequest: - properties: - decision: - type: string - nextReviewDeadline: - type: string - notes: - type: string - reviewedAt: - type: string - type: object - handler.riskControlLinkResponse: - properties: - catalogId: - type: string - controlId: - type: string - type: object - handler.riskOwnerAssignmentRequest: - properties: - isPrimary: - type: boolean - ownerKind: - type: string - ownerRef: - type: string - type: object - handler.riskOwnerAssignmentResponse: - properties: - isPrimary: - type: boolean - ownerKind: - type: string - ownerRef: - type: string - type: object - handler.riskResponse: - properties: - acceptanceJustification: - type: string - componentIds: - items: - type: string - type: array - controlLinks: - items: - $ref: '#/definitions/handler.riskControlLinkResponse' - type: array - createdAt: - type: string - dedupeKey: - type: string - description: - type: string - evidenceIds: - items: - type: string - type: array - firstSeenAt: - type: string - id: - type: string - impact: - type: string - lastReviewedAt: - type: string - lastSeenAt: - type: string - likelihood: - type: string - ownerAssignments: - items: - $ref: '#/definitions/handler.riskOwnerAssignmentResponse' - type: array - primaryOwnerUserId: - type: string - reviewDeadline: - type: string - riskTemplateId: - type: string - sourceType: - type: string - sspId: - type: string - status: - type: string - subjectIds: - items: - type: string - type: array - title: - type: string - updatedAt: - type: string - type: object - handler.updateRiskRequest: - properties: - acceptanceJustification: - type: string - description: - type: string - impact: - type: string - lastReviewedAt: - type: string - likelihood: - type: string - ownerAssignments: - items: - $ref: '#/definitions/handler.riskOwnerAssignmentRequest' - type: array - primaryOwnerUserId: - type: string - reviewDeadline: - type: string - reviewJustification: - type: string - riskTemplateId: - type: string - status: - type: string - title: - type: string - type: object labelfilter.Condition: properties: label: @@ -1597,43 +1335,6 @@ definitions: query: $ref: '#/definitions/labelfilter.Query' type: object - oscal.BuildByPropsRequest: - properties: - catalog-id: - example: 9b0c9c43-2722-4bbb-b132-13d34fb94d45 - type: string - match-strategy: - allOf: - - $ref: '#/definitions/oscal.MatchStrategy' - example: all - rules: - items: - $ref: '#/definitions/oscal.rule' - minItems: 1 - type: array - title: - example: My Custom Profile - type: string - version: - example: 1.0.0 - type: string - required: - - catalog-id - - match-strategy - - rules - - title - type: object - oscal.BuildByPropsResponse: - properties: - control-ids: - items: - type: string - type: array - profile: - $ref: '#/definitions/oscalTypes_1_1_3.Profile' - profile-id: - type: string - type: object oscal.CreateInventoryItemRequest: properties: destination: @@ -1701,215 +1402,44 @@ definitions: uuid: type: string type: object - oscal.MatchStrategy: - enum: - - all - - any - type: string - x-enum-varnames: - - MatchStrategyAll - - MatchStrategyAny - oscal.ProfileComplianceControl: + oscal.ProfileHandler: + type: object + oscalTypes_1_1_3.Action: properties: - catalogId: - type: string - computedStatus: - type: string - controlId: - type: string - groupId: + date: type: string - groupTitle: + links: + items: + $ref: '#/definitions/oscalTypes_1_1_3.Link' + type: array + props: + items: + $ref: '#/definitions/oscalTypes_1_1_3.Property' + type: array + remarks: type: string - implemented: - type: boolean - statusCounts: + responsible-parties: items: - $ref: '#/definitions/oscal.ProfileComplianceStatusCount' + $ref: '#/definitions/oscalTypes_1_1_3.ResponsibleParty' type: array - title: + system: type: string - type: object - oscal.ProfileComplianceGroup: - properties: - compliancePercent: - type: integer - id: + type: type: string - notSatisfied: - type: integer - satisfied: - type: integer - title: + uuid: type: string - totalControls: - type: integer - unknown: - type: integer type: object - oscal.ProfileComplianceImplementation: - properties: - implementationPercent: - type: integer - implementedControls: - type: integer - unimplementedControls: - type: integer - type: object - oscal.ProfileComplianceProgress: + oscalTypes_1_1_3.Activity: properties: - controls: + description: + type: string + links: items: - $ref: '#/definitions/oscal.ProfileComplianceControl' + $ref: '#/definitions/oscalTypes_1_1_3.Link' type: array - groups: + props: items: - $ref: '#/definitions/oscal.ProfileComplianceGroup' - type: array - implementation: - $ref: '#/definitions/oscal.ProfileComplianceImplementation' - scope: - $ref: '#/definitions/oscal.ProfileComplianceScope' - summary: - $ref: '#/definitions/oscal.ProfileComplianceSummary' - type: object - oscal.ProfileComplianceScope: - properties: - id: - type: string - title: - type: string - type: - type: string - type: object - oscal.ProfileComplianceStatusCount: - properties: - count: - type: integer - status: - type: string - type: object - oscal.ProfileComplianceSummary: - properties: - assessedPercent: - type: integer - compliancePercent: - type: integer - implementedControls: - type: integer - notSatisfied: - type: integer - satisfied: - type: integer - totalControls: - type: integer - unknown: - type: integer - type: object - oscal.ProfileHandler: - type: object - oscal.RuleOperator: - enum: - - equals - - contains - - regex - - in - type: string - x-enum-varnames: - - RuleOperatorEquals - - RuleOperatorContains - - RuleOperatorRegex - - RuleOperatorIn - oscal.SystemComponentRequest: - properties: - definedComponentId: - type: string - description: - type: string - links: - items: - $ref: '#/definitions/oscalTypes_1_1_3.Link' - type: array - props: - items: - $ref: '#/definitions/oscalTypes_1_1_3.Property' - type: array - protocols: - items: - $ref: '#/definitions/oscalTypes_1_1_3.Protocol' - type: array - purpose: - type: string - remarks: - type: string - responsible-roles: - items: - $ref: '#/definitions/oscalTypes_1_1_3.ResponsibleRole' - type: array - status: - $ref: '#/definitions/oscalTypes_1_1_3.SystemComponentStatus' - title: - type: string - type: - type: string - uuid: - type: string - type: object - oscal.rule: - properties: - name: - example: class - type: string - ns: - example: http://csrc.nist.gov/ns/oscal - type: string - operator: - allOf: - - $ref: '#/definitions/oscal.RuleOperator' - example: equals - value: - example: technical - type: string - required: - - operator - - value - type: object - oscalTypes_1_1_3.Action: - properties: - date: - type: string - links: - items: - $ref: '#/definitions/oscalTypes_1_1_3.Link' - type: array - props: - items: - $ref: '#/definitions/oscalTypes_1_1_3.Property' - type: array - remarks: - type: string - responsible-parties: - items: - $ref: '#/definitions/oscalTypes_1_1_3.ResponsibleParty' - type: array - system: - type: string - type: - type: string - uuid: - type: string - type: object - oscalTypes_1_1_3.Activity: - properties: - description: - type: string - links: - items: - $ref: '#/definitions/oscalTypes_1_1_3.Link' - type: array - props: - items: - $ref: '#/definitions/oscalTypes_1_1_3.Property' + $ref: '#/definitions/oscalTypes_1_1_3.Property' type: array related-controls: $ref: '#/definitions/oscalTypes_1_1_3.ReviewedControls' @@ -4681,35 +4211,6 @@ definitions: title: type: string type: object - relational.Addition: - properties: - alterationID: - type: string - by-id: - type: string - id: - type: string - links: - items: - $ref: '#/definitions/relational.Link' - type: array - params: - items: - $ref: '#/definitions/relational.Parameter' - type: array - parts: - items: - $ref: '#/definitions/relational.Part' - type: array - position: - type: string - props: - items: - $ref: '#/definitions/relational.Prop' - type: array - title: - type: string - type: object relational.Address: properties: city: @@ -4735,24 +4236,6 @@ definitions: x-enum-varnames: - AddressTypeWork - AddressTypeHome - relational.Alteration: - properties: - adds: - items: - $ref: '#/definitions/relational.Addition' - type: array - control-id: - description: required - type: string - id: - type: string - modify-id: - type: string - removes: - items: - $ref: '#/definitions/relational.Removal' - type: array - type: object relational.AssessedControlsSelectControlById: properties: control: @@ -4796,52 +4279,12 @@ definitions: type: array remarks: type: string - sspId: - type: string type: description: |- Type represents a component, party, location, user, or inventory item. It will likely be updated once we can map it correctly type: string type: object - relational.AuthorizationBoundary: - properties: - description: - type: string - diagrams: - items: - $ref: '#/definitions/relational.Diagram' - type: array - id: - type: string - links: - items: - $ref: '#/definitions/relational.Link' - type: array - props: - items: - $ref: '#/definitions/relational.Prop' - type: array - remarks: - type: string - systemCharacteristicsId: - type: string - type: object - relational.AuthorizedPrivilege: - properties: - description: - type: string - functions-performed: - items: - type: string - type: array - id: - type: string - systemUserId: - type: string - title: - type: string - type: object relational.BackMatter: properties: id: @@ -5027,23 +4470,6 @@ definitions: description: required type: string type: object - relational.ControlImplementation: - properties: - description: - type: string - id: - type: string - implemented-requirements: - items: - $ref: '#/definitions/relational.ImplementedRequirement' - type: array - set-parameters: - items: - $ref: '#/definitions/relational.SetParameter' - type: array - systemSecurityPlanId: - type: string - type: object relational.ControlImplementationResponsibility: properties: description: @@ -5187,29 +4613,6 @@ definitions: description: required type: string type: object - relational.DataFlow: - properties: - description: - type: string - diagrams: - items: - $ref: '#/definitions/relational.Diagram' - type: array - id: - type: string - links: - items: - $ref: '#/definitions/relational.Link' - type: array - props: - items: - $ref: '#/definitions/relational.Prop' - type: array - remarks: - type: string - systemCharacteristicsId: - type: string - type: object relational.DefinedComponent: properties: componentDefinition: @@ -5252,29 +4655,6 @@ definitions: description: required type: string type: object - relational.Diagram: - properties: - caption: - type: string - description: - type: string - id: - type: string - links: - items: - $ref: '#/definitions/relational.Link' - type: array - parentID: - type: string - parentType: - type: string - props: - items: - $ref: '#/definitions/relational.Prop' - type: array - remarks: - type: string - type: object relational.DocumentID: properties: identifier: @@ -5456,15 +4836,15 @@ definitions: $ref: '#/definitions/relational.ResponsibleParty' type: array type: object - relational.ImplementedRequirement: + relational.ImplementedRequirementControlImplementation: properties: - by-components: - items: - $ref: '#/definitions/relational.ByComponent' - type: array control-id: + description: required + type: string + controlImplementationSetID: type: string - controlImplementationId: + description: + description: required type: string id: type: string @@ -5479,6 +4859,7 @@ definitions: remarks: type: string responsible-roles: + description: required items: $ref: '#/definitions/relational.ResponsibleRole' type: array @@ -5488,69 +4869,10 @@ definitions: type: array statements: items: - $ref: '#/definitions/relational.Statement' + $ref: '#/definitions/relational.ControlStatementImplementation' type: array type: object - relational.ImplementedRequirementControlImplementation: - properties: - control-id: - description: required - type: string - controlImplementationSetID: - type: string - description: - description: required - type: string - id: - type: string - links: - items: - $ref: '#/definitions/relational.Link' - type: array - props: - items: - $ref: '#/definitions/relational.Prop' - type: array - remarks: - type: string - responsible-roles: - description: required - items: - $ref: '#/definitions/relational.ResponsibleRole' - type: array - set-parameters: - items: - $ref: '#/definitions/relational.SetParameter' - type: array - statements: - items: - $ref: '#/definitions/relational.ControlStatementImplementation' - type: array - type: object - relational.Import: - properties: - exclude-controls: - items: - $ref: '#/definitions/relational.SelectControlById' - type: array - href: - description: |- - Href as per the OSCAL docs can be an absolute network path (potentially remote), relative or a URI fragment - for the moment to make the system's life easier, it should be a URI fragment to back-matter and try and resolve - back to an ingested catalog. - type: string - id: - type: string - include-all: - $ref: '#/definitions/datatypes.JSONType-relational_IncludeAll' - include-controls: - items: - $ref: '#/definitions/relational.SelectControlById' - type: array - profileID: - type: string - type: object - relational.ImportComponentDefinition: + relational.ImportComponentDefinition: properties: href: type: string @@ -5624,29 +4946,6 @@ definitions: value: type: string type: object - relational.LeveragedAuthorization: - properties: - date-authorized: - type: string - id: - type: string - links: - items: - $ref: '#/definitions/relational.Link' - type: array - party-uuid: - type: string - props: - items: - $ref: '#/definitions/relational.Prop' - type: array - remarks: - type: string - systemImplementationId: - type: string - title: - type: string - type: object relational.Link: properties: href: @@ -5691,24 +4990,6 @@ definitions: type: string type: array type: object - relational.Matching: - properties: - pattern: - type: string - type: object - relational.Merge: - properties: - as-is: - type: boolean - combine: - $ref: '#/definitions/datatypes.JSONType-relational_CombinationRule' - flat: - $ref: '#/definitions/datatypes.JSONType-relational_FlatWithoutGrouping' - id: - type: string - profileID: - type: string - type: object relational.Metadata: properties: actions: @@ -5769,44 +5050,6 @@ definitions: version: type: string type: object - relational.Modify: - properties: - alters: - items: - $ref: '#/definitions/relational.Alteration' - type: array - id: - type: string - profileID: - type: string - set-parameters: - items: - $ref: '#/definitions/relational.ParameterSetting' - type: array - type: object - relational.NetworkArchitecture: - properties: - description: - type: string - diagrams: - items: - $ref: '#/definitions/relational.Diagram' - type: array - id: - type: string - links: - items: - $ref: '#/definitions/relational.Link' - type: array - props: - items: - $ref: '#/definitions/relational.Prop' - type: array - remarks: - type: string - systemCharacteristicsId: - type: string - type: object relational.Origin: properties: actors: @@ -5874,44 +5117,6 @@ definitions: prose: type: string type: object - relational.ParameterSetting: - properties: - class: - type: string - constraints: - items: - $ref: '#/definitions/relational.ParameterConstraint' - type: array - depends-on: - type: string - guidelines: - items: - $ref: '#/definitions/relational.ParameterGuideline' - type: array - id: - type: string - label: - type: string - links: - items: - $ref: '#/definitions/relational.Link' - type: array - modifyID: - type: string - param-id: - description: required - type: string - props: - items: - $ref: '#/definitions/relational.Prop' - type: array - select: - $ref: '#/definitions/datatypes.JSONType-relational_ParameterSelection' - values: - items: - type: string - type: array - type: object relational.Part: properties: class: @@ -6009,27 +5214,6 @@ definitions: x-enum-varnames: - PartyTypePerson - PartyTypeOrganization - relational.Profile: - properties: - back-matter: - $ref: '#/definitions/relational.BackMatter' - controls: - items: - $ref: '#/definitions/relational.Control' - type: array - id: - type: string - imports: - items: - $ref: '#/definitions/relational.Import' - type: array - merge: - $ref: '#/definitions/relational.Merge' - metadata: - $ref: '#/definitions/relational.Metadata' - modify: - $ref: '#/definitions/relational.Modify' - type: object relational.Prop: properties: class: @@ -6083,19 +5267,6 @@ definitions: $ref: '#/definitions/relational.ResponsibleRole' type: array type: object - relational.Removal: - properties: - by-class: - type: string - by-id: - type: string - by-item-name: - type: string - by-name: - type: string - by-ns: - type: string - type: object relational.ResourceLink: properties: hashes: @@ -6275,25 +5446,6 @@ definitions: $ref: '#/definitions/relational.ResponsibleRole' type: array type: object - relational.SelectControlById: - properties: - id: - type: string - matching: - items: - $ref: '#/definitions/relational.Matching' - type: array - parentID: - type: string - parentType: - type: string - with-child-controls: - type: string - with-ids: - items: - type: string - type: array - type: object relational.SelectObjectiveById: properties: id: @@ -6396,57 +5548,8 @@ definitions: title: type: string type: object - relational.SystemCharacteristics: - properties: - authorization-boundary: - $ref: '#/definitions/relational.AuthorizationBoundary' - dataFlow: - $ref: '#/definitions/relational.DataFlow' - date-authorized: - type: string - description: - type: string - id: - type: string - links: - items: - $ref: '#/definitions/relational.Link' - type: array - networkArchitecture: - $ref: '#/definitions/relational.NetworkArchitecture' - props: - items: - $ref: '#/definitions/relational.Prop' - type: array - remarks: - type: string - responsible-parties: - items: - $ref: '#/definitions/relational.ResponsibleParty' - type: array - security-impact-level: - $ref: '#/definitions/datatypes.JSONType-relational_SecurityImpactLevel' - security-sensitivity-level: - type: string - status: - $ref: '#/definitions/datatypes.JSONType-relational_Status' - system-ids: - items: - $ref: '#/definitions/relational.SystemId' - type: array - system-information: - $ref: '#/definitions/datatypes.JSONType-relational_SystemInformation' - system-name: - type: string - system-name-short: - type: string - systemSecurityPlanId: - type: string - type: object relational.SystemComponent: properties: - definedComponentId: - type: string description: type: string evidence: @@ -6488,119 +5591,12 @@ definitions: type: type: string type: object - relational.SystemComponentSuggestion: + relational.TelephoneNumber: properties: - componentDefinitionId: - type: string - definedComponentId: - type: string - description: - type: string - name: - type: string - purpose: + number: type: string type: - type: string - type: object - relational.SystemId: - properties: - id: - type: string - identifier-type: - type: string - type: object - relational.SystemImplementation: - properties: - components: - items: - $ref: '#/definitions/relational.SystemComponent' - type: array - id: - type: string - inventory-items: - items: - $ref: '#/definitions/relational.InventoryItem' - type: array - leveraged-authorizations: - items: - $ref: '#/definitions/relational.LeveragedAuthorization' - type: array - links: - items: - $ref: '#/definitions/relational.Link' - type: array - props: - items: - $ref: '#/definitions/relational.Prop' - type: array - remarks: - type: string - systemSecurityPlanId: - type: string - users: - items: - $ref: '#/definitions/relational.SystemUser' - type: array - type: object - relational.SystemSecurityPlan: - properties: - back-matter: - $ref: '#/definitions/relational.BackMatter' - control-implementation: - $ref: '#/definitions/relational.ControlImplementation' - id: - type: string - import-profile: - $ref: '#/definitions/datatypes.JSONType-relational_ImportProfile' - metadata: - $ref: '#/definitions/relational.Metadata' - profile: - $ref: '#/definitions/relational.Profile' - profileID: - type: string - system-characteristics: - $ref: '#/definitions/relational.SystemCharacteristics' - system-implementation: - $ref: '#/definitions/relational.SystemImplementation' - type: object - relational.SystemUser: - properties: - authorized-privileges: - items: - $ref: '#/definitions/relational.AuthorizedPrivilege' - type: array - description: - type: string - id: - type: string - links: - items: - $ref: '#/definitions/relational.Link' - type: array - props: - items: - $ref: '#/definitions/relational.Prop' - type: array - remarks: - type: string - role-ids: - items: - type: string - type: array - short-name: - type: string - systemImplementationId: - type: string - title: - type: string - type: object - relational.TelephoneNumber: - properties: - number: - type: string - type: - $ref: '#/definitions/relational.TelephoneNumberType' + $ref: '#/definitions/relational.TelephoneNumberType' type: object relational.TelephoneNumberType: enum: @@ -6642,4582 +5638,84 @@ definitions: type: string lastName: type: string - taskAvailableEmailSubscribed: - description: TaskAvailableEmailSubscribed indicates if the user wants an email - when tasks become available - type: boolean - taskDailyDigestSubscribed: - description: TaskDailyDigestSubscribed indicates if the user wants to receive - a daily task digest email - type: boolean - updatedAt: - type: string - userAttributes: - type: string - type: object - risks.RiskComponentLink: - properties: - componentId: - type: string - createdAt: - type: string - createdById: - type: string - riskId: - type: string - type: object - risks.RiskControlLink: - properties: - catalogId: - type: string - controlId: - type: string - createdAt: - type: string - createdById: - type: string - riskId: - type: string - type: object - risks.RiskEvidenceLink: - properties: - createdAt: - type: string - createdById: - type: string - evidenceId: - description: EvidenceID stores the evidence stream UUID (evidences.uuid), - not a single evidence row ID. - type: string - riskId: - type: string - type: object - risks.RiskSubjectLink: - properties: - createdAt: - type: string - createdById: - type: string - riskId: - type: string - subjectId: - type: string - type: object - service.ListResponse-handler_riskResponse: - properties: - data: - items: - $ref: '#/definitions/handler.riskResponse' - type: array - limit: - type: integer - page: - type: integer - total: - type: integer - totalPages: - type: integer - type: object - service.ListResponse-risks_RiskComponentLink: - properties: - data: - items: - $ref: '#/definitions/risks.RiskComponentLink' - type: array - limit: - type: integer - page: - type: integer - total: - type: integer - totalPages: - type: integer - type: object - service.ListResponse-risks_RiskControlLink: - properties: - data: - items: - $ref: '#/definitions/risks.RiskControlLink' - type: array - limit: - type: integer - page: - type: integer - total: - type: integer - totalPages: - type: integer - type: object - service.ListResponse-risks_RiskSubjectLink: - properties: - data: - items: - $ref: '#/definitions/risks.RiskSubjectLink' - type: array - limit: - type: integer - page: - type: integer - total: - type: integer - totalPages: - type: integer - type: object - service.ListResponse-templates_evidenceTemplateResponse: - properties: - data: - items: - $ref: '#/definitions/templates.evidenceTemplateResponse' - type: array - limit: - type: integer - page: - type: integer - total: - type: integer - totalPages: - type: integer - type: object - service.ListResponse-templates_riskTemplateResponse: - properties: - data: - items: - $ref: '#/definitions/templates.riskTemplateResponse' - type: array - limit: - type: integer - page: - type: integer - total: - type: integer - totalPages: - type: integer - type: object - service.ListResponse-templates_subjectTemplateResponse: - properties: - data: - items: - $ref: '#/definitions/templates.subjectTemplateResponse' - type: array - limit: - type: integer - page: - type: integer - total: - type: integer - totalPages: - type: integer - type: object - service.ListResponse-uuid_UUID: - properties: - data: - items: - type: string - type: array - limit: - type: integer - page: - type: integer - total: - type: integer - totalPages: - type: integer - type: object - templates.evidenceTemplateDataResponse: - properties: - data: - $ref: '#/definitions/templates.evidenceTemplateResponse' - type: object - templates.evidenceTemplateLabelSchemaFieldRequest: - properties: - description: - type: string - key: - type: string - required: - type: boolean - type: object - templates.evidenceTemplateLabelSchemaFieldResponse: - properties: - description: - type: string - key: - type: string - required: - type: boolean - type: object - templates.evidenceTemplateResponse: - properties: - createdAt: - type: string - description: - type: string - id: - type: string - isActive: - type: boolean - labelSchema: - items: - $ref: '#/definitions/templates.evidenceTemplateLabelSchemaFieldResponse' - type: array - methods: - items: - type: string - type: array - pluginId: - type: string - policyPackage: - type: string - riskTemplateIds: - items: - type: string - type: array - selectorLabels: - items: - $ref: '#/definitions/templates.evidenceTemplateSelectorLabelResponse' - type: array - subjectTemplateIds: - items: - type: string - type: array - title: - type: string updatedAt: type: string - type: object - templates.evidenceTemplateSelectorLabelRequest: - properties: - key: - type: string - value: - type: string - type: object - templates.evidenceTemplateSelectorLabelResponse: - properties: - key: - type: string - value: - type: string - type: object - templates.remediationTaskRequest: - properties: - orderIndex: - type: integer - title: - type: string - type: object - templates.remediationTaskResponse: - properties: - id: - type: string - orderIndex: - type: integer - title: - type: string - type: object - templates.remediationTemplateRequest: - properties: - description: - type: string - tasks: - items: - $ref: '#/definitions/templates.remediationTaskRequest' - type: array - title: - type: string - type: object - templates.remediationTemplateResponse: - properties: - description: - type: string - id: - type: string - tasks: - items: - $ref: '#/definitions/templates.remediationTaskResponse' - type: array - title: - type: string - type: object - templates.riskTemplateDataResponse: - properties: - data: - $ref: '#/definitions/templates.riskTemplateResponse' - type: object - templates.riskTemplateResponse: - properties: - createdAt: - type: string - id: - type: string - impactHint: - type: string - isActive: - type: boolean - likelihoodHint: - type: string - name: - type: string - pluginId: - type: string - policyPackage: - type: string - remediationTemplate: - $ref: '#/definitions/templates.remediationTemplateResponse' - statement: - type: string - threatIds: - items: - $ref: '#/definitions/templates.threatIDResponse' - type: array - title: - type: string - updatedAt: - type: string - violationIds: - items: - type: string - type: array - type: object - templates.subjectTemplateDataResponse: - properties: - data: - $ref: '#/definitions/templates.subjectTemplateResponse' - type: object - templates.subjectTemplateLabelSchemaFieldRequest: - properties: - description: - type: string - key: - type: string - type: object - templates.subjectTemplateLabelSchemaFieldResponse: - properties: - description: - type: string - key: - type: string - type: object - templates.subjectTemplateResponse: - properties: - createdAt: - type: string - descriptionTemplate: - type: string - id: - type: string - identityLabelKeys: - items: - type: string - type: array - labelSchema: - items: - $ref: '#/definitions/templates.subjectTemplateLabelSchemaFieldResponse' - type: array - links: - items: - $ref: '#/definitions/relational.Link' - type: array - name: - type: string - props: - items: - $ref: '#/definitions/relational.Prop' - type: array - purposeTemplate: - type: string - remarksTemplate: - type: string - selectorLabels: - items: - $ref: '#/definitions/templates.subjectTemplateSelectorLabelResponse' - type: array - sourceMode: - type: string - titleTemplate: - type: string - type: - type: string - updatedAt: - type: string - type: object - templates.subjectTemplateSelectorLabelRequest: - properties: - key: - type: string - value: - type: string - type: object - templates.subjectTemplateSelectorLabelResponse: - properties: - key: - type: string - value: - type: string - type: object - templates.threatIDRequest: - properties: - id: - type: string - system: - type: string - title: - type: string - url: - type: string - type: object - templates.threatIDResponse: - properties: - id: - type: string - system: - type: string - title: - type: string - url: - type: string - type: object - templates.upsertEvidenceTemplateRequest: - properties: - description: - type: string - isActive: - type: boolean - labelSchema: - items: - $ref: '#/definitions/templates.evidenceTemplateLabelSchemaFieldRequest' - type: array - methods: - items: - type: string - type: array - pluginId: - type: string - policyPackage: - type: string - riskTemplateIds: - items: - type: string - type: array - selectorLabels: - items: - $ref: '#/definitions/templates.evidenceTemplateSelectorLabelRequest' - type: array - subjectTemplateIds: - items: - type: string - type: array - title: - type: string - type: object - templates.upsertRiskTemplateRequest: - properties: - impactHint: - type: string - isActive: - type: boolean - likelihoodHint: - type: string - name: - type: string - pluginId: - type: string - policyPackage: - type: string - remediationTemplate: - $ref: '#/definitions/templates.remediationTemplateRequest' - statement: - type: string - threatIds: - items: - $ref: '#/definitions/templates.threatIDRequest' - type: array - title: - type: string - violationIds: - items: - type: string - type: array - type: object - templates.upsertSubjectTemplateRequest: - properties: - descriptionTemplate: - type: string - identityLabelKeys: - items: - type: string - type: array - labelSchema: - items: - $ref: '#/definitions/templates.subjectTemplateLabelSchemaFieldRequest' - type: array - links: - items: - $ref: '#/definitions/relational.Link' - type: array - name: - type: string - props: - items: - $ref: '#/definitions/relational.Prop' - type: array - purposeTemplate: - type: string - remarksTemplate: - type: string - selectorLabels: - items: - $ref: '#/definitions/templates.subjectTemplateSelectorLabelRequest' - type: array - sourceMode: - type: string - titleTemplate: - type: string - type: - type: string - required: - - identityLabelKeys - - labelSchema - - name - - selectorLabels - - sourceMode - - type - type: object - time.Duration: - enum: - - -9223372036854775808 - - 9223372036854775807 - - 1 - - 1000 - - 1000000 - - 1000000000 - - 60000000000 - - 3600000000000 - format: int64 - type: integer - x-enum-varnames: - - minDuration - - maxDuration - - Nanosecond - - Microsecond - - Millisecond - - Second - - Minute - - Hour - workflow.EvidenceSubmission: - properties: - description: - type: string - evidence-id: - type: string - evidence-type: - type: string - file-content: - description: Base64 encoded file content - type: string - file-hash: - type: string - file-path: - type: string - file-size: - type: integer - media-type: - description: MIME type (e.g., "application/pdf", "image/png") - type: string - metadata: - type: string - name: - type: string - type: object - workflow.ExecutionMetrics: - properties: - averageStepDuration: - $ref: '#/definitions/time.Duration' - duration: - $ref: '#/definitions/time.Duration' - executionID: - type: string - longestStepDuration: - $ref: '#/definitions/time.Duration' - totalSteps: - type: integer - type: object - workflow.ExecutionStatus: - properties: - blockedSteps: - type: integer - cancelledSteps: - type: integer - completedAt: - type: string - completedSteps: - type: integer - executionID: - type: string - failedAt: - type: string - failedSteps: - type: integer - failureReason: - type: string - inProgressSteps: - type: integer - overdueSteps: - type: integer - pendingSteps: - type: integer - startedAt: - type: string - status: - type: string - totalSteps: - type: integer - type: object - workflows.BulkReassignRoleResponse: - properties: - data: - $ref: '#/definitions/workflows.BulkReassignRoleResponseData' - type: object - workflows.BulkReassignRoleResponseData: - properties: - execution-id: - type: string - reassigned-count: - type: integer - reassigned-step-execution-ids: - items: - type: string - type: array - role-name: - type: string - type: object - workflows.CancelWorkflowExecutionRequest: - properties: - reason: - type: string - type: object - workflows.ControlRelationship: - properties: - catalog_id: - description: Link to catalog if available - type: string - control_id: - description: Control Information - type: string - control_source: - description: e.g., "NIST 800-53 Rev 5", "ISO 27001" - type: string - created-at: - type: string - deleted_at: - $ref: '#/definitions/gorm.DeletedAt' - id: - type: string - is_active: - type: boolean - relationship_type: - description: Relationship Information - type: string - strength: - description: primary, secondary, supporting - type: string - updated-at: - type: string - workflow_definition: - allOf: - - $ref: '#/definitions/workflows.WorkflowDefinition' - description: Relationships - workflow_definition_id: - description: Foreign Keys - type: string - type: object - workflows.ControlRelationshipListResponse: - properties: - data: - items: - $ref: '#/definitions/workflows.ControlRelationship' - type: array - type: object - workflows.ControlRelationshipResponse: - properties: - data: - $ref: '#/definitions/workflows.ControlRelationship' - type: object - workflows.CreateControlRelationshipRequest: - properties: - catalog-id: - type: string - control-id: - type: string - description: - type: string - is-active: - type: boolean - relationship-type: - description: If not provided - 'satisfies' is used - type: string - strength: - description: If not provided - 'primary' is used - type: string - workflow-definition-id: - type: string - required: - - catalog-id - - control-id - - workflow-definition-id - type: object - workflows.CreateRoleAssignmentRequest: - properties: - assigned-to-id: - type: string - assigned-to-type: - type: string - is-active: - type: boolean - role-name: - type: string - workflow-instance-id: - type: string - required: - - assigned-to-id - - assigned-to-type - - role-name - - workflow-instance-id - type: object - workflows.CreateWorkflowDefinitionRequest: - properties: - description: - type: string - evidence-required: - type: string - grace-period-days: - type: integer - name: - type: string - suggested-cadence: - type: string - version: - type: string - required: - - name - type: object - workflows.CreateWorkflowInstanceRequest: - properties: - cadence: - type: string - description: - type: string - grace-period-days: - type: integer - is-active: - type: boolean - name: - type: string - system-id: - type: string - workflow-definition-id: - type: string - required: - - name - - system-id - - workflow-definition-id - type: object - workflows.CreateWorkflowStepDefinitionRequest: - properties: - depends-on: - description: Array of step IDs this step depends on - items: - type: string - type: array - description: - type: string - estimated-duration: - type: integer - evidence-required: - items: - $ref: '#/definitions/workflows.EvidenceRequirement' - type: array - grace-period-days: - type: integer - name: - type: string - responsible-role: - type: string - workflow-definition-id: - type: string - required: - - name - - responsible-role - - workflow-definition-id - type: object - workflows.EvidenceRequirement: - properties: - description: - type: string - required: - type: boolean - type: - type: string - type: object - workflows.FailStepRequest: - properties: - reason: - type: string - required: - - reason - type: object - workflows.MyAssignmentsResponse: - properties: - data: - items: - $ref: '#/definitions/workflows.StepExecution' - type: array - has-more: - type: boolean - limit: - type: integer - offset: - type: integer - total: - type: integer - type: object - workflows.ReassignRoleRequest: - properties: - new-assigned-to-id: - type: string - new-assigned-to-type: - enum: - - user - - group - - email - type: string - reason: - type: string - role-name: - type: string - required: - - new-assigned-to-id - - new-assigned-to-type - - role-name - type: object - workflows.ReassignStepRequest: - properties: - assigned-to-id: - type: string - assigned-to-type: - enum: - - user - - group - - email - type: string - reason: - type: string - required: - - assigned-to-id - - assigned-to-type - type: object - workflows.RoleAssignment: - properties: - assigned_to_id: - description: User ID, group ID, or email - type: string - assigned_to_type: - description: user, group, email - type: string - id: - type: string - is_active: - type: boolean - role_name: - type: string - workflow_instance: - allOf: - - $ref: '#/definitions/workflows.WorkflowInstance' - description: Relationships - workflow_instance_id: - type: string - type: object - workflows.RoleAssignmentListResponse: - properties: - data: - items: - $ref: '#/definitions/workflows.RoleAssignment' - type: array - type: object - workflows.RoleAssignmentResponse: - properties: - data: - $ref: '#/definitions/workflows.RoleAssignment' - type: object - workflows.StartWorkflowExecutionRequest: - properties: - triggered-by: - type: string - triggered-by-id: - type: string - workflow-instance-id: - type: string - required: - - triggered-by - - workflow-instance-id - type: object - workflows.StepDependency: - properties: - depends_on_step: - $ref: '#/definitions/workflows.WorkflowStepDefinition' - depends_on_step_id: - type: string - id: - type: string - workflow_step_definition: - allOf: - - $ref: '#/definitions/workflows.WorkflowStepDefinition' - description: Relationships - workflow_step_definition_id: - type: string - type: object - workflows.StepEvidence: - properties: - created-at: - type: string - deleted_at: - $ref: '#/definitions/gorm.DeletedAt' - description: - type: string - evidence: - $ref: '#/definitions/relational.Evidence' - evidence_id: - description: Link to main evidence table - type: string - evidence_type: - description: document, attestation, screenshot, log - type: string - file-size: - description: File size in bytes - type: integer - file_hash: - description: SHA-256 hash of file - type: string - file_path: - description: Path to stored file - type: string - id: - type: string - metadata: - description: JSON metadata - type: string - name: - description: Evidence Information - type: string - step_execution: - allOf: - - $ref: '#/definitions/workflows.StepExecution' - description: Relationships - step_execution_id: - description: Foreign Keys - type: string - updated-at: - type: string - type: object - workflows.StepExecution: - properties: - assigned-at: - type: string - assigned_to_id: - description: User ID, group ID, or email - type: string - assigned_to_type: - description: Assignment Information - type: string - completed-at: - type: string - created-at: - type: string - deleted_at: - $ref: '#/definitions/gorm.DeletedAt' - due_date: - type: string - failed-at: - type: string - failure_reason: - type: string - id: - type: string - overdue-at: - type: string - reassignment_history: - items: - $ref: '#/definitions/workflows.StepReassignmentHistory' - type: array - started-at: - type: string - status: - description: Execution Information - type: string - step_evidence: - items: - $ref: '#/definitions/workflows.StepEvidence' - type: array - updated-at: - type: string - workflow_execution: - allOf: - - $ref: '#/definitions/workflows.WorkflowExecution' - description: Relationships - workflow_execution_id: - description: Foreign Keys - type: string - workflow_step_definition: - $ref: '#/definitions/workflows.WorkflowStepDefinition' - workflow_step_definition_id: - type: string - type: object - workflows.StepExecutionListResponse: - properties: - data: - items: - $ref: '#/definitions/workflows.StepExecution' - type: array - type: object - workflows.StepExecutionResponse: - properties: - data: - $ref: '#/definitions/workflows.StepExecution' - type: object - workflows.StepReassignmentHistory: - properties: - created-at: - type: string - deleted_at: - $ref: '#/definitions/gorm.DeletedAt' - id: - type: string - new_assigned_to_id: - type: string - new_assigned_to_type: - type: string - previous_assigned_to_id: - type: string - previous_assigned_to_type: - type: string - reason: - type: string - reassigned_by_email: - type: string - reassigned_by_user_id: - type: string - step_execution: - $ref: '#/definitions/workflows.StepExecution' - step_execution_id: - type: string - updated-at: - type: string - workflow_execution_id: - type: string - type: object - workflows.StepTrigger: - properties: - id: - type: string - is_active: - type: boolean - trigger_condition: - description: JSON condition expression - type: string - trigger_type: - description: evidence_stream, time_based, external_event - type: string - workflow_step_definition: - allOf: - - $ref: '#/definitions/workflows.WorkflowStepDefinition' - description: Relationships - workflow_step_definition_id: - type: string - type: object - workflows.TransitionStepRequest: - properties: - evidence: - items: - $ref: '#/definitions/workflow.EvidenceSubmission' - type: array - notes: - type: string - status: - enum: - - in_progress - - completed - type: string - user-id: - type: string - user-type: - enum: - - user - - group - - email - type: string - required: - - status - - user-id - - user-type - type: object - workflows.UpdateControlRelationshipRequest: - properties: - description: - type: string - relationship-type: - type: string - strength: - type: string - type: object - workflows.UpdateRoleAssignmentRequest: - properties: - assigned-to-id: - type: string - assigned-to-type: - type: string - type: object - workflows.UpdateWorkflowDefinitionRequest: - properties: - description: - type: string - evidence-required: - type: string - grace-period-days: - type: integer - name: - type: string - suggested-cadence: - type: string - version: - type: string - type: object - workflows.UpdateWorkflowInstanceRequest: - properties: - cadence: - type: string - description: - type: string - grace-period-days: - type: integer - is-active: - type: boolean - name: - type: string - type: object - workflows.UpdateWorkflowStepDefinitionRequest: - properties: - depends-on: - items: - type: string - type: array - description: - type: string - estimated-duration: - type: integer - evidence-required: - items: - $ref: '#/definitions/workflows.EvidenceRequirement' - type: array - grace-period-days: - type: integer - name: - type: string - responsible-role: - type: string - type: object - workflows.WorkflowDefinition: - properties: - control_relationships: - items: - $ref: '#/definitions/workflows.ControlRelationship' - type: array - created-at: - type: string - created_by_id: - description: Audit Fields - type: string - deleted_at: - $ref: '#/definitions/gorm.DeletedAt' - description: - type: string - evidence_required: - description: JSON array of required evidence types - type: string - grace-period-days: - description: Override global default if set - type: integer - id: - type: string - instances: - items: - $ref: '#/definitions/workflows.WorkflowInstance' - type: array - name: - description: Basic Information - type: string - steps: - description: Relationships - items: - $ref: '#/definitions/workflows.WorkflowStepDefinition' - type: array - suggested_cadence: - description: Workflow Configuration - type: string - updated-at: - type: string - updated_by_id: - type: string - version: - type: string - type: object - workflows.WorkflowDefinitionListResponse: - properties: - data: - items: - $ref: '#/definitions/workflows.WorkflowDefinition' - type: array - type: object - workflows.WorkflowDefinitionResponse: - properties: - data: - $ref: '#/definitions/workflows.WorkflowDefinition' - type: object - workflows.WorkflowExecution: - properties: - completed-at: - type: string - created-at: - type: string - created_by_id: - description: Audit Fields - type: string - deleted_at: - $ref: '#/definitions/gorm.DeletedAt' - due_date: - type: string - failed-at: - type: string - failure_reason: - type: string - id: - type: string - overdue-at: - type: string - period_label: - description: Scheduling Context - type: string - started-at: - type: string - status: - description: Execution Information - type: string - step_executions: - items: - $ref: '#/definitions/workflows.StepExecution' - type: array - triggered_by: - description: Execution Context - type: string - triggered_by_id: - description: User ID or system identifier - type: string - updated-at: - type: string - updated_by_id: - type: string - workflow_instance: - allOf: - - $ref: '#/definitions/workflows.WorkflowInstance' - description: Relationships - workflow_instance_id: - description: Foreign Keys - type: string - type: object - workflows.WorkflowExecutionListResponse: - properties: - data: - items: - $ref: '#/definitions/workflows.WorkflowExecution' - type: array - type: object - workflows.WorkflowExecutionMetricsResponse: - properties: - data: - $ref: '#/definitions/workflow.ExecutionMetrics' - type: object - workflows.WorkflowExecutionResponse: - properties: - data: - $ref: '#/definitions/workflows.WorkflowExecution' - type: object - workflows.WorkflowExecutionStatusResponse: - properties: - data: - $ref: '#/definitions/workflow.ExecutionStatus' - type: object - workflows.WorkflowInstance: - properties: - cadence: - description: Instance Configuration - type: string - created-at: - type: string - created_by_id: - description: Audit Fields - type: string - deleted_at: - $ref: '#/definitions/gorm.DeletedAt' - description: - type: string - executions: - items: - $ref: '#/definitions/workflows.WorkflowExecution' - type: array - grace-period-days: - description: Override definition/global default if set - type: integer - id: - type: string - is_active: - type: boolean - last-executed-at: - type: string - name: - description: Basic Information - type: string - next-scheduled-at: - description: Scheduling - type: string - role_assignments: - items: - $ref: '#/definitions/workflows.RoleAssignment' - type: array - system_id: - type: string - system_security_plan: - allOf: - - $ref: '#/definitions/relational.SystemSecurityPlan' - description: Relationships - updated-at: - type: string - updated_by_id: - type: string - workflow_definition: - $ref: '#/definitions/workflows.WorkflowDefinition' - workflow_definition_id: - description: Foreign Keys - type: string - type: object - workflows.WorkflowInstanceListResponse: - properties: - data: - items: - $ref: '#/definitions/workflows.WorkflowInstance' - type: array - type: object - workflows.WorkflowInstanceResponse: - properties: - data: - $ref: '#/definitions/workflows.WorkflowInstance' - type: object - workflows.WorkflowStepDefinition: - properties: - created-at: - type: string - deleted_at: - $ref: '#/definitions/gorm.DeletedAt' - dependent_steps: - items: - $ref: '#/definitions/workflows.StepDependency' - type: array - depends_on: - items: - $ref: '#/definitions/workflows.StepDependency' - type: array - description: - type: string - estimated_duration: - description: Estimated duration in minutes - type: integer - evidence_required: - description: JSON array of required evidence types - items: - $ref: '#/definitions/workflows.EvidenceRequirement' - type: array - grace-period-days: - description: Override default grace for this specific step - type: integer - id: - type: string - name: - description: Basic Information - type: string - order: - description: Step Configuration - type: integer - responsible_role: - description: Role responsible for this step - type: string - step_executions: - items: - $ref: '#/definitions/workflows.StepExecution' - type: array - triggers: - items: - $ref: '#/definitions/workflows.StepTrigger' - type: array - updated-at: - type: string - workflow_definition: - allOf: - - $ref: '#/definitions/workflows.WorkflowDefinition' - description: Relationships - workflow_definition_id: - description: Foreign Keys - type: string - type: object - workflows.WorkflowStepDefinitionListResponse: - properties: - data: - items: - $ref: '#/definitions/workflows.WorkflowStepDefinition' - type: array - type: object - workflows.WorkflowStepDefinitionResponse: - properties: - data: - $ref: '#/definitions/workflows.WorkflowStepDefinition' - type: object -externalDocs: - description: OpenAPI - url: https://swagger.io/resources/open-api/ -host: localhost:8080 -info: - contact: {} - description: This is the API for the Continuous Compliance Framework. - title: Continuous Compliance Framework API - version: "1" -paths: - /admin/digest/preview: - get: - description: Returns the current evidence summary that would be included in - a digest email - produces: - - application/json - responses: - "200": - description: OK - schema: - $ref: '#/definitions/handler.GenericDataResponse-digest_EvidenceSummary' - "500": - description: Internal Server Error - schema: - $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Preview evidence digest - tags: - - Digest - /admin/digest/trigger: - post: - description: Manually triggers the evidence digest job to send emails to all - users - parameters: - - description: 'Job name to trigger (default: global-evidence-digest)' - in: query - name: job - type: string - produces: - - application/json - responses: - "200": - description: OK - schema: - additionalProperties: - type: string - type: object - "400": - description: Bad Request - schema: - $ref: '#/definitions/api.Error' - "500": - description: Internal Server Error - schema: - $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Trigger evidence digest - tags: - - Digest - /admin/users: - get: - description: Lists all users in the system - produces: - - application/json - responses: - "200": - description: OK - schema: - $ref: '#/definitions/handler.GenericDataListResponse-relational_User' - "401": - description: Unauthorized - schema: - $ref: '#/definitions/api.Error' - "500": - description: Internal Server Error - schema: - $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: List all users - tags: - - Users - post: - consumes: - - application/json - description: Creates a new user in the system - parameters: - - description: User details - in: body - name: user - required: true - schema: - $ref: '#/definitions/handler.UserHandler' - produces: - - application/json - responses: - "201": - description: Created - schema: - $ref: '#/definitions/handler.GenericDataResponse-relational_User' - "400": - description: Bad Request - schema: - $ref: '#/definitions/api.Error' - "401": - description: Unauthorized - schema: - $ref: '#/definitions/api.Error' - "409": - description: Conflict - schema: - $ref: '#/definitions/api.Error' - "500": - description: Internal Server Error - schema: - $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Create a new user - tags: - - Users - /admin/users/{id}: - delete: - description: Deletes a user from the system - parameters: - - description: User ID - in: path - name: id - required: true - type: string - responses: - "204": - description: No Content - "400": - description: Bad Request - schema: - $ref: '#/definitions/api.Error' - "401": - description: Unauthorized - schema: - $ref: '#/definitions/api.Error' - "404": - description: Not Found - schema: - $ref: '#/definitions/api.Error' - "500": - description: Internal Server Error - schema: - $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Delete a user - tags: - - Users - get: - description: Get user details by user ID - parameters: - - description: User ID - in: path - name: id - required: true - type: string - produces: - - application/json - responses: - "200": - description: OK - schema: - $ref: '#/definitions/handler.GenericDataResponse-relational_User' - "400": - description: Bad Request - schema: - $ref: '#/definitions/api.Error' - "401": - description: Unauthorized - schema: - $ref: '#/definitions/api.Error' - "404": - description: Not Found - schema: - $ref: '#/definitions/api.Error' - "500": - description: Internal Server Error - schema: - $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Get user by ID - tags: - - Users - put: - consumes: - - application/json - description: Updates the details of an existing user - parameters: - - description: User ID - in: path - name: id - required: true - type: string - - description: User details - in: body - name: user - required: true - schema: - $ref: '#/definitions/handler.UserHandler' - produces: - - application/json - responses: - "200": - description: OK - schema: - $ref: '#/definitions/handler.GenericDataResponse-relational_User' - "400": - description: Bad Request - schema: - $ref: '#/definitions/api.Error' - "401": - description: Unauthorized - schema: - $ref: '#/definitions/api.Error' - "404": - description: Not Found - schema: - $ref: '#/definitions/api.Error' - "500": - description: Internal Server Error - schema: - $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Update user details - tags: - - Users - /agent/heartbeat: - post: - consumes: - - application/json - description: Creates a new heartbeat record for monitoring. - parameters: - - description: Heartbeat payload - in: body - name: heartbeat - required: true - schema: - $ref: '#/definitions/handler.HeartbeatCreateRequest' - produces: - - application/json - responses: - "201": - description: Created - "400": - description: Bad Request - schema: - $ref: '#/definitions/api.Error' - "500": - description: Internal Server Error - schema: - $ref: '#/definitions/api.Error' - summary: Create Heartbeat - tags: - - Heartbeat - /agent/heartbeat/over-time: - get: - description: Retrieves heartbeat counts aggregated by 2-minute intervals. - produces: - - application/json - responses: - "200": - description: OK - schema: - $ref: '#/definitions/handler.GenericDataListResponse-handler_OverTime_HeartbeatInterval' - "500": - description: Internal Server Error - schema: - $ref: '#/definitions/api.Error' - summary: Get Heartbeat Metrics Over Time - tags: - - Heartbeat - /auth/forgot-password: - post: - consumes: - - application/json - description: Sends a password reset email to users with authMethod=password - parameters: - - description: Email - in: body - name: request - required: true - schema: - $ref: '#/definitions/auth.AuthHandler' - produces: - - application/json - responses: - "200": - description: OK - schema: - $ref: '#/definitions/handler.GenericDataResponse-string' - "400": - description: Bad Request - schema: - $ref: '#/definitions/api.Error' - "404": - description: Not Found - schema: - $ref: '#/definitions/api.Error' - "500": - description: Internal Server Error - schema: - $ref: '#/definitions/api.Error' - summary: Forgot password - tags: - - Auth - /auth/login: - post: - consumes: - - application/json - description: Login user and returns a JWT token and sets a cookie with the token - parameters: - - description: Login Data - in: body - name: loginRequest - required: true - schema: - $ref: '#/definitions/auth.AuthHandler' - produces: - - application/json - responses: - "200": - description: OK - schema: - $ref: '#/definitions/handler.GenericDataResponse-auth_AuthHandler' - "400": - description: Bad Request - schema: - $ref: '#/definitions/api.Error' - "401": - description: Unauthorized - schema: - $ref: '#/definitions/handler.GenericDataResponse-auth_AuthHandler' - "500": - description: Internal Server Error - schema: - $ref: '#/definitions/api.Error' - summary: Login user - tags: - - Auth - /auth/password-reset: - post: - consumes: - - application/json - description: Resets password using a valid JWT token - parameters: - - description: Reset data - in: body - name: request - required: true - schema: - $ref: '#/definitions/auth.AuthHandler' - produces: - - application/json - responses: - "200": - description: OK - schema: - $ref: '#/definitions/handler.GenericDataResponse-string' - "400": - description: Bad Request - schema: - $ref: '#/definitions/api.Error' - "401": - description: Unauthorized - schema: - $ref: '#/definitions/api.Error' - "500": - description: Internal Server Error - schema: - $ref: '#/definitions/api.Error' - summary: Reset password - tags: - - Auth - /auth/publickey: - get: - consumes: - - application/json - description: Get JSON Web Key (JWK) representation of the JWT public key - produces: - - application/json - responses: - "200": - description: OK - schema: - $ref: '#/definitions/authn.JWK' - "500": - description: Internal Server Error - schema: - $ref: '#/definitions/api.Error' - summary: Get JWK - tags: - - Auth - /auth/token: - post: - consumes: - - application/x-www-form-urlencoded - description: Get OAuth2 token using username and password - parameters: - - description: Username (email) - in: formData - name: username - required: true - type: string - - description: Password - in: formData - name: password - required: true - type: string - produces: - - application/json - responses: - "200": - description: OK - schema: - $ref: '#/definitions/auth.AuthHandler' - "400": - description: Bad Request - schema: - $ref: '#/definitions/api.Error' - "401": - description: Unauthorized - schema: - $ref: '#/definitions/api.Error' - "500": - description: Internal Server Error - schema: - $ref: '#/definitions/api.Error' - summary: Get OAuth2 token - tags: - - Auth - /evidence: - post: - consumes: - - application/json - description: Creates a new Evidence record including activities, inventory items, - components, and subjects. - parameters: - - description: Evidence create request - in: body - name: evidence - required: true - schema: - $ref: '#/definitions/handler.EvidenceCreateRequest' - produces: - - application/json - responses: - "201": - description: Created - schema: - $ref: '#/definitions/handler.GenericDataResponse-relational_Evidence' - "400": - description: Bad Request - schema: - $ref: '#/definitions/api.Error' - "500": - description: Internal Server Error - schema: - $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Create new Evidence - tags: - - Evidence - /evidence-templates: - get: - description: List evidence templates with optional filters and pagination. - parameters: - - description: Plugin ID - in: query - name: pluginId - type: string - - description: Policy package - in: query - name: policyPackage - type: string - - description: Active flag - in: query - name: isActive - type: boolean - - description: Page number - in: query - name: page - type: integer - - description: Page size - in: query - name: limit - type: integer - produces: - - application/json - responses: - "200": - description: OK - schema: - $ref: '#/definitions/service.ListResponse-templates_evidenceTemplateResponse' - "400": - description: Bad Request - schema: - $ref: '#/definitions/api.Error' - "500": - description: Internal Server Error - schema: - $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: List evidence templates - tags: - - Evidence Templates - post: - consumes: - - application/json - description: Create an evidence template with selector labels, label schema, - and linked risk/subject template IDs. - parameters: - - description: Evidence template payload - in: body - name: template - required: true - schema: - $ref: '#/definitions/templates.upsertEvidenceTemplateRequest' - produces: - - application/json - responses: - "201": - description: Created - schema: - $ref: '#/definitions/templates.evidenceTemplateDataResponse' - "400": - description: Bad Request - schema: - $ref: '#/definitions/api.Error' - "500": - description: Internal Server Error - schema: - $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Create evidence template - tags: - - Evidence Templates - /evidence-templates/{id}: - delete: - description: Delete an evidence template and its associated selector labels, - label schema, and join rows. - parameters: - - description: Evidence Template ID - in: path - name: id - required: true - type: string - produces: - - application/json - responses: - "204": - description: No Content - "400": - description: Bad Request - schema: - $ref: '#/definitions/api.Error' - "404": - description: Not Found - schema: - $ref: '#/definitions/api.Error' - "500": - description: Internal Server Error - schema: - $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Delete evidence template - tags: - - Evidence Templates - get: - description: Get an evidence template by ID. - parameters: - - description: Evidence Template ID - in: path - name: id - required: true - type: string - produces: - - application/json - responses: - "200": - description: OK - schema: - $ref: '#/definitions/templates.evidenceTemplateDataResponse' - "400": - description: Bad Request - schema: - $ref: '#/definitions/api.Error' - "404": - description: Not Found - schema: - $ref: '#/definitions/api.Error' - "500": - description: Internal Server Error - schema: - $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Get evidence template - tags: - - Evidence Templates - put: - consumes: - - application/json - description: Update an evidence template and atomically replace selector labels, - label schema, and linked IDs. - parameters: - - description: Evidence Template ID - in: path - name: id - required: true - type: string - - description: Evidence template payload - in: body - name: template - required: true - schema: - $ref: '#/definitions/templates.upsertEvidenceTemplateRequest' - produces: - - application/json - responses: - "200": - description: OK - schema: - $ref: '#/definitions/templates.evidenceTemplateDataResponse' - "400": - description: Bad Request - schema: - $ref: '#/definitions/api.Error' - "404": - description: Not Found - schema: - $ref: '#/definitions/api.Error' - "500": - description: Internal Server Error - schema: - $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Update evidence template - tags: - - Evidence Templates - /evidence/{id}: - get: - description: Retrieves a single Evidence record by its unique ID, including - associated activities, inventory items, components, subjects, and labels. - parameters: - - description: Evidence ID - in: path - name: id - required: true - type: string - produces: - - application/json - responses: - "200": - description: OK - schema: - $ref: '#/definitions/handler.GenericDataResponse-handler_OscalLikeEvidence' - "400": - description: Bad Request - schema: - $ref: '#/definitions/api.Error' - "404": - description: Not Found - schema: - $ref: '#/definitions/api.Error' - "500": - description: Internal Server Error - schema: - $ref: '#/definitions/api.Error' - summary: Get Evidence by ID - tags: - - Evidence - /evidence/compliance-by-control/{id}: - get: - description: Retrieves the count of evidence statuses for filters associated - with a specific Control ID. - parameters: - - description: Control ID - in: path - name: id - required: true - type: string - produces: - - application/json - responses: - "200": - description: OK - schema: - $ref: '#/definitions/handler.GenericDataListResponse-evidence_StatusCount' - "500": - description: Internal Server Error - schema: - $ref: '#/definitions/api.Error' - summary: Get compliance counts by control - tags: - - Evidence - /evidence/compliance-by-filter/{id}: - get: - description: Retrieves the count of evidence statuses for a specific filter/dashboard. - parameters: - - description: Filter/Dashboard ID (UUID) - in: path - name: id - required: true - type: string - produces: - - application/json - responses: - "200": - description: OK - schema: - $ref: '#/definitions/handler.GenericDataListResponse-evidence_StatusCount' - "400": - description: Invalid UUID - schema: - $ref: '#/definitions/api.Error' - "404": - description: Not Found - schema: - $ref: '#/definitions/api.Error' - "500": - description: Internal Server Error - schema: - $ref: '#/definitions/api.Error' - summary: Get compliance status counts by filter/dashboard ID - tags: - - Evidence - /evidence/for-control/{id}: - get: - description: Retrieves Evidence records associated with a specific Control ID, - including related activities, inventory items, components, subjects, and labels. - parameters: - - description: Control ID - in: path - name: id - required: true - type: string - produces: - - application/json - responses: - "200": - description: OK - schema: - $ref: '#/definitions/handler.ForControl.EvidenceDataListResponse' - "400": - description: Bad Request - schema: - $ref: '#/definitions/api.Error' - "404": - description: Not Found - schema: - $ref: '#/definitions/api.Error' - "500": - description: Internal Server Error - schema: - $ref: '#/definitions/api.Error' - summary: List Evidence for a Control - tags: - - Evidence - /evidence/history/{id}: - get: - description: Retrieves a the history for a Evidence record by its UUID, including - associated activities, inventory items, components, subjects, and labels. - parameters: - - description: Evidence ID - in: path - name: id - required: true - type: string - produces: - - application/json - responses: - "200": - description: OK - schema: - $ref: '#/definitions/handler.GenericDataListResponse-handler_OscalLikeEvidence' - "400": - description: Bad Request - schema: - $ref: '#/definitions/api.Error' - "404": - description: Not Found - schema: - $ref: '#/definitions/api.Error' - "500": - description: Internal Server Error - schema: - $ref: '#/definitions/api.Error' - summary: Get Evidence history by UUID - tags: - - Evidence - /evidence/search: - post: - consumes: - - application/json - description: Searches Evidence records by label filters. - parameters: - - description: Label filter - in: body - name: filter - required: true - schema: - $ref: '#/definitions/labelfilter.Filter' - produces: - - application/json - responses: - "200": - description: OK - schema: - $ref: '#/definitions/handler.GenericDataListResponse-relational_Evidence' - "422": - description: Unprocessable Entity - schema: - $ref: '#/definitions/api.Error' - "500": - description: Internal Server Error - schema: - $ref: '#/definitions/api.Error' - summary: Search Evidence - tags: - - Evidence - /evidence/status-over-time: - post: - consumes: - - application/json - description: Retrieves counts of evidence statuses at various time intervals - based on a label filter. - parameters: - - description: Label filter - in: body - name: filter - required: true - schema: - $ref: '#/definitions/labelfilter.Filter' - - description: Comma-separated list of duration intervals (e.g., '10m,1h,24h') - in: query - name: intervals - type: string - produces: - - application/json - responses: - "200": - description: OK - schema: - $ref: '#/definitions/handler.GenericDataListResponse-handler_StatusInterval' - "400": - description: Bad Request - schema: - $ref: '#/definitions/api.Error' - "422": - description: Unprocessable Entity - schema: - $ref: '#/definitions/api.Error' - "500": - description: Internal Server Error - schema: - $ref: '#/definitions/api.Error' - summary: Evidence status metrics over intervals - tags: - - Evidence - /evidence/status-over-time/{id}: - get: - description: Retrieves counts of evidence statuses at various time intervals - for a specific evidence stream identified by UUID. - parameters: - - description: Evidence UUID - in: path - name: id - required: true - type: string - - description: Comma-separated list of duration intervals (e.g., '10m,1h,24h') - in: query - name: intervals - type: string - produces: - - application/json - responses: - "200": - description: OK - schema: - $ref: '#/definitions/handler.GenericDataListResponse-handler_StatusInterval' - "400": - description: Bad Request - schema: - $ref: '#/definitions/api.Error' - "422": - description: Unprocessable Entity - schema: - $ref: '#/definitions/api.Error' - "500": - description: Internal Server Error - schema: - $ref: '#/definitions/api.Error' - summary: Evidence status metrics over intervals by UUID - tags: - - Evidence - /filters: - get: - description: Retrieves all filters, optionally filtered by controlId or componentId. - produces: - - application/json - responses: - "200": - description: OK - schema: - $ref: '#/definitions/handler.GenericDataListResponse-handler_FilterWithAssociations' - "500": - description: Internal Server Error - schema: - $ref: '#/definitions/api.Error' - summary: List filters - tags: - - Filters - post: - consumes: - - application/json - description: Creates a new filter. - parameters: - - description: Filter to add - in: body - name: filter - required: true - schema: - $ref: '#/definitions/handler.createFilterRequest' - produces: - - application/json - responses: - "201": - description: Created - schema: - $ref: '#/definitions/handler.GenericDataResponse-relational_Filter' - "400": - description: Bad Request - schema: - $ref: '#/definitions/api.Error' - "422": - description: Unprocessable Entity - schema: - $ref: '#/definitions/api.Error' - "500": - description: Internal Server Error - schema: - $ref: '#/definitions/api.Error' - summary: Create a new filter - tags: - - Filters - /filters/{id}: - delete: - description: Deletes a filter. - parameters: - - description: Filter ID - in: path - name: id - required: true - type: string - responses: - "204": - description: No Content - "400": - description: Bad Request - schema: - $ref: '#/definitions/api.Error' - "404": - description: Not Found - schema: - $ref: '#/definitions/api.Error' - "500": - description: Internal Server Error - schema: - $ref: '#/definitions/api.Error' - summary: Delete a filter - tags: - - Filters - get: - description: Retrieves a single filter by its unique ID. - parameters: - - description: Filter ID - in: path - name: id - required: true - type: string - produces: - - application/json - responses: - "200": - description: OK - schema: - $ref: '#/definitions/handler.GenericDataResponse-handler_FilterWithAssociations' - "400": - description: Bad Request - schema: - $ref: '#/definitions/api.Error' - "404": - description: Not Found - schema: - $ref: '#/definitions/api.Error' - "500": - description: Internal Server Error - schema: - $ref: '#/definitions/api.Error' - summary: Get a filter - tags: - - Filters - put: - consumes: - - application/json - description: Updates an existing filter. - parameters: - - description: Filter ID - in: path - name: id - required: true - type: string - - description: Filter to update - in: body - name: filter - required: true - schema: - $ref: '#/definitions/handler.createFilterRequest' - produces: - - application/json - responses: - "200": - description: OK - schema: - $ref: '#/definitions/handler.GenericDataResponse-relational_Filter' - "400": - description: Bad Request - schema: - $ref: '#/definitions/api.Error' - "404": - description: Not Found - schema: - $ref: '#/definitions/api.Error' - "500": - description: Internal Server Error - schema: - $ref: '#/definitions/api.Error' - summary: Update a filter - tags: - - Filters - /filters/import: - post: - consumes: - - multipart/form-data - description: Import multiple dashboard filter JSON files - parameters: - - description: Dashboard filter JSON files to import - in: formData - name: files - required: true - type: file - produces: - - application/json - responses: - "200": - description: OK - schema: - $ref: '#/definitions/handler.GenericDataResponse-handler_FilterImportResponse' - "400": - description: Bad Request - schema: - $ref: '#/definitions/api.Error' - "500": - description: Internal Server Error - schema: - $ref: '#/definitions/api.Error' - summary: Import dashboard filters - tags: - - Filters - /oscal/activities: - post: - consumes: - - application/json - description: Creates a new activity for us in other resources. - parameters: - - description: Activity object - in: body - name: activity - required: true - schema: - $ref: '#/definitions/oscalTypes_1_1_3.Activity' - produces: - - application/json - responses: - "201": - description: Created - schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Activity' - "400": - description: Bad Request - schema: - $ref: '#/definitions/api.Error' - "404": - description: Not Found - schema: - $ref: '#/definitions/api.Error' - "500": - description: Internal Server Error - schema: - $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Create an Activity - tags: - - Activities - /oscal/activities/{id}: - delete: - description: Deletes an activity - parameters: - - description: Activity ID - in: path - name: id - required: true - type: string - responses: - "204": - description: No Content - "400": - description: Bad Request - schema: - $ref: '#/definitions/api.Error' - "404": - description: Not Found - schema: - $ref: '#/definitions/api.Error' - "500": - description: Internal Server Error - schema: - $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Delete Activity - tags: - - Activities - get: - consumes: - - application/json - description: Retrieves an Activity by its unique ID. - parameters: - - description: Activity ID - in: path - name: id - required: true - type: string - produces: - - application/json - responses: - "200": - description: OK - schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Activity' - "400": - description: Bad Request - schema: - $ref: '#/definitions/api.Error' - "404": - description: Not Found - schema: - $ref: '#/definitions/api.Error' - "500": - description: Internal Server Error - schema: - $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Retrieve an Activity - tags: - - Activities - put: - consumes: - - application/json - description: Updates properties of an existing Activity by its ID. - parameters: - - description: Activity ID - in: path - name: id - required: true - type: string - - description: Activity object - in: body - name: activity - required: true - schema: - $ref: '#/definitions/oscalTypes_1_1_3.Activity' - produces: - - application/json - responses: - "200": - description: OK - schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Activity' - "400": - description: Bad Request - schema: - $ref: '#/definitions/api.Error' - "404": - description: Not Found - schema: - $ref: '#/definitions/api.Error' - "500": - description: Internal Server Error - schema: - $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Update an Activity - tags: - - Activities - /oscal/assessment-plans: - get: - description: Retrieves all Assessment Plans. - produces: - - application/json - responses: - "200": - description: OK - schema: - $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_AssessmentPlan' - "400": - description: Bad Request - schema: - $ref: '#/definitions/api.Error' - "500": - description: Internal Server Error - schema: - $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: List Assessment Plans - tags: - - Assessment Plans - post: - consumes: - - application/json - description: Creates a new OSCAL Assessment Plan with comprehensive validation. - parameters: - - description: 'Assessment Plan object with required fields: UUID, metadata - (title, version), import-ssp' - in: body - name: plan - required: true - schema: - $ref: '#/definitions/oscalTypes_1_1_3.AssessmentPlan' - produces: - - application/json - responses: - "201": - description: Successfully created assessment plan - schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_AssessmentPlan' - "400": - description: Bad request - validation errors or malformed input - schema: - $ref: '#/definitions/api.Error' - "401": - description: Unauthorized - invalid or missing JWT token - schema: - $ref: '#/definitions/api.Error' - "500": - description: Internal server error - schema: - $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Create an Assessment Plan - tags: - - Assessment Plans - /oscal/assessment-plans/{id}: - delete: - description: Deletes an Assessment Plan by its unique ID. - parameters: - - description: Assessment Plan ID - in: path - name: id - required: true - type: string - responses: - "204": - description: No Content - "400": - description: Bad Request - schema: - $ref: '#/definitions/api.Error' - "404": - description: Not Found - schema: - $ref: '#/definitions/api.Error' - "500": - description: Internal Server Error - schema: - $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Delete an Assessment Plan - tags: - - Assessment Plans - get: - description: Retrieves a single Assessment Plan by its unique ID. - parameters: - - description: Assessment Plan ID - in: path - name: id - required: true - type: string - produces: - - application/json - responses: - "200": - description: OK - schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_AssessmentPlan' - "400": - description: Bad Request - schema: - $ref: '#/definitions/api.Error' - "404": - description: Not Found - schema: - $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Get an Assessment Plan - tags: - - Assessment Plans - put: - consumes: - - application/json - description: Updates an existing Assessment Plan. - parameters: - - description: Assessment Plan ID - in: path - name: id - required: true - type: string - - description: Assessment Plan object - in: body - name: plan - required: true - schema: - $ref: '#/definitions/oscalTypes_1_1_3.AssessmentPlan' - produces: - - application/json - responses: - "200": - description: OK - schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_AssessmentPlan' - "400": - description: Bad Request - schema: - $ref: '#/definitions/api.Error' - "404": - description: Not Found - schema: - $ref: '#/definitions/api.Error' - "500": - description: Internal Server Error - schema: - $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Update an Assessment Plan - tags: - - Assessment Plans - /oscal/assessment-plans/{id}/assessment-assets: - get: - description: Retrieves all assessment assets for an Assessment Plan. - parameters: - - description: Assessment Plan ID - in: path - name: id - required: true - type: string - produces: - - application/json - responses: - "200": - description: OK - schema: - $ref: '#/definitions/handler.GenericDataResponse-array_oscalTypes_1_1_3_AssessmentAssets' - "400": - description: Bad Request - schema: - $ref: '#/definitions/api.Error' - "404": - description: Not Found - schema: - $ref: '#/definitions/api.Error' - "500": - description: Internal Server Error - schema: - $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Get Assessment Plan Assets - tags: - - Assessment Plans - post: - consumes: - - application/json - description: Creates a new assessment asset for an Assessment Plan. - parameters: - - description: Assessment Plan ID - in: path - name: id - required: true - type: string - - description: Assessment Asset object - in: body - name: asset - required: true - schema: - $ref: '#/definitions/oscalTypes_1_1_3.AssessmentAssets' - produces: - - application/json - responses: - "201": - description: Created - schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_AssessmentAssets' - "400": - description: Bad Request - schema: - $ref: '#/definitions/api.Error' - "404": - description: Not Found - schema: - $ref: '#/definitions/api.Error' - "500": - description: Internal Server Error - schema: - $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Create Assessment Plan Asset - tags: - - Assessment Plans - /oscal/assessment-plans/{id}/assessment-assets/{assetId}: - delete: - description: Deletes an assessment asset from an Assessment Plan. - parameters: - - description: Assessment Plan ID - in: path - name: id - required: true - type: string - - description: Assessment Asset ID - in: path - name: assetId - required: true - type: string - responses: - "204": - description: No Content - "400": - description: Bad Request - schema: - $ref: '#/definitions/api.Error' - "404": - description: Not Found - schema: - $ref: '#/definitions/api.Error' - "500": - description: Internal Server Error - schema: - $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Delete Assessment Plan Asset - tags: - - Assessment Plans - put: - consumes: - - application/json - description: Updates an existing assessment asset for an Assessment Plan. - parameters: - - description: Assessment Plan ID - in: path - name: id - required: true - type: string - - description: Assessment Asset ID - in: path - name: assetId - required: true - type: string - - description: Assessment Asset object - in: body - name: asset - required: true - schema: - $ref: '#/definitions/oscalTypes_1_1_3.AssessmentAssets' - produces: - - application/json - responses: - "200": - description: OK - schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_AssessmentAssets' - "400": - description: Bad Request - schema: - $ref: '#/definitions/api.Error' - "404": - description: Not Found - schema: - $ref: '#/definitions/api.Error' - "500": - description: Internal Server Error - schema: - $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Update Assessment Plan Asset - tags: - - Assessment Plans - /oscal/assessment-plans/{id}/assessment-subjects: - get: - description: Retrieves all assessment subjects for an Assessment Plan. - parameters: - - description: Assessment Plan ID - in: path - name: id - required: true - type: string - produces: - - application/json - responses: - "200": - description: OK - schema: - $ref: '#/definitions/handler.GenericDataResponse-array_oscalTypes_1_1_3_AssessmentSubject' - "400": - description: Bad Request - schema: - $ref: '#/definitions/api.Error' - "404": - description: Not Found - schema: - $ref: '#/definitions/api.Error' - "500": - description: Internal Server Error - schema: - $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Get Assessment Plan Subjects - tags: - - Assessment Plans - post: - consumes: - - application/json - description: Creates a new assessment subject for an Assessment Plan. - parameters: - - description: Assessment Plan ID - in: path - name: id - required: true - type: string - - description: Assessment Subject object - in: body - name: subject - required: true - schema: - $ref: '#/definitions/oscalTypes_1_1_3.AssessmentSubject' - produces: - - application/json - responses: - "201": - description: Created - schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_AssessmentSubject' - "400": - description: Bad Request - schema: - $ref: '#/definitions/api.Error' - "404": - description: Not Found - schema: - $ref: '#/definitions/api.Error' - "500": - description: Internal Server Error - schema: - $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Create Assessment Plan Subject - tags: - - Assessment Plans - /oscal/assessment-plans/{id}/assessment-subjects/{subjectId}: - delete: - description: Deletes an assessment subject from an Assessment Plan. - parameters: - - description: Assessment Plan ID - in: path - name: id - required: true - type: string - - description: Assessment Subject ID - in: path - name: subjectId - required: true - type: string - responses: - "204": - description: No Content - "400": - description: Bad Request - schema: - $ref: '#/definitions/api.Error' - "404": - description: Not Found - schema: - $ref: '#/definitions/api.Error' - "500": - description: Internal Server Error - schema: - $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Delete Assessment Plan Subject - tags: - - Assessment Plans - put: - consumes: - - application/json - description: Updates an existing assessment subject for an Assessment Plan. - parameters: - - description: Assessment Plan ID - in: path - name: id - required: true - type: string - - description: Assessment Subject ID - in: path - name: subjectId - required: true - type: string - - description: Assessment Subject object - in: body - name: subject - required: true - schema: - $ref: '#/definitions/oscalTypes_1_1_3.AssessmentSubject' - produces: - - application/json - responses: - "200": - description: OK - schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_AssessmentSubject' - "400": - description: Bad Request - schema: - $ref: '#/definitions/api.Error' - "404": - description: Not Found - schema: - $ref: '#/definitions/api.Error' - "500": - description: Internal Server Error - schema: - $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Update Assessment Plan Subject - tags: - - Assessment Plans - /oscal/assessment-plans/{id}/back-matter: - get: - description: Retrieves back matter for an Assessment Plan. - parameters: - - description: Assessment Plan ID - in: path - name: id - required: true - type: string - produces: - - application/json - responses: - "200": - description: OK - schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_BackMatter' - "400": - description: Bad Request - schema: - $ref: '#/definitions/api.Error' - "404": - description: Not Found - schema: - $ref: '#/definitions/api.Error' - "500": - description: Internal Server Error - schema: - $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Get Assessment Plan Back Matter - tags: - - Assessment Plans - /oscal/assessment-plans/{id}/full: - get: - description: Retrieves a single Assessment Plan by its unique ID with all related - data preloaded. - parameters: - - description: Assessment Plan ID - in: path - name: id - required: true - type: string - produces: - - application/json - responses: - "200": - description: OK - schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_AssessmentPlan' - "400": - description: Bad Request - schema: - $ref: '#/definitions/api.Error' - "404": - description: Not Found - schema: - $ref: '#/definitions/api.Error' - "500": - description: Internal Server Error - schema: - $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Get a full Assessment Plan - tags: - - Assessment Plans - /oscal/assessment-plans/{id}/import-ssp: - get: - description: Retrieves import SSP information for an Assessment Plan. - parameters: - - description: Assessment Plan ID - in: path - name: id - required: true - type: string - produces: - - application/json - responses: - "200": - description: OK - schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_ImportSsp' - "400": - description: Bad Request - schema: - $ref: '#/definitions/api.Error' - "404": - description: Not Found - schema: - $ref: '#/definitions/api.Error' - "500": - description: Internal Server Error - schema: - $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Get Assessment Plan Import SSP - tags: - - Assessment Plans - /oscal/assessment-plans/{id}/local-definitions: - get: - description: Retrieves local definitions for an Assessment Plan. - parameters: - - description: Assessment Plan ID - in: path - name: id - required: true - type: string - produces: - - application/json - responses: - "200": - description: OK - schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_LocalDefinitions' - "400": - description: Bad Request - schema: - $ref: '#/definitions/api.Error' - "404": - description: Not Found - schema: - $ref: '#/definitions/api.Error' - "500": - description: Internal Server Error - schema: - $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Get Assessment Plan Local Definitions - tags: - - Assessment Plans - /oscal/assessment-plans/{id}/metadata: - get: - description: Retrieves metadata for an Assessment Plan. - parameters: - - description: Assessment Plan ID - in: path - name: id - required: true - type: string - produces: - - application/json - responses: - "200": - description: OK - schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Metadata' - "400": - description: Bad Request - schema: - $ref: '#/definitions/api.Error' - "404": - description: Not Found - schema: - $ref: '#/definitions/api.Error' - "500": - description: Internal Server Error - schema: - $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Get Assessment Plan Metadata - tags: - - Assessment Plans - /oscal/assessment-plans/{id}/tasks: - get: - description: Retrieves all tasks for an Assessment Plan. - parameters: - - description: Assessment Plan ID - in: path - name: id - required: true - type: string - produces: - - application/json - responses: - "200": - description: OK - schema: - $ref: '#/definitions/handler.GenericDataResponse-array_oscalTypes_1_1_3_Task' - "400": - description: Bad Request - schema: - $ref: '#/definitions/api.Error' - "404": - description: Not Found - schema: - $ref: '#/definitions/api.Error' - "500": - description: Internal Server Error - schema: - $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Get Assessment Plan Tasks - tags: - - Assessment Plans - post: - consumes: - - application/json - description: Creates a new task for an Assessment Plan. - parameters: - - description: Assessment Plan ID - in: path - name: id - required: true - type: string - - description: Task object - in: body - name: task - required: true - schema: - $ref: '#/definitions/oscalTypes_1_1_3.Task' - produces: - - application/json - responses: - "201": - description: Created - schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Task' - "400": - description: Bad Request - schema: - $ref: '#/definitions/api.Error' - "404": - description: Not Found - schema: - $ref: '#/definitions/api.Error' - "500": - description: Internal Server Error - schema: - $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Create Assessment Plan Task - tags: - - Assessment Plans - /oscal/assessment-plans/{id}/tasks/{taskId}: - delete: - description: Deletes a task from an Assessment Plan. - parameters: - - description: Assessment Plan ID - in: path - name: id - required: true - type: string - - description: Task ID - in: path - name: taskId - required: true - type: string - responses: - "204": - description: No Content - "400": - description: Bad Request - schema: - $ref: '#/definitions/api.Error' - "404": - description: Not Found - schema: - $ref: '#/definitions/api.Error' - "500": - description: Internal Server Error - schema: - $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Delete Assessment Plan Task - tags: - - Assessment Plans - put: - consumes: - - application/json - description: Updates an existing task for an Assessment Plan. - parameters: - - description: Assessment Plan ID - in: path - name: id - required: true - type: string - - description: Task ID - in: path - name: taskId - required: true - type: string - - description: Task object - in: body - name: task - required: true - schema: - $ref: '#/definitions/oscalTypes_1_1_3.Task' - produces: - - application/json - responses: - "200": - description: OK - schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Task' - "400": - description: Bad Request - schema: - $ref: '#/definitions/api.Error' - "404": - description: Not Found - schema: - $ref: '#/definitions/api.Error' - "500": - description: Internal Server Error - schema: - $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Update Assessment Plan Task - tags: - - Assessment Plans - /oscal/assessment-plans/{id}/tasks/{taskId}/associated-activities: - get: - description: Retrieves all Activities associated with a specific Task in an - Assessment Plan. - parameters: - - description: Assessment Plan ID - in: path - name: id - required: true - type: string - - description: Task ID - in: path - name: taskId - required: true - type: string - produces: - - application/json - responses: - "200": - description: OK - schema: - $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_AssociatedActivity' - "400": - description: Bad Request - schema: - $ref: '#/definitions/api.Error' - "404": - description: Not Found - schema: - $ref: '#/definitions/api.Error' - "500": - description: Internal Server Error - schema: - $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: List Associated Activities for a Task - tags: - - Assessment Plans - /oscal/assessment-plans/{id}/tasks/{taskId}/associated-activities/{activityId}: - delete: - description: Removes an association of an Activity from a Task within an Assessment - Plan. - parameters: - - description: Assessment Plan ID - in: path - name: id - required: true - type: string - - description: Task ID - in: path - name: taskId - required: true - type: string - - description: Activity ID - in: path - name: activityId - required: true - type: string - responses: - "204": - description: No Content - "400": - description: Bad Request - schema: - $ref: '#/definitions/api.Error' - "404": - description: Not Found - schema: - $ref: '#/definitions/api.Error' - "500": - description: Internal Server Error - schema: - $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Disassociate an Activity from a Task - tags: - - Assessment Plans - post: - description: Associates an existing Activity to a Task within an Assessment - Plan. - parameters: - - description: Assessment Plan ID - in: path - name: id - required: true - type: string - - description: Task ID - in: path - name: taskId - required: true - type: string - - description: Activity ID - in: path - name: activityId - required: true - type: string - produces: - - application/json - responses: - "200": - description: No Content - "400": - description: Bad Request - schema: - $ref: '#/definitions/api.Error' - "404": - description: Not Found - schema: - $ref: '#/definitions/api.Error' - "500": - description: Internal Server Error - schema: - $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Associate an Activity with a Task - tags: - - Assessment Plans - /oscal/assessment-plans/{id}/terms-and-conditions: - get: - description: Retrieves terms and conditions for an Assessment Plan. - parameters: - - description: Assessment Plan ID - in: path - name: id - required: true - type: string - produces: - - application/json - responses: - "200": - description: OK - schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_AssessmentPlanTermsAndConditions' - "400": - description: Bad Request - schema: - $ref: '#/definitions/api.Error' - "404": - description: Not Found - schema: - $ref: '#/definitions/api.Error' - "500": - description: Internal Server Error - schema: - $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Get Assessment Plan Terms and Conditions - tags: - - Assessment Plans - /oscal/assessment-results: - get: - description: Retrieves all Assessment Results. - produces: - - application/json - responses: - "200": - description: OK - schema: - $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_AssessmentResults' - "400": - description: Bad Request - schema: - $ref: '#/definitions/api.Error' - "500": - description: Internal Server Error - schema: - $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: List Assessment Results - tags: - - Assessment Results - post: - consumes: - - application/json - description: Creates an Assessment Results from input. - parameters: - - description: Assessment Results data - in: body - name: ar - required: true - schema: - $ref: '#/definitions/oscalTypes_1_1_3.AssessmentResults' - produces: - - application/json - responses: - "201": - description: Created - schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_AssessmentResults' - "400": - description: Bad Request - schema: - $ref: '#/definitions/api.Error' - "500": - description: Internal Server Error - schema: - $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Create an Assessment Results - tags: - - Assessment Results - /oscal/assessment-results/{id}: - delete: - description: Deletes an Assessment Results by its ID. - parameters: - - description: Assessment Results ID - in: path - name: id - required: true - type: string - responses: - "204": - description: No Content - "400": - description: Bad Request - schema: - $ref: '#/definitions/api.Error' - "404": - description: Not Found - schema: - $ref: '#/definitions/api.Error' - "500": - description: Internal Server Error - schema: - $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Delete an Assessment Results - tags: - - Assessment Results - get: - description: Retrieves a single Assessment Results by its unique ID. - parameters: - - description: Assessment Results ID - in: path - name: id - required: true - type: string - produces: - - application/json - responses: - "200": - description: OK - schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_AssessmentResults' - "400": - description: Bad Request - schema: - $ref: '#/definitions/api.Error' - "404": - description: Not Found - schema: - $ref: '#/definitions/api.Error' - "500": - description: Internal Server Error - schema: - $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Get an Assessment Results - tags: - - Assessment Results - put: - consumes: - - application/json - description: Updates an existing Assessment Results. - parameters: - - description: Assessment Results ID - in: path - name: id - required: true - type: string - - description: Updated Assessment Results object - in: body - name: ar - required: true - schema: - $ref: '#/definitions/oscalTypes_1_1_3.AssessmentResults' - produces: - - application/json - responses: - "200": - description: OK - schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_AssessmentResults' - "400": - description: Bad Request - schema: - $ref: '#/definitions/api.Error' - "404": - description: Not Found - schema: - $ref: '#/definitions/api.Error' - "500": - description: Internal Server Error - schema: - $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Update an Assessment Results - tags: - - Assessment Results - /oscal/assessment-results/{id}/available-controls: - get: - description: Retrieves controls that can be referenced in findings - parameters: - - description: Assessment Results ID - in: path - name: id - required: true - type: string - produces: - - application/json - responses: - "200": - description: OK - schema: - $ref: '#/definitions/handler.GenericDataListResponse-array_oscalTypes_1_1_3_Control' - "400": - description: Bad Request - schema: - $ref: '#/definitions/api.Error' - "404": - description: Not Found - schema: - $ref: '#/definitions/api.Error' - "500": - description: Internal Server Error - schema: - $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Get available controls for findings - tags: - - Assessment Results - /oscal/assessment-results/{id}/back-matter: - delete: - description: Deletes the back matter for an Assessment Results. - parameters: - - description: Assessment Results ID - in: path - name: id - required: true - type: string - responses: - "204": - description: No Content - "400": - description: Bad Request - schema: - $ref: '#/definitions/api.Error' - "404": - description: Not Found - schema: - $ref: '#/definitions/api.Error' - "500": - description: Internal Server Error - schema: - $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Delete back matter - tags: - - Assessment Results - get: - description: Retrieves the back matter for an Assessment Results. - parameters: - - description: Assessment Results ID - in: path - name: id - required: true - type: string - produces: - - application/json - responses: - "200": - description: OK - schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_BackMatter' - "400": - description: Bad Request - schema: - $ref: '#/definitions/api.Error' - "404": - description: Not Found - schema: - $ref: '#/definitions/api.Error' - "500": - description: Internal Server Error - schema: - $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Get back matter - tags: - - Assessment Results - post: - consumes: - - application/json - description: Creates or replaces the back matter for an Assessment Results. - parameters: - - description: Assessment Results ID - in: path - name: id - required: true - type: string - - description: Back Matter - in: body - name: backMatter - required: true - schema: - $ref: '#/definitions/oscalTypes_1_1_3.BackMatter' - produces: - - application/json - responses: - "201": - description: Created - schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_BackMatter' - "400": - description: Bad Request - schema: - $ref: '#/definitions/api.Error' - "404": - description: Not Found - schema: - $ref: '#/definitions/api.Error' - "500": - description: Internal Server Error - schema: - $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Create back matter - tags: - - Assessment Results - put: - consumes: - - application/json - description: Updates the back matter for an Assessment Results. - parameters: - - description: Assessment Results ID - in: path - name: id - required: true - type: string - - description: Back Matter - in: body - name: backMatter - required: true - schema: - $ref: '#/definitions/oscalTypes_1_1_3.BackMatter' - produces: - - application/json - responses: - "200": - description: OK - schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_BackMatter' - "400": - description: Bad Request - schema: - $ref: '#/definitions/api.Error' - "404": - description: Not Found - schema: - $ref: '#/definitions/api.Error' - "500": - description: Internal Server Error - schema: - $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Update back matter - tags: - - Assessment Results - /oscal/assessment-results/{id}/back-matter/resources: - get: - description: Retrieves all resources from the back matter for an Assessment - Results. - parameters: - - description: Assessment Results ID - in: path - name: id - required: true - type: string - produces: - - application/json - responses: - "200": - description: OK - schema: - $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_Resource' - "400": - description: Bad Request - schema: - $ref: '#/definitions/api.Error' - "404": - description: Not Found - schema: - $ref: '#/definitions/api.Error' - "500": - description: Internal Server Error - schema: - $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Get back matter resources - tags: - - Assessment Results - post: - consumes: - - application/json - description: Creates a new resource in the back matter for an Assessment Results. - parameters: - - description: Assessment Results ID - in: path - name: id - required: true - type: string - - description: Resource - in: body - name: resource - required: true - schema: - $ref: '#/definitions/oscalTypes_1_1_3.Resource' - produces: - - application/json - responses: - "201": - description: Created - schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Resource' - "400": - description: Bad Request - schema: - $ref: '#/definitions/api.Error' - "404": - description: Not Found - schema: - $ref: '#/definitions/api.Error' - "500": - description: Internal Server Error - schema: - $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Create back matter resource - tags: - - Assessment Results - /oscal/assessment-results/{id}/back-matter/resources/{resourceId}: - delete: - description: Deletes a specific resource from the back matter for an Assessment - Results. - parameters: - - description: Assessment Results ID - in: path - name: id - required: true - type: string - - description: Resource ID - in: path - name: resourceId - required: true - type: string - responses: - "204": - description: No Content - "400": - description: Bad Request - schema: - $ref: '#/definitions/api.Error' - "404": - description: Not Found - schema: - $ref: '#/definitions/api.Error' - "500": - description: Internal Server Error - schema: - $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Delete back matter resource - tags: - - Assessment Results - put: - consumes: - - application/json - description: Updates a specific resource in the back matter for an Assessment - Results. - parameters: - - description: Assessment Results ID - in: path - name: id - required: true - type: string - - description: Resource ID - in: path - name: resourceId - required: true - type: string - - description: Resource - in: body - name: resource - required: true - schema: - $ref: '#/definitions/oscalTypes_1_1_3.Resource' - produces: - - application/json - responses: - "200": - description: OK - schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Resource' - "400": - description: Bad Request - schema: - $ref: '#/definitions/api.Error' - "404": - description: Not Found - schema: - $ref: '#/definitions/api.Error' - "500": - description: Internal Server Error - schema: - $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Update back matter resource - tags: - - Assessment Results - /oscal/assessment-results/{id}/control/{controlId}: - get: - description: Retrieves a control with all its parts for reference in findings - parameters: - - description: Assessment Results ID - in: path - name: id - required: true - type: string - - description: Control ID - in: path - name: controlId - required: true - type: string - produces: - - application/json - responses: - "200": - description: OK - schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Control' - "400": - description: Bad Request - schema: - $ref: '#/definitions/api.Error' - "404": - description: Not Found - schema: - $ref: '#/definitions/api.Error' - "500": - description: Internal Server Error - schema: - $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Get control details with statements and objectives - tags: - - Assessment Results - /oscal/assessment-results/{id}/findings: - get: - description: Retrieves all findings in the system that can be associated with - results. - parameters: - - description: Assessment Results ID - in: path - name: id - required: true - type: string - produces: - - application/json - responses: - "200": - description: OK - schema: - $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_Finding' - "400": - description: Bad Request - schema: - $ref: '#/definitions/api.Error' - "404": - description: Not Found - schema: - $ref: '#/definitions/api.Error' - "500": - description: Internal Server Error - schema: - $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: List all findings available for association - tags: - - Assessment Results - /oscal/assessment-results/{id}/full: - get: - description: Retrieves a complete Assessment Results by its ID, including all - metadata and related objects. - parameters: - - description: Assessment Results ID - in: path - name: id - required: true - type: string - produces: - - application/json - responses: - "200": - description: OK - schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_AssessmentResults' - "400": - description: Bad Request - schema: - $ref: '#/definitions/api.Error' - "404": - description: Not Found - schema: - $ref: '#/definitions/api.Error' - "500": - description: Internal Server Error - schema: - $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Get a complete Assessment Results - tags: - - Assessment Results - /oscal/assessment-results/{id}/import-ap: - get: - description: Retrieves import-ap for a given Assessment Results. - parameters: - - description: Assessment Results ID - in: path - name: id - required: true - type: string - produces: - - application/json - responses: - "200": - description: OK - schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_ImportAp' - "400": - description: Bad Request - schema: - $ref: '#/definitions/api.Error' - "404": - description: Not Found - schema: - $ref: '#/definitions/api.Error' - "500": - description: Internal Server Error - schema: - $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Get Assessment Results import-ap - tags: - - Assessment Results - put: - consumes: - - application/json - description: Updates import-ap for a given Assessment Results. - parameters: - - description: Assessment Results ID - in: path - name: id - required: true - type: string - - description: Import AP data - in: body - name: importAp - required: true - schema: - $ref: '#/definitions/oscalTypes_1_1_3.ImportAp' - produces: - - application/json - responses: - "200": - description: OK - schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_ImportAp' - "400": - description: Bad Request - schema: - $ref: '#/definitions/api.Error' - "404": - description: Not Found - schema: - $ref: '#/definitions/api.Error' - "500": - description: Internal Server Error - schema: - $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Update Assessment Results import-ap - tags: - - Assessment Results - /oscal/assessment-results/{id}/local-definitions: - get: - description: Retrieves local-definitions for a given Assessment Results. - parameters: - - description: Assessment Results ID - in: path - name: id - required: true - type: string - produces: - - application/json - responses: - "200": - description: OK - schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_LocalDefinitions' - "400": - description: Bad Request - schema: - $ref: '#/definitions/api.Error' - "404": - description: Not Found - schema: - $ref: '#/definitions/api.Error' - "500": - description: Internal Server Error - schema: - $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Get Assessment Results local-definitions - tags: - - Assessment Results - put: - consumes: - - application/json - description: Updates local-definitions for a given Assessment Results. - parameters: - - description: Assessment Results ID - in: path - name: id - required: true - type: string - - description: Local definitions data - in: body - name: localDefinitions - required: true - schema: - $ref: '#/definitions/oscalTypes_1_1_3.LocalDefinitions' - produces: - - application/json - responses: - "200": - description: OK - schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_LocalDefinitions' - "400": - description: Bad Request - schema: - $ref: '#/definitions/api.Error' - "404": - description: Not Found - schema: - $ref: '#/definitions/api.Error' - "500": - description: Internal Server Error - schema: - $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Update Assessment Results local-definitions - tags: - - Assessment Results - /oscal/assessment-results/{id}/metadata: - get: - description: Retrieves metadata for a given Assessment Results. - parameters: - - description: Assessment Results ID - in: path - name: id - required: true - type: string - produces: - - application/json - responses: - "200": - description: OK - schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Metadata' - "400": - description: Bad Request - schema: - $ref: '#/definitions/api.Error' - "404": - description: Not Found - schema: - $ref: '#/definitions/api.Error' - "500": - description: Internal Server Error - schema: - $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Get Assessment Results metadata - tags: - - Assessment Results - put: - consumes: - - application/json - description: Updates metadata for a given Assessment Results. - parameters: - - description: Assessment Results ID - in: path - name: id - required: true - type: string - - description: Metadata data - in: body - name: metadata - required: true - schema: - $ref: '#/definitions/oscalTypes_1_1_3.Metadata' - produces: - - application/json - responses: - "200": - description: OK - schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Metadata' - "400": - description: Bad Request - schema: - $ref: '#/definitions/api.Error' - "404": - description: Not Found - schema: - $ref: '#/definitions/api.Error' - "500": - description: Internal Server Error - schema: - $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Update Assessment Results metadata - tags: - - Assessment Results - /oscal/assessment-results/{id}/observations: - get: - description: Retrieves all observations in the system that can be associated - with results. - parameters: - - description: Assessment Results ID - in: path - name: id - required: true - type: string - produces: - - application/json - responses: - "200": - description: OK - schema: - $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_Observation' - "400": - description: Bad Request - schema: - $ref: '#/definitions/api.Error' - "404": - description: Not Found - schema: - $ref: '#/definitions/api.Error' - "500": - description: Internal Server Error - schema: - $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: List all observations available for association - tags: - - Assessment Results - /oscal/assessment-results/{id}/results: - get: - description: Retrieves all results for a given Assessment Results. - parameters: - - description: Assessment Results ID - in: path - name: id - required: true + userAttributes: type: string + type: object +externalDocs: + description: OpenAPI + url: https://swagger.io/resources/open-api/ +host: localhost:8080 +info: + contact: {} + description: This is the API for the Continuous Compliance Framework. + title: Continuous Compliance Framework API + version: "1" +paths: + /admin/digest/preview: + get: + description: Returns the current evidence summary that would be included in + a digest email produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_Result' - "400": - description: Bad Request - schema: - $ref: '#/definitions/api.Error' - "404": - description: Not Found - schema: - $ref: '#/definitions/api.Error' + $ref: '#/definitions/handler.GenericDataResponse-digest_EvidenceSummary' "500": description: Internal Server Error schema: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Get results for an Assessment Results + summary: Preview evidence digest tags: - - Assessment Results + - Digest + /admin/digest/trigger: post: - consumes: - - application/json - description: Creates a new result for a given Assessment Results. + description: Manually triggers the evidence digest job to send emails to all + users parameters: - - description: Assessment Results ID - in: path - name: id - required: true + - description: 'Job name to trigger (default: global-evidence-digest)' + in: query + name: job type: string - - description: Result data - in: body - name: result - required: true - schema: - $ref: '#/definitions/oscalTypes_1_1_3.Result' produces: - application/json responses: - "201": - description: Created - schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Result' - "400": - description: Bad Request - schema: - $ref: '#/definitions/api.Error' - "404": - description: Not Found - schema: - $ref: '#/definitions/api.Error' - "500": - description: Internal Server Error + "200": + description: OK schema: - $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Create a result for an Assessment Results - tags: - - Assessment Results - /oscal/assessment-results/{id}/results/{resultId}: - delete: - description: Deletes a specific result from an Assessment Results. - parameters: - - description: Assessment Results ID - in: path - name: id - required: true - type: string - - description: Result ID - in: path - name: resultId - required: true - type: string - responses: - "204": - description: No Content + additionalProperties: + type: string + type: object "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "404": - description: Not Found - schema: - $ref: '#/definitions/api.Error' "500": description: Internal Server Error schema: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Delete a result + summary: Trigger evidence digest tags: - - Assessment Results + - Digest + /admin/users: get: - description: Retrieves a specific result from an Assessment Results. - parameters: - - description: Assessment Results ID - in: path - name: id - required: true - type: string - - description: Result ID - in: path - name: resultId - required: true - type: string + description: Lists all users in the system produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Result' - "400": - description: Bad Request - schema: - $ref: '#/definitions/api.Error' - "404": - description: Not Found + $ref: '#/definitions/handler.GenericDataListResponse-relational_User' + "401": + description: Unauthorized schema: $ref: '#/definitions/api.Error' "500": @@ -11226,82 +5724,37 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Get a specific result + summary: List all users tags: - - Assessment Results - put: + - Users + post: consumes: - application/json - description: Updates a specific result in an Assessment Results. + description: Creates a new user in the system parameters: - - description: Assessment Results ID - in: path - name: id - required: true - type: string - - description: Result ID - in: path - name: resultId - required: true - type: string - - description: Result data + - description: User details in: body - name: result + name: user required: true schema: - $ref: '#/definitions/oscalTypes_1_1_3.Result' + $ref: '#/definitions/handler.UserHandler' produces: - application/json responses: - "200": - description: OK + "201": + description: Created schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Result' + $ref: '#/definitions/handler.GenericDataResponse-relational_User' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "404": - description: Not Found - schema: - $ref: '#/definitions/api.Error' - "500": - description: Internal Server Error - schema: - $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Update a result - tags: - - Assessment Results - /oscal/assessment-results/{id}/results/{resultId}/associated-findings: - get: - description: Retrieves all Findings associated with a specific Result in an - Assessment Results. - parameters: - - description: Assessment Results ID - in: path - name: id - required: true - type: string - - description: Result ID - in: path - name: resultId - required: true - type: string - produces: - - application/json - responses: - "200": - description: OK - schema: - $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_Finding' - "400": - description: Bad Request + "401": + description: Unauthorized schema: $ref: '#/definitions/api.Error' - "404": - description: Not Found + "409": + description: Conflict schema: $ref: '#/definitions/api.Error' "500": @@ -11310,77 +5763,29 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: List Associated Findings for a Result + summary: Create a new user tags: - - Assessment Results - /oscal/assessment-results/{id}/results/{resultId}/associated-findings/{findingId}: + - Users + /admin/users/{id}: delete: - description: Removes an association of a Finding from a Result within an Assessment - Results. - parameters: - - description: Assessment Results ID - in: path - name: id - required: true - type: string - - description: Result ID - in: path - name: resultId - required: true - type: string - - description: Finding ID - in: path - name: findingId - required: true - type: string - responses: - "204": - description: No Content - "400": - description: Bad Request - schema: - $ref: '#/definitions/api.Error' - "404": - description: Not Found - schema: - $ref: '#/definitions/api.Error' - "500": - description: Internal Server Error - schema: - $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Disassociate a Finding from a Result - tags: - - Assessment Results - post: - description: Associates an existing Finding to a Result within an Assessment - Results. - parameters: - - description: Assessment Results ID - in: path - name: id - required: true - type: string - - description: Result ID - in: path - name: resultId - required: true - type: string - - description: Finding ID + description: Deletes a user from the system + parameters: + - description: User ID in: path - name: findingId + name: id required: true type: string - produces: - - application/json responses: - "200": + "204": description: No Content "400": description: Bad Request schema: $ref: '#/definitions/api.Error' + "401": + description: Unauthorized + schema: + $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -11391,35 +5796,32 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Associate a Finding with a Result + summary: Delete a user tags: - - Assessment Results - /oscal/assessment-results/{id}/results/{resultId}/associated-observations: + - Users get: - description: Retrieves all Observations associated with a specific Result in - an Assessment Results. + description: Get user details by user ID parameters: - - description: Assessment Results ID + - description: User ID in: path name: id required: true type: string - - description: Result ID - in: path - name: resultId - required: true - type: string produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_Observation' + $ref: '#/definitions/handler.GenericDataResponse-relational_User' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' + "401": + description: Unauthorized + schema: + $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -11430,36 +5832,40 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: List Associated Observations for a Result + summary: Get user by ID tags: - - Assessment Results - /oscal/assessment-results/{id}/results/{resultId}/associated-observations/{observationId}: - delete: - description: Removes an association of an Observation from a Result within an - Assessment Results. + - Users + put: + consumes: + - application/json + description: Updates the details of an existing user parameters: - - description: Assessment Results ID + - description: User ID in: path name: id required: true type: string - - description: Result ID - in: path - name: resultId - required: true - type: string - - description: Observation ID - in: path - name: observationId + - description: User details + in: body + name: user required: true - type: string + schema: + $ref: '#/definitions/handler.UserHandler' + produces: + - application/json responses: - "204": - description: No Content + "200": + description: OK + schema: + $ref: '#/definitions/handler.GenericDataResponse-relational_User' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' + "401": + description: Unauthorized + schema: + $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -11470,72 +5876,73 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Disassociate an Observation from a Result + summary: Update user details tags: - - Assessment Results + - Users + /agent/heartbeat: post: - description: Associates an existing Observation to a Result within an Assessment - Results. + consumes: + - application/json + description: Creates a new heartbeat record for monitoring. parameters: - - description: Assessment Results ID - in: path - name: id - required: true - type: string - - description: Result ID - in: path - name: resultId - required: true - type: string - - description: Observation ID - in: path - name: observationId + - description: Heartbeat payload + in: body + name: heartbeat required: true - type: string + schema: + $ref: '#/definitions/handler.HeartbeatCreateRequest' produces: - application/json responses: - "200": - description: No Content + "201": + description: Created "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "404": - description: Not Found + "500": + description: Internal Server Error schema: $ref: '#/definitions/api.Error' + summary: Create Heartbeat + tags: + - Heartbeat + /agent/heartbeat/over-time: + get: + description: Retrieves heartbeat counts aggregated by 2-minute intervals. + produces: + - application/json + responses: + "200": + description: OK + schema: + $ref: '#/definitions/handler.GenericDataListResponse-handler_OverTime_HeartbeatInterval' "500": description: Internal Server Error schema: $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Associate an Observation with a Result + summary: Get Heartbeat Metrics Over Time tags: - - Assessment Results - /oscal/assessment-results/{id}/results/{resultId}/associated-risks: - get: - description: Retrieves all Risks associated with a specific Result in an Assessment - Results. + - Heartbeat + /auth/forgot-password: + post: + consumes: + - application/json + description: Sends a password reset email to users with authMethod=password parameters: - - description: Assessment Results ID - in: path - name: id - required: true - type: string - - description: Result ID - in: path - name: resultId + - description: Email + in: body + name: request required: true - type: string + schema: + $ref: '#/definitions/auth.AuthHandler' produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_Risk' + $ref: '#/definitions/handler.GenericDataResponse-string' "400": description: Bad Request schema: @@ -11548,103 +5955,110 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: List Associated Risks for a Result + summary: Forgot password tags: - - Assessment Results - /oscal/assessment-results/{id}/results/{resultId}/associated-risks/{riskId}: - delete: - description: Removes an association of a Risk from a Result within an Assessment - Results. + - Auth + /auth/login: + post: + consumes: + - application/json + description: Login user and returns a JWT token and sets a cookie with the token parameters: - - description: Assessment Results ID - in: path - name: id - required: true - type: string - - description: Result ID - in: path - name: resultId - required: true - type: string - - description: Risk ID - in: path - name: riskId + - description: Login Data + in: body + name: loginRequest required: true - type: string + schema: + $ref: '#/definitions/auth.AuthHandler' + produces: + - application/json responses: - "204": - description: No Content + "200": + description: OK + schema: + $ref: '#/definitions/handler.GenericDataResponse-auth_AuthHandler' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "404": - description: Not Found + "401": + description: Unauthorized schema: - $ref: '#/definitions/api.Error' + $ref: '#/definitions/handler.GenericDataResponse-auth_AuthHandler' "500": description: Internal Server Error schema: $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Disassociate a Risk from a Result + summary: Login user tags: - - Assessment Results + - Auth + /auth/password-reset: post: - description: Associates an existing Risk to a Result within an Assessment Results. + consumes: + - application/json + description: Resets password using a valid JWT token parameters: - - description: Assessment Results ID - in: path - name: id - required: true - type: string - - description: Result ID - in: path - name: resultId - required: true - type: string - - description: Risk ID - in: path - name: riskId + - description: Reset data + in: body + name: request required: true - type: string + schema: + $ref: '#/definitions/auth.AuthHandler' + produces: + - application/json + responses: + "200": + description: OK + schema: + $ref: '#/definitions/handler.GenericDataResponse-string' + "400": + description: Bad Request + schema: + $ref: '#/definitions/api.Error' + "401": + description: Unauthorized + schema: + $ref: '#/definitions/api.Error' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/api.Error' + summary: Reset password + tags: + - Auth + /auth/publickey: + get: + consumes: + - application/json + description: Get JSON Web Key (JWK) representation of the JWT public key produces: - application/json responses: "200": - description: No Content - "400": - description: Bad Request - schema: - $ref: '#/definitions/api.Error' - "404": - description: Not Found + description: OK schema: - $ref: '#/definitions/api.Error' + $ref: '#/definitions/authn.JWK' "500": description: Internal Server Error schema: $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Associate a Risk with a Result + summary: Get JWK tags: - - Assessment Results - /oscal/assessment-results/{id}/results/{resultId}/attestations: - get: - description: Retrieves all attestations for a given result. + - Auth + /auth/token: + post: + consumes: + - application/x-www-form-urlencoded + description: Get OAuth2 token using username and password parameters: - - description: Assessment Results ID - in: path - name: id + - description: Username (email) + in: formData + name: username required: true type: string - - description: Result ID - in: path - name: resultId + - description: Password + in: formData + name: password required: true type: string produces: @@ -11653,91 +6067,72 @@ paths: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_AttestationStatements' + $ref: '#/definitions/auth.AuthHandler' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "404": - description: Not Found + "401": + description: Unauthorized schema: $ref: '#/definitions/api.Error' "500": description: Internal Server Error schema: $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Get attestations for a result + summary: Get OAuth2 token tags: - - Assessment Results + - Auth + /evidence: post: consumes: - application/json - description: Creates a new attestation for a given result. + description: Creates a new Evidence record including activities, inventory items, + components, and subjects. parameters: - - description: Assessment Results ID - in: path - name: id - required: true - type: string - - description: Result ID - in: path - name: resultId - required: true - type: string - - description: Attestation data + - description: Evidence create request in: body - name: attestation + name: evidence required: true schema: - $ref: '#/definitions/oscalTypes_1_1_3.AttestationStatements' + $ref: '#/definitions/handler.EvidenceCreateRequest' produces: - application/json responses: "201": description: Created schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_AttestationStatements' + $ref: '#/definitions/handler.GenericDataResponse-relational_Evidence' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "404": - description: Not Found - schema: - $ref: '#/definitions/api.Error' "500": description: Internal Server Error schema: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Create an attestation for a result + summary: Create new Evidence tags: - - Assessment Results - /oscal/assessment-results/{id}/results/{resultId}/attestations/{attestationId}: - delete: - description: Deletes a specific attestation from a result. + - Evidence + /evidence/{id}: + get: + description: Retrieves a single Evidence record by its unique ID, including + associated activities, inventory items, components, subjects, and labels. parameters: - - description: Assessment Results ID + - description: Evidence ID in: path name: id required: true type: string - - description: Result ID - in: path - name: resultId - required: true - type: string - - description: Attestation ID - in: path - name: attestationId - required: true - type: string + produces: + - application/json responses: - "204": - description: No Content + "200": + description: OK + schema: + $ref: '#/definitions/handler.GenericDataResponse-handler_OscalLikeEvidence' "400": description: Bad Request schema: @@ -11750,46 +6145,51 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Delete an attestation + summary: Get Evidence by ID tags: - - Assessment Results - put: - consumes: - - application/json - description: Updates a specific attestation in a result. + - Evidence + /evidence/compliance-by-control/{id}: + get: + description: Retrieves the count of evidence statuses for filters associated + with a specific Control ID. parameters: - - description: Assessment Results ID + - description: Control ID in: path name: id required: true type: string - - description: Result ID - in: path - name: resultId - required: true - type: string - - description: Attestation ID + produces: + - application/json + responses: + "200": + description: OK + schema: + $ref: '#/definitions/handler.GenericDataListResponse-handler_ComplianceByControl_StatusCount' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/api.Error' + summary: Get compliance counts by control + tags: + - Evidence + /evidence/compliance-by-filter/{id}: + get: + description: Retrieves the count of evidence statuses for a specific filter/dashboard. + parameters: + - description: Filter/Dashboard ID (UUID) in: path - name: attestationId + name: id required: true type: string - - description: Attestation data - in: body - name: attestation - required: true - schema: - $ref: '#/definitions/oscalTypes_1_1_3.AttestationStatements' produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_AttestationStatements' + $ref: '#/definitions/handler.GenericDataListResponse-handler_ComplianceByControl_StatusCount' "400": - description: Bad Request + description: Invalid UUID schema: $ref: '#/definitions/api.Error' "404": @@ -11800,32 +6200,26 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Update an attestation + summary: Get compliance status counts by filter/dashboard ID tags: - - Assessment Results - /oscal/assessment-results/{id}/results/{resultId}/findings: + - Evidence + /evidence/for-control/{id}: get: - description: Retrieves all findings for a given result. + description: Retrieves Evidence records associated with a specific Control ID, + including related activities, inventory items, components, subjects, and labels. parameters: - - description: Assessment Results ID + - description: Control ID in: path name: id required: true type: string - - description: Result ID - in: path - name: resultId - required: true - type: string produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_Finding' + $ref: '#/definitions/handler.ForControl.EvidenceDataListResponse' "400": description: Bad Request schema: @@ -11838,39 +6232,26 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Get findings for a result + summary: List Evidence for a Control tags: - - Assessment Results - post: - consumes: - - application/json - description: Creates a new finding for a given result. + - Evidence + /evidence/history/{id}: + get: + description: Retrieves a the history for a Evidence record by its UUID, including + associated activities, inventory items, components, subjects, and labels. parameters: - - description: Assessment Results ID + - description: Evidence ID in: path name: id required: true type: string - - description: Result ID - in: path - name: resultId - required: true - type: string - - description: Finding data - in: body - name: finding - required: true - schema: - $ref: '#/definitions/oscalTypes_1_1_3.Finding' produces: - application/json responses: - "201": - description: Created + "200": + description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Finding' + $ref: '#/definitions/handler.GenericDataListResponse-handler_OscalLikeEvidence' "400": description: Bad Request schema: @@ -11883,113 +6264,91 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Create a finding for a result + summary: Get Evidence history by UUID tags: - - Assessment Results - /oscal/assessment-results/{id}/results/{resultId}/findings/{findingId}: - delete: - description: Deletes a specific finding from a result. + - Evidence + /evidence/search: + post: + consumes: + - application/json + description: Searches Evidence records by label filters. parameters: - - description: Assessment Results ID - in: path - name: id - required: true - type: string - - description: Result ID - in: path - name: resultId - required: true - type: string - - description: Finding ID - in: path - name: findingId + - description: Label filter + in: body + name: filter required: true - type: string + schema: + $ref: '#/definitions/labelfilter.Filter' + produces: + - application/json responses: - "204": - description: No Content - "400": - description: Bad Request - schema: - $ref: '#/definitions/api.Error' - "404": - description: Not Found + "200": + description: OK + schema: + $ref: '#/definitions/handler.GenericDataListResponse-relational_Evidence' + "422": + description: Unprocessable Entity schema: $ref: '#/definitions/api.Error' "500": description: Internal Server Error schema: $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Delete a finding + summary: Search Evidence tags: - - Assessment Results - put: + - Evidence + /evidence/status-over-time: + post: consumes: - application/json - description: Updates a specific finding in a result. + description: Retrieves counts of evidence statuses at various time intervals + based on a label filter. parameters: - - description: Assessment Results ID - in: path - name: id - required: true - type: string - - description: Result ID - in: path - name: resultId - required: true - type: string - - description: Finding ID - in: path - name: findingId - required: true - type: string - - description: Finding data + - description: Label filter in: body - name: finding + name: filter required: true schema: - $ref: '#/definitions/oscalTypes_1_1_3.Finding' + $ref: '#/definitions/labelfilter.Filter' + - description: Comma-separated list of duration intervals (e.g., '10m,1h,24h') + in: query + name: intervals + type: string produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Finding' + $ref: '#/definitions/handler.GenericDataListResponse-handler_StatusInterval' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "404": - description: Not Found + "422": + description: Unprocessable Entity schema: $ref: '#/definitions/api.Error' "500": description: Internal Server Error schema: $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Update a finding + summary: Evidence status metrics over intervals tags: - - Assessment Results - /oscal/assessment-results/{id}/results/{resultId}/observations: + - Evidence + /evidence/status-over-time/{id}: get: - description: Retrieves all observations for a given result. + description: Retrieves counts of evidence statuses at various time intervals + for a specific evidence stream identified by UUID. parameters: - - description: Assessment Results ID + - description: Evidence UUID in: path name: id required: true type: string - - description: Result ID - in: path - name: resultId - required: true + - description: Comma-separated list of duration intervals (e.g., '10m,1h,24h') + in: query + name: intervals type: string produces: - application/json @@ -11997,88 +6356,81 @@ paths: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_Observation' + $ref: '#/definitions/handler.GenericDataListResponse-handler_StatusInterval' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "404": - description: Not Found + "422": + description: Unprocessable Entity schema: $ref: '#/definitions/api.Error' "500": description: Internal Server Error schema: $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Get observations for a result + summary: Evidence status metrics over intervals by UUID tags: - - Assessment Results + - Evidence + /filters: + get: + description: Retrieves all filters, optionally filtered by controlId or componentId. + produces: + - application/json + responses: + "200": + description: OK + schema: + $ref: '#/definitions/handler.GenericDataListResponse-handler_FilterWithAssociations' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/api.Error' + summary: List filters + tags: + - Filters post: consumes: - application/json - description: Creates a new observation for a given result. + description: Creates a new filter. parameters: - - description: Assessment Results ID - in: path - name: id - required: true - type: string - - description: Result ID - in: path - name: resultId - required: true - type: string - - description: Observation data + - description: Filter to add in: body - name: observation + name: filter required: true schema: - $ref: '#/definitions/oscalTypes_1_1_3.Observation' + $ref: '#/definitions/handler.createFilterRequest' produces: - application/json responses: "201": description: Created schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Observation' + $ref: '#/definitions/handler.GenericDataResponse-relational_Filter' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "404": - description: Not Found + "422": + description: Unprocessable Entity schema: $ref: '#/definitions/api.Error' "500": description: Internal Server Error schema: $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Create an observation for a result + summary: Create a new filter tags: - - Assessment Results - /oscal/assessment-results/{id}/results/{resultId}/observations/{obsId}: + - Filters + /filters/{id}: delete: - description: Deletes a specific observation from a result. + description: Deletes a filter. parameters: - - description: Assessment Results ID + - description: Filter ID in: path name: id required: true type: string - - description: Result ID - in: path - name: resultId - required: true - type: string - - description: Observation ID - in: path - name: obsId - required: true - type: string responses: "204": description: No Content @@ -12094,44 +6446,24 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Delete an observation + summary: Delete a filter tags: - - Assessment Results - put: - consumes: - - application/json - description: Updates a specific observation in a result. + - Filters + get: + description: Retrieves a single filter by its unique ID. parameters: - - description: Assessment Results ID + - description: Filter ID in: path name: id required: true type: string - - description: Result ID - in: path - name: resultId - required: true - type: string - - description: Observation ID - in: path - name: obsId - required: true - type: string - - description: Observation data - in: body - name: observation - required: true - schema: - $ref: '#/definitions/oscalTypes_1_1_3.Observation' produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Observation' + $ref: '#/definitions/handler.GenericDataResponse-handler_FilterWithAssociations' "400": description: Bad Request schema: @@ -12144,32 +6476,32 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Update an observation + summary: Get a filter tags: - - Assessment Results - /oscal/assessment-results/{id}/results/{resultId}/risks: - get: - description: Retrieves all risks for a given result. + - Filters + put: + consumes: + - application/json + description: Updates an existing filter. parameters: - - description: Assessment Results ID + - description: Filter ID in: path name: id required: true type: string - - description: Result ID - in: path - name: resultId + - description: Filter to update + in: body + name: filter required: true - type: string + schema: + $ref: '#/definitions/handler.createFilterRequest' produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_Risk' + $ref: '#/definitions/handler.GenericDataResponse-relational_Filter' "400": description: Bad Request schema: @@ -12182,39 +6514,57 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Get risks for a result + summary: Update a filter tags: - - Assessment Results + - Filters + /filters/import: post: consumes: - - application/json - description: Creates a new risk for a given result. + - multipart/form-data + description: Import multiple dashboard filter JSON files parameters: - - description: Assessment Results ID - in: path - name: id - required: true - type: string - - description: Result ID - in: path - name: resultId + - description: Dashboard filter JSON files to import + in: formData + name: files required: true - type: string - - description: Risk data + type: file + produces: + - application/json + responses: + "200": + description: OK + schema: + $ref: '#/definitions/handler.GenericDataResponse-handler_FilterImportResponse' + "400": + description: Bad Request + schema: + $ref: '#/definitions/api.Error' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/api.Error' + summary: Import dashboard filters + tags: + - Filters + /oscal/activities: + post: + consumes: + - application/json + description: Creates a new activity for us in other resources. + parameters: + - description: Activity object in: body - name: risk + name: activity required: true schema: - $ref: '#/definitions/oscalTypes_1_1_3.Risk' + $ref: '#/definitions/oscalTypes_1_1_3.Activity' produces: - application/json responses: "201": description: Created schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Risk' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Activity' "400": description: Bad Request schema: @@ -12229,28 +6579,18 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Create a risk for a result + summary: Create an Activity tags: - - Assessment Results - /oscal/assessment-results/{id}/results/{resultId}/risks/{riskId}: + - Activities + /oscal/activities/{id}: delete: - description: Deletes a specific risk from a result. + description: Deletes an activity parameters: - - description: Assessment Results ID + - description: Activity ID in: path name: id required: true type: string - - description: Result ID - in: path - name: resultId - required: true - type: string - - description: Risk ID - in: path - name: riskId - required: true - type: string responses: "204": description: No Content @@ -12268,42 +6608,26 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Delete a risk + summary: Delete Activity tags: - - Assessment Results - put: + - Activities + get: consumes: - application/json - description: Updates a specific risk in a result. + description: Retrieves an Activity by its unique ID. parameters: - - description: Assessment Results ID + - description: Activity ID in: path name: id required: true type: string - - description: Result ID - in: path - name: resultId - required: true - type: string - - description: Risk ID - in: path - name: riskId - required: true - type: string - - description: Risk data - in: body - name: risk - required: true - schema: - $ref: '#/definitions/oscalTypes_1_1_3.Risk' produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Risk' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Activity' "400": description: Bad Request schema: @@ -12318,25 +6642,32 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Update a risk + summary: Retrieve an Activity tags: - - Assessment Results - /oscal/assessment-results/{id}/risks: - get: - description: Retrieves all risks in the system that can be associated with results. + - Activities + put: + consumes: + - application/json + description: Updates properties of an existing Activity by its ID. parameters: - - description: Assessment Results ID + - description: Activity ID in: path name: id required: true type: string + - description: Activity object + in: body + name: activity + required: true + schema: + $ref: '#/definitions/oscalTypes_1_1_3.Activity' produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_Risk' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Activity' "400": description: Bad Request schema: @@ -12351,19 +6682,19 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: List all risks available for association + summary: Update an Activity tags: - - Assessment Results - /oscal/catalogs: + - Activities + /oscal/assessment-plans: get: - description: Retrieves all catalogs. + description: Retrieves all Assessment Plans. produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_Catalog' + $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_AssessmentPlan' "400": description: Bad Request schema: @@ -12374,46 +6705,50 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: List catalogs + summary: List Assessment Plans tags: - - Catalog + - Assessment Plans post: consumes: - application/json - description: Creates a new OSCAL Catalog. + description: Creates a new OSCAL Assessment Plan with comprehensive validation. parameters: - - description: Catalog object + - description: 'Assessment Plan object with required fields: UUID, metadata + (title, version), import-ssp' in: body - name: catalog + name: plan required: true schema: - $ref: '#/definitions/oscalTypes_1_1_3.Catalog' + $ref: '#/definitions/oscalTypes_1_1_3.AssessmentPlan' produces: - application/json responses: "201": - description: Created + description: Successfully created assessment plan schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Catalog' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_AssessmentPlan' "400": - description: Bad Request + description: Bad request - validation errors or malformed input + schema: + $ref: '#/definitions/api.Error' + "401": + description: Unauthorized - invalid or missing JWT token schema: $ref: '#/definitions/api.Error' "500": - description: Internal Server Error + description: Internal server error schema: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Create a new Catalog + summary: Create an Assessment Plan tags: - - Catalog - /oscal/catalogs/{id}: + - Assessment Plans + /oscal/assessment-plans/{id}: delete: - description: Deletes a Catalog and cascades to related groups/controls, metadata - and back-matter. + description: Deletes an Assessment Plan by its unique ID. parameters: - - description: Catalog ID + - description: Assessment Plan ID in: path name: id required: true @@ -12435,13 +6770,13 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Delete a Catalog (cascade) + summary: Delete an Assessment Plan tags: - - Catalog + - Assessment Plans get: - description: Retrieves a single Catalog by its unique ID. + description: Retrieves a single Assessment Plan by its unique ID. parameters: - - description: Catalog ID + - description: Assessment Plan ID in: path name: id required: true @@ -12452,51 +6787,43 @@ paths: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Catalog' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_AssessmentPlan' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "401": - description: Unauthorized - schema: - $ref: '#/definitions/api.Error' "404": description: Not Found schema: $ref: '#/definitions/api.Error' - "500": - description: Internal Server Error - schema: - $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Get a Catalog + summary: Get an Assessment Plan tags: - - Catalog + - Assessment Plans put: consumes: - application/json - description: Updates an existing OSCAL Catalog. + description: Updates an existing Assessment Plan. parameters: - - description: Catalog ID + - description: Assessment Plan ID in: path name: id required: true type: string - - description: Updated Catalog object + - description: Assessment Plan object in: body - name: catalog + name: plan required: true schema: - $ref: '#/definitions/oscalTypes_1_1_3.Catalog' + $ref: '#/definitions/oscalTypes_1_1_3.AssessmentPlan' produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Catalog' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_AssessmentPlan' "400": description: Bad Request schema: @@ -12511,14 +6838,14 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Update a Catalog + summary: Update an Assessment Plan tags: - - Catalog - /oscal/catalogs/{id}/all-controls: + - Assessment Plans + /oscal/assessment-plans/{id}/assessment-assets: get: - description: Retrieves the top-level controls for a given Catalog. + description: Retrieves all assessment assets for an Assessment Plan. parameters: - - description: Catalog ID + - description: Assessment Plan ID in: path name: id required: true @@ -12529,15 +6856,11 @@ paths: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_Control' + $ref: '#/definitions/handler.GenericDataResponse-array_oscalTypes_1_1_3_AssessmentAssets' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "401": - description: Unauthorized - schema: - $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -12548,33 +6871,36 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: List controls for a Catalog + summary: Get Assessment Plan Assets tags: - - Catalog - /oscal/catalogs/{id}/back-matter: - get: - description: Retrieves the back-matter for a given Catalog. + - Assessment Plans + post: + consumes: + - application/json + description: Creates a new assessment asset for an Assessment Plan. parameters: - - description: Catalog ID + - description: Assessment Plan ID in: path name: id required: true type: string + - description: Assessment Asset object + in: body + name: asset + required: true + schema: + $ref: '#/definitions/oscalTypes_1_1_3.AssessmentAssets' produces: - application/json responses: - "200": - description: OK + "201": + description: Created schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_BackMatter' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_AssessmentAssets' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "401": - description: Unauthorized - schema: - $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -12585,100 +6911,71 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Get back-matter for a Catalog + summary: Create Assessment Plan Asset tags: - - Catalog - /oscal/catalogs/{id}/controls: - get: - description: Retrieves the top-level controls for a given Catalog. + - Assessment Plans + /oscal/assessment-plans/{id}/assessment-assets/{assetId}: + delete: + description: Deletes an assessment asset from an Assessment Plan. parameters: - - description: Catalog ID + - description: Assessment Plan ID in: path name: id required: true type: string - produces: - - application/json - responses: - "200": - description: OK - schema: - $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_Control' - "400": - description: Bad Request - schema: - $ref: '#/definitions/api.Error' - "401": - description: Unauthorized - schema: - $ref: '#/definitions/api.Error' - "404": - description: Not Found - schema: - $ref: '#/definitions/api.Error' - "500": - description: Internal Server Error - schema: - $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: List controls for a Catalog - tags: - - Catalog - post: - consumes: - - application/json - description: Adds a top-level control under the specified Catalog. - parameters: - - description: Catalog ID + - description: Assessment Asset ID in: path - name: id + name: assetId required: true type: string - - description: Control object - in: body - name: control - required: true - schema: - $ref: '#/definitions/oscalTypes_1_1_3.Control' - produces: - - application/json responses: - "201": - description: Created - schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Control' + "204": + description: No Content "400": description: Bad Request schema: $ref: '#/definitions/api.Error' + "404": + description: Not Found + schema: + $ref: '#/definitions/api.Error' "500": description: Internal Server Error schema: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Create a new Control for a Catalog + summary: Delete Assessment Plan Asset tags: - - Catalog - /oscal/catalogs/{id}/controls/{control}: - delete: - description: Deletes a Control and cascades to nested children; clears filter - associations. + - Assessment Plans + put: + consumes: + - application/json + description: Updates an existing assessment asset for an Assessment Plan. parameters: - - description: Catalog ID + - description: Assessment Plan ID in: path name: id required: true type: string - - description: Control ID + - description: Assessment Asset ID in: path - name: control + name: assetId required: true type: string + - description: Assessment Asset object + in: body + name: asset + required: true + schema: + $ref: '#/definitions/oscalTypes_1_1_3.AssessmentAssets' + produces: + - application/json responses: - "204": - description: No Content + "200": + description: OK + schema: + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_AssessmentAssets' "400": description: Bad Request schema: @@ -12693,29 +6990,25 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Delete a Control (cascade) + summary: Update Assessment Plan Asset tags: - - Catalog + - Assessment Plans + /oscal/assessment-plans/{id}/assessment-subjects: get: - description: Retrieves a single Control by its ID for a given Catalog. + description: Retrieves all assessment subjects for an Assessment Plan. parameters: - - description: Catalog ID + - description: Assessment Plan ID in: path name: id required: true type: string - - description: Control ID - in: path - name: control - required: true - type: string produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Control' + $ref: '#/definitions/handler.GenericDataResponse-array_oscalTypes_1_1_3_AssessmentSubject' "400": description: Bad Request schema: @@ -12730,38 +7023,32 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Get a specific Control within a Catalog + summary: Get Assessment Plan Subjects tags: - - Catalog - put: + - Assessment Plans + post: consumes: - application/json - description: Updates the properties of an existing Control under the specified - Catalog. + description: Creates a new assessment subject for an Assessment Plan. parameters: - - description: Catalog ID + - description: Assessment Plan ID in: path name: id required: true type: string - - description: Control ID - in: path - name: control - required: true - type: string - - description: Updated Control object + - description: Assessment Subject object in: body - name: control + name: subject required: true schema: - $ref: '#/definitions/oscalTypes_1_1_3.Control' + $ref: '#/definitions/oscalTypes_1_1_3.AssessmentSubject' produces: - application/json responses: - "200": - description: OK + "201": + description: Created schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Control' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_AssessmentSubject' "400": description: Bad Request schema: @@ -12776,31 +7063,26 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Update a Control within a Catalog + summary: Create Assessment Plan Subject tags: - - Catalog - /oscal/catalogs/{id}/controls/{control}/controls: - get: - description: Retrieves the controls directly under a specific Control in a given - Catalog. + - Assessment Plans + /oscal/assessment-plans/{id}/assessment-subjects/{subjectId}: + delete: + description: Deletes an assessment subject from an Assessment Plan. parameters: - - description: Catalog ID + - description: Assessment Plan ID in: path name: id required: true type: string - - description: Control ID + - description: Assessment Subject ID in: path - name: control + name: subjectId required: true type: string - produces: - - application/json responses: - "200": - description: OK - schema: - $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_Control' + "204": + description: No Content "400": description: Bad Request schema: @@ -12815,55 +7097,59 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: List child controls for a Control within a Catalog + summary: Delete Assessment Plan Subject tags: - - Catalog - post: + - Assessment Plans + put: consumes: - application/json - description: Adds a child control under the specified Catalog Control. + description: Updates an existing assessment subject for an Assessment Plan. parameters: - - description: Catalog ID + - description: Assessment Plan ID in: path name: id required: true type: string - - description: Parent Control ID + - description: Assessment Subject ID in: path - name: control + name: subjectId required: true type: string - - description: Control object + - description: Assessment Subject object in: body - name: control + name: subject required: true schema: - $ref: '#/definitions/oscalTypes_1_1_3.Control' + $ref: '#/definitions/oscalTypes_1_1_3.AssessmentSubject' produces: - application/json responses: - "201": - description: Created + "200": + description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Control' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_AssessmentSubject' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' + "404": + description: Not Found + schema: + $ref: '#/definitions/api.Error' "500": description: Internal Server Error schema: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Create a new Sub-Control for a Control within a Catalog + summary: Update Assessment Plan Subject tags: - - Catalog - /oscal/catalogs/{id}/groups: + - Assessment Plans + /oscal/assessment-plans/{id}/back-matter: get: - description: Retrieves the top-level groups for a given Catalog. + description: Retrieves back matter for an Assessment Plan. parameters: - - description: Catalog ID + - description: Assessment Plan ID in: path name: id required: true @@ -12874,15 +7160,11 @@ paths: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_Group' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_BackMatter' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "401": - description: Unauthorized - schema: - $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -12893,62 +7175,59 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: List groups for a Catalog + summary: Get Assessment Plan Back Matter tags: - - Catalog - post: - consumes: - - application/json - description: Adds a top-level group under the specified Catalog. + - Assessment Plans + /oscal/assessment-plans/{id}/full: + get: + description: Retrieves a single Assessment Plan by its unique ID with all related + data preloaded. parameters: - - description: Catalog ID + - description: Assessment Plan ID in: path name: id required: true type: string - - description: Group object - in: body - name: group - required: true - schema: - $ref: '#/definitions/oscalTypes_1_1_3.Group' produces: - application/json responses: - "201": - description: Created + "200": + description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Group' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_AssessmentPlan' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' + "404": + description: Not Found + schema: + $ref: '#/definitions/api.Error' "500": description: Internal Server Error schema: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Create a new Group for a Catalog + summary: Get a full Assessment Plan tags: - - Catalog - /oscal/catalogs/{id}/groups/{group}: - delete: - description: Deletes a Group and cascades to nested groups and controls. + - Assessment Plans + /oscal/assessment-plans/{id}/import-ssp: + get: + description: Retrieves import SSP information for an Assessment Plan. parameters: - - description: Catalog ID + - description: Assessment Plan ID in: path name: id required: true type: string - - description: Group ID - in: path - name: group - required: true - type: string + produces: + - application/json responses: - "204": - description: No Content + "200": + description: OK + schema: + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_ImportSsp' "400": description: Bad Request schema: @@ -12963,29 +7242,25 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Delete a Group (cascade) + summary: Get Assessment Plan Import SSP tags: - - Catalog + - Assessment Plans + /oscal/assessment-plans/{id}/local-definitions: get: - description: Retrieves a single Group by its ID for a given Catalog. + description: Retrieves local definitions for an Assessment Plan. parameters: - - description: Catalog ID + - description: Assessment Plan ID in: path name: id required: true type: string - - description: Group ID - in: path - name: group - required: true - type: string produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Group' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_LocalDefinitions' "400": description: Bad Request schema: @@ -13000,38 +7275,25 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Get a specific Group within a Catalog + summary: Get Assessment Plan Local Definitions tags: - - Catalog - put: - consumes: - - application/json - description: Updates the properties of an existing Group under the specified - Catalog. + - Assessment Plans + /oscal/assessment-plans/{id}/metadata: + get: + description: Retrieves metadata for an Assessment Plan. parameters: - - description: Catalog ID + - description: Assessment Plan ID in: path name: id required: true type: string - - description: Group ID - in: path - name: group - required: true - type: string - - description: Updated Group object - in: body - name: group - required: true - schema: - $ref: '#/definitions/oscalTypes_1_1_3.Group' produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Group' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Metadata' "400": description: Bad Request schema: @@ -13046,31 +7308,25 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Update a Group within a Catalog + summary: Get Assessment Plan Metadata tags: - - Catalog - /oscal/catalogs/{id}/groups/{group}/controls: + - Assessment Plans + /oscal/assessment-plans/{id}/tasks: get: - description: Retrieves the controls directly under a specific Group in a given - Catalog. + description: Retrieves all tasks for an Assessment Plan. parameters: - - description: Catalog ID + - description: Assessment Plan ID in: path name: id required: true type: string - - description: Group ID - in: path - name: group - required: true - type: string produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_Control' + $ref: '#/definitions/handler.GenericDataResponse-array_oscalTypes_1_1_3_Task' "400": description: Bad Request schema: @@ -13085,71 +7341,66 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: List controls for a Group within a Catalog + summary: Get Assessment Plan Tasks tags: - - Catalog + - Assessment Plans post: consumes: - application/json - description: Adds a control under the specified Catalog and Group. + description: Creates a new task for an Assessment Plan. parameters: - - description: Catalog ID + - description: Assessment Plan ID in: path name: id required: true type: string - - description: Parent Group ID - in: path - name: group - required: true - type: string - - description: Control object + - description: Task object in: body - name: control + name: task required: true schema: - $ref: '#/definitions/oscalTypes_1_1_3.Control' + $ref: '#/definitions/oscalTypes_1_1_3.Task' produces: - application/json responses: "201": description: Created schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Control' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Task' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' + "404": + description: Not Found + schema: + $ref: '#/definitions/api.Error' "500": description: Internal Server Error schema: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Create a new Control for a Catalog Group + summary: Create Assessment Plan Task tags: - - Catalog - /oscal/catalogs/{id}/groups/{group}/groups: - get: - description: Retrieves the sub-groups of a specific Group in a given Catalog. + - Assessment Plans + /oscal/assessment-plans/{id}/tasks/{taskId}: + delete: + description: Deletes a task from an Assessment Plan. parameters: - - description: Catalog ID + - description: Assessment Plan ID in: path name: id required: true type: string - - description: Group ID + - description: Task ID in: path - name: group + name: taskId required: true type: string - produces: - - application/json responses: - "200": - description: OK - schema: - $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_Group' + "204": + description: No Content "400": description: Bad Request schema: @@ -13164,66 +7415,82 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: List sub-groups for a Group within a Catalog + summary: Delete Assessment Plan Task tags: - - Catalog - post: + - Assessment Plans + put: consumes: - application/json - description: Adds a sub-group under the specified Catalog and Group. + description: Updates an existing task for an Assessment Plan. parameters: - - description: Catalog ID + - description: Assessment Plan ID in: path name: id required: true type: string - - description: Parent Group ID + - description: Task ID in: path - name: group + name: taskId required: true type: string - - description: Group object + - description: Task object in: body - name: group + name: task required: true schema: - $ref: '#/definitions/oscalTypes_1_1_3.Group' + $ref: '#/definitions/oscalTypes_1_1_3.Task' produces: - application/json responses: - "201": - description: Created + "200": + description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Group' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Task' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' + "404": + description: Not Found + schema: + $ref: '#/definitions/api.Error' "500": description: Internal Server Error schema: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Create a new Sub-Group for a Catalog Group + summary: Update Assessment Plan Task tags: - - Catalog - /oscal/component-definitions: + - Assessment Plans + /oscal/assessment-plans/{id}/tasks/{taskId}/associated-activities: get: - description: Retrieves all component definitions. + description: Retrieves all Activities associated with a specific Task in an + Assessment Plan. + parameters: + - description: Assessment Plan ID + in: path + name: id + required: true + type: string + - description: Task ID + in: path + name: taskId + required: true + type: string produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_ComponentDefinition' + $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_AssociatedActivity' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "401": - description: Unauthorized + "404": + description: Not Found schema: $ref: '#/definitions/api.Error' "500": @@ -13232,33 +7499,38 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: List component definitions + summary: List Associated Activities for a Task tags: - - Component Definitions - post: - consumes: - - application/json - description: Creates a new component definition. + - Assessment Plans + /oscal/assessment-plans/{id}/tasks/{taskId}/associated-activities/{activityId}: + delete: + description: Removes an association of an Activity from a Task within an Assessment + Plan. parameters: - - description: Component Definition - in: body - name: componentDefinition + - description: Assessment Plan ID + in: path + name: id required: true - schema: - $ref: '#/definitions/oscalTypes_1_1_3.ComponentDefinition' - produces: - - application/json + type: string + - description: Task ID + in: path + name: taskId + required: true + type: string + - description: Activity ID + in: path + name: activityId + required: true + type: string responses: - "201": - description: Created - schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_ComponentDefinition' + "204": + description: No Content "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "401": - description: Unauthorized + "404": + description: Not Found schema: $ref: '#/definitions/api.Error' "500": @@ -13267,33 +7539,37 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Create a component definition + summary: Disassociate an Activity from a Task tags: - - Component Definitions - /oscal/component-definitions/{id}: - get: - description: Retrieves a single component definition by its unique ID. + - Assessment Plans + post: + description: Associates an existing Activity to a Task within an Assessment + Plan. parameters: - - description: Component Definition ID + - description: Assessment Plan ID in: path name: id required: true type: string + - description: Task ID + in: path + name: taskId + required: true + type: string + - description: Activity ID + in: path + name: activityId + required: true + type: string produces: - application/json responses: "200": - description: OK - schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_ComponentDefinition' + description: No Content "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "401": - description: Unauthorized - schema: - $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -13304,40 +7580,29 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Get a component definition + summary: Associate an Activity with a Task tags: - - Component Definitions - put: - consumes: - - application/json - description: Updates an existing component definition. + - Assessment Plans + /oscal/assessment-plans/{id}/terms-and-conditions: + get: + description: Retrieves terms and conditions for an Assessment Plan. parameters: - - description: Component Definition ID + - description: Assessment Plan ID in: path name: id required: true type: string - - description: Updated Component Definition object - in: body - name: componentDefinition - required: true - schema: - $ref: '#/definitions/oscalTypes_1_1_3.ComponentDefinition' produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_ComponentDefinition' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_AssessmentPlanTermsAndConditions' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "401": - description: Unauthorized - schema: - $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -13348,114 +7613,79 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Update a component definition + summary: Get Assessment Plan Terms and Conditions tags: - - Component Definitions - /oscal/component-definitions/{id}/back-matter: + - Assessment Plans + /oscal/assessment-results: get: - description: Retrieves the back-matter for a given Component Definition. - parameters: - - description: Component Definition ID - in: path - name: id - required: true - type: string + description: Retrieves all Assessment Results. produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_BackMatter' + $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_AssessmentResults' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "401": - description: Unauthorized - schema: - $ref: '#/definitions/api.Error' - "404": - description: Not Found - schema: - $ref: '#/definitions/api.Error' "500": description: Internal Server Error schema: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Get back-matter for a Component Definition + summary: List Assessment Results tags: - - Component Definitions + - Assessment Results post: consumes: - application/json - description: Creates new back-matter for a given component definition. + description: Creates an Assessment Results from input. parameters: - - description: Component Definition ID - in: path - name: id - required: true - type: string - - description: Back Matter + - description: Assessment Results data in: body - name: back-matter + name: ar required: true schema: - $ref: '#/definitions/oscalTypes_1_1_3.BackMatter' + $ref: '#/definitions/oscalTypes_1_1_3.AssessmentResults' produces: - application/json responses: - "200": - description: OK + "201": + description: Created schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_BackMatter' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_AssessmentResults' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "401": - description: Unauthorized - schema: - $ref: '#/definitions/api.Error' - "404": - description: Not Found - schema: - $ref: '#/definitions/api.Error' "500": description: Internal Server Error schema: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Create back-matter for a component definition + summary: Create an Assessment Results tags: - - Component Definitions - /oscal/component-definitions/{id}/capabilities: - get: - description: Retrieves all capabilities for a given component definition. + - Assessment Results + /oscal/assessment-results/{id}: + delete: + description: Deletes an Assessment Results by its ID. parameters: - - description: Component Definition ID + - description: Assessment Results ID in: path name: id required: true type: string - produces: - - application/json responses: - "200": - description: OK - schema: - $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_Capability' + "204": + description: No Content "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "401": - description: Unauthorized - schema: - $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -13466,42 +7696,28 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Get capabilities for a component definition + summary: Delete an Assessment Results tags: - - Component Definitions - post: - consumes: - - application/json - description: Creates new capabilities for a given component definition. + - Assessment Results + get: + description: Retrieves a single Assessment Results by its unique ID. parameters: - - description: Component Definition ID + - description: Assessment Results ID in: path name: id required: true type: string - - description: Capabilities - in: body - name: capabilities - required: true - schema: - items: - $ref: '#/definitions/oscalTypes_1_1_3.Capability' - type: array produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_Capability' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_AssessmentResults' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "401": - description: Unauthorized - schema: - $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -13512,46 +7728,36 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Create capabilities for a component definition + summary: Get an Assessment Results tags: - - Component Definitions - /oscal/component-definitions/{id}/capabilities/{capability}: + - Assessment Results put: consumes: - application/json - description: Updates a single capability for a given component definition. + description: Updates an existing Assessment Results. parameters: - - description: Component Definition ID + - description: Assessment Results ID in: path name: id required: true type: string - - description: Capability ID (UUID) - in: path - name: capability - required: true - type: string - - description: Capability to update + - description: Updated Assessment Results object in: body - name: capability + name: ar required: true schema: - $ref: '#/definitions/oscalTypes_1_1_3.Capability' + $ref: '#/definitions/oscalTypes_1_1_3.AssessmentResults' produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Capability' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_AssessmentResults' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "401": - description: Unauthorized - schema: - $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -13562,14 +7768,14 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Update a capability for a component definition + summary: Update an Assessment Results tags: - - Component Definitions - /oscal/component-definitions/{id}/capabilities/incorporates-components: + - Assessment Results + /oscal/assessment-results/{id}/available-controls: get: - description: Retrieves all incorporates components for a given component definition. + description: Retrieves controls that can be referenced in findings parameters: - - description: Component Definition ID + - description: Assessment Results ID in: path name: id required: true @@ -13580,15 +7786,11 @@ paths: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_IncorporatesComponent' + $ref: '#/definitions/handler.GenericDataListResponse-array_oscalTypes_1_1_3_Control' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "401": - description: Unauthorized - schema: - $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -13599,42 +7801,25 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Get incorporates components for a component definition + summary: Get available controls for findings tags: - - Component Definitions - post: - consumes: - - application/json - description: Creates new incorporates components for a given component definition. + - Assessment Results + /oscal/assessment-results/{id}/back-matter: + delete: + description: Deletes the back matter for an Assessment Results. parameters: - - description: Component Definition ID + - description: Assessment Results ID in: path name: id required: true type: string - - description: Incorporates Components - in: body - name: incorporates-components - required: true - schema: - items: - $ref: '#/definitions/oscalTypes_1_1_3.IncorporatesComponent' - type: array - produces: - - application/json responses: - "200": - description: OK - schema: - $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_IncorporatesComponent' + "204": + description: No Content "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "401": - description: Unauthorized - schema: - $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -13645,14 +7830,13 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Create incorporates components for a component definition + summary: Delete back matter tags: - - Component Definitions - /oscal/component-definitions/{id}/components: + - Assessment Results get: - description: Retrieves all components for a given component definition. + description: Retrieves the back matter for an Assessment Results. parameters: - - description: Component Definition ID + - description: Assessment Results ID in: path name: id required: true @@ -13663,15 +7847,11 @@ paths: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_DefinedComponent' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_BackMatter' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "401": - description: Unauthorized - schema: - $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -13682,42 +7862,36 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Get components for a component definition + summary: Get back matter tags: - - Component Definitions + - Assessment Results post: consumes: - application/json - description: Creates new components for a given component definition. + description: Creates or replaces the back matter for an Assessment Results. parameters: - - description: Component Definition ID + - description: Assessment Results ID in: path name: id required: true type: string - - description: Components to create + - description: Back Matter in: body - name: components + name: backMatter required: true schema: - items: - $ref: '#/definitions/oscalTypes_1_1_3.DefinedComponent' - type: array + $ref: '#/definitions/oscalTypes_1_1_3.BackMatter' produces: - application/json responses: - "200": - description: OK + "201": + description: Created schema: - $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_DefinedComponent' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_BackMatter' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "401": - description: Unauthorized - schema: - $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -13728,42 +7902,36 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Create components for a component definition + summary: Create back matter tags: - - Component Definitions + - Assessment Results put: consumes: - application/json - description: Updates the components for a given component definition. + description: Updates the back matter for an Assessment Results. parameters: - - description: Component Definition ID + - description: Assessment Results ID in: path name: id required: true type: string - - description: Components to update + - description: Back Matter in: body - name: components + name: backMatter required: true schema: - items: - $ref: '#/definitions/oscalTypes_1_1_3.DefinedComponent' - type: array + $ref: '#/definitions/oscalTypes_1_1_3.BackMatter' produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_DefinedComponent' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_BackMatter' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "401": - description: Unauthorized - schema: - $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -13774,38 +7942,30 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Update components for a component definition + summary: Update back matter tags: - - Component Definitions - /oscal/component-definitions/{id}/components/{defined-component}: + - Assessment Results + /oscal/assessment-results/{id}/back-matter/resources: get: - description: Retrieves a defined component for a given component definition. + description: Retrieves all resources from the back matter for an Assessment + Results. parameters: - - description: Component Definition ID + - description: Assessment Results ID in: path name: id required: true type: string - - description: Defined Component ID - in: path - name: defined-component - required: true - type: string produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_DefinedComponent' + $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_Resource' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "401": - description: Unauthorized - schema: - $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -13816,40 +7976,36 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Get a defined component for a component definition + summary: Get back matter resources tags: - - Component Definitions + - Assessment Results post: consumes: - application/json - description: Creates a new defined component for a given component definition. + description: Creates a new resource in the back matter for an Assessment Results. parameters: - - description: Component Definition ID + - description: Assessment Results ID in: path name: id required: true type: string - - description: Defined Component to create + - description: Resource in: body - name: defined-component + name: resource required: true schema: - $ref: '#/definitions/oscalTypes_1_1_3.DefinedComponent' + $ref: '#/definitions/oscalTypes_1_1_3.Resource' produces: - application/json responses: - "200": - description: OK + "201": + description: Created schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_DefinedComponent' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Resource' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "401": - description: Unauthorized - schema: - $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -13860,45 +8016,31 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Create a defined component for a component definition - tags: - - Component Definitions - put: - consumes: - - application/json - description: Updates a defined component for a given component definition. + summary: Create back matter resource + tags: + - Assessment Results + /oscal/assessment-results/{id}/back-matter/resources/{resourceId}: + delete: + description: Deletes a specific resource from the back matter for an Assessment + Results. parameters: - - description: Component Definition ID + - description: Assessment Results ID in: path name: id required: true type: string - - description: Defined Component ID + - description: Resource ID in: path - name: defined-component + name: resourceId required: true type: string - - description: Defined Component to update - in: body - name: defined-component - required: true - schema: - $ref: '#/definitions/oscalTypes_1_1_3.DefinedComponent' - produces: - - application/json responses: - "200": - description: OK - schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_DefinedComponent' + "204": + description: No Content "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "401": - description: Unauthorized - schema: - $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -13909,38 +8051,42 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Update a defined component for a component definition + summary: Delete back matter resource tags: - - Component Definitions - /oscal/component-definitions/{id}/components/{defined-component}/control-implementations: - get: - description: Retrieves all control implementations for a given defined component. + - Assessment Results + put: + consumes: + - application/json + description: Updates a specific resource in the back matter for an Assessment + Results. parameters: - - description: Component Definition ID + - description: Assessment Results ID in: path name: id required: true type: string - - description: Defined Component ID + - description: Resource ID in: path - name: defined-component + name: resourceId required: true type: string + - description: Resource + in: body + name: resource + required: true + schema: + $ref: '#/definitions/oscalTypes_1_1_3.Resource' produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_ControlImplementationSet' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Resource' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "401": - description: Unauthorized - schema: - $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -13951,47 +8097,34 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Get control implementations for a defined component + summary: Update back matter resource tags: - - Component Definitions - post: - consumes: - - application/json - description: Creates new control implementations for a given defined component. + - Assessment Results + /oscal/assessment-results/{id}/control/{controlId}: + get: + description: Retrieves a control with all its parts for reference in findings parameters: - - description: Component Definition ID + - description: Assessment Results ID in: path name: id required: true type: string - - description: Defined Component ID + - description: Control ID in: path - name: defined-component + name: controlId required: true type: string - - description: Control Implementations - in: body - name: control-implementations - required: true - schema: - items: - $ref: '#/definitions/oscalTypes_1_1_3.ControlImplementationSet' - type: array produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_ControlImplementationSet' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Control' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "401": - description: Unauthorized - schema: - $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -14002,47 +8135,30 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Create control implementations for a defined component + summary: Get control details with statements and objectives tags: - - Component Definitions - put: - consumes: - - application/json - description: Updates control implementations for a given defined component. + - Assessment Results + /oscal/assessment-results/{id}/findings: + get: + description: Retrieves all findings in the system that can be associated with + results. parameters: - - description: Component Definition ID + - description: Assessment Results ID in: path name: id required: true type: string - - description: Defined Component ID - in: path - name: defined-component - required: true - type: string - - description: Control Implementations - in: body - name: control-implementations - required: true - schema: - items: - $ref: '#/definitions/oscalTypes_1_1_3.ControlImplementationSet' - type: array produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_ControlImplementationSet' + $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_Finding' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "401": - description: Unauthorized - schema: - $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -14053,51 +8169,30 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Update control implementations for a defined component + summary: List all findings available for association tags: - - Component Definitions - /oscal/component-definitions/{id}/components/{defined-component}/control-implementations/{control-implementation}: - put: - consumes: - - application/json - description: Updates a specific control implementation for a given defined component. + - Assessment Results + /oscal/assessment-results/{id}/full: + get: + description: Retrieves a complete Assessment Results by its ID, including all + metadata and related objects. parameters: - - description: Component Definition ID + - description: Assessment Results ID in: path name: id required: true type: string - - description: Defined Component ID - in: path - name: defined-component - required: true - type: string - - description: Control Implementation ID - in: path - name: control-implementation - required: true - type: string - - description: Control Implementation - in: body - name: control-implementation - required: true - schema: - $ref: '#/definitions/oscalTypes_1_1_3.ControlImplementationSet' produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_ControlImplementationSet' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_AssessmentResults' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "401": - description: Unauthorized - schema: - $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -14108,38 +8203,29 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Update a single control implementation for a defined component + summary: Get a complete Assessment Results tags: - - Component Definitions - /oscal/component-definitions/{id}/components/{defined-component}/control-implementations/implemented-requirements: + - Assessment Results + /oscal/assessment-results/{id}/import-ap: get: - description: Retrieves all implemented requirements for a given defined component. + description: Retrieves import-ap for a given Assessment Results. parameters: - - description: Component Definition ID + - description: Assessment Results ID in: path name: id required: true type: string - - description: Defined Component ID - in: path - name: defined-component - required: true - type: string produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_ImplementedRequirementControlImplementation' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_ImportAp' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "401": - description: Unauthorized - schema: - $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -14150,38 +8236,36 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Get implemented requirements for a defined component + summary: Get Assessment Results import-ap tags: - - Component Definitions - /oscal/component-definitions/{id}/components/{defined-component}/control-implementations/implemented-requirements/statements: - get: - description: Retrieves all statements for a given defined component. + - Assessment Results + put: + consumes: + - application/json + description: Updates import-ap for a given Assessment Results. parameters: - - description: Component Definition ID + - description: Assessment Results ID in: path name: id required: true type: string - - description: Defined Component ID - in: path - name: defined-component + - description: Import AP data + in: body + name: importAp required: true - type: string + schema: + $ref: '#/definitions/oscalTypes_1_1_3.ImportAp' produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_ControlStatementImplementation' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_ImportAp' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "401": - description: Unauthorized - schema: - $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -14192,15 +8276,14 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Get statements for a defined component + summary: Update Assessment Results import-ap tags: - - Component Definitions - /oscal/component-definitions/{id}/full: + - Assessment Results + /oscal/assessment-results/{id}/local-definitions: get: - description: Retrieves a complete Component Definition by its ID, including - all metadata and revisions. + description: Retrieves local-definitions for a given Assessment Results. parameters: - - description: Component Definition ID + - description: Assessment Results ID in: path name: id required: true @@ -14211,15 +8294,11 @@ paths: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_ComponentDefinition' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_LocalDefinitions' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "401": - description: Unauthorized - schema: - $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -14230,39 +8309,36 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Get a complete Component Definition + summary: Get Assessment Results local-definitions tags: - - Component Definitions - /oscal/component-definitions/{id}/import-component-definitions: - get: - description: Retrieves all import component definitions for a given defined - component. + - Assessment Results + put: + consumes: + - application/json + description: Updates local-definitions for a given Assessment Results. parameters: - - description: Component Definition ID + - description: Assessment Results ID in: path name: id required: true type: string - - description: Defined Component ID - in: path - name: defined-component + - description: Local definitions data + in: body + name: localDefinitions required: true - type: string + schema: + $ref: '#/definitions/oscalTypes_1_1_3.LocalDefinitions' produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_ImportComponentDefinition' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_LocalDefinitions' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "401": - description: Unauthorized - schema: - $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -14273,41 +8349,29 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Get import component definitions for a defined component + summary: Update Assessment Results local-definitions tags: - - Component Definitions - post: - description: Creates new import component definitions for a given component - definition. + - Assessment Results + /oscal/assessment-results/{id}/metadata: + get: + description: Retrieves metadata for a given Assessment Results. parameters: - - description: Component Definition ID + - description: Assessment Results ID in: path name: id required: true type: string - - description: Import Component Definitions - in: body - name: import-component-definitions - required: true - schema: - items: - $ref: '#/definitions/oscalTypes_1_1_3.ImportComponentDefinition' - type: array produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_ImportComponentDefinition' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Metadata' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "401": - description: Unauthorized - schema: - $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -14318,41 +8382,36 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Create import component definitions for a component definition + summary: Get Assessment Results metadata tags: - - Component Definitions + - Assessment Results put: - description: Updates the import component definitions for a given component - definition. + consumes: + - application/json + description: Updates metadata for a given Assessment Results. parameters: - - description: Component Definition ID + - description: Assessment Results ID in: path name: id required: true type: string - - description: Import Component Definitions + - description: Metadata data in: body - name: import-component-definitions + name: metadata required: true schema: - items: - $ref: '#/definitions/oscalTypes_1_1_3.ImportComponentDefinition' - type: array + $ref: '#/definitions/oscalTypes_1_1_3.Metadata' produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_ImportComponentDefinition' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Metadata' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "401": - description: Unauthorized - schema: - $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -14363,70 +8422,51 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Update import component definitions for a component definition + summary: Update Assessment Results metadata tags: - - Component Definitions - /oscal/import: - post: - consumes: - - multipart/form-data - description: Import multiple OSCAL JSON files (catalogs, profiles, SSPs, etc.) + - Assessment Results + /oscal/assessment-results/{id}/observations: + get: + description: Retrieves all observations in the system that can be associated + with results. parameters: - - description: OSCAL JSON files to import - in: formData - name: files + - description: Assessment Results ID + in: path + name: id required: true - type: file + type: string produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscal_ImportResponse' + $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_Observation' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' + "404": + description: Not Found + schema: + $ref: '#/definitions/api.Error' "500": description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Import OSCAL files + security: + - OAuth2Password: [] + summary: List all observations available for association tags: - - OSCAL - /oscal/inventory: + - Assessment Results + /oscal/assessment-results/{id}/results: get: - description: Retrieves all inventory items from all sources (SSP, Evidence, - POAM, AP, AR) + description: Retrieves all results for a given Assessment Results. parameters: - - description: Include items from System Security Plans - in: query - name: include_ssp - type: string - - description: Include items from Evidence - in: query - name: include_evidence - type: string - - description: Include items from Plan of Action and Milestones - in: query - name: include_poam - type: string - - description: Include items from Assessment Plans - in: query - name: include_ap - type: string - - description: Include items from Assessment Results - in: query - name: include_ar - type: string - - description: Filter by item type (e.g., operating-system, database, web-server) - in: query - name: item_type - type: string - - description: Filter by SSP attachment status - in: query - name: attached_to_ssp + - description: Assessment Results ID + in: path + name: id + required: true type: string produces: - application/json @@ -14434,13 +8474,13 @@ paths: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataListResponse-oscal_InventoryItemWithSource' + $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_Result' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "401": - description: Unauthorized + "404": + description: Not Found schema: $ref: '#/definitions/api.Error' "500": @@ -14449,34 +8489,38 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Get All Inventory Items + summary: Get results for an Assessment Results tags: - - Inventory + - Assessment Results post: consumes: - application/json - description: Creates a new inventory item with optional attachment to SSP or - POAM + description: Creates a new result for a given Assessment Results. parameters: - - description: Create Inventory Item Request + - description: Assessment Results ID + in: path + name: id + required: true + type: string + - description: Result data in: body - name: request + name: result required: true schema: - $ref: '#/definitions/oscal.CreateInventoryItemRequest' + $ref: '#/definitions/oscalTypes_1_1_3.Result' produces: - application/json responses: "201": description: Created schema: - $ref: '#/definitions/handler.GenericDataResponse-oscal_InventoryItemWithSource' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Result' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "401": - description: Unauthorized + "404": + description: Not Found schema: $ref: '#/definitions/api.Error' "500": @@ -14485,33 +8529,30 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Create Inventory Item + summary: Create a result for an Assessment Results tags: - - Inventory - /oscal/inventory/{id}: - get: - description: Retrieves a specific inventory item by its ID + - Assessment Results + /oscal/assessment-results/{id}/results/{resultId}: + delete: + description: Deletes a specific result from an Assessment Results. parameters: - - description: Inventory Item ID + - description: Assessment Results ID in: path name: id required: true type: string - produces: - - application/json + - description: Result ID + in: path + name: resultId + required: true + type: string responses: - "200": - description: OK - schema: - $ref: '#/definitions/handler.GenericDataResponse-oscal_InventoryItemWithSource' + "204": + description: No Content "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "401": - description: Unauthorized - schema: - $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -14522,25 +8563,35 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Get Inventory Item by ID + summary: Delete a result tags: - - Inventory - /oscal/parties: + - Assessment Results get: - description: Retrieves all parties. + description: Retrieves a specific result from an Assessment Results. + parameters: + - description: Assessment Results ID + in: path + name: id + required: true + type: string + - description: Result ID + in: path + name: resultId + required: true + type: string produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_Party' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Result' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "401": - description: Unauthorized + "404": + description: Not Found schema: $ref: '#/definitions/api.Error' "500": @@ -14549,33 +8600,41 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: List parties + summary: Get a specific result tags: - - Oscal - /oscal/parties/{id}: - get: - description: Retrieves a single Party by its unique ID. + - Assessment Results + put: + consumes: + - application/json + description: Updates a specific result in an Assessment Results. parameters: - - description: Party ID + - description: Assessment Results ID in: path name: id required: true type: string + - description: Result ID + in: path + name: resultId + required: true + type: string + - description: Result data + in: body + name: result + required: true + schema: + $ref: '#/definitions/oscalTypes_1_1_3.Result' produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Party' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Result' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "401": - description: Unauthorized - schema: - $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -14585,70 +8644,69 @@ paths: schema: $ref: '#/definitions/api.Error' security: - - OAuth2Password: [] - summary: Get a Party - tags: - - Oscal - /oscal/plan-of-action-and-milestones: - get: - description: Retrieves all Plan of Action and Milestones. - produces: - - application/json - responses: - "200": - description: OK - schema: - $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_PlanOfActionAndMilestones' - "400": - description: Bad Request - schema: - $ref: '#/definitions/api.Error' - "500": - description: Internal Server Error - schema: - $ref: '#/definitions/api.Error' - summary: List POA&Ms + - OAuth2Password: [] + summary: Update a result tags: - - Plan Of Action and Milestones - post: - consumes: - - application/json - description: Creates a new Plan of Action and Milestones. + - Assessment Results + /oscal/assessment-results/{id}/results/{resultId}/associated-findings: + get: + description: Retrieves all Findings associated with a specific Result in an + Assessment Results. parameters: - - description: POA&M data - in: body - name: poam + - description: Assessment Results ID + in: path + name: id required: true - schema: - $ref: '#/definitions/oscalTypes_1_1_3.PlanOfActionAndMilestones' + type: string + - description: Result ID + in: path + name: resultId + required: true + type: string produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_PlanOfActionAndMilestones' + $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_Finding' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' + "404": + description: Not Found + schema: + $ref: '#/definitions/api.Error' "500": description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Create a new POA&M + security: + - OAuth2Password: [] + summary: List Associated Findings for a Result tags: - - Plan Of Action and Milestones - /oscal/plan-of-action-and-milestones/{id}: + - Assessment Results + /oscal/assessment-results/{id}/results/{resultId}/associated-findings/{findingId}: delete: - description: Deletes an existing Plan of Action and Milestones and all its related - data. + description: Removes an association of a Finding from a Result within an Assessment + Results. parameters: - - description: POA&M ID + - description: Assessment Results ID in: path name: id required: true type: string + - description: Result ID + in: path + name: resultId + required: true + type: string + - description: Finding ID + in: path + name: findingId + required: true + type: string responses: "204": description: No Content @@ -14664,25 +8722,35 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Delete a POA&M + security: + - OAuth2Password: [] + summary: Disassociate a Finding from a Result tags: - - Plan Of Action and Milestones - get: - description: Retrieves a single Plan of Action and Milestones by its unique - ID. + - Assessment Results + post: + description: Associates an existing Finding to a Result within an Assessment + Results. parameters: - - description: POA&M ID + - description: Assessment Results ID in: path name: id required: true type: string + - description: Result ID + in: path + name: resultId + required: true + type: string + - description: Finding ID + in: path + name: findingId + required: true + type: string produces: - application/json responses: "200": - description: OK - schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_PlanOfActionAndMilestones' + description: No Content "400": description: Bad Request schema: @@ -14695,32 +8763,33 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Get a POA&M + security: + - OAuth2Password: [] + summary: Associate a Finding with a Result tags: - - Plan Of Action and Milestones - put: - consumes: - - application/json - description: Updates an existing Plan of Action and Milestones. + - Assessment Results + /oscal/assessment-results/{id}/results/{resultId}/associated-observations: + get: + description: Retrieves all Observations associated with a specific Result in + an Assessment Results. parameters: - - description: POA&M ID + - description: Assessment Results ID in: path name: id required: true type: string - - description: POA&M data - in: body - name: poam + - description: Result ID + in: path + name: resultId required: true - schema: - $ref: '#/definitions/oscalTypes_1_1_3.PlanOfActionAndMilestones' + type: string produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_PlanOfActionAndMilestones' + $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_Observation' "400": description: Bad Request schema: @@ -14733,25 +8802,34 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Update a POA&M + security: + - OAuth2Password: [] + summary: List Associated Observations for a Result tags: - - Plan Of Action and Milestones - /oscal/plan-of-action-and-milestones/{id}/back-matter: - get: - description: Retrieves back-matter for a given POA&M. + - Assessment Results + /oscal/assessment-results/{id}/results/{resultId}/associated-observations/{observationId}: + delete: + description: Removes an association of an Observation from a Result within an + Assessment Results. parameters: - - description: POA&M ID + - description: Assessment Results ID in: path name: id required: true type: string - produces: - - application/json + - description: Result ID + in: path + name: resultId + required: true + type: string + - description: Observation ID + in: path + name: observationId + required: true + type: string responses: - "200": - description: OK - schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_BackMatter' + "204": + description: No Content "400": description: Bad Request schema: @@ -14764,25 +8842,35 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Get POA&M back-matter + security: + - OAuth2Password: [] + summary: Disassociate an Observation from a Result tags: - - Plan Of Action and Milestones - /oscal/plan-of-action-and-milestones/{id}/back-matter/resources: - get: - description: Retrieves all back-matter resources for a given POA&M. + - Assessment Results + post: + description: Associates an existing Observation to a Result within an Assessment + Results. parameters: - - description: POA&M ID + - description: Assessment Results ID in: path name: id required: true type: string + - description: Result ID + in: path + name: resultId + required: true + type: string + - description: Observation ID + in: path + name: observationId + required: true + type: string produces: - application/json responses: "200": - description: OK - schema: - $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_Resource' + description: No Content "400": description: Bad Request schema: @@ -14795,32 +8883,33 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Get back-matter resources for a POA&M + security: + - OAuth2Password: [] + summary: Associate an Observation with a Result tags: - - Plan Of Action and Milestones - post: - consumes: - - application/json - description: Creates a new back-matter resource for a given POA&M. + - Assessment Results + /oscal/assessment-results/{id}/results/{resultId}/associated-risks: + get: + description: Retrieves all Risks associated with a specific Result in an Assessment + Results. parameters: - - description: POA&M ID + - description: Assessment Results ID in: path name: id required: true type: string - - description: Resource data - in: body - name: resource + - description: Result ID + in: path + name: resultId required: true - schema: - $ref: '#/definitions/oscalTypes_1_1_3.Resource' + type: string produces: - application/json responses: - "201": - description: Created + "200": + description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Resource' + $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_Risk' "400": description: Bad Request schema: @@ -14833,21 +8922,29 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Create a new back-matter resource for a POA&M + security: + - OAuth2Password: [] + summary: List Associated Risks for a Result tags: - - Plan Of Action and Milestones - /oscal/plan-of-action-and-milestones/{id}/back-matter/resources/{resourceId}: + - Assessment Results + /oscal/assessment-results/{id}/results/{resultId}/associated-risks/{riskId}: delete: - description: Deletes an existing back-matter resource for a given POA&M. + description: Removes an association of a Risk from a Result within an Assessment + Results. parameters: - - description: POA&M ID + - description: Assessment Results ID in: path name: id required: true type: string - - description: Resource ID + - description: Result ID in: path - name: resourceId + name: resultId + required: true + type: string + - description: Risk ID + in: path + name: riskId required: true type: string responses: @@ -14865,37 +8962,34 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Delete a back-matter resource from a POA&M + security: + - OAuth2Password: [] + summary: Disassociate a Risk from a Result tags: - - Plan Of Action and Milestones - put: - consumes: - - application/json - description: Updates an existing back-matter resource for a given POA&M. + - Assessment Results + post: + description: Associates an existing Risk to a Result within an Assessment Results. parameters: - - description: POA&M ID + - description: Assessment Results ID in: path name: id required: true type: string - - description: Resource ID + - description: Result ID in: path - name: resourceId + name: resultId required: true type: string - - description: Resource data - in: body - name: resource + - description: Risk ID + in: path + name: riskId required: true - schema: - $ref: '#/definitions/oscalTypes_1_1_3.Resource' + type: string produces: - application/json responses: "200": - description: OK - schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Resource' + description: No Content "400": description: Bad Request schema: @@ -14908,25 +9002,32 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Update a back-matter resource for a POA&M + security: + - OAuth2Password: [] + summary: Associate a Risk with a Result tags: - - Plan Of Action and Milestones - /oscal/plan-of-action-and-milestones/{id}/findings: + - Assessment Results + /oscal/assessment-results/{id}/results/{resultId}/attestations: get: - description: Retrieves all findings for a given POA&M. + description: Retrieves all attestations for a given result. parameters: - - description: POA&M ID + - description: Assessment Results ID in: path name: id required: true type: string + - description: Result ID + in: path + name: resultId + required: true + type: string produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_Finding' + $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_AttestationStatements' "400": description: Bad Request schema: @@ -14939,32 +9040,39 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Get findings for a POA&M + security: + - OAuth2Password: [] + summary: Get attestations for a result tags: - - Plan Of Action and Milestones + - Assessment Results post: consumes: - application/json - description: Creates a new finding for a given POA&M. + description: Creates a new attestation for a given result. parameters: - - description: POA&M ID + - description: Assessment Results ID in: path name: id required: true type: string - - description: Finding data + - description: Result ID + in: path + name: resultId + required: true + type: string + - description: Attestation data in: body - name: finding + name: attestation required: true schema: - $ref: '#/definitions/oscalTypes_1_1_3.Finding' + $ref: '#/definitions/oscalTypes_1_1_3.AttestationStatements' produces: - application/json responses: - "200": - description: OK + "201": + description: Created schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Finding' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_AttestationStatements' "400": description: Bad Request schema: @@ -14977,21 +9085,28 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Create a new finding for a POA&M + security: + - OAuth2Password: [] + summary: Create an attestation for a result tags: - - Plan Of Action and Milestones - /oscal/plan-of-action-and-milestones/{id}/findings/{findingId}: + - Assessment Results + /oscal/assessment-results/{id}/results/{resultId}/attestations/{attestationId}: delete: - description: Deletes an existing finding for a given POA&M. + description: Deletes a specific attestation from a result. parameters: - - description: POA&M ID + - description: Assessment Results ID in: path name: id required: true type: string - - description: Finding ID + - description: Result ID in: path - name: findingId + name: resultId + required: true + type: string + - description: Attestation ID + in: path + name: attestationId required: true type: string responses: @@ -15009,37 +9124,44 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Delete a finding from a POA&M + security: + - OAuth2Password: [] + summary: Delete an attestation tags: - - Plan Of Action and Milestones + - Assessment Results put: consumes: - application/json - description: Updates an existing finding for a given POA&M. + description: Updates a specific attestation in a result. parameters: - - description: POA&M ID + - description: Assessment Results ID in: path name: id required: true type: string - - description: Finding ID + - description: Result ID in: path - name: findingId + name: resultId required: true type: string - - description: Finding data + - description: Attestation ID + in: path + name: attestationId + required: true + type: string + - description: Attestation data in: body - name: finding + name: attestation required: true schema: - $ref: '#/definitions/oscalTypes_1_1_3.Finding' + $ref: '#/definitions/oscalTypes_1_1_3.AttestationStatements' produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Finding' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_AttestationStatements' "400": description: Bad Request schema: @@ -15052,26 +9174,32 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Update a finding for a POA&M + security: + - OAuth2Password: [] + summary: Update an attestation tags: - - Plan Of Action and Milestones - /oscal/plan-of-action-and-milestones/{id}/full: + - Assessment Results + /oscal/assessment-results/{id}/results/{resultId}/findings: get: - description: Retrieves a complete POA&M by its ID, including all metadata and - related objects. + description: Retrieves all findings for a given result. parameters: - - description: POA&M ID + - description: Assessment Results ID in: path name: id required: true type: string + - description: Result ID + in: path + name: resultId + required: true + type: string produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_PlanOfActionAndMilestones' + $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_Finding' "400": description: Bad Request schema: @@ -15084,25 +9212,39 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Get a complete POA&M + security: + - OAuth2Password: [] + summary: Get findings for a result tags: - - Plan Of Action and Milestones - /oscal/plan-of-action-and-milestones/{id}/import-ssp: - get: - description: Retrieves import-ssp for a given POA&M. + - Assessment Results + post: + consumes: + - application/json + description: Creates a new finding for a given result. parameters: - - description: POA&M ID + - description: Assessment Results ID in: path name: id required: true type: string + - description: Result ID + in: path + name: resultId + required: true + type: string + - description: Finding data + in: body + name: finding + required: true + schema: + $ref: '#/definitions/oscalTypes_1_1_3.Finding' produces: - application/json responses: - "200": - description: OK + "201": + description: Created schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_ImportSsp' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Finding' "400": description: Bad Request schema: @@ -15115,32 +9257,33 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Get POA&M import-ssp + security: + - OAuth2Password: [] + summary: Create a finding for a result tags: - - Plan Of Action and Milestones - post: - consumes: - - application/json - description: Creates import-ssp for a given POA&M. + - Assessment Results + /oscal/assessment-results/{id}/results/{resultId}/findings/{findingId}: + delete: + description: Deletes a specific finding from a result. parameters: - - description: POA&M ID + - description: Assessment Results ID in: path name: id required: true type: string - - description: Import SSP data - in: body - name: importSsp + - description: Result ID + in: path + name: resultId required: true - schema: - $ref: '#/definitions/oscalTypes_1_1_3.ImportSsp' - produces: - - application/json + type: string + - description: Finding ID + in: path + name: findingId + required: true + type: string responses: - "200": - description: OK - schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_ImportSsp' + "204": + description: No Content "400": description: Bad Request schema: @@ -15153,32 +9296,44 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Create import-ssp for a POA&M + security: + - OAuth2Password: [] + summary: Delete a finding tags: - - Plan Of Action and Milestones + - Assessment Results put: consumes: - application/json - description: Updates import-ssp for a given POA&M. + description: Updates a specific finding in a result. parameters: - - description: POA&M ID + - description: Assessment Results ID in: path name: id required: true type: string - - description: Import SSP data + - description: Result ID + in: path + name: resultId + required: true + type: string + - description: Finding ID + in: path + name: findingId + required: true + type: string + - description: Finding data in: body - name: importSsp + name: finding required: true schema: - $ref: '#/definitions/oscalTypes_1_1_3.ImportSsp' + $ref: '#/definitions/oscalTypes_1_1_3.Finding' produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_ImportSsp' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Finding' "400": description: Bad Request schema: @@ -15191,25 +9346,32 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Update import-ssp for a POA&M + security: + - OAuth2Password: [] + summary: Update a finding tags: - - Plan Of Action and Milestones - /oscal/plan-of-action-and-milestones/{id}/local-definitions: + - Assessment Results + /oscal/assessment-results/{id}/results/{resultId}/observations: get: - description: Retrieves local definitions for a given POA&M. + description: Retrieves all observations for a given result. parameters: - - description: POA&M ID + - description: Assessment Results ID in: path name: id required: true type: string + - description: Result ID + in: path + name: resultId + required: true + type: string produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_PlanOfActionAndMilestonesLocalDefinitions' + $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_Observation' "400": description: Bad Request schema: @@ -15222,37 +9384,39 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Get POA&M local definitions + security: + - OAuth2Password: [] + summary: Get observations for a result tags: - - Plan Of Action and Milestones - put: + - Assessment Results + post: consumes: - application/json - description: |- - Updates local-definitions for a given POA&M with special handling of array and object fields. - - Components and inventory-items arrays are treated as full replacements: the existing values on the POA&M are overwritten by the arrays provided in the request body (no per-element merge is performed). - - Sending an empty array [] for components or inventory-items clears that specific field (resulting in an empty array on the POA&M). - - Omitting a field in the request body leaves the existing value for that field unchanged. - - Sending an empty JSON object {} as the payload deletes the entire local-definitions object for the POA&M. + description: Creates a new observation for a given result. parameters: - - description: POA&M ID + - description: Assessment Results ID in: path name: id required: true type: string - - description: Local definitions data + - description: Result ID + in: path + name: resultId + required: true + type: string + - description: Observation data in: body - name: local-definitions + name: observation required: true schema: - $ref: '#/definitions/oscalTypes_1_1_3.PlanOfActionAndMilestonesLocalDefinitions' + $ref: '#/definitions/oscalTypes_1_1_3.Observation' produces: - application/json responses: - "200": - description: OK + "201": + description: Created schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_PlanOfActionAndMilestonesLocalDefinitions' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Observation' "400": description: Bad Request schema: @@ -15265,25 +9429,33 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Update POA&M local-definitions + security: + - OAuth2Password: [] + summary: Create an observation for a result tags: - - Plan Of Action and Milestones - /oscal/plan-of-action-and-milestones/{id}/metadata: - get: - description: Retrieves metadata for a given POA&M. + - Assessment Results + /oscal/assessment-results/{id}/results/{resultId}/observations/{obsId}: + delete: + description: Deletes a specific observation from a result. parameters: - - description: POA&M ID + - description: Assessment Results ID in: path name: id required: true type: string - produces: - - application/json + - description: Result ID + in: path + name: resultId + required: true + type: string + - description: Observation ID + in: path + name: obsId + required: true + type: string responses: - "200": - description: OK - schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Metadata' + "204": + description: No Content "400": description: Bad Request schema: @@ -15296,32 +9468,44 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Get POA&M metadata + security: + - OAuth2Password: [] + summary: Delete an observation tags: - - Plan Of Action and Milestones + - Assessment Results put: consumes: - application/json - description: Updates metadata for a given POA&M. + description: Updates a specific observation in a result. parameters: - - description: POA&M ID + - description: Assessment Results ID in: path name: id required: true type: string - - description: Metadata data + - description: Result ID + in: path + name: resultId + required: true + type: string + - description: Observation ID + in: path + name: obsId + required: true + type: string + - description: Observation data in: body - name: metadata + name: observation required: true schema: - $ref: '#/definitions/oscalTypes_1_1_3.Metadata' + $ref: '#/definitions/oscalTypes_1_1_3.Observation' produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Metadata' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Observation' "400": description: Bad Request schema: @@ -15334,25 +9518,32 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Update POA&M metadata + security: + - OAuth2Password: [] + summary: Update an observation tags: - - Plan Of Action and Milestones - /oscal/plan-of-action-and-milestones/{id}/observations: + - Assessment Results + /oscal/assessment-results/{id}/results/{resultId}/risks: get: - description: Retrieves all observations for a given POA&M. + description: Retrieves all risks for a given result. parameters: - - description: POA&M ID + - description: Assessment Results ID in: path name: id required: true type: string + - description: Result ID + in: path + name: resultId + required: true + type: string produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_Observation' + $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_Risk' "400": description: Bad Request schema: @@ -15365,32 +9556,39 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Get observations for a POA&M + security: + - OAuth2Password: [] + summary: Get risks for a result tags: - - Plan Of Action and Milestones + - Assessment Results post: consumes: - application/json - description: Creates a new observation for a given POA&M. + description: Creates a new risk for a given result. parameters: - - description: POA&M ID + - description: Assessment Results ID in: path name: id required: true type: string - - description: Observation data + - description: Result ID + in: path + name: resultId + required: true + type: string + - description: Risk data in: body - name: observation + name: risk required: true schema: - $ref: '#/definitions/oscalTypes_1_1_3.Observation' + $ref: '#/definitions/oscalTypes_1_1_3.Risk' produces: - application/json responses: - "200": - description: OK + "201": + description: Created schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Observation' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Risk' "400": description: Bad Request schema: @@ -15403,21 +9601,28 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Create a new observation for a POA&M + security: + - OAuth2Password: [] + summary: Create a risk for a result tags: - - Plan Of Action and Milestones - /oscal/plan-of-action-and-milestones/{id}/observations/{obsId}: + - Assessment Results + /oscal/assessment-results/{id}/results/{resultId}/risks/{riskId}: delete: - description: Deletes an existing observation for a given POA&M. + description: Deletes a specific risk from a result. parameters: - - description: POA&M ID + - description: Assessment Results ID in: path name: id required: true type: string - - description: Observation ID + - description: Result ID in: path - name: obsId + name: resultId + required: true + type: string + - description: Risk ID + in: path + name: riskId required: true type: string responses: @@ -15435,37 +9640,44 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Delete an observation from a POA&M + security: + - OAuth2Password: [] + summary: Delete a risk tags: - - Plan Of Action and Milestones + - Assessment Results put: consumes: - application/json - description: Updates an existing observation for a given POA&M. + description: Updates a specific risk in a result. parameters: - - description: POA&M ID + - description: Assessment Results ID in: path name: id required: true type: string - - description: Observation ID + - description: Result ID in: path - name: obsId + name: resultId required: true type: string - - description: Observation data + - description: Risk ID + in: path + name: riskId + required: true + type: string + - description: Risk data in: body - name: observation + name: risk required: true schema: - $ref: '#/definitions/oscalTypes_1_1_3.Observation' + $ref: '#/definitions/oscalTypes_1_1_3.Risk' produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Observation' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Risk' "400": description: Bad Request schema: @@ -15478,14 +9690,16 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Update an observation for a POA&M + security: + - OAuth2Password: [] + summary: Update a risk tags: - - Plan Of Action and Milestones - /oscal/plan-of-action-and-milestones/{id}/poam-items: + - Assessment Results + /oscal/assessment-results/{id}/risks: get: - description: Retrieves all POA&M items for a given POA&M. + description: Retrieves all risks in the system that can be associated with results. parameters: - - description: POA&M ID + - description: Assessment Results ID in: path name: id required: true @@ -15496,7 +9710,7 @@ paths: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_PoamItem' + $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_Risk' "400": description: Bad Request schema: @@ -15509,61 +9723,75 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Get POA&M items + security: + - OAuth2Password: [] + summary: List all risks available for association tags: - - Plan Of Action and Milestones + - Assessment Results + /oscal/catalogs: + get: + description: Retrieves all catalogs. + produces: + - application/json + responses: + "200": + description: OK + schema: + $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_Catalog' + "400": + description: Bad Request + schema: + $ref: '#/definitions/api.Error' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/api.Error' + security: + - OAuth2Password: [] + summary: List catalogs + tags: + - Catalog post: consumes: - application/json - description: Creates a new POAM item for a given POA&M. + description: Creates a new OSCAL Catalog. parameters: - - description: POA&M ID - in: path - name: id - required: true - type: string - - description: POAM Item data + - description: Catalog object in: body - name: poam-item + name: catalog required: true schema: - $ref: '#/definitions/oscalTypes_1_1_3.PoamItem' + $ref: '#/definitions/oscalTypes_1_1_3.Catalog' produces: - application/json responses: - "200": - description: OK + "201": + description: Created schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_PoamItem' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Catalog' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "404": - description: Not Found - schema: - $ref: '#/definitions/api.Error' "500": description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Create a new POAM item for a POA&M + security: + - OAuth2Password: [] + summary: Create a new Catalog tags: - - Plan Of Action and Milestones - /oscal/plan-of-action-and-milestones/{id}/poam-items/{itemId}: + - Catalog + /oscal/catalogs/{id}: delete: - description: Deletes an existing POAM item for a given POA&M. + description: Deletes a Catalog and cascades to related groups/controls, metadata + and back-matter. parameters: - - description: POA&M ID + - description: Catalog ID in: path name: id required: true type: string - - description: POAM Item ID - in: path - name: itemId - required: true - type: string responses: "204": description: No Content @@ -15579,41 +9807,34 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Delete a POAM item from a POA&M + security: + - OAuth2Password: [] + summary: Delete a Catalog (cascade) tags: - - Plan Of Action and Milestones - put: - consumes: - - application/json - description: Updates an existing POAM item for a given POA&M. + - Catalog + get: + description: Retrieves a single Catalog by its unique ID. parameters: - - description: POA&M ID - in: path - name: id - required: true - type: string - - description: POAM Item ID + - description: Catalog ID in: path - name: itemId + name: id required: true type: string - - description: POAM Item data - in: body - name: poam-item - required: true - schema: - $ref: '#/definitions/oscalTypes_1_1_3.PoamItem' produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_PoamItem' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Catalog' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' + "401": + description: Unauthorized + schema: + $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -15622,25 +9843,34 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Update a POAM item for a POA&M + security: + - OAuth2Password: [] + summary: Get a Catalog tags: - - Plan Of Action and Milestones - /oscal/plan-of-action-and-milestones/{id}/risks: - get: - description: Retrieves all risks for a given POA&M. + - Catalog + put: + consumes: + - application/json + description: Updates an existing OSCAL Catalog. parameters: - - description: POA&M ID + - description: Catalog ID in: path name: id required: true type: string + - description: Updated Catalog object + in: body + name: catalog + required: true + schema: + $ref: '#/definitions/oscalTypes_1_1_3.Catalog' produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_Risk' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Catalog' "400": description: Bad Request schema: @@ -15653,36 +9883,35 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Get risks for a POA&M + security: + - OAuth2Password: [] + summary: Update a Catalog tags: - - Plan Of Action and Milestones - post: - consumes: - - application/json - description: Creates a new risk for a given POA&M. + - Catalog + /oscal/catalogs/{id}/back-matter: + get: + description: Retrieves the back-matter for a given Catalog. parameters: - - description: POA&M ID + - description: Catalog ID in: path name: id required: true type: string - - description: Risk data - in: body - name: risk - required: true - schema: - $ref: '#/definitions/oscalTypes_1_1_3.Risk' produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Risk' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_BackMatter' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' + "401": + description: Unauthorized + schema: + $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -15691,30 +9920,35 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Create a new risk for a POA&M + security: + - OAuth2Password: [] + summary: Get back-matter for a Catalog tags: - - Plan Of Action and Milestones - /oscal/plan-of-action-and-milestones/{id}/risks/{riskId}: - delete: - description: Deletes an existing risk for a given POA&M. + - Catalog + /oscal/catalogs/{id}/controls: + get: + description: Retrieves the top-level controls for a given Catalog. parameters: - - description: POA&M ID + - description: Catalog ID in: path name: id required: true type: string - - description: Risk ID - in: path - name: riskId - required: true - type: string + produces: + - application/json responses: - "204": - description: No Content + "200": + description: OK + schema: + $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_Control' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' + "401": + description: Unauthorized + schema: + $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -15723,68 +9957,65 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Delete a risk from a POA&M + security: + - OAuth2Password: [] + summary: List controls for a Catalog tags: - - Plan Of Action and Milestones - put: + - Catalog + post: consumes: - application/json - description: Updates an existing risk for a given POA&M. + description: Adds a top-level control under the specified Catalog. parameters: - - description: POA&M ID + - description: Catalog ID in: path name: id required: true type: string - - description: Risk ID - in: path - name: riskId - required: true - type: string - - description: Risk data + - description: Control object in: body - name: risk + name: control required: true schema: - $ref: '#/definitions/oscalTypes_1_1_3.Risk' + $ref: '#/definitions/oscalTypes_1_1_3.Control' produces: - application/json responses: - "200": - description: OK + "201": + description: Created schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Risk' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Control' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "404": - description: Not Found - schema: - $ref: '#/definitions/api.Error' "500": description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Update a risk for a POA&M + security: + - OAuth2Password: [] + summary: Create a new Control for a Catalog tags: - - Plan Of Action and Milestones - /oscal/plan-of-action-and-milestones/{id}/system-id: - get: - description: Retrieves system-id for a given POA&M. + - Catalog + /oscal/catalogs/{id}/controls/{control}: + delete: + description: Deletes a Control and cascades to nested children; clears filter + associations. parameters: - - description: POA&M ID + - description: Catalog ID in: path name: id required: true type: string - produces: - - application/json + - description: Control ID + in: path + name: control + required: true + type: string responses: - "200": - description: OK - schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_SystemId' + "204": + description: No Content "400": description: Bad Request schema: @@ -15797,32 +10028,31 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Get POA&M system-id + security: + - OAuth2Password: [] + summary: Delete a Control (cascade) tags: - - Plan Of Action and Milestones - post: - consumes: - - application/json - description: Creates system-id for a given POA&M. + - Catalog + get: + description: Retrieves a single Control by its ID for a given Catalog. parameters: - - description: POA&M ID + - description: Catalog ID in: path name: id required: true type: string - - description: System ID data - in: body - name: systemId + - description: Control ID + in: path + name: control required: true - schema: - $ref: '#/definitions/oscalTypes_1_1_3.SystemId' + type: string produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_SystemId' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Control' "400": description: Bad Request schema: @@ -15835,32 +10065,40 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Create system-id for a POA&M + security: + - OAuth2Password: [] + summary: Get a specific Control within a Catalog tags: - - Plan Of Action and Milestones + - Catalog put: consumes: - application/json - description: Updates system-id for a given POA&M. + description: Updates the properties of an existing Control under the specified + Catalog. parameters: - - description: POA&M ID + - description: Catalog ID in: path name: id required: true type: string - - description: System ID data + - description: Control ID + in: path + name: control + required: true + type: string + - description: Updated Control object in: body - name: systemId + name: control required: true schema: - $ref: '#/definitions/oscalTypes_1_1_3.SystemId' + $ref: '#/definitions/oscalTypes_1_1_3.Control' produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_SystemId' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Control' "400": description: Bad Request schema: @@ -15873,25 +10111,39 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Update system-id for a POA&M + security: + - OAuth2Password: [] + summary: Update a Control within a Catalog tags: - - Plan Of Action and Milestones - /oscal/profiles: + - Catalog + /oscal/catalogs/{id}/controls/{control}/controls: get: - description: Retrieves all OSCAL profiles + description: Retrieves the controls directly under a specific Control in a given + Catalog. + parameters: + - description: Catalog ID + in: path + name: id + required: true + type: string + - description: Control ID + in: path + name: control + required: true + type: string produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataListResponse-oscal_ProfileHandler' + $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_Control' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "401": - description: Unauthorized + "404": + description: Not Found schema: $ref: '#/definitions/api.Error' "500": @@ -15900,49 +10152,55 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: List Profiles + summary: List child controls for a Control within a Catalog tags: - - Profile + - Catalog post: consumes: - application/json - description: Creates a new OSCAL Profile. + description: Adds a child control under the specified Catalog Control. parameters: - - description: Profile object + - description: Catalog ID + in: path + name: id + required: true + type: string + - description: Parent Control ID + in: path + name: control + required: true + type: string + - description: Control object in: body - name: profile + name: control required: true schema: - $ref: '#/definitions/oscalTypes_1_1_3.Profile' + $ref: '#/definitions/oscalTypes_1_1_3.Control' produces: - application/json responses: "201": description: Created schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Profile' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Control' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "401": - description: Unauthorized - schema: - $ref: '#/definitions/api.Error' "500": description: Internal Server Error schema: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Create a new OSCAL Profile + summary: Create a new Sub-Control for a Control within a Catalog tags: - - Profile - /oscal/profiles/{id}: + - Catalog + /oscal/catalogs/{id}/groups: get: - description: Get an OSCAL profile with the uuid provided + description: Retrieves the top-level groups for a given Catalog. parameters: - - description: Profile ID + - description: Catalog ID in: path name: id required: true @@ -15953,7 +10211,7 @@ paths: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscal_ProfileHandler' + $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_Group' "400": description: Bad Request schema: @@ -15972,31 +10230,64 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Get Profile + summary: List groups for a Catalog tags: - - Profile - /oscal/profiles/{id}/back-matter: - get: - description: Get the BackMatter for a specific profile + - Catalog + post: + consumes: + - application/json + description: Adds a top-level group under the specified Catalog. parameters: - - description: Profile ID + - description: Catalog ID in: path name: id required: true type: string + - description: Group object + in: body + name: group + required: true + schema: + $ref: '#/definitions/oscalTypes_1_1_3.Group' produces: - application/json responses: - "200": - description: OK + "201": + description: Created schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_BackMatter' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Group' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "401": - description: Unauthorized + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/api.Error' + security: + - OAuth2Password: [] + summary: Create a new Group for a Catalog + tags: + - Catalog + /oscal/catalogs/{id}/groups/{group}: + delete: + description: Deletes a Group and cascades to nested groups and controls. + parameters: + - description: Catalog ID + in: path + name: id + required: true + type: string + - description: Group ID + in: path + name: group + required: true + type: string + responses: + "204": + description: No Content + "400": + description: Bad Request schema: $ref: '#/definitions/api.Error' "404": @@ -16009,26 +10300,21 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Get Backmatter + summary: Delete a Group (cascade) tags: - - Profile - /oscal/profiles/{id}/compliance-progress: + - Catalog get: - description: Returns aggregated compliance progress for controls in a Profile, - including summary, optional per-control rows, and group rollups. + description: Retrieves a single Group by its ID for a given Catalog. parameters: - - description: Profile ID + - description: Catalog ID in: path name: id required: true type: string - - description: Include per-control breakdown (default true) - in: query - name: includeControls - type: boolean - - description: System Security Plan ID for implementation coverage - in: query - name: sspId + - description: Group ID + in: path + name: group + required: true type: string produces: - application/json @@ -16036,15 +10322,11 @@ paths: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscal_ProfileComplianceProgress' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Group' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "401": - description: Unauthorized - schema: - $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -16055,33 +10337,42 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Get compliance progress for a Profile + summary: Get a specific Group within a Catalog tags: - - Profile - /oscal/profiles/{id}/full: - get: - description: Retrieves the full OSCAL Profile, including all nested content. + - Catalog + put: + consumes: + - application/json + description: Updates the properties of an existing Group under the specified + Catalog. parameters: - - description: Profile ID + - description: Catalog ID in: path name: id required: true type: string + - description: Group ID + in: path + name: group + required: true + type: string + - description: Updated Group object + in: body + name: group + required: true + schema: + $ref: '#/definitions/oscalTypes_1_1_3.Group' produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Profile' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Group' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "401": - description: Unauthorized - schema: - $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -16092,33 +10383,35 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Get full Profile + summary: Update a Group within a Catalog tags: - - Profile - /oscal/profiles/{id}/imports: + - Catalog + /oscal/catalogs/{id}/groups/{group}/controls: get: - description: List imports for a specific profile + description: Retrieves the controls directly under a specific Group in a given + Catalog. parameters: - - description: Profile ID + - description: Catalog ID in: path name: id required: true type: string + - description: Group ID + in: path + name: group + required: true + type: string produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_Import' + $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_Control' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "401": - description: Unauthorized - schema: - $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -16129,60 +10422,62 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: List Imports + summary: List controls for a Group within a Catalog tags: - - Profile - /oscal/profiles/{id}/imports/{href}: - delete: - description: Deletes an import from a profile by its href + - Catalog + post: + consumes: + - application/json + description: Adds a control under the specified Catalog and Group. parameters: - - description: Profile ID + - description: Catalog ID in: path name: id required: true type: string - - description: Import Href + - description: Parent Group ID in: path - name: href + name: group required: true type: string + - description: Control object + in: body + name: control + required: true + schema: + $ref: '#/definitions/oscalTypes_1_1_3.Control' produces: - application/json responses: - "204": - description: Import deleted successfully + "201": + description: Created + schema: + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Control' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "401": - description: Unauthorized - schema: - $ref: '#/definitions/api.Error' - "404": - description: Not Found - schema: - $ref: '#/definitions/api.Error' "500": description: Internal Server Error schema: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Delete Import from Profile + summary: Create a new Control for a Catalog Group tags: - - Profile + - Catalog + /oscal/catalogs/{id}/groups/{group}/groups: get: - description: Retrieves a specific import from a profile by its backmatter href + description: Retrieves the sub-groups of a specific Group in a given Catalog. parameters: - - description: Profile UUID + - description: Catalog ID in: path name: id required: true type: string - - description: Import Href + - description: Group ID in: path - name: href + name: group required: true type: string produces: @@ -16191,15 +10486,11 @@ paths: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Import' + $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_Group' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "401": - description: Unauthorized - schema: - $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -16210,37 +10501,60 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Get Import from Profile by Backmatter Href + summary: List sub-groups for a Group within a Catalog tags: - - Profile - put: + - Catalog + post: consumes: - application/json - description: Updates an existing import in a profile by its href + description: Adds a sub-group under the specified Catalog and Group. parameters: - - description: Profile ID + - description: Catalog ID in: path name: id required: true type: string - - description: Import Href + - description: Parent Group ID in: path - name: href + name: group required: true type: string - - description: Import data to update + - description: Group object in: body - name: request + name: group required: true schema: - $ref: '#/definitions/oscalTypes_1_1_3.Import' + $ref: '#/definitions/oscalTypes_1_1_3.Group' + produces: + - application/json + responses: + "201": + description: Created + schema: + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Group' + "400": + description: Bad Request + schema: + $ref: '#/definitions/api.Error' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/api.Error' + security: + - OAuth2Password: [] + summary: Create a new Sub-Group for a Catalog Group + tags: + - Catalog + /oscal/component-definitions: + get: + description: Retrieves all component definitions. produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Import' + $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_ComponentDefinition' "400": description: Bad Request schema: @@ -16249,44 +10563,33 @@ paths: description: Unauthorized schema: $ref: '#/definitions/api.Error' - "404": - description: Not Found - schema: - $ref: '#/definitions/api.Error' "500": description: Internal Server Error schema: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Update Import in Profile + summary: List component definitions tags: - - Profile - /oscal/profiles/{id}/imports/add: + - Component Definitions post: consumes: - application/json - description: Adds an import to a profile by its UUID and type (catalog/profile). - Only catalogs are currently supported currently + description: Creates a new component definition. parameters: - - description: Profile ID - in: path - name: id - required: true - type: string - - description: Request data + - description: Component Definition in: body - name: request + name: componentDefinition required: true schema: - $ref: '#/definitions/oscal.ProfileHandler' + $ref: '#/definitions/oscalTypes_1_1_3.ComponentDefinition' produces: - application/json responses: "201": description: Created schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Import' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_ComponentDefinition' "400": description: Bad Request schema: @@ -16295,28 +10598,20 @@ paths: description: Unauthorized schema: $ref: '#/definitions/api.Error' - "404": - description: Not Found - schema: - $ref: '#/definitions/api.Error' - "409": - description: Conflict - schema: - $ref: '#/definitions/api.Error' "500": description: Internal Server Error schema: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Add Import to Profile + summary: Create a component definition tags: - - Profile - /oscal/profiles/{id}/merge: + - Component Definitions + /oscal/component-definitions/{id}: get: - description: Retrieves the merge section for a specific profile. + description: Retrieves a single component definition by its unique ID. parameters: - - description: Profile ID + - description: Component Definition ID in: path name: id required: true @@ -16327,7 +10622,7 @@ paths: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Merge' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_ComponentDefinition' "400": description: Bad Request schema: @@ -16346,32 +10641,32 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Get merge section + summary: Get a component definition tags: - - Profile + - Component Definitions put: consumes: - application/json - description: Updates the merge information for a specific profile + description: Updates an existing component definition. parameters: - - description: Profile ID + - description: Component Definition ID in: path name: id required: true type: string - - description: Merge data to update + - description: Updated Component Definition object in: body - name: request + name: componentDefinition required: true schema: - $ref: '#/definitions/oscalTypes_1_1_3.Merge' + $ref: '#/definitions/oscalTypes_1_1_3.ComponentDefinition' produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Merge' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_ComponentDefinition' "400": description: Bad Request schema: @@ -16390,14 +10685,14 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Update Merge + summary: Update a component definition tags: - - Profile - /oscal/profiles/{id}/modify: + - Component Definitions + /oscal/component-definitions/{id}/back-matter: get: - description: Retrieves the modify section for a specific profile. + description: Retrieves the back-matter for a given Component Definition. parameters: - - description: Profile ID + - description: Component Definition ID in: path name: id required: true @@ -16408,11 +10703,15 @@ paths: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Modify' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_BackMatter' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' + "401": + description: Unauthorized + schema: + $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -16423,26 +10722,32 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Get modify section + summary: Get back-matter for a Component Definition tags: - - Profile - /oscal/profiles/{id}/resolve: + - Component Definitions post: - description: Resolves a Profiled identified by the "profile ID" param and stores - a new catalog in the database + consumes: + - application/json + description: Creates new back-matter for a given component definition. parameters: - - description: Profile ID + - description: Component Definition ID in: path name: id required: true type: string + - description: Back Matter + in: body + name: back-matter + required: true + schema: + $ref: '#/definitions/oscalTypes_1_1_3.BackMatter' produces: - application/json responses: - "201": - description: Created + "200": + description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscal_ProfileHandler' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_BackMatter' "400": description: Bad Request schema: @@ -16451,21 +10756,24 @@ paths: description: Unauthorized schema: $ref: '#/definitions/api.Error' + "404": + description: Not Found + schema: + $ref: '#/definitions/api.Error' "500": description: Internal Server Error schema: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Resolves a Profile as a stored catalog + summary: Create back-matter for a component definition tags: - - Profile - /oscal/profiles/{id}/resolved: + - Component Definitions + /oscal/component-definitions/{id}/capabilities: get: - description: Returns a resolved OSCAL catalog based on a given Profile ID, applying - all imports and modifications. + description: Retrieves all capabilities for a given component definition. parameters: - - description: Profile ID + - description: Component Definition ID in: path name: id required: true @@ -16476,7 +10784,7 @@ paths: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Catalog' + $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_Capability' "400": description: Bad Request schema: @@ -16495,29 +10803,34 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Get Resolved Profile + summary: Get capabilities for a component definition tags: - - Profile - /oscal/profiles/build-props: + - Component Definitions post: consumes: - application/json - description: Generates a Profile selecting controls from a catalog based on - prop matching rules. Returns the created Profile and the matched control IDs. + description: Creates new capabilities for a given component definition. parameters: - - description: Prop matching request + - description: Component Definition ID + in: path + name: id + required: true + type: string + - description: Capabilities in: body - name: request + name: capabilities required: true schema: - $ref: '#/definitions/oscal.BuildByPropsRequest' + items: + $ref: '#/definitions/oscalTypes_1_1_3.Capability' + type: array produces: - application/json responses: - "201": - description: Created + "200": + description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscal_BuildByPropsResponse' + $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_Capability' "400": description: Bad Request schema: @@ -16536,52 +10849,38 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Build Profile by Control Props + summary: Create capabilities for a component definition tags: - - Profile - /oscal/roles: - get: - description: Retrieves all roles. - produces: + - Component Definitions + /oscal/component-definitions/{id}/capabilities/{capability}: + put: + consumes: - application/json - responses: - "200": - description: OK - schema: - $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_Role' - "400": - description: Bad Request - schema: - $ref: '#/definitions/api.Error' - "401": - description: Unauthorized - schema: - $ref: '#/definitions/api.Error' - "500": - description: Internal Server Error - schema: - $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: List roles - tags: - - Oscal - /oscal/roles/{id}: - get: - description: Retrieves a single Role by its unique ID. + description: Updates a single capability for a given component definition. parameters: - - description: Party ID + - description: Component Definition ID in: path name: id required: true type: string + - description: Capability ID (UUID) + in: path + name: capability + required: true + type: string + - description: Capability to update + in: body + name: capability + required: true + schema: + $ref: '#/definitions/oscalTypes_1_1_3.Capability' produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Role' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Capability' "400": description: Bad Request schema: @@ -16600,19 +10899,25 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Get a Role + summary: Update a capability for a component definition tags: - - Oscal - /oscal/system-security-plans: + - Component Definitions + /oscal/component-definitions/{id}/capabilities/incorporates-components: get: - description: Retrieves all System Security Plans. + description: Retrieves all incorporates components for a given component definition. + parameters: + - description: Component Definition ID + in: path + name: id + required: true + type: string produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_SystemSecurityPlan' + $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_IncorporatesComponent' "400": description: Bad Request schema: @@ -16621,33 +10926,44 @@ paths: description: Unauthorized schema: $ref: '#/definitions/api.Error' + "404": + description: Not Found + schema: + $ref: '#/definitions/api.Error' "500": description: Internal Server Error schema: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: List System Security Plans + summary: Get incorporates components for a component definition tags: - - System Security Plans + - Component Definitions post: consumes: - application/json - description: Creates a System Security Plan from input. + description: Creates new incorporates components for a given component definition. parameters: - - description: SSP data + - description: Component Definition ID + in: path + name: id + required: true + type: string + - description: Incorporates Components in: body - name: ssp + name: incorporates-components required: true schema: - $ref: '#/definitions/oscalTypes_1_1_3.SystemSecurityPlan' + items: + $ref: '#/definitions/oscalTypes_1_1_3.IncorporatesComponent' + type: array produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_SystemSecurityPlan' + $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_IncorporatesComponent' "400": description: Bad Request schema: @@ -16666,40 +10982,14 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Create a System Security Plan - tags: - - System Security Plans - /oscal/system-security-plans/{id}: - delete: - description: Deletes an existing System Security Plan and all its related data. - parameters: - - description: SSP ID - in: path - name: id - required: true - type: string - responses: - "204": - description: No Content - "400": - description: Bad Request - schema: - $ref: '#/definitions/api.Error' - "404": - description: Not Found - schema: - $ref: '#/definitions/api.Error' - "500": - description: Internal Server Error - schema: - $ref: '#/definitions/api.Error' - summary: Delete a System Security Plan + summary: Create incorporates components for a component definition tags: - - System Security Plans + - Component Definitions + /oscal/component-definitions/{id}/components: get: - description: Retrieves a single System Security Plan by its unique ID. + description: Retrieves all components for a given component definition. parameters: - - description: System Security Plan ID + - description: Component Definition ID in: path name: id required: true @@ -16710,7 +11000,7 @@ paths: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_SystemSecurityPlan' + $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_DefinedComponent' "400": description: Bad Request schema: @@ -16729,36 +11019,42 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Get a System Security Plan + summary: Get components for a component definition tags: - - System Security Plans - put: + - Component Definitions + post: consumes: - application/json - description: Updates an existing System Security Plan. + description: Creates new components for a given component definition. parameters: - - description: SSP ID + - description: Component Definition ID in: path name: id required: true type: string - - description: SSP data + - description: Components to create in: body - name: ssp + name: components required: true schema: - $ref: '#/definitions/oscalTypes_1_1_3.SystemSecurityPlan' + items: + $ref: '#/definitions/oscalTypes_1_1_3.DefinedComponent' + type: array produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_SystemSecurityPlan' + $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_DefinedComponent' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' + "401": + description: Unauthorized + schema: + $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -16767,29 +11063,44 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Update a System Security Plan + security: + - OAuth2Password: [] + summary: Create components for a component definition tags: - - System Security Plans - /oscal/system-security-plans/{id}/back-matter: - get: - description: Retrieves back-matter for a given SSP. + - Component Definitions + put: + consumes: + - application/json + description: Updates the components for a given component definition. parameters: - - description: SSP ID + - description: Component Definition ID in: path name: id required: true type: string + - description: Components to update + in: body + name: components + required: true + schema: + items: + $ref: '#/definitions/oscalTypes_1_1_3.DefinedComponent' + type: array produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_BackMatter' + $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_DefinedComponent' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' + "401": + description: Unauthorized + schema: + $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -16798,36 +11109,40 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Get SSP back-matter + security: + - OAuth2Password: [] + summary: Update components for a component definition tags: - - System Security Plans - put: - consumes: - - application/json - description: Updates back-matter for a given SSP. + - Component Definitions + /oscal/component-definitions/{id}/components/{defined-component}: + get: + description: Retrieves a defined component for a given component definition. parameters: - - description: SSP ID + - description: Component Definition ID in: path name: id required: true type: string - - description: Back Matter data - in: body - name: back-matter + - description: Defined Component ID + in: path + name: defined-component required: true - schema: - $ref: '#/definitions/oscalTypes_1_1_3.BackMatter' + type: string produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_BackMatter' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_DefinedComponent' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' + "401": + description: Unauthorized + schema: + $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -16836,29 +11151,42 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Update SSP back-matter + security: + - OAuth2Password: [] + summary: Get a defined component for a component definition tags: - - System Security Plans - /oscal/system-security-plans/{id}/back-matter/resources: - get: - description: Retrieves all back-matter resources for a given SSP. + - Component Definitions + post: + consumes: + - application/json + description: Creates a new defined component for a given component definition. parameters: - - description: SSP ID + - description: Component Definition ID in: path name: id required: true type: string + - description: Defined Component to create + in: body + name: defined-component + required: true + schema: + $ref: '#/definitions/oscalTypes_1_1_3.DefinedComponent' produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_Resource' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_DefinedComponent' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' + "401": + description: Unauthorized + schema: + $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -16867,36 +11195,47 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Get back-matter resources for a SSP + security: + - OAuth2Password: [] + summary: Create a defined component for a component definition tags: - - System Security Plans - post: + - Component Definitions + put: consumes: - application/json - description: Creates a new back-matter resource for a given SSP. + description: Updates a defined component for a given component definition. parameters: - - description: SSP ID + - description: Component Definition ID in: path name: id required: true type: string - - description: Resource data + - description: Defined Component ID + in: path + name: defined-component + required: true + type: string + - description: Defined Component to update in: body - name: resource + name: defined-component required: true schema: - $ref: '#/definitions/oscalTypes_1_1_3.Resource' + $ref: '#/definitions/oscalTypes_1_1_3.DefinedComponent' produces: - application/json responses: - "201": - description: Created + "200": + description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Resource' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_DefinedComponent' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' + "401": + description: Unauthorized + schema: + $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -16905,30 +11244,40 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Create a new back-matter resource for a SSP + security: + - OAuth2Password: [] + summary: Update a defined component for a component definition tags: - - System Security Plans - /oscal/system-security-plans/{id}/back-matter/resources/{resourceId}: - delete: - description: Deletes an existing back-matter resource for a given SSP. + - Component Definitions + /oscal/component-definitions/{id}/components/{defined-component}/control-implementations: + get: + description: Retrieves all control implementations for a given defined component. parameters: - - description: SSP ID + - description: Component Definition ID in: path name: id required: true type: string - - description: Resource ID + - description: Defined Component ID in: path - name: resourceId + name: defined-component required: true type: string + produces: + - application/json responses: - "204": - description: No Content + "200": + description: OK + schema: + $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_ControlImplementationSet' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' + "401": + description: Unauthorized + schema: + $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -16937,67 +11286,47 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Delete a back-matter resource from a SSP + security: + - OAuth2Password: [] + summary: Get control implementations for a defined component tags: - - System Security Plans - put: + - Component Definitions + post: consumes: - application/json - description: Updates an existing back-matter resource for a given SSP. + description: Creates new control implementations for a given defined component. parameters: - - description: SSP ID + - description: Component Definition ID in: path name: id required: true type: string - - description: Resource ID + - description: Defined Component ID in: path - name: resourceId + name: defined-component required: true type: string - - description: Resource data + - description: Control Implementations in: body - name: resource + name: control-implementations required: true schema: - $ref: '#/definitions/oscalTypes_1_1_3.Resource' + items: + $ref: '#/definitions/oscalTypes_1_1_3.ControlImplementationSet' + type: array produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Resource' + $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_ControlImplementationSet' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "404": - description: Not Found - schema: - $ref: '#/definitions/api.Error' - "500": - description: Internal Server Error - schema: - $ref: '#/definitions/api.Error' - summary: Update a back-matter resource for a SSP - tags: - - System Security Plans - /oscal/system-security-plans/{id}/bulk-apply-component-suggestions: - post: - description: For each ImplementedRequirement, creates SystemComponents from - matching DefinedComponents and links them via ByComponent. - parameters: - - description: SSP ID - in: path - name: id - required: true - type: string - responses: - "204": - description: No Content - "400": - description: Bad Request + "401": + description: Unauthorized schema: $ref: '#/definitions/api.Error' "404": @@ -17010,27 +11339,39 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Bulk apply component suggestions for all implemented requirements in - an SSP + summary: Create control implementations for a defined component tags: - - System Security Plans - /oscal/system-security-plans/{id}/control-implementation: - get: - description: Retrieves the Control Implementation for a given System Security - Plan. + - Component Definitions + put: + consumes: + - application/json + description: Updates control implementations for a given defined component. parameters: - - description: System Security Plan ID + - description: Component Definition ID in: path name: id required: true type: string + - description: Defined Component ID + in: path + name: defined-component + required: true + type: string + - description: Control Implementations + in: body + name: control-implementations + required: true + schema: + items: + $ref: '#/definitions/oscalTypes_1_1_3.ControlImplementationSet' + type: array produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_ControlImplementation' + $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_ControlImplementationSet' "400": description: Bad Request schema: @@ -17049,37 +11390,51 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Get Control Implementation + summary: Update control implementations for a defined component tags: - - System Security Plans + - Component Definitions + /oscal/component-definitions/{id}/components/{defined-component}/control-implementations/{control-implementation}: put: consumes: - application/json - description: Updates the Control Implementation for a given System Security - Plan. + description: Updates a specific control implementation for a given defined component. parameters: - - description: System Security Plan ID + - description: Component Definition ID in: path name: id required: true type: string - - description: Updated Control Implementation object + - description: Defined Component ID + in: path + name: defined-component + required: true + type: string + - description: Control Implementation ID + in: path + name: control-implementation + required: true + type: string + - description: Control Implementation in: body name: control-implementation required: true schema: - $ref: '#/definitions/oscalTypes_1_1_3.ControlImplementation' + $ref: '#/definitions/oscalTypes_1_1_3.ControlImplementationSet' produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_ControlImplementation' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_ControlImplementationSet' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' + "401": + description: Unauthorized + schema: + $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -17088,29 +11443,40 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Update Control Implementation + security: + - OAuth2Password: [] + summary: Update a single control implementation for a defined component tags: - - System Security Plans - /oscal/system-security-plans/{id}/control-implementation/implemented-requirements: + - Component Definitions + /oscal/component-definitions/{id}/components/{defined-component}/control-implementations/implemented-requirements: get: - description: Retrieves all implemented requirements for a given SSP. + description: Retrieves all implemented requirements for a given defined component. parameters: - - description: SSP ID + - description: Component Definition ID in: path name: id required: true type: string + - description: Defined Component ID + in: path + name: defined-component + required: true + type: string produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_ImplementedRequirement' + $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_ImplementedRequirementControlImplementation' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' + "401": + description: Unauthorized + schema: + $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -17119,36 +11485,40 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Get implemented requirements for a SSP + security: + - OAuth2Password: [] + summary: Get implemented requirements for a defined component tags: - - System Security Plans - post: - consumes: - - application/json - description: Creates a new implemented requirement for a given SSP. + - Component Definitions + /oscal/component-definitions/{id}/components/{defined-component}/control-implementations/implemented-requirements/statements: + get: + description: Retrieves all statements for a given defined component. parameters: - - description: SSP ID + - description: Component Definition ID in: path name: id required: true type: string - - description: Implemented Requirement data - in: body - name: requirement + - description: Defined Component ID + in: path + name: defined-component required: true - schema: - $ref: '#/definitions/oscalTypes_1_1_3.ImplementedRequirement' + type: string produces: - application/json responses: - "201": - description: Created + "200": + description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_ImplementedRequirement' + $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_ControlStatementImplementation' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' + "401": + description: Unauthorized + schema: + $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -17157,30 +11527,36 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Create a new implemented requirement for a SSP + security: + - OAuth2Password: [] + summary: Get statements for a defined component tags: - - System Security Plans - /oscal/system-security-plans/{id}/control-implementation/implemented-requirements/{reqId}: - delete: - description: Deletes an existing implemented requirement for a given SSP. + - Component Definitions + /oscal/component-definitions/{id}/full: + get: + description: Retrieves a complete Component Definition by its ID, including + all metadata and revisions. parameters: - - description: SSP ID + - description: Component Definition ID in: path name: id required: true type: string - - description: Requirement ID - in: path - name: reqId - required: true - type: string + produces: + - application/json responses: - "204": - description: No Content + "200": + description: OK + schema: + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_ComponentDefinition' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' + "401": + description: Unauthorized + schema: + $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -17189,41 +11565,41 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Delete an implemented requirement from a SSP + security: + - OAuth2Password: [] + summary: Get a complete Component Definition tags: - - System Security Plans - put: - consumes: - - application/json - description: Updates an existing implemented requirement for a given SSP. + - Component Definitions + /oscal/component-definitions/{id}/import-component-definitions: + get: + description: Retrieves all import component definitions for a given defined + component. parameters: - - description: SSP ID + - description: Component Definition ID in: path name: id required: true type: string - - description: Requirement ID + - description: Defined Component ID in: path - name: reqId + name: defined-component required: true type: string - - description: Implemented Requirement data - in: body - name: requirement - required: true - schema: - $ref: '#/definitions/oscalTypes_1_1_3.ImplementedRequirement' produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_ImplementedRequirement' + $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_ImportComponentDefinition' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' + "401": + description: Unauthorized + schema: + $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -17232,31 +11608,43 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Update an implemented requirement for a SSP + security: + - OAuth2Password: [] + summary: Get import component definitions for a defined component tags: - - System Security Plans - /oscal/system-security-plans/{id}/control-implementation/implemented-requirements/{reqId}/apply-suggestion: + - Component Definitions post: - description: Creates SystemComponents from DefinedComponents that implement - the same control and links them via ByComponent. + description: Creates new import component definitions for a given component + definition. parameters: - - description: SSP ID + - description: Component Definition ID in: path name: id required: true type: string - - description: Implemented Requirement ID - in: path - name: reqId + - description: Import Component Definitions + in: body + name: import-component-definitions required: true - type: string + schema: + items: + $ref: '#/definitions/oscalTypes_1_1_3.ImportComponentDefinition' + type: array + produces: + - application/json responses: - "204": - description: No Content + "200": + description: OK + schema: + $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_ImportComponentDefinition' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' + "401": + description: Unauthorized + schema: + $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -17267,48 +11655,41 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Apply component suggestions for an implemented requirement + summary: Create import component definitions for a component definition tags: - - System Security Plans - /oscal/system-security-plans/{id}/control-implementation/implemented-requirements/{reqId}/by-components/{byComponentId}: + - Component Definitions put: - consumes: - - application/json - description: Updates an existing by-component that belongs to an implemented - requirement for a given SSP. + description: Updates the import component definitions for a given component + definition. parameters: - - description: SSP ID + - description: Component Definition ID in: path name: id required: true type: string - - description: Requirement ID - in: path - name: reqId - required: true - type: string - - description: By-Component ID - in: path - name: byComponentId - required: true - type: string - - description: By-Component data + - description: Import Component Definitions in: body - name: by-component + name: import-component-definitions required: true schema: - $ref: '#/definitions/oscalTypes_1_1_3.ByComponent' + items: + $ref: '#/definitions/oscalTypes_1_1_3.ImportComponentDefinition' + type: array produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_ByComponent' + $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_ImportComponentDefinition' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' + "401": + description: Unauthorized + schema: + $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -17317,133 +11698,122 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Update a by-component within an implemented requirement + security: + - OAuth2Password: [] + summary: Update import component definitions for a component definition tags: - - System Security Plans - /oscal/system-security-plans/{id}/control-implementation/implemented-requirements/{reqId}/statements: + - Component Definitions + /oscal/import: post: consumes: - - application/json - description: Creates a new statement within an implemented requirement for a - given SSP. + - multipart/form-data + description: Import multiple OSCAL JSON files (catalogs, profiles, SSPs, etc.) parameters: - - description: SSP ID - in: path - name: id - required: true - type: string - - description: Requirement ID - in: path - name: reqId - required: true - type: string - - description: Statement data - in: body - name: statement + - description: OSCAL JSON files to import + in: formData + name: files required: true - schema: - $ref: '#/definitions/oscalTypes_1_1_3.Statement' + type: file produces: - application/json responses: - "201": - description: Created + "200": + description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Statement' + $ref: '#/definitions/handler.GenericDataResponse-oscal_ImportResponse' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "404": - description: Not Found - schema: - $ref: '#/definitions/api.Error' "500": description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Create a new statement within an implemented requirement + summary: Import OSCAL files tags: - - System Security Plans - /oscal/system-security-plans/{id}/control-implementation/implemented-requirements/{reqId}/statements/{stmtId}: - put: - consumes: - - application/json - description: Updates an existing statement within an implemented requirement - for a given SSP. + - OSCAL + /oscal/inventory: + get: + description: Retrieves all inventory items from all sources (SSP, Evidence, + POAM, AP, AR) parameters: - - description: SSP ID - in: path - name: id - required: true + - description: Include items from System Security Plans + in: query + name: include_ssp type: string - - description: Requirement ID - in: path - name: reqId - required: true + - description: Include items from Evidence + in: query + name: include_evidence type: string - - description: Statement ID - in: path - name: stmtId - required: true + - description: Include items from Plan of Action and Milestones + in: query + name: include_poam + type: string + - description: Include items from Assessment Plans + in: query + name: include_ap + type: string + - description: Include items from Assessment Results + in: query + name: include_ar + type: string + - description: Filter by item type (e.g., operating-system, database, web-server) + in: query + name: item_type + type: string + - description: Filter by SSP attachment status + in: query + name: attached_to_ssp type: string - - description: Statement data - in: body - name: statement - required: true - schema: - $ref: '#/definitions/oscalTypes_1_1_3.Statement' produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Statement' + $ref: '#/definitions/handler.GenericDataListResponse-oscal_InventoryItemWithSource' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "404": - description: Not Found + "401": + description: Unauthorized schema: $ref: '#/definitions/api.Error' "500": description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Update a statement within an implemented requirement + security: + - OAuth2Password: [] + summary: Get All Inventory Items tags: - - System Security Plans - /oscal/system-security-plans/{id}/control-implementation/implemented-requirements/{reqId}/statements/{stmtId}/apply-suggestion: + - Inventory post: - description: Creates SystemComponents from DefinedComponents that implement - the statement's parent control and links them via ByComponent to the statement. + consumes: + - application/json + description: Creates a new inventory item with optional attachment to SSP or + POAM parameters: - - description: SSP ID - in: path - name: id - required: true - type: string - - description: Implemented Requirement ID - in: path - name: reqId - required: true - type: string - - description: Statement ID - in: path - name: stmtId + - description: Create Inventory Item Request + in: body + name: request required: true - type: string + schema: + $ref: '#/definitions/oscal.CreateInventoryItemRequest' + produces: + - application/json responses: - "204": - description: No Content + "201": + description: Created + schema: + $ref: '#/definitions/handler.GenericDataResponse-oscal_InventoryItemWithSource' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "404": - description: Not Found + "401": + description: Unauthorized schema: $ref: '#/definitions/api.Error' "500": @@ -17452,48 +11822,33 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Apply component suggestions for a statement + summary: Create Inventory Item tags: - - System Security Plans - /oscal/system-security-plans/{id}/control-implementation/implemented-requirements/{reqId}/statements/{stmtId}/by-components: - post: - consumes: - - application/json - description: Create a by-component within an existing statement within an implemented - requirement for a given SSP. + - Inventory + /oscal/inventory/{id}: + get: + description: Retrieves a specific inventory item by its ID parameters: - - description: SSP ID + - description: Inventory Item ID in: path name: id required: true type: string - - description: Requirement ID - in: path - name: reqId - required: true - type: string - - description: Statement ID - in: path - name: stmtId - required: true - type: string - - description: By-Component data - in: body - name: by-component - required: true - schema: - $ref: '#/definitions/oscalTypes_1_1_3.ByComponent' produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_ByComponent' + $ref: '#/definitions/handler.GenericDataResponse-oscal_InventoryItemWithSource' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' + "401": + description: Unauthorized + schema: + $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -17502,101 +11857,62 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Create a by-component within a statement (within an implemented requirement) + security: + - OAuth2Password: [] + summary: Get Inventory Item by ID tags: - - System Security Plans - ? /oscal/system-security-plans/{id}/control-implementation/implemented-requirements/{reqId}/statements/{stmtId}/by-components/{byComponentId} - : delete: - consumes: - - application/json - description: Deletes a by-component within an existing statement within an implemented - requirement for a given SSP. - parameters: - - description: SSP ID - in: path - name: id - required: true - type: string - - description: Requirement ID - in: path - name: reqId - required: true - type: string - - description: Statement ID - in: path - name: stmtId - required: true - type: string - - description: By-Component ID - in: path - name: byComponentId - required: true - type: string + - Inventory + /oscal/parties: + get: + description: Retrieves all parties. produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_ByComponent' + $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_Party' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "404": - description: Not Found + "401": + description: Unauthorized schema: $ref: '#/definitions/api.Error' "500": description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Delete a by-component within a statement (within an implemented requirement) + security: + - OAuth2Password: [] + summary: List parties tags: - - System Security Plans - put: - consumes: - - application/json - description: Updates a by-component within an existing statement within an implemented - requirement for a given SSP. + - Oscal + /oscal/parties/{id}: + get: + description: Retrieves a single Party by its unique ID. parameters: - - description: SSP ID + - description: Party ID in: path name: id required: true type: string - - description: Requirement ID - in: path - name: reqId - required: true - type: string - - description: Statement ID - in: path - name: stmtId - required: true - type: string - - description: By-Component ID - in: path - name: byComponentId - required: true - type: string - - description: By-Component data - in: body - name: by-component - required: true - schema: - $ref: '#/definitions/oscalTypes_1_1_3.ByComponent' produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_ByComponent' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Party' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' + "401": + description: Unauthorized + schema: + $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -17605,108 +11921,74 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Update a by-component within a statement (within an implemented requirement) + security: + - OAuth2Password: [] + summary: Get a Party tags: - - System Security Plans - /oscal/system-security-plans/{id}/control-implementation/implemented-requirements/{reqId}/statements/{stmtId}/suggest-components: - post: - description: Returns DefinedComponents that implement the statement's parent - control and are not yet present in the SSP. - parameters: - - description: SSP ID - in: path - name: id - required: true - type: string - - description: Implemented Requirement ID - in: path - name: reqId - required: true - type: string - - description: Statement ID - in: path - name: stmtId - required: true - type: string + - Oscal + /oscal/plan-of-action-and-milestones: + get: + description: Retrieves all Plan of Action and Milestones. produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataListResponse-relational_SystemComponentSuggestion' + $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_PlanOfActionAndMilestones' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "404": - description: Not Found - schema: - $ref: '#/definitions/api.Error' "500": description: Internal Server Error schema: $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Suggest system components for a statement + summary: List POA&Ms tags: - - System Security Plans - /oscal/system-security-plans/{id}/control-implementation/implemented-requirements/{reqId}/suggest-components: + - Plan Of Action and Milestones post: - description: Returns DefinedComponents that implement the same control and are - not yet present in the SSP. + consumes: + - application/json + description: Creates a new Plan of Action and Milestones. parameters: - - description: SSP ID - in: path - name: id - required: true - type: string - - description: Implemented Requirement ID - in: path - name: reqId + - description: POA&M data + in: body + name: poam required: true - type: string + schema: + $ref: '#/definitions/oscalTypes_1_1_3.PlanOfActionAndMilestones' produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataListResponse-relational_SystemComponentSuggestion' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_PlanOfActionAndMilestones' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "404": - description: Not Found - schema: - $ref: '#/definitions/api.Error' "500": description: Internal Server Error schema: $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Suggest system components for an implemented requirement + summary: Create a new POA&M tags: - - System Security Plans - /oscal/system-security-plans/{id}/import-profile: - get: - description: Retrieves import-profile for a given SSP. + - Plan Of Action and Milestones + /oscal/plan-of-action-and-milestones/{id}: + delete: + description: Deletes an existing Plan of Action and Milestones and all its related + data. parameters: - - description: SSP ID + - description: POA&M ID in: path name: id required: true type: string - produces: - - application/json responses: - "200": - description: OK - schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_ImportProfile' + "204": + description: No Content "400": description: Bad Request schema: @@ -17719,32 +12001,25 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Get SSP import-profile + summary: Delete a POA&M tags: - - System Security Plans - put: - consumes: - - application/json - description: Updates import-profile for a given SSP. + - Plan Of Action and Milestones + get: + description: Retrieves a single Plan of Action and Milestones by its unique + ID. parameters: - - description: SSP ID + - description: POA&M ID in: path name: id required: true type: string - - description: Import Profile data - in: body - name: import-profile - required: true - schema: - $ref: '#/definitions/oscalTypes_1_1_3.ImportProfile' produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_ImportProfile' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_PlanOfActionAndMilestones' "400": description: Bad Request schema: @@ -17757,25 +12032,32 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Update SSP import-profile + summary: Get a POA&M tags: - - System Security Plans - /oscal/system-security-plans/{id}/metadata: - get: - description: Retrieves metadata for a given SSP. + - Plan Of Action and Milestones + put: + consumes: + - application/json + description: Updates an existing Plan of Action and Milestones. parameters: - - description: SSP ID + - description: POA&M ID in: path name: id required: true type: string + - description: POA&M data + in: body + name: poam + required: true + schema: + $ref: '#/definitions/oscalTypes_1_1_3.PlanOfActionAndMilestones' produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Metadata' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_PlanOfActionAndMilestones' "400": description: Bad Request schema: @@ -17788,32 +12070,25 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Get SSP metadata + summary: Update a POA&M tags: - - System Security Plans - put: - consumes: - - application/json - description: Updates metadata for a given SSP. + - Plan Of Action and Milestones + /oscal/plan-of-action-and-milestones/{id}/back-matter: + get: + description: Retrieves back-matter for a given POA&M. parameters: - - description: SSP ID + - description: POA&M ID in: path name: id required: true type: string - - description: Metadata data - in: body - name: metadata - required: true - schema: - $ref: '#/definitions/oscalTypes_1_1_3.Metadata' produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Metadata' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_BackMatter' "400": description: Bad Request schema: @@ -17826,15 +12101,14 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Update SSP metadata + summary: Get POA&M back-matter tags: - - System Security Plans - /oscal/system-security-plans/{id}/profile: + - Plan Of Action and Milestones + /oscal/plan-of-action-and-milestones/{id}/back-matter/resources: get: - description: Retrieves the Profile attached to the specified System Security - Plan. + description: Retrieves all back-matter resources for a given POA&M. parameters: - - description: System Security Plan ID + - description: POA&M ID in: path name: id required: true @@ -17845,15 +12119,11 @@ paths: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Profile' + $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_Resource' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "401": - description: Unauthorized - schema: - $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -17862,34 +12132,32 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Get Profile for a System Security Plan + summary: Get back-matter resources for a POA&M tags: - - System Security Plans - put: + - Plan Of Action and Milestones + post: consumes: - application/json - description: Associates a given Profile with a System Security Plan. + description: Creates a new back-matter resource for a given POA&M. parameters: - - description: SSP ID + - description: POA&M ID in: path name: id required: true type: string - - description: Profile ID to attach + - description: Resource data in: body - name: profileId + name: resource required: true schema: - type: string + $ref: '#/definitions/oscalTypes_1_1_3.Resource' produces: - application/json responses: - "200": - description: OK + "201": + description: Created schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_SystemSecurityPlan' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Resource' "400": description: Bad Request schema: @@ -17902,34 +12170,30 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Attach a Profile to a System Security Plan + summary: Create a new back-matter resource for a POA&M tags: - - System Security Plans - /oscal/system-security-plans/{id}/system-characteristics: - get: - description: Retrieves the System Characteristics for a given System Security - Plan. + - Plan Of Action and Milestones + /oscal/plan-of-action-and-milestones/{id}/back-matter/resources/{resourceId}: + delete: + description: Deletes an existing back-matter resource for a given POA&M. parameters: - - description: System Security Plan ID + - description: POA&M ID in: path name: id required: true type: string - produces: - - application/json + - description: Resource ID + in: path + name: resourceId + required: true + type: string responses: - "200": - description: OK - schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_SystemCharacteristics' + "204": + description: No Content "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "401": - description: Unauthorized - schema: - $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -17938,43 +12202,41 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Get System Characteristics + summary: Delete a back-matter resource from a POA&M tags: - - System Security Plans + - Plan Of Action and Milestones put: consumes: - application/json - description: Updates the System Characteristics for a given System Security - Plan. + description: Updates an existing back-matter resource for a given POA&M. parameters: - - description: System Security Plan ID + - description: POA&M ID in: path name: id required: true type: string - - description: Updated System Characteristics object + - description: Resource ID + in: path + name: resourceId + required: true + type: string + - description: Resource data in: body - name: characteristics + name: resource required: true schema: - $ref: '#/definitions/oscalTypes_1_1_3.SystemCharacteristics' + $ref: '#/definitions/oscalTypes_1_1_3.Resource' produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_SystemCharacteristics' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Resource' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "401": - description: Unauthorized - schema: - $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -17983,17 +12245,14 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Update System Characteristics + summary: Update a back-matter resource for a POA&M tags: - - System Security Plans - /oscal/system-security-plans/{id}/system-characteristics/authorization-boundary: + - Plan Of Action and Milestones + /oscal/plan-of-action-and-milestones/{id}/findings: get: - description: Retrieves the Authorization Boundary for a given System Security - Plan. + description: Retrieves all findings for a given POA&M. parameters: - - description: System Security Plan ID + - description: POA&M ID in: path name: id required: true @@ -18004,15 +12263,11 @@ paths: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_AuthorizationBoundary' + $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_Finding' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "401": - description: Unauthorized - schema: - $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -18021,44 +12276,36 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Get Authorization Boundary + summary: Get findings for a POA&M tags: - - System Security Plans - /oscal/system-security-plans/{id}/system-characteristics/authorization-boundary/diagrams: + - Plan Of Action and Milestones post: consumes: - application/json - description: Creates a new Diagram under the Authorization Boundary of a System - Security Plan. + description: Creates a new finding for a given POA&M. parameters: - - description: System Security Plan ID + - description: POA&M ID in: path name: id required: true type: string - - description: Diagram object to create + - description: Finding data in: body - name: diagram + name: finding required: true schema: - $ref: '#/definitions/oscalTypes_1_1_3.Diagram' + $ref: '#/definitions/oscalTypes_1_1_3.Finding' produces: - application/json responses: - "201": - description: Created + "200": + description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Diagram' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Finding' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "401": - description: Unauthorized - schema: - $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -18067,28 +12314,23 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Create an Authorization Boundary Diagram + summary: Create a new finding for a POA&M tags: - - System Security Plans - /oscal/system-security-plans/{id}/system-characteristics/authorization-boundary/diagrams/{diagram}: + - Plan Of Action and Milestones + /oscal/plan-of-action-and-milestones/{id}/findings/{findingId}: delete: - description: Deletes a specific Diagram under the Authorization Boundary of - a System Security Plan. + description: Deletes an existing finding for a given POA&M. parameters: - - description: System Security Plan ID + - description: POA&M ID in: path name: id required: true type: string - - description: Diagram ID + - description: Finding ID in: path - name: diagram + name: findingId required: true type: string - produces: - - application/json responses: "204": description: No Content @@ -18096,10 +12338,6 @@ paths: description: Bad Request schema: $ref: '#/definitions/api.Error' - "401": - description: Unauthorized - schema: - $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -18108,48 +12346,41 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Delete an Authorization Boundary Diagram + summary: Delete a finding from a POA&M tags: - - System Security Plans + - Plan Of Action and Milestones put: consumes: - application/json - description: Updates a specific Diagram under the Authorization Boundary of - a System Security Plan. + description: Updates an existing finding for a given POA&M. parameters: - - description: System Security Plan ID + - description: POA&M ID in: path name: id required: true type: string - - description: Diagram ID + - description: Finding ID in: path - name: diagram + name: findingId required: true type: string - - description: Updated Diagram object + - description: Finding data in: body - name: diagram + name: finding required: true schema: - $ref: '#/definitions/oscalTypes_1_1_3.Diagram' + $ref: '#/definitions/oscalTypes_1_1_3.Finding' produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Diagram' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Finding' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "401": - description: Unauthorized - schema: - $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -18158,16 +12389,15 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Update an Authorization Boundary Diagram + summary: Update a finding for a POA&M tags: - - System Security Plans - /oscal/system-security-plans/{id}/system-characteristics/data-flow: + - Plan Of Action and Milestones + /oscal/plan-of-action-and-milestones/{id}/full: get: - description: Retrieves the Data Flow for a given System Security Plan. + description: Retrieves a complete POA&M by its ID, including all metadata and + related objects. parameters: - - description: System Security Plan ID + - description: POA&M ID in: path name: id required: true @@ -18178,15 +12408,11 @@ paths: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_DataFlow' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_PlanOfActionAndMilestones' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "401": - description: Unauthorized - schema: - $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -18195,44 +12421,29 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Get Data Flow + summary: Get a complete POA&M tags: - - System Security Plans - /oscal/system-security-plans/{id}/system-characteristics/data-flow/diagrams: - post: - consumes: - - application/json - description: Creates a new Diagram under the Data Flow of a System Security - Plan. + - Plan Of Action and Milestones + /oscal/plan-of-action-and-milestones/{id}/import-ssp: + get: + description: Retrieves import-ssp for a given POA&M. parameters: - - description: System Security Plan ID + - description: POA&M ID in: path name: id required: true type: string - - description: Diagram object to create - in: body - name: diagram - required: true - schema: - $ref: '#/definitions/oscalTypes_1_1_3.Diagram' produces: - application/json responses: - "201": - description: Created + "200": + description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Diagram' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_ImportSsp' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "401": - description: Unauthorized - schema: - $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -18241,39 +12452,36 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Create a Data Flow Diagram + summary: Get POA&M import-ssp tags: - - System Security Plans - /oscal/system-security-plans/{id}/system-characteristics/data-flow/diagrams/{diagram}: - delete: - description: Deletes a specific Diagram under the Data Flow of a System Security - Plan. + - Plan Of Action and Milestones + post: + consumes: + - application/json + description: Creates import-ssp for a given POA&M. parameters: - - description: System Security Plan ID + - description: POA&M ID in: path name: id required: true type: string - - description: Diagram ID - in: path - name: diagram + - description: Import SSP data + in: body + name: importSsp required: true - type: string + schema: + $ref: '#/definitions/oscalTypes_1_1_3.ImportSsp' produces: - application/json responses: - "204": - description: No Content + "200": + description: OK + schema: + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_ImportSsp' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "401": - description: Unauthorized - schema: - $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -18282,48 +12490,36 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Delete a Data Flow Diagram + summary: Create import-ssp for a POA&M tags: - - System Security Plans + - Plan Of Action and Milestones put: consumes: - application/json - description: Updates a specific Diagram under the Data Flow of a System Security - Plan. + description: Updates import-ssp for a given POA&M. parameters: - - description: System Security Plan ID + - description: POA&M ID in: path name: id required: true type: string - - description: Diagram ID - in: path - name: diagram - required: true - type: string - - description: Updated Diagram object + - description: Import SSP data in: body - name: diagram + name: importSsp required: true schema: - $ref: '#/definitions/oscalTypes_1_1_3.Diagram' + $ref: '#/definitions/oscalTypes_1_1_3.ImportSsp' produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Diagram' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_ImportSsp' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "401": - description: Unauthorized - schema: - $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -18332,17 +12528,14 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Update a Data Flow Diagram + summary: Update import-ssp for a POA&M tags: - - System Security Plans - /oscal/system-security-plans/{id}/system-characteristics/network-architecture: + - Plan Of Action and Milestones + /oscal/plan-of-action-and-milestones/{id}/local-definitions: get: - description: Retrieves the Network Architecture for a given System Security - Plan. + description: Retrieves local definitions for a given POA&M. parameters: - - description: System Security Plan ID + - description: POA&M ID in: path name: id required: true @@ -18353,13 +12546,40 @@ paths: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_NetworkArchitecture' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_PlanOfActionAndMilestonesLocalDefinitions' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "401": - description: Unauthorized + "404": + description: Not Found + schema: + $ref: '#/definitions/api.Error' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/api.Error' + summary: Get POA&M local definitions + tags: + - Plan Of Action and Milestones + /oscal/plan-of-action-and-milestones/{id}/metadata: + get: + description: Retrieves metadata for a given POA&M. + parameters: + - description: POA&M ID + in: path + name: id + required: true + type: string + produces: + - application/json + responses: + "200": + description: OK + schema: + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Metadata' + "400": + description: Bad Request schema: $ref: '#/definitions/api.Error' "404": @@ -18370,44 +12590,36 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Get Network Architecture + summary: Get POA&M metadata tags: - - System Security Plans - /oscal/system-security-plans/{id}/system-characteristics/network-architecture/diagrams: - post: + - Plan Of Action and Milestones + put: consumes: - application/json - description: Creates a new Diagram under the Network Architecture of a System - Security Plan. + description: Updates metadata for a given POA&M. parameters: - - description: System Security Plan ID + - description: POA&M ID in: path name: id required: true type: string - - description: Diagram object to create + - description: Metadata data in: body - name: diagram + name: metadata required: true schema: - $ref: '#/definitions/oscalTypes_1_1_3.Diagram' + $ref: '#/definitions/oscalTypes_1_1_3.Metadata' produces: - application/json responses: - "201": - description: Created + "200": + description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Diagram' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Metadata' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "401": - description: Unauthorized - schema: - $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -18416,39 +12628,29 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Create a Network Architecture Diagram + summary: Update POA&M metadata tags: - - System Security Plans - /oscal/system-security-plans/{id}/system-characteristics/network-architecture/diagrams/{diagram}: - delete: - description: Deletes a specific Diagram under the Network Architecture of a - System Security Plan. + - Plan Of Action and Milestones + /oscal/plan-of-action-and-milestones/{id}/observations: + get: + description: Retrieves all observations for a given POA&M. parameters: - - description: System Security Plan ID + - description: POA&M ID in: path name: id required: true type: string - - description: Diagram ID - in: path - name: diagram - required: true - type: string produces: - application/json responses: - "204": - description: No Content + "200": + description: OK + schema: + $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_Observation' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "401": - description: Unauthorized - schema: - $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -18457,48 +12659,36 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Delete a Network Architecture Diagram + summary: Get observations for a POA&M tags: - - System Security Plans - put: + - Plan Of Action and Milestones + post: consumes: - application/json - description: Updates a specific Diagram under the Network Architecture of a - System Security Plan. + description: Creates a new observation for a given POA&M. parameters: - - description: System Security Plan ID + - description: POA&M ID in: path name: id required: true type: string - - description: Diagram ID - in: path - name: diagram - required: true - type: string - - description: Updated Diagram object + - description: Observation data in: body - name: diagram + name: observation required: true schema: - $ref: '#/definitions/oscalTypes_1_1_3.Diagram' + $ref: '#/definitions/oscalTypes_1_1_3.Observation' produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Diagram' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Observation' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "401": - description: Unauthorized - schema: - $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -18507,36 +12697,30 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Update a Network Architecture Diagram + summary: Create a new observation for a POA&M tags: - - System Security Plans - /oscal/system-security-plans/{id}/system-implementation: - get: - description: Retrieves the System Implementation for a given System Security - Plan. + - Plan Of Action and Milestones + /oscal/plan-of-action-and-milestones/{id}/observations/{obsId}: + delete: + description: Deletes an existing observation for a given POA&M. parameters: - - description: System Security Plan ID + - description: POA&M ID in: path name: id required: true type: string - produces: - - application/json + - description: Observation ID + in: path + name: obsId + required: true + type: string responses: - "200": - description: OK - schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_SystemImplementation' + "204": + description: No Content "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "401": - description: Unauthorized - schema: - $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -18545,42 +12729,41 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Get System Implementation + summary: Delete an observation from a POA&M tags: - - System Security Plans + - Plan Of Action and Milestones put: consumes: - application/json - description: Updates the System Implementation for a given System Security Plan. + description: Updates an existing observation for a given POA&M. parameters: - - description: System Security Plan ID + - description: POA&M ID in: path name: id required: true type: string - - description: Updated System Implementation object + - description: Observation ID + in: path + name: obsId + required: true + type: string + - description: Observation data in: body - name: system-implementation + name: observation required: true schema: - $ref: '#/definitions/oscalTypes_1_1_3.SystemImplementation' + $ref: '#/definitions/oscalTypes_1_1_3.Observation' produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_SystemImplementation' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Observation' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "401": - description: Unauthorized - schema: - $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -18589,17 +12772,14 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Update System Implementation + summary: Update an observation for a POA&M tags: - - System Security Plans - /oscal/system-security-plans/{id}/system-implementation/components: + - Plan Of Action and Milestones + /oscal/plan-of-action-and-milestones/{id}/poam-items: get: - description: Retrieves components in the System Implementation for a given System - Security Plan. + description: Retrieves all POA&M items for a given POA&M. parameters: - - description: System Security Plan ID + - description: POA&M ID in: path name: id required: true @@ -18610,15 +12790,11 @@ paths: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_SystemComponent' + $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_PoamItem' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "401": - description: Unauthorized - schema: - $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -18627,35 +12803,32 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: List System Implementation Components + summary: Get POA&M items tags: - - System Security Plans + - Plan Of Action and Milestones post: consumes: - application/json - description: Creates a new system component for a given SSP. Accepts an optional - definedComponentId field to link to a DefinedComponent. + description: Creates a new POAM item for a given POA&M. parameters: - - description: SSP ID + - description: POA&M ID in: path name: id required: true type: string - - description: System Component data with optional definedComponentId field + - description: POAM Item data in: body - name: component + name: poam-item required: true schema: - $ref: '#/definitions/oscal.SystemComponentRequest' + $ref: '#/definitions/oscalTypes_1_1_3.PoamItem' produces: - application/json responses: - "201": - description: Created + "200": + description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_SystemComponent' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_PoamItem' "400": description: Bad Request schema: @@ -18668,21 +12841,21 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Create a new system component + summary: Create a new POAM item for a POA&M tags: - - System Security Plans - /oscal/system-security-plans/{id}/system-implementation/components/{componentId}: + - Plan Of Action and Milestones + /oscal/plan-of-action-and-milestones/{id}/poam-items/{itemId}: delete: - description: Deletes an existing system component for a given SSP. + description: Deletes an existing POAM item for a given POA&M. parameters: - - description: SSP ID + - description: POA&M ID in: path name: id required: true type: string - - description: Component ID + - description: POAM Item ID in: path - name: componentId + name: itemId required: true type: string responses: @@ -18700,80 +12873,37 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Delete a system component - tags: - - System Security Plans - get: - description: Retrieves component in the System Implementation for a given System - Security Plan. - parameters: - - description: System Security Plan ID - in: path - name: id - required: true - type: string - - description: Component ID - in: path - name: componentId - required: true - type: string - produces: - - application/json - responses: - "200": - description: OK - schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_SystemComponent' - "400": - description: Bad Request - schema: - $ref: '#/definitions/api.Error' - "401": - description: Unauthorized - schema: - $ref: '#/definitions/api.Error' - "404": - description: Not Found - schema: - $ref: '#/definitions/api.Error' - "500": - description: Internal Server Error - schema: - $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Get System Implementation Component + summary: Delete a POAM item from a POA&M tags: - - System Security Plans + - Plan Of Action and Milestones put: consumes: - application/json - description: Updates an existing system component for a given SSP. Accepts an - optional definedComponentId field to link to a DefinedComponent. + description: Updates an existing POAM item for a given POA&M. parameters: - - description: SSP ID + - description: POA&M ID in: path name: id required: true type: string - - description: Component ID + - description: POAM Item ID in: path - name: componentId + name: itemId required: true type: string - - description: System Component data with optional definedComponentId field + - description: POAM Item data in: body - name: component + name: poam-item required: true schema: - $ref: '#/definitions/oscal.SystemComponentRequest' + $ref: '#/definitions/oscalTypes_1_1_3.PoamItem' produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_SystemComponent' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_PoamItem' "400": description: Bad Request schema: @@ -18786,15 +12916,14 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Update a system component + summary: Update a POAM item for a POA&M tags: - - System Security Plans - /oscal/system-security-plans/{id}/system-implementation/inventory-items: + - Plan Of Action and Milestones + /oscal/plan-of-action-and-milestones/{id}/risks: get: - description: Retrieves inventory items in the System Implementation for a given - System Security Plan. + description: Retrieves all risks for a given POA&M. parameters: - - description: System Security Plan ID + - description: POA&M ID in: path name: id required: true @@ -18805,15 +12934,11 @@ paths: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_InventoryItem' + $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_Risk' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "401": - description: Unauthorized - schema: - $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -18822,34 +12947,32 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: List System Implementation Inventory Items + summary: Get risks for a POA&M tags: - - System Security Plans + - Plan Of Action and Milestones post: consumes: - application/json - description: Creates a new inventory item for a given SSP. + description: Creates a new risk for a given POA&M. parameters: - - description: SSP ID + - description: POA&M ID in: path name: id required: true type: string - - description: Inventory Item data + - description: Risk data in: body - name: item + name: risk required: true schema: - $ref: '#/definitions/oscalTypes_1_1_3.InventoryItem' + $ref: '#/definitions/oscalTypes_1_1_3.Risk' produces: - application/json responses: - "201": - description: Created + "200": + description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_InventoryItem' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Risk' "400": description: Bad Request schema: @@ -18862,21 +12985,21 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Create a new inventory item + summary: Create a new risk for a POA&M tags: - - System Security Plans - /oscal/system-security-plans/{id}/system-implementation/inventory-items/{itemId}: + - Plan Of Action and Milestones + /oscal/plan-of-action-and-milestones/{id}/risks/{riskId}: delete: - description: Deletes an existing inventory item for a given SSP. + description: Deletes an existing risk for a given POA&M. parameters: - - description: SSP ID + - description: POA&M ID in: path name: id required: true type: string - - description: Item ID + - description: Risk ID in: path - name: itemId + name: riskId required: true type: string responses: @@ -18894,37 +13017,37 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Delete an inventory item + summary: Delete a risk from a POA&M tags: - - System Security Plans + - Plan Of Action and Milestones put: consumes: - application/json - description: Updates an existing inventory item for a given SSP. + description: Updates an existing risk for a given POA&M. parameters: - - description: SSP ID + - description: POA&M ID in: path name: id required: true type: string - - description: Item ID + - description: Risk ID in: path - name: itemId + name: riskId required: true type: string - - description: Inventory Item data + - description: Risk data in: body - name: item + name: risk required: true schema: - $ref: '#/definitions/oscalTypes_1_1_3.InventoryItem' + $ref: '#/definitions/oscalTypes_1_1_3.Risk' produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_InventoryItem' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Risk' "400": description: Bad Request schema: @@ -18937,15 +13060,14 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Update an inventory item + summary: Update a risk for a POA&M tags: - - System Security Plans - /oscal/system-security-plans/{id}/system-implementation/leveraged-authorizations: + - Plan Of Action and Milestones + /oscal/plan-of-action-and-milestones/{id}/system-id: get: - description: Retrieves leveraged authorizations in the System Implementation - for a given System Security Plan. + description: Retrieves system-id for a given POA&M. parameters: - - description: System Security Plan ID + - description: POA&M ID in: path name: id required: true @@ -18956,15 +13078,11 @@ paths: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_LeveragedAuthorization' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_SystemId' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "401": - description: Unauthorized - schema: - $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -18973,66 +13091,32 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: List System Implementation Leveraged Authorizations + summary: Get POA&M system-id tags: - - System Security Plans + - Plan Of Action and Milestones post: consumes: - application/json - description: Creates a new leveraged authorization for a given SSP. + description: Creates system-id for a given POA&M. parameters: - - description: SSP ID + - description: POA&M ID in: path name: id required: true type: string - - description: Leveraged Authorization data + - description: System ID data in: body - name: auth + name: systemId required: true schema: - $ref: '#/definitions/oscalTypes_1_1_3.LeveragedAuthorization' + $ref: '#/definitions/oscalTypes_1_1_3.SystemId' produces: - application/json responses: - "201": - description: Created - schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_LeveragedAuthorization' - "400": - description: Bad Request - schema: - $ref: '#/definitions/api.Error' - "404": - description: Not Found - schema: - $ref: '#/definitions/api.Error' - "500": - description: Internal Server Error + "200": + description: OK schema: - $ref: '#/definitions/api.Error' - summary: Create a new leveraged authorization - tags: - - System Security Plans - /oscal/system-security-plans/{id}/system-implementation/leveraged-authorizations/{authId}: - delete: - description: Deletes an existing leveraged authorization for a given SSP. - parameters: - - description: SSP ID - in: path - name: id - required: true - type: string - - description: Authorization ID - in: path - name: authId - required: true - type: string - responses: - "204": - description: No Content + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_SystemId' "400": description: Bad Request schema: @@ -19045,37 +13129,32 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Delete a leveraged authorization + summary: Create system-id for a POA&M tags: - - System Security Plans + - Plan Of Action and Milestones put: consumes: - application/json - description: Updates an existing leveraged authorization for a given SSP. + description: Updates system-id for a given POA&M. parameters: - - description: SSP ID + - description: POA&M ID in: path name: id required: true type: string - - description: Authorization ID - in: path - name: authId - required: true - type: string - - description: Leveraged Authorization data + - description: System ID data in: body - name: auth + name: systemId required: true schema: - $ref: '#/definitions/oscalTypes_1_1_3.LeveragedAuthorization' + $ref: '#/definitions/oscalTypes_1_1_3.SystemId' produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_LeveragedAuthorization' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_SystemId' "400": description: Bad Request schema: @@ -19088,26 +13167,19 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Update a leveraged authorization + summary: Update system-id for a POA&M tags: - - System Security Plans - /oscal/system-security-plans/{id}/system-implementation/users: + - Plan Of Action and Milestones + /oscal/profiles: get: - description: Retrieves users in the System Implementation for a given System - Security Plan. - parameters: - - description: System Security Plan ID - in: path - name: id - required: true - type: string + description: Retrieves all OSCAL profiles produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_SystemUser' + $ref: '#/definitions/handler.GenericDataListResponse-oscal_ProfileHandler' "400": description: Bad Request schema: @@ -19116,78 +13188,74 @@ paths: description: Unauthorized schema: $ref: '#/definitions/api.Error' - "404": - description: Not Found - schema: - $ref: '#/definitions/api.Error' "500": description: Internal Server Error schema: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: List System Implementation Users + summary: List Profiles tags: - - System Security Plans + - Profile post: consumes: - application/json - description: Creates a new system user for a given SSP. + description: Creates a new OSCAL Profile. parameters: - - description: SSP ID - in: path - name: id - required: true - type: string - - description: System User data + - description: Profile object in: body - name: user + name: profile required: true schema: - $ref: '#/definitions/oscalTypes_1_1_3.SystemUser' + $ref: '#/definitions/oscalTypes_1_1_3.Profile' produces: - application/json responses: "201": description: Created schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_SystemUser' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Profile' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "404": - description: Not Found + "401": + description: Unauthorized schema: $ref: '#/definitions/api.Error' "500": description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Create a new system user + security: + - OAuth2Password: [] + summary: Create a new OSCAL Profile tags: - - System Security Plans - /oscal/system-security-plans/{id}/system-implementation/users/{userId}: - delete: - description: Deletes an existing system user for a given SSP. + - Profile + /oscal/profiles/{id}: + get: + description: Get an OSCAL profile with the uuid provided parameters: - - description: SSP ID + - description: Profile ID in: path name: id required: true type: string - - description: User ID - in: path - name: userId - required: true - type: string + produces: + - application/json responses: - "204": - description: No Content + "200": + description: OK + schema: + $ref: '#/definitions/handler.GenericDataResponse-oscal_ProfileHandler' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' + "401": + description: Unauthorized + schema: + $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -19196,41 +13264,35 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Delete a system user + security: + - OAuth2Password: [] + summary: Get Profile tags: - - System Security Plans - put: - consumes: - - application/json - description: Updates an existing system user for a given SSP. + - Profile + /oscal/profiles/{id}/back-matter: + get: + description: Get the BackMatter for a specific profile parameters: - - description: SSP ID + - description: Profile ID in: path name: id required: true type: string - - description: User ID - in: path - name: userId - required: true - type: string - - description: System User data - in: body - name: user - required: true - schema: - $ref: '#/definitions/oscalTypes_1_1_3.SystemUser' produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_SystemUser' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_BackMatter' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' + "401": + description: Unauthorized + schema: + $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -19239,103 +13301,112 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Update a system user + security: + - OAuth2Password: [] + summary: Get Backmatter tags: - - System Security Plans - /risk-templates: + - Profile + /oscal/profiles/{id}/full: get: - description: List risk templates with optional filters and pagination. + description: Retrieves the full OSCAL Profile, including all nested content. parameters: - - description: Plugin ID - in: query - name: pluginId - type: string - - description: Policy package - in: query - name: policyPackage - type: string - - description: Active flag - in: query - name: isActive - type: boolean - - description: Page number - in: query - name: page - type: integer - - description: Page size - in: query - name: limit - type: integer + - description: Profile ID + in: path + name: id + required: true + type: string produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/service.ListResponse-templates_riskTemplateResponse' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Profile' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' + "401": + description: Unauthorized + schema: + $ref: '#/definitions/api.Error' + "404": + description: Not Found + schema: + $ref: '#/definitions/api.Error' "500": description: Internal Server Error schema: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: List risk templates + summary: Get full Profile tags: - - Risk Templates - post: - consumes: - - application/json - description: Create a risk template with threat references and remediation template/tasks. + - Profile + /oscal/profiles/{id}/imports: + get: + description: List imports for a specific profile parameters: - - description: Risk template payload - in: body - name: template + - description: Profile ID + in: path + name: id required: true - schema: - $ref: '#/definitions/templates.upsertRiskTemplateRequest' + type: string produces: - application/json responses: - "201": - description: Created + "200": + description: OK schema: - $ref: '#/definitions/templates.riskTemplateDataResponse' + $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_Import' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' + "401": + description: Unauthorized + schema: + $ref: '#/definitions/api.Error' + "404": + description: Not Found + schema: + $ref: '#/definitions/api.Error' "500": description: Internal Server Error schema: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Create risk template + summary: List Imports tags: - - Risk Templates - /risk-templates/{id}: + - Profile + /oscal/profiles/{id}/imports/{href}: delete: - description: Delete a risk template and its associated threat references and - remediation data. + description: Deletes an import from a profile by its href parameters: - - description: Risk Template ID + - description: Profile ID in: path name: id required: true type: string + - description: Import Href + in: path + name: href + required: true + type: string produces: - application/json responses: "204": - description: No Content + description: Import deleted successfully "400": description: Bad Request schema: $ref: '#/definitions/api.Error' + "401": + description: Unauthorized + schema: + $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -19346,28 +13417,37 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Delete risk template + summary: Delete Import from Profile tags: - - Risk Templates + - Profile get: - description: Get a risk template by ID. + description: Retrieves a specific import from a profile by its backmatter href parameters: - - description: Risk Template ID + - description: Profile UUID in: path name: id required: true type: string + - description: Import Href + in: path + name: href + required: true + type: string produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/templates.riskTemplateDataResponse' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Import' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' + "401": + description: Unauthorized + schema: + $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -19378,115 +13458,47 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Get risk template + summary: Get Import from Profile by Backmatter Href tags: - - Risk Templates + - Profile put: consumes: - application/json - description: Update a risk template and atomically replace threat refs and remediation - tasks. + description: Updates an existing import in a profile by its href parameters: - - description: Risk Template ID + - description: Profile ID in: path name: id required: true type: string - - description: Risk template payload + - description: Import Href + in: path + name: href + required: true + type: string + - description: Import data to update in: body - name: template + name: request required: true schema: - $ref: '#/definitions/templates.upsertRiskTemplateRequest' + $ref: '#/definitions/oscalTypes_1_1_3.Import' produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/templates.riskTemplateDataResponse' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Import' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "404": - description: Not Found - schema: - $ref: '#/definitions/api.Error' - "500": - description: Internal Server Error + "401": + description: Unauthorized schema: $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Update risk template - tags: - - Risk Templates - /risks: - get: - description: Lists risk register entries with filtering, sorting, and pagination. - parameters: - - description: Risk status - in: query - name: status - type: string - - description: Risk likelihood - in: query - name: likelihood - type: string - - description: Risk impact - in: query - name: impact - type: string - - description: SSP ID - in: query - name: sspId - type: string - - description: Control ID - in: query - name: controlId - type: string - - description: Evidence ID - in: query - name: evidenceId - type: string - - description: Owner kind - in: query - name: ownerKind - type: string - - description: Owner reference - in: query - name: ownerRef - type: string - - description: Review deadline upper bound (RFC3339) - in: query - name: reviewDeadlineBefore - type: string - - description: Page number - in: query - name: page - type: integer - - description: Page size - in: query - name: limit - type: integer - - description: Sort field - in: query - name: sort - type: string - - description: Sort order (asc|desc) - in: query - name: order - type: string - produces: - - application/json - responses: - "200": - description: OK - schema: - $ref: '#/definitions/service.ListResponse-handler_riskResponse' - "400": - description: Bad Request + "404": + description: Not Found schema: $ref: '#/definitions/api.Error' "500": @@ -19495,27 +13507,34 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: List risks + summary: Update Import in Profile tags: - - Risks + - Profile + /oscal/profiles/{id}/imports/add: post: consumes: - application/json - description: Creates a risk register entry. + description: Adds an import to a profile by its UUID and type (catalog/profile). + Only catalogs are currently supported currently parameters: - - description: Risk payload + - description: Profile ID + in: path + name: id + required: true + type: string + - description: Request data in: body - name: risk + name: request required: true schema: - $ref: '#/definitions/handler.createRiskRequest' + $ref: '#/definitions/oscal.ProfileHandler' produces: - application/json responses: "201": description: Created schema: - $ref: '#/definitions/handler.GenericDataResponse-handler_riskResponse' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Import' "400": description: Bad Request schema: @@ -19524,31 +13543,47 @@ paths: description: Unauthorized schema: $ref: '#/definitions/api.Error' + "404": + description: Not Found + schema: + $ref: '#/definitions/api.Error' + "409": + description: Conflict + schema: + $ref: '#/definitions/api.Error' "500": description: Internal Server Error schema: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Create risk + summary: Add Import to Profile tags: - - Risks - /risks/{id}: - delete: - description: Deletes a risk register entry and link rows by ID. + - Profile + /oscal/profiles/{id}/merge: + get: + description: Retrieves the merge section for a specific profile. parameters: - - description: Risk ID + - description: Profile ID in: path name: id required: true type: string + produces: + - application/json responses: - "204": - description: No Content + "200": + description: OK + schema: + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Merge' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' + "401": + description: Unauthorized + schema: + $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -19559,28 +13594,40 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Delete risk + summary: Get merge section tags: - - Risks - get: - description: Retrieves a risk register entry by ID. + - Profile + put: + consumes: + - application/json + description: Updates the merge information for a specific profile parameters: - - description: Risk ID + - description: Profile ID in: path name: id required: true type: string + - description: Merge data to update + in: body + name: request + required: true + schema: + $ref: '#/definitions/oscalTypes_1_1_3.Merge' produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-handler_riskResponse' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Merge' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' + "401": + description: Unauthorized + schema: + $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -19591,32 +13638,25 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Get risk + summary: Update Merge tags: - - Risks - put: - consumes: - - application/json - description: Updates a risk register entry by ID. + - Profile + /oscal/profiles/{id}/modify: + get: + description: Retrieves the modify section for a specific profile. parameters: - - description: Risk ID + - description: Profile ID in: path name: id required: true type: string - - description: Risk payload - in: body - name: risk - required: true - schema: - $ref: '#/definitions/handler.updateRiskRequest' produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-handler_riskResponse' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Modify' "400": description: Bad Request schema: @@ -19631,40 +13671,32 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Update risk + summary: Get modify section tags: - - Risks - /risks/{id}/accept: + - Profile + /oscal/profiles/{id}/resolve: post: - consumes: - - application/json - description: Accepts a risk with required justification and a future review - deadline. + description: Resolves a Profiled identified by the "profile ID" param and stores + a new catalog in the database parameters: - - description: Risk ID + - description: Profile ID in: path name: id required: true type: string - - description: Accept payload - in: body - name: body - required: true - schema: - $ref: '#/definitions/handler.acceptRiskRequest' produces: - application/json responses: - "200": - description: OK + "201": + description: Created schema: - $ref: '#/definitions/handler.GenericDataResponse-handler_riskResponse' + $ref: '#/definitions/handler.GenericDataResponse-oscal_ProfileHandler' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "404": - description: Not Found + "401": + description: Unauthorized schema: $ref: '#/definitions/api.Error' "500": @@ -19673,37 +13705,34 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Accept risk + summary: Resolves a Profile as a stored catalog tags: - - Risks - /risks/{id}/components: + - Profile + /oscal/profiles/{id}/resolved: get: - description: Lists components linked to a risk. + description: Returns a resolved OSCAL catalog based on a given Profile ID, applying + all imports and modifications. parameters: - - description: Risk ID + - description: Profile ID in: path name: id required: true type: string - - description: Page number - in: query - name: page - type: integer - - description: Page size - in: query - name: limit - type: integer produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/service.ListResponse-risks_RiskComponentLink' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Catalog' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' + "401": + description: Unauthorized + schema: + $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -19714,36 +13743,37 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: List risk component links + summary: Get Resolved Profile tags: - - Risks + - Profile + /oscal/profiles/build-props: post: consumes: - application/json - description: Idempotently links a component to a risk. + description: Generates a Profile selecting controls from a catalog based on + prop matching rules. Returns the created Profile and the matched control IDs. parameters: - - description: Risk ID - in: path - name: id - required: true - type: string - - description: Component link payload + - description: Prop matching request in: body - name: link + name: request required: true schema: - $ref: '#/definitions/handler.addComponentLinkRequest' + $ref: '#/definitions/oscal.ProfileHandler' produces: - application/json responses: "201": description: Created schema: - $ref: '#/definitions/handler.GenericDataResponse-risks_RiskComponentLink' + $ref: '#/definitions/handler.GenericDataResponse-oscal_ProfileHandler' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' + "401": + description: Unauthorized + schema: + $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -19754,39 +13784,25 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Link component to risk + summary: Build Profile by Control Props tags: - - Risks - /risks/{id}/controls: + - Profile + /oscal/roles: get: - description: Lists controls linked to a risk. - parameters: - - description: Risk ID - in: path - name: id - required: true - type: string - - description: Page number - in: query - name: page - type: integer - - description: Page size - in: query - name: limit - type: integer + description: Retrieves all roles. produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/service.ListResponse-risks_RiskControlLink' + $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_Role' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "404": - description: Not Found + "401": + description: Unauthorized schema: $ref: '#/definitions/api.Error' "500": @@ -19795,36 +13811,33 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: List risk control links + summary: List roles tags: - - Risks - post: - consumes: - - application/json - description: Idempotently links a control to a risk. + - Oscal + /oscal/roles/{id}: + get: + description: Retrieves a single Role by its unique ID. parameters: - - description: Risk ID + - description: Party ID in: path name: id required: true type: string - - description: Control link payload - in: body - name: link - required: true - schema: - $ref: '#/definitions/handler.addControlLinkRequest' produces: - application/json responses: - "201": - description: Created + "200": + description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-risks_RiskControlLink' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Role' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' + "401": + description: Unauthorized + schema: + $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -19835,39 +13848,25 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Link control to risk + summary: Get a Role tags: - - Risks - /risks/{id}/evidence: + - Oscal + /oscal/system-security-plans: get: - description: Lists evidence IDs linked to a risk. - parameters: - - description: Risk ID - in: path - name: id - required: true - type: string - - description: Page number - in: query - name: page - type: integer - - description: Page size - in: query - name: limit - type: integer + description: Retrieves all System Security Plans. produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/service.ListResponse-uuid_UUID' + $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_SystemSecurityPlan' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "404": - description: Not Found + "401": + description: Unauthorized schema: $ref: '#/definitions/api.Error' "500": @@ -19876,36 +13875,35 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: List risk evidence links + summary: List System Security Plans tags: - - Risks + - System Security Plans post: consumes: - application/json - description: Idempotently links an evidence item to a risk. + description: Creates a System Security Plan from input. parameters: - - description: Risk ID - in: path - name: id - required: true - type: string - - description: Evidence link payload + - description: SSP data in: body - name: link + name: ssp required: true schema: - $ref: '#/definitions/handler.addEvidenceLinkRequest' + $ref: '#/definitions/oscalTypes_1_1_3.SystemSecurityPlan' produces: - application/json responses: - "201": - description: Created + "200": + description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-risks_RiskEvidenceLink' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_SystemSecurityPlan' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' + "401": + description: Unauthorized + schema: + $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -19916,30 +13914,59 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Link evidence to risk + summary: Create a System Security Plan tags: - - Risks - /risks/{id}/evidence/{evidenceId}: + - System Security Plans + /oscal/system-security-plans/{id}: delete: - description: Deletes the link between a risk and evidence item. + description: Deletes an existing System Security Plan and all its related data. parameters: - - description: Risk ID + - description: SSP ID in: path name: id required: true type: string - - description: Evidence ID + responses: + "204": + description: No Content + "400": + description: Bad Request + schema: + $ref: '#/definitions/api.Error' + "404": + description: Not Found + schema: + $ref: '#/definitions/api.Error' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/api.Error' + summary: Delete a System Security Plan + tags: + - System Security Plans + get: + description: Retrieves a single System Security Plan by its unique ID. + parameters: + - description: System Security Plan ID in: path - name: evidenceId + name: id required: true type: string + produces: + - application/json responses: - "204": - description: No Content + "200": + description: OK + schema: + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_SystemSecurityPlan' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' + "401": + description: Unauthorized + schema: + $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -19950,34 +13977,32 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Delete risk evidence link + summary: Get a System Security Plan tags: - - Risks - /risks/{id}/review: - post: + - System Security Plans + put: consumes: - application/json - description: Records a structured review for an accepted risk. nextReviewDeadline - is required for decision=extend and must be omitted for decision=reopen. + description: Updates an existing System Security Plan. parameters: - - description: Risk ID + - description: SSP ID in: path name: id required: true type: string - - description: Review payload + - description: SSP data in: body - name: body + name: ssp required: true schema: - $ref: '#/definitions/handler.reviewRiskRequest' + $ref: '#/definitions/oscalTypes_1_1_3.SystemSecurityPlan' produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-handler_riskResponse' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_SystemSecurityPlan' "400": description: Bad Request schema: @@ -19990,35 +14015,25 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Review risk + summary: Update a System Security Plan tags: - - Risks - /risks/{id}/subjects: + - System Security Plans + /oscal/system-security-plans/{id}/back-matter: get: - description: Lists subjects linked to a risk. + description: Retrieves back-matter for a given SSP. parameters: - - description: Risk ID + - description: SSP ID in: path name: id required: true type: string - - description: Page number - in: query - name: page - type: integer - - description: Page size - in: query - name: limit - type: integer produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/service.ListResponse-risks_RiskSubjectLink' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_BackMatter' "400": description: Bad Request schema: @@ -20031,34 +14046,32 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: List risk subject links + summary: Get SSP back-matter tags: - - Risks - post: + - System Security Plans + put: consumes: - application/json - description: Idempotently links a subject to a risk. + description: Updates back-matter for a given SSP. parameters: - - description: Risk ID + - description: SSP ID in: path name: id required: true type: string - - description: Subject link payload + - description: Back Matter data in: body - name: link + name: back-matter required: true schema: - $ref: '#/definitions/handler.addSubjectLinkRequest' + $ref: '#/definitions/oscalTypes_1_1_3.BackMatter' produces: - application/json responses: - "201": - description: Created + "200": + description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-risks_RiskSubjectLink' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_BackMatter' "400": description: Bad Request schema: @@ -20071,75 +14084,25 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Link subject to risk + summary: Update SSP back-matter tags: - - Risks - /ssp/{sspId}/risks: + - System Security Plans + /oscal/system-security-plans/{id}/back-matter/resources: get: - description: Lists risk register entries scoped to an SSP. + description: Retrieves all back-matter resources for a given SSP. parameters: - description: SSP ID in: path - name: sspId + name: id required: true type: string - - description: Risk status - in: query - name: status - type: string - - description: Risk likelihood - in: query - name: likelihood - type: string - - description: Risk impact - in: query - name: impact - type: string - - description: Control ID - in: query - name: controlId - type: string - - description: Evidence ID - in: query - name: evidenceId - type: string - - description: Owner kind - in: query - name: ownerKind - type: string - - description: Owner reference - in: query - name: ownerRef - type: string - - description: Review deadline upper bound (RFC3339) - in: query - name: reviewDeadlineBefore - type: string - - description: Page number - in: query - name: page - type: integer - - description: Page size - in: query - name: limit - type: integer - - description: Sort field - in: query - name: sort - type: string - - description: Sort order (asc|desc) - in: query - name: order - type: string produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/service.ListResponse-handler_riskResponse' + $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_Resource' "400": description: Bad Request schema: @@ -20152,34 +14115,32 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: List risks for SSP + summary: Get back-matter resources for a SSP tags: - - Risks + - System Security Plans post: consumes: - application/json - description: Creates a risk register entry scoped to an SSP. + description: Creates a new back-matter resource for a given SSP. parameters: - description: SSP ID in: path - name: sspId + name: id required: true type: string - - description: Risk payload + - description: Resource data in: body - name: risk + name: resource required: true schema: - $ref: '#/definitions/handler.createRiskRequest' + $ref: '#/definitions/oscalTypes_1_1_3.Resource' produces: - application/json responses: "201": description: Created schema: - $ref: '#/definitions/handler.GenericDataResponse-handler_riskResponse' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Resource' "400": description: Bad Request schema: @@ -20192,65 +14153,26 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Create risk for SSP + summary: Create a new back-matter resource for a SSP tags: - - Risks - /ssp/{sspId}/risks/{id}: + - System Security Plans + /oscal/system-security-plans/{id}/back-matter/resources/{resourceId}: delete: - description: Deletes a risk register entry by ID scoped to an SSP. - parameters: - - description: SSP ID - in: path - name: sspId - required: true - type: string - - description: Risk ID - in: path - name: id - required: true - type: string - responses: - "204": - description: No Content - "400": - description: Bad Request - schema: - $ref: '#/definitions/api.Error' - "404": - description: Not Found - schema: - $ref: '#/definitions/api.Error' - "500": - description: Internal Server Error - schema: - $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Delete risk for SSP - tags: - - Risks - get: - description: Retrieves a risk register entry by ID scoped to an SSP. + description: Deletes an existing back-matter resource for a given SSP. parameters: - description: SSP ID in: path - name: sspId + name: id required: true type: string - - description: Risk ID + - description: Resource ID in: path - name: id + name: resourceId required: true type: string - produces: - - application/json responses: - "200": - description: OK - schema: - $ref: '#/definitions/handler.GenericDataResponse-handler_riskResponse' + "204": + description: No Content "400": description: Bad Request schema: @@ -20263,39 +14185,37 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Get risk for SSP + summary: Delete a back-matter resource from a SSP tags: - - Risks + - System Security Plans put: consumes: - application/json - description: Updates a risk register entry by ID scoped to an SSP. + description: Updates an existing back-matter resource for a given SSP. parameters: - description: SSP ID in: path - name: sspId + name: id required: true type: string - - description: Risk ID + - description: Resource ID in: path - name: id + name: resourceId required: true type: string - - description: Risk payload + - description: Resource data in: body - name: risk + name: resource required: true schema: - $ref: '#/definitions/handler.updateRiskRequest' + $ref: '#/definitions/oscalTypes_1_1_3.Resource' produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-handler_riskResponse' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Resource' "400": description: Bad Request schema: @@ -20308,44 +14228,34 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Update risk for SSP + summary: Update a back-matter resource for a SSP tags: - - Risks - /ssp/{sspId}/risks/{id}/accept: - post: - consumes: - - application/json - description: Accepts a risk by ID scoped to an SSP. + - System Security Plans + /oscal/system-security-plans/{id}/control-implementation: + get: + description: Retrieves the Control Implementation for a given System Security + Plan. parameters: - - description: SSP ID - in: path - name: sspId - required: true - type: string - - description: Risk ID + - description: System Security Plan ID in: path name: id required: true type: string - - description: Accept payload - in: body - name: body - required: true - schema: - $ref: '#/definitions/handler.acceptRiskRequest' produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-handler_riskResponse' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_ControlImplementation' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' + "401": + description: Unauthorized + schema: + $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -20356,39 +14266,33 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Accept risk for SSP + summary: Get Control Implementation tags: - - Risks - /ssp/{sspId}/risks/{id}/review: - post: + - System Security Plans + put: consumes: - application/json - description: Records a risk review by ID scoped to an SSP. nextReviewDeadline - is required for decision=extend and must be omitted for decision=reopen. + description: Updates the Control Implementation for a given System Security + Plan. parameters: - - description: SSP ID - in: path - name: sspId - required: true - type: string - - description: Risk ID + - description: System Security Plan ID in: path name: id required: true type: string - - description: Review payload + - description: Updated Control Implementation object in: body - name: body + name: control-implementation required: true schema: - $ref: '#/definitions/handler.reviewRiskRequest' + $ref: '#/definitions/oscalTypes_1_1_3.ControlImplementation' produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-handler_riskResponse' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_ControlImplementation' "400": description: Bad Request schema: @@ -20401,98 +14305,95 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Review risk for SSP + summary: Update Control Implementation tags: - - Risks - /subject-templates: + - System Security Plans + /oscal/system-security-plans/{id}/control-implementation/implemented-requirements: get: - description: List subject templates with optional filters and pagination. + description: Retrieves all implemented requirements for a given SSP. parameters: - - description: Subject type - in: query - name: type - type: string - - description: Source mode - in: query - name: sourceMode + - description: SSP ID + in: path + name: id + required: true type: string - - description: Page number - in: query - name: page - type: integer - - description: Page size - in: query - name: limit - type: integer produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/service.ListResponse-templates_subjectTemplateResponse' + $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_ImplementedRequirement' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' + "404": + description: Not Found + schema: + $ref: '#/definitions/api.Error' "500": description: Internal Server Error schema: $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: List subject templates + summary: Get implemented requirements for a SSP tags: - - Subject Templates + - System Security Plans post: consumes: - application/json - description: Create a subject template with selector labels and label schema. + description: Creates a new implemented requirement for a given SSP. parameters: - - description: Subject template payload + - description: SSP ID + in: path + name: id + required: true + type: string + - description: Implemented Requirement data in: body - name: template + name: requirement required: true schema: - $ref: '#/definitions/templates.upsertSubjectTemplateRequest' + $ref: '#/definitions/oscalTypes_1_1_3.ImplementedRequirement' produces: - application/json responses: "201": description: Created schema: - $ref: '#/definitions/templates.subjectTemplateDataResponse' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_ImplementedRequirement' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' + "404": + description: Not Found + schema: + $ref: '#/definitions/api.Error' "500": description: Internal Server Error schema: $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Create subject template + summary: Create a new implemented requirement for a SSP tags: - - Subject Templates - /subject-templates/{id}: - get: - description: Get a subject template by ID. + - System Security Plans + /oscal/system-security-plans/{id}/control-implementation/implemented-requirements/{reqId}: + delete: + description: Deletes an existing implemented requirement for a given SSP. parameters: - - description: Subject Template ID + - description: SSP ID in: path name: id required: true type: string - produces: - - application/json + - description: Requirement ID + in: path + name: reqId + required: true + type: string responses: - "200": - description: OK - schema: - $ref: '#/definitions/templates.subjectTemplateDataResponse' + "204": + description: No Content "400": description: Bad Request schema: @@ -20505,35 +14406,37 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Get subject template + summary: Delete an implemented requirement from a SSP tags: - - Subject Templates + - System Security Plans put: consumes: - application/json - description: Update a subject template and atomically replace selector labels - and label schema. + description: Updates an existing implemented requirement for a given SSP. parameters: - - description: Subject Template ID + - description: SSP ID in: path name: id required: true type: string - - description: Subject template payload + - description: Requirement ID + in: path + name: reqId + required: true + type: string + - description: Implemented Requirement data in: body - name: template + name: requirement required: true schema: - $ref: '#/definitions/templates.upsertSubjectTemplateRequest' + $ref: '#/definitions/oscalTypes_1_1_3.ImplementedRequirement' produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/templates.subjectTemplateDataResponse' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_ImplementedRequirement' "400": description: Bad Request schema: @@ -20546,66 +14449,46 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Update subject template + summary: Update an implemented requirement for a SSP tags: - - Subject Templates - /users/{id}/change-password: - post: + - System Security Plans + /oscal/system-security-plans/{id}/control-implementation/implemented-requirements/{reqId}/by-components/{byComponentId}: + put: consumes: - application/json - description: Changes the password for a user by ID + description: Updates an existing by-component that belongs to an implemented + requirement for a given SSP. parameters: - - description: User ID + - description: SSP ID in: path name: id required: true type: string - - description: Change Password Request + - description: Requirement ID + in: path + name: reqId + required: true + type: string + - description: By-Component ID + in: path + name: byComponentId + required: true + type: string + - description: By-Component data in: body - name: changePasswordRequest + name: by-component required: true schema: - $ref: '#/definitions/handler.UserHandler' - produces: - - application/json - responses: - "204": - description: No Content - "400": - description: Bad Request - schema: - $ref: '#/definitions/api.Error' - "401": - description: Unauthorized - schema: - $ref: '#/definitions/api.Error' - "404": - description: Not Found - schema: - $ref: '#/definitions/api.Error' - "500": - description: Internal Server Error - schema: - $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Change password for a specific user - tags: - - Users - /users/me: - get: - description: Retrieves the details of the currently logged-in user + $ref: '#/definitions/oscalTypes_1_1_3.ByComponent' produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-relational_User' - "401": - description: Unauthorized + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_ByComponent' + "400": + description: Bad Request schema: $ref: '#/definitions/api.Error' "404": @@ -20616,58 +14499,41 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Get logged-in user details + summary: Update a by-component within an implemented requirement tags: - - Users - /users/me/change-password: + - System Security Plans + /oscal/system-security-plans/{id}/control-implementation/implemented-requirements/{reqId}/statements: post: consumes: - application/json - description: Changes the password for the currently logged-in user + description: Creates a new statement within an implemented requirement for a + given SSP. parameters: - - description: Change Password Request - in: body - name: changePasswordRequest + - description: SSP ID + in: path + name: id required: true - schema: - $ref: '#/definitions/handler.UserHandler' - produces: - - application/json - responses: - "204": - description: No Content - "400": - description: Bad Request - schema: - $ref: '#/definitions/api.Error' - "401": - description: Unauthorized - schema: - $ref: '#/definitions/api.Error' - "500": - description: Internal Server Error - schema: - $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Change password for logged-in user - tags: - - Users - /users/me/subscriptions: - get: - description: Gets the current user's digest and workflow notification email - preferences + type: string + - description: Requirement ID + in: path + name: reqId + required: true + type: string + - description: Statement data + in: body + name: statement + required: true + schema: + $ref: '#/definitions/oscalTypes_1_1_3.Statement' produces: - application/json responses: - "200": - description: OK + "201": + description: Created schema: - $ref: '#/definitions/handler.GenericDataResponse-handler_SubscriptionsResponse' - "401": - description: Unauthorized + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Statement' + "400": + description: Bad Request schema: $ref: '#/definitions/api.Error' "404": @@ -20678,38 +14544,48 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Get notification preferences + summary: Create a new statement within an implemented requirement tags: - - Users + - System Security Plans + /oscal/system-security-plans/{id}/control-implementation/implemented-requirements/{reqId}/statements/{stmtId}: put: consumes: - application/json - description: Updates the current user's digest and workflow notification email - preferences + description: Updates an existing statement within an implemented requirement + for a given SSP. parameters: - - description: Notification preferences + - description: SSP ID + in: path + name: id + required: true + type: string + - description: Requirement ID + in: path + name: reqId + required: true + type: string + - description: Statement ID + in: path + name: stmtId + required: true + type: string + - description: Statement data in: body - name: subscription + name: statement required: true schema: - $ref: '#/definitions/handler.UpdateSubscriptionsRequest' + $ref: '#/definitions/oscalTypes_1_1_3.Statement' produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-handler_SubscriptionsResponse' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Statement' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "401": - description: Unauthorized - schema: - $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -20718,103 +14594,151 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Update notification preferences + summary: Update a statement within an implemented requirement tags: - - Users - /workflows/control-relationships: - get: - description: List all control relationships, optionally filtered by workflow - definition + - System Security Plans + /oscal/system-security-plans/{id}/control-implementation/implemented-requirements/{reqId}/statements/{stmtId}/by-components: + post: + consumes: + - application/json + description: Create a by-component within an existing statement within an implemented + requirement for a given SSP. parameters: - - description: Workflow Definition ID - in: query - name: workflow_definition_id + - description: SSP ID + in: path + name: id + required: true type: string - - description: Control ID - in: query - name: control_id + - description: Requirement ID + in: path + name: reqId + required: true + type: string + - description: Statement ID + in: path + name: stmtId + required: true type: string + - description: By-Component data + in: body + name: by-component + required: true + schema: + $ref: '#/definitions/oscalTypes_1_1_3.ByComponent' produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/workflows.ControlRelationshipListResponse' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_ByComponent' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "401": - description: Unauthorized + "404": + description: Not Found schema: $ref: '#/definitions/api.Error' "500": description: Internal Server Error schema: $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: List control relationships + summary: Create a by-component within a statement (within an implemented requirement) tags: - - Control Relationships - post: + - System Security Plans + ? /oscal/system-security-plans/{id}/control-implementation/implemented-requirements/{reqId}/statements/{stmtId}/by-components/{byComponentId} + : delete: consumes: - application/json - description: Create a new control relationship for a workflow + description: Deletes a by-component within an existing statement within an implemented + requirement for a given SSP. parameters: - - description: Control relationship details - in: body - name: request + - description: SSP ID + in: path + name: id required: true - schema: - $ref: '#/definitions/workflows.CreateControlRelationshipRequest' + type: string + - description: Requirement ID + in: path + name: reqId + required: true + type: string + - description: Statement ID + in: path + name: stmtId + required: true + type: string + - description: By-Component ID + in: path + name: byComponentId + required: true + type: string produces: - application/json responses: - "201": - description: Created + "200": + description: OK schema: - $ref: '#/definitions/workflows.ControlRelationshipResponse' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_ByComponent' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "401": - description: Unauthorized + "404": + description: Not Found schema: $ref: '#/definitions/api.Error' "500": description: Internal Server Error schema: $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Create control relationship + summary: Delete a by-component within a statement (within an implemented requirement) tags: - - Control Relationships - /workflows/control-relationships/{id}: - delete: - description: Delete a control relationship + - System Security Plans + put: + consumes: + - application/json + description: Updates a by-component within an existing statement within an implemented + requirement for a given SSP. parameters: - - description: Control Relationship ID + - description: SSP ID in: path name: id required: true type: string + - description: Requirement ID + in: path + name: reqId + required: true + type: string + - description: Statement ID + in: path + name: stmtId + required: true + type: string + - description: By-Component ID + in: path + name: byComponentId + required: true + type: string + - description: By-Component data + in: body + name: by-component + required: true + schema: + $ref: '#/definitions/oscalTypes_1_1_3.ByComponent' + produces: + - application/json responses: - "204": - description: No Content + "200": + description: OK + schema: + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_ByComponent' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "401": - description: Unauthorized - schema: - $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -20823,15 +14747,14 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Delete control relationship + summary: Update a by-component within a statement (within an implemented requirement) tags: - - Control Relationships + - System Security Plans + /oscal/system-security-plans/{id}/import-profile: get: - description: Get control relationship by ID + description: Retrieves import-profile for a given SSP. parameters: - - description: Control Relationship ID + - description: SSP ID in: path name: id required: true @@ -20842,15 +14765,11 @@ paths: "200": description: OK schema: - $ref: '#/definitions/workflows.ControlRelationshipResponse' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_ImportProfile' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "401": - description: Unauthorized - schema: - $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -20859,42 +14778,36 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Get control relationship + summary: Get SSP import-profile tags: - - Control Relationships + - System Security Plans put: consumes: - application/json - description: Update an existing control relationship + description: Updates import-profile for a given SSP. parameters: - - description: Control Relationship ID + - description: SSP ID in: path name: id required: true type: string - - description: Update details + - description: Import Profile data in: body - name: request + name: import-profile required: true schema: - $ref: '#/definitions/workflows.UpdateControlRelationshipRequest' + $ref: '#/definitions/oscalTypes_1_1_3.ImportProfile' produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/workflows.ControlRelationshipResponse' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_ImportProfile' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "401": - description: Unauthorized - schema: - $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -20903,16 +14816,14 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Update control relationship + summary: Update SSP import-profile tags: - - Control Relationships - /workflows/control-relationships/{id}/activate: - put: - description: Activate a control relationship + - System Security Plans + /oscal/system-security-plans/{id}/metadata: + get: + description: Retrieves metadata for a given SSP. parameters: - - description: Control Relationship ID + - description: SSP ID in: path name: id required: true @@ -20923,15 +14834,11 @@ paths: "200": description: OK schema: - $ref: '#/definitions/workflows.ControlRelationshipResponse' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Metadata' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "401": - description: Unauthorized - schema: - $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -20940,35 +14847,36 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Activate control relationship + summary: Get SSP metadata tags: - - Control Relationships - /workflows/control-relationships/{id}/deactivate: + - System Security Plans put: - description: Deactivate a control relationship + consumes: + - application/json + description: Updates metadata for a given SSP. parameters: - - description: Control Relationship ID + - description: SSP ID in: path name: id required: true type: string + - description: Metadata data + in: body + name: metadata + required: true + schema: + $ref: '#/definitions/oscalTypes_1_1_3.Metadata' produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/workflows.ControlRelationshipResponse' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Metadata' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "401": - description: Unauthorized - schema: - $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -20977,52 +14885,26 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Deactivate control relationship - tags: - - Control Relationships - /workflows/definitions: - get: - description: List all workflow definition templates - produces: - - application/json - responses: - "200": - description: OK - schema: - $ref: '#/definitions/workflows.WorkflowDefinitionListResponse' - "401": - description: Unauthorized - schema: - $ref: '#/definitions/api.Error' - "500": - description: Internal Server Error - schema: - $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: List workflow definitions - tags: - - Workflow Definitions - post: - consumes: - - application/json - description: Create a new workflow definition template + summary: Update SSP metadata + tags: + - System Security Plans + /oscal/system-security-plans/{id}/profile: + get: + description: Retrieves the Profile attached to the specified System Security + Plan. parameters: - - description: Workflow definition details - in: body - name: request + - description: System Security Plan ID + in: path + name: id required: true - schema: - $ref: '#/definitions/workflows.CreateWorkflowDefinitionRequest' + type: string produces: - application/json responses: - "201": - description: Created + "200": + description: OK schema: - $ref: '#/definitions/workflows.WorkflowDefinitionResponse' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Profile' "400": description: Bad Request schema: @@ -21031,37 +14913,46 @@ paths: description: Unauthorized schema: $ref: '#/definitions/api.Error' + "404": + description: Not Found + schema: + $ref: '#/definitions/api.Error' "500": description: Internal Server Error schema: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Create workflow definition + summary: Get Profile for a System Security Plan tags: - - Workflow Definitions - /workflows/definitions/{id}: - delete: - description: Delete workflow definition by ID + - System Security Plans + put: + consumes: + - application/json + description: Associates a given Profile with a System Security Plan. parameters: - - description: Workflow Definition ID + - description: SSP ID in: path name: id required: true type: string + - description: Profile ID to attach + in: body + name: profileId + required: true + schema: + type: string produces: - application/json responses: - "204": - description: No Content + "200": + description: OK + schema: + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_SystemSecurityPlan' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "401": - description: Unauthorized - schema: - $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -21070,15 +14961,15 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Delete workflow definition + summary: Attach a Profile to a System Security Plan tags: - - Workflow Definitions + - System Security Plans + /oscal/system-security-plans/{id}/system-characteristics: get: - description: Get workflow definition by ID + description: Retrieves the System Characteristics for a given System Security + Plan. parameters: - - description: Workflow Definition ID + - description: System Security Plan ID in: path name: id required: true @@ -21089,7 +14980,7 @@ paths: "200": description: OK schema: - $ref: '#/definitions/workflows.WorkflowDefinitionResponse' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_SystemCharacteristics' "400": description: Bad Request schema: @@ -21108,32 +14999,33 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Get workflow definition + summary: Get System Characteristics tags: - - Workflow Definitions + - System Security Plans put: consumes: - application/json - description: Update workflow definition by ID + description: Updates the System Characteristics for a given System Security + Plan. parameters: - - description: Workflow Definition ID + - description: System Security Plan ID in: path name: id required: true type: string - - description: Updated workflow definition details + - description: Updated System Characteristics object in: body - name: request + name: characteristics required: true schema: - $ref: '#/definitions/workflows.UpdateWorkflowDefinitionRequest' + $ref: '#/definitions/oscalTypes_1_1_3.SystemCharacteristics' produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/workflows.WorkflowDefinitionResponse' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_SystemCharacteristics' "400": description: Bad Request schema: @@ -21152,33 +15044,26 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Update workflow definition + summary: Update System Characteristics tags: - - Workflow Definitions - /workflows/executions: + - System Security Plans + /oscal/system-security-plans/{id}/system-characteristics/authorization-boundary: get: - description: List all executions for a workflow instance + description: Retrieves the Authorization Boundary for a given System Security + Plan. parameters: - - description: Workflow Instance ID - in: query - name: workflow_instance_id + - description: System Security Plan ID + in: path + name: id required: true type: string - - description: Limit - in: query - name: limit - type: integer - - description: Offset - in: query - name: offset - type: integer produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/workflows.WorkflowExecutionListResponse' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_AuthorizationBoundary' "400": description: Bad Request schema: @@ -21187,33 +15072,44 @@ paths: description: Unauthorized schema: $ref: '#/definitions/api.Error' + "404": + description: Not Found + schema: + $ref: '#/definitions/api.Error' "500": description: Internal Server Error schema: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: List workflow executions + summary: Get Authorization Boundary tags: - - Workflow Executions + - System Security Plans + /oscal/system-security-plans/{id}/system-characteristics/authorization-boundary/diagrams: post: consumes: - application/json - description: Start a new execution of a workflow instance + description: Creates a new Diagram under the Authorization Boundary of a System + Security Plan. parameters: - - description: Execution details + - description: System Security Plan ID + in: path + name: id + required: true + type: string + - description: Diagram object to create in: body - name: request + name: diagram required: true schema: - $ref: '#/definitions/workflows.StartWorkflowExecutionRequest' + $ref: '#/definitions/oscalTypes_1_1_3.Diagram' produces: - application/json responses: "201": description: Created schema: - $ref: '#/definitions/workflows.WorkflowExecutionResponse' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Diagram' "400": description: Bad Request schema: @@ -21222,31 +15118,39 @@ paths: description: Unauthorized schema: $ref: '#/definitions/api.Error' + "404": + description: Not Found + schema: + $ref: '#/definitions/api.Error' "500": description: Internal Server Error schema: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Start workflow execution + summary: Create an Authorization Boundary Diagram tags: - - Workflow Executions - /workflows/executions/{id}: - get: - description: Get workflow execution by ID + - System Security Plans + /oscal/system-security-plans/{id}/system-characteristics/authorization-boundary/diagrams/{diagram}: + delete: + description: Deletes a specific Diagram under the Authorization Boundary of + a System Security Plan. parameters: - - description: Workflow Execution ID + - description: System Security Plan ID in: path name: id required: true type: string + - description: Diagram ID + in: path + name: diagram + required: true + type: string produces: - application/json responses: - "200": - description: OK - schema: - $ref: '#/definitions/workflows.WorkflowExecutionResponse' + "204": + description: No Content "400": description: Bad Request schema: @@ -21265,33 +15169,38 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Get workflow execution + summary: Delete an Authorization Boundary Diagram tags: - - Workflow Executions - /workflows/executions/{id}/cancel: + - System Security Plans put: consumes: - application/json - description: Cancel a running workflow execution + description: Updates a specific Diagram under the Authorization Boundary of + a System Security Plan. parameters: - - description: Workflow Execution ID + - description: System Security Plan ID in: path name: id required: true type: string - - description: Cancel details + - description: Diagram ID + in: path + name: diagram + required: true + type: string + - description: Updated Diagram object in: body - name: request + name: diagram required: true schema: - $ref: '#/definitions/workflows.CancelWorkflowExecutionRequest' + $ref: '#/definitions/oscalTypes_1_1_3.Diagram' produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/workflows.WorkflowExecutionResponse' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Diagram' "400": description: Bad Request schema: @@ -21310,14 +15219,14 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Cancel workflow execution + summary: Update an Authorization Boundary Diagram tags: - - Workflow Executions - /workflows/executions/{id}/metrics: + - System Security Plans + /oscal/system-security-plans/{id}/system-characteristics/data-flow: get: - description: Get performance metrics for a workflow execution + description: Retrieves the Data Flow for a given System Security Plan. parameters: - - description: Workflow Execution ID + - description: System Security Plan ID in: path name: id required: true @@ -21328,7 +15237,7 @@ paths: "200": description: OK schema: - $ref: '#/definitions/workflows.WorkflowExecutionMetricsResponse' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_DataFlow' "400": description: Bad Request schema: @@ -21347,33 +15256,34 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Get workflow execution metrics + summary: Get Data Flow tags: - - Workflow Executions - /workflows/executions/{id}/reassign-role: - put: + - System Security Plans + /oscal/system-security-plans/{id}/system-characteristics/data-flow/diagrams: + post: consumes: - application/json - description: Reassign eligible steps in an execution for a given role + description: Creates a new Diagram under the Data Flow of a System Security + Plan. parameters: - - description: Workflow Execution ID + - description: System Security Plan ID in: path name: id required: true type: string - - description: Bulk reassignment details + - description: Diagram object to create in: body - name: request + name: diagram required: true schema: - $ref: '#/definitions/workflows.ReassignRoleRequest' + $ref: '#/definitions/oscalTypes_1_1_3.Diagram' produces: - application/json responses: - "200": - description: OK + "201": + description: Created schema: - $ref: '#/definitions/workflows.BulkReassignRoleResponse' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Diagram' "400": description: Bad Request schema: @@ -21392,25 +15302,29 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Bulk reassign steps by role + summary: Create a Data Flow Diagram tags: - - Workflow Executions - /workflows/executions/{id}/retry: - post: - description: Create a new execution to retry a failed workflow + - System Security Plans + /oscal/system-security-plans/{id}/system-characteristics/data-flow/diagrams/{diagram}: + delete: + description: Deletes a specific Diagram under the Data Flow of a System Security + Plan. parameters: - - description: Workflow Execution ID + - description: System Security Plan ID in: path name: id required: true type: string + - description: Diagram ID + in: path + name: diagram + required: true + type: string produces: - application/json responses: - "201": - description: Created - schema: - $ref: '#/definitions/workflows.WorkflowExecutionResponse' + "204": + description: No Content "400": description: Bad Request schema: @@ -21429,25 +15343,38 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Retry workflow execution + summary: Delete a Data Flow Diagram tags: - - Workflow Executions - /workflows/executions/{id}/status: - get: - description: Get detailed status of a workflow execution including step counts + - System Security Plans + put: + consumes: + - application/json + description: Updates a specific Diagram under the Data Flow of a System Security + Plan. parameters: - - description: Workflow Execution ID + - description: System Security Plan ID in: path name: id required: true type: string + - description: Diagram ID + in: path + name: diagram + required: true + type: string + - description: Updated Diagram object + in: body + name: diagram + required: true + schema: + $ref: '#/definitions/oscalTypes_1_1_3.Diagram' produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/workflows.WorkflowExecutionStatusResponse' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Diagram' "400": description: Bad Request schema: @@ -21466,63 +15393,26 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Get workflow execution status + summary: Update a Data Flow Diagram tags: - - Workflow Executions - /workflows/instances: + - System Security Plans + /oscal/system-security-plans/{id}/system-characteristics/network-architecture: get: - description: List all workflow instances with optional filtering + description: Retrieves the Network Architecture for a given System Security + Plan. parameters: - - description: Filter by Workflow Definition ID - in: query - name: workflow_definition_id - type: string - - description: Filter by System Security Plan ID - in: query - name: system_security_plan_id + - description: System Security Plan ID + in: path + name: id + required: true type: string - - description: Filter by Active Status - in: query - name: is_active - type: boolean produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/workflows.WorkflowInstanceListResponse' - "401": - description: Unauthorized - schema: - $ref: '#/definitions/api.Error' - "500": - description: Internal Server Error - schema: - $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: List workflow instances - tags: - - Workflow Instances - post: - consumes: - - application/json - description: Create a new workflow instance for a specific system - parameters: - - description: Workflow instance details - in: body - name: request - required: true - schema: - $ref: '#/definitions/workflows.CreateWorkflowInstanceRequest' - produces: - - application/json - responses: - "201": - description: Created - schema: - $ref: '#/definitions/workflows.WorkflowInstanceResponse' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_NetworkArchitecture' "400": description: Bad Request schema: @@ -21531,29 +15421,44 @@ paths: description: Unauthorized schema: $ref: '#/definitions/api.Error' + "404": + description: Not Found + schema: + $ref: '#/definitions/api.Error' "500": description: Internal Server Error schema: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Create workflow instance + summary: Get Network Architecture tags: - - Workflow Instances - /workflows/instances/{id}: - delete: - description: Delete workflow instance by ID + - System Security Plans + /oscal/system-security-plans/{id}/system-characteristics/network-architecture/diagrams: + post: + consumes: + - application/json + description: Creates a new Diagram under the Network Architecture of a System + Security Plan. parameters: - - description: Workflow Instance ID + - description: System Security Plan ID in: path name: id required: true - type: string + type: string + - description: Diagram object to create + in: body + name: diagram + required: true + schema: + $ref: '#/definitions/oscalTypes_1_1_3.Diagram' produces: - application/json responses: - "204": - description: No Content + "201": + description: Created + schema: + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Diagram' "400": description: Bad Request schema: @@ -21572,24 +15477,29 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Delete workflow instance + summary: Create a Network Architecture Diagram tags: - - Workflow Instances - get: - description: Get workflow instance by ID + - System Security Plans + /oscal/system-security-plans/{id}/system-characteristics/network-architecture/diagrams/{diagram}: + delete: + description: Deletes a specific Diagram under the Network Architecture of a + System Security Plan. parameters: - - description: Workflow Instance ID + - description: System Security Plan ID in: path name: id required: true type: string + - description: Diagram ID + in: path + name: diagram + required: true + type: string produces: - application/json responses: - "200": - description: OK - schema: - $ref: '#/definitions/workflows.WorkflowInstanceResponse' + "204": + description: No Content "400": description: Bad Request schema: @@ -21608,32 +15518,38 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Get workflow instance + summary: Delete a Network Architecture Diagram tags: - - Workflow Instances + - System Security Plans put: consumes: - application/json - description: Update workflow instance by ID + description: Updates a specific Diagram under the Network Architecture of a + System Security Plan. parameters: - - description: Workflow Instance ID + - description: System Security Plan ID in: path name: id required: true type: string - - description: Updated workflow instance details + - description: Diagram ID + in: path + name: diagram + required: true + type: string + - description: Updated Diagram object in: body - name: request + name: diagram required: true schema: - $ref: '#/definitions/workflows.UpdateWorkflowInstanceRequest' + $ref: '#/definitions/oscalTypes_1_1_3.Diagram' produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/workflows.WorkflowInstanceResponse' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Diagram' "400": description: Bad Request schema: @@ -21652,14 +15568,15 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Update workflow instance + summary: Update a Network Architecture Diagram tags: - - Workflow Instances - /workflows/instances/{id}/activate: - put: - description: Activate a workflow instance to enable scheduled executions + - System Security Plans + /oscal/system-security-plans/{id}/system-implementation: + get: + description: Retrieves the System Implementation for a given System Security + Plan. parameters: - - description: Workflow Instance ID + - description: System Security Plan ID in: path name: id required: true @@ -21670,7 +15587,7 @@ paths: "200": description: OK schema: - $ref: '#/definitions/workflows.WorkflowInstanceResponse' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_SystemImplementation' "400": description: Bad Request schema: @@ -21689,25 +15606,32 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Activate workflow instance + summary: Get System Implementation tags: - - Workflow Instances - /workflows/instances/{id}/deactivate: + - System Security Plans put: - description: Deactivate a workflow instance to disable scheduled executions + consumes: + - application/json + description: Updates the System Implementation for a given System Security Plan. parameters: - - description: Workflow Instance ID + - description: System Security Plan ID in: path name: id required: true type: string + - description: Updated System Implementation object + in: body + name: system-implementation + required: true + schema: + $ref: '#/definitions/oscalTypes_1_1_3.SystemImplementation' produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/workflows.WorkflowInstanceResponse' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_SystemImplementation' "400": description: Bad Request schema: @@ -21726,20 +15650,18 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Deactivate workflow instance + summary: Update System Implementation tags: - - Workflow Instances - /workflows/role-assignments: + - System Security Plans + /oscal/system-security-plans/{id}/system-implementation/components: get: - description: List all role assignments, optionally filtered by workflow instance + description: Retrieves components in the System Implementation for a given System + Security Plan. parameters: - - description: Workflow Instance ID - in: query - name: workflow_instance_id - type: string - - description: Role Name - in: query - name: role_name + - description: System Security Plan ID + in: path + name: id + required: true type: string produces: - application/json @@ -21747,7 +15669,7 @@ paths: "200": description: OK schema: - $ref: '#/definitions/workflows.RoleAssignmentListResponse' + $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_SystemComponent' "400": description: Bad Request schema: @@ -21756,59 +15678,71 @@ paths: description: Unauthorized schema: $ref: '#/definitions/api.Error' + "404": + description: Not Found + schema: + $ref: '#/definitions/api.Error' "500": description: Internal Server Error schema: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: List role assignments + summary: List System Implementation Components tags: - - Role Assignments + - System Security Plans post: consumes: - application/json - description: Create a new role assignment for a workflow instance + description: Creates a new system component for a given SSP. parameters: - - description: Role assignment details + - description: SSP ID + in: path + name: id + required: true + type: string + - description: System Component data in: body - name: request + name: component required: true schema: - $ref: '#/definitions/workflows.CreateRoleAssignmentRequest' + $ref: '#/definitions/oscalTypes_1_1_3.SystemComponent' produces: - application/json responses: "201": description: Created schema: - $ref: '#/definitions/workflows.RoleAssignmentResponse' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_SystemComponent' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "401": - description: Unauthorized + "404": + description: Not Found schema: $ref: '#/definitions/api.Error' "500": description: Internal Server Error schema: $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Create role assignment + summary: Create a new system component tags: - - Role Assignments - /workflows/role-assignments/{id}: + - System Security Plans + /oscal/system-security-plans/{id}/system-implementation/components/{componentId}: delete: - description: Delete a role assignment + description: Deletes an existing system component for a given SSP. parameters: - - description: Role Assignment ID + - description: SSP ID in: path name: id required: true type: string + - description: Component ID + in: path + name: componentId + required: true + type: string responses: "204": description: No Content @@ -21816,10 +15750,6 @@ paths: description: Bad Request schema: $ref: '#/definitions/api.Error' - "401": - description: Unauthorized - schema: - $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -21828,26 +15758,30 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Delete role assignment + summary: Delete a system component tags: - - Role Assignments + - System Security Plans get: - description: Get role assignment by ID + description: Retrieves component in the System Implementation for a given System + Security Plan. parameters: - - description: Role Assignment ID + - description: System Security Plan ID in: path name: id required: true type: string + - description: Component ID + in: path + name: componentId + required: true + type: string produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/workflows.RoleAssignmentResponse' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_SystemComponent' "400": description: Bad Request schema: @@ -21866,40 +15800,41 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Get role assignment + summary: Get System Implementation Component tags: - - Role Assignments + - System Security Plans put: consumes: - application/json - description: Update an existing role assignment + description: Updates an existing system component for a given SSP. parameters: - - description: Role Assignment ID + - description: SSP ID in: path name: id required: true type: string - - description: Update details + - description: Component ID + in: path + name: componentId + required: true + type: string + - description: System Component data in: body - name: request + name: component required: true schema: - $ref: '#/definitions/workflows.UpdateRoleAssignmentRequest' + $ref: '#/definitions/oscalTypes_1_1_3.SystemComponent' produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/workflows.RoleAssignmentResponse' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_SystemComponent' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "401": - description: Unauthorized - schema: - $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -21908,16 +15843,15 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Update role assignment + summary: Update a system component tags: - - Role Assignments - /workflows/role-assignments/{id}/activate: - put: - description: Activate a role assignment + - System Security Plans + /oscal/system-security-plans/{id}/system-implementation/inventory-items: + get: + description: Retrieves inventory items in the System Implementation for a given + System Security Plan. parameters: - - description: Role Assignment ID + - description: System Security Plan ID in: path name: id required: true @@ -21928,7 +15862,7 @@ paths: "200": description: OK schema: - $ref: '#/definitions/workflows.RoleAssignmentResponse' + $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_InventoryItem' "400": description: Bad Request schema: @@ -21947,31 +15881,66 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Activate role assignment + summary: List System Implementation Inventory Items tags: - - Role Assignments - /workflows/role-assignments/{id}/deactivate: - put: - description: Deactivate a role assignment + - System Security Plans + post: + consumes: + - application/json + description: Creates a new inventory item for a given SSP. parameters: - - description: Role Assignment ID + - description: SSP ID in: path name: id required: true type: string + - description: Inventory Item data + in: body + name: item + required: true + schema: + $ref: '#/definitions/oscalTypes_1_1_3.InventoryItem' produces: - application/json responses: - "200": - description: OK + "201": + description: Created schema: - $ref: '#/definitions/workflows.RoleAssignmentResponse' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_InventoryItem' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "401": - description: Unauthorized + "404": + description: Not Found + schema: + $ref: '#/definitions/api.Error' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/api.Error' + summary: Create a new inventory item + tags: + - System Security Plans + /oscal/system-security-plans/{id}/system-implementation/inventory-items/{itemId}: + delete: + description: Deletes an existing inventory item for a given SSP. + parameters: + - description: SSP ID + in: path + name: id + required: true + type: string + - description: Item ID + in: path + name: itemId + required: true + type: string + responses: + "204": + description: No Content + "400": + description: Bad Request schema: $ref: '#/definitions/api.Error' "404": @@ -21982,49 +15951,58 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Deactivate role assignment + summary: Delete an inventory item tags: - - Role Assignments - /workflows/step-executions: - get: - description: List all step executions for a workflow execution + - System Security Plans + put: + consumes: + - application/json + description: Updates an existing inventory item for a given SSP. parameters: - - description: Workflow Execution ID - in: query - name: workflow_execution_id + - description: SSP ID + in: path + name: id required: true type: string + - description: Item ID + in: path + name: itemId + required: true + type: string + - description: Inventory Item data + in: body + name: item + required: true + schema: + $ref: '#/definitions/oscalTypes_1_1_3.InventoryItem' produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/workflows.StepExecutionListResponse' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_InventoryItem' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "401": - description: Unauthorized + "404": + description: Not Found schema: $ref: '#/definitions/api.Error' "500": description: Internal Server Error schema: $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: List step executions + summary: Update an inventory item tags: - - Step Executions - /workflows/step-executions/{id}: + - System Security Plans + /oscal/system-security-plans/{id}/system-implementation/leveraged-authorizations: get: - description: Get step execution by ID + description: Retrieves leveraged authorizations in the System Implementation + for a given System Security Plan. parameters: - - description: Step Execution ID + - description: System Security Plan ID in: path name: id required: true @@ -22035,7 +16013,7 @@ paths: "200": description: OK schema: - $ref: '#/definitions/workflows.StepExecutionResponse' + $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_LeveragedAuthorization' "400": description: Bad Request schema: @@ -22054,36 +16032,32 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Get step execution + summary: List System Implementation Leveraged Authorizations tags: - - Step Executions - /workflows/step-executions/{id}/can-transition: - get: - description: Check if a user has permission to transition a step execution + - System Security Plans + post: + consumes: + - application/json + description: Creates a new leveraged authorization for a given SSP. parameters: - - description: Step Execution ID + - description: SSP ID in: path name: id required: true type: string - - description: User ID - in: query - name: user_id - required: true - type: string - - description: User Type (user, group, email) - in: query - name: user_type + - description: Leveraged Authorization data + in: body + name: auth required: true - type: string + schema: + $ref: '#/definitions/oscalTypes_1_1_3.LeveragedAuthorization' produces: - application/json responses: - "200": - description: OK + "201": + description: Created schema: - additionalProperties: true - type: object + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_LeveragedAuthorization' "400": description: Bad Request schema: @@ -22096,28 +16070,26 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Check if user can transition step + summary: Create a new leveraged authorization tags: - - Step Executions - /workflows/step-executions/{id}/evidence-requirements: - get: - description: Get the evidence requirements for a step execution + - System Security Plans + /oscal/system-security-plans/{id}/system-implementation/leveraged-authorizations/{authId}: + delete: + description: Deletes an existing leveraged authorization for a given SSP. parameters: - - description: Step Execution ID + - description: SSP ID in: path name: id required: true type: string - produces: - - application/json + - description: Authorization ID + in: path + name: authId + required: true + type: string responses: - "200": - description: OK - schema: - additionalProperties: true - type: object + "204": + description: No Content "400": description: Bad Request schema: @@ -22130,43 +16102,41 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Get evidence requirements for step + summary: Delete a leveraged authorization tags: - - Step Executions - /workflows/step-executions/{id}/fail: + - System Security Plans put: consumes: - application/json - description: Mark a step execution as failed with a reason + description: Updates an existing leveraged authorization for a given SSP. parameters: - - description: Step Execution ID + - description: SSP ID in: path name: id required: true type: string - - description: Failure details + - description: Authorization ID + in: path + name: authId + required: true + type: string + - description: Leveraged Authorization data in: body - name: request + name: auth required: true schema: - $ref: '#/definitions/workflows.FailStepRequest' + $ref: '#/definitions/oscalTypes_1_1_3.LeveragedAuthorization' produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/workflows.StepExecutionResponse' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_LeveragedAuthorization' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "401": - description: Unauthorized - schema: - $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -22175,35 +16145,26 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Fail step execution + summary: Update a leveraged authorization tags: - - Step Executions - /workflows/step-executions/{id}/reassign: - put: - consumes: - - application/json - description: Reassign a step execution to a new assignee + - System Security Plans + /oscal/system-security-plans/{id}/system-implementation/users: + get: + description: Retrieves users in the System Implementation for a given System + Security Plan. parameters: - - description: Step Execution ID + - description: System Security Plan ID in: path name: id required: true type: string - - description: Reassignment details - in: body - name: request - required: true - schema: - $ref: '#/definitions/workflows.ReassignStepRequest' produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/workflows.StepExecutionResponse' + $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_SystemUser' "400": description: Bad Request schema: @@ -22222,46 +16183,36 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Reassign step execution + summary: List System Implementation Users tags: - - Step Executions - /workflows/step-executions/{id}/transition: - put: + - System Security Plans + post: consumes: - application/json - description: Transition a step execution status with role verification and evidence - validation + description: Creates a new system user for a given SSP. parameters: - - description: Step Execution ID + - description: SSP ID in: path name: id required: true type: string - - description: Transition request + - description: System User data in: body - name: request + name: user required: true schema: - $ref: '#/definitions/workflows.TransitionStepRequest' + $ref: '#/definitions/oscalTypes_1_1_3.SystemUser' produces: - application/json responses: - "200": - description: OK + "201": + description: Created schema: - $ref: '#/definitions/workflows.StepExecutionResponse' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_SystemUser' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "401": - description: Unauthorized - schema: - $ref: '#/definitions/api.Error' - "403": - description: Forbidden - schema: - $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -22270,115 +16221,106 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Transition step execution status + summary: Create a new system user tags: - - Step Executions - /workflows/step-executions/my: - get: - description: List all step executions assigned to the current user with optional - filters and pagination + - System Security Plans + /oscal/system-security-plans/{id}/system-implementation/users/{userId}: + delete: + description: Deletes an existing system user for a given SSP. parameters: - - description: Filter by status (pending, in_progress, blocked) - in: query - name: status - type: string - - description: Filter by due date before (RFC3339 format) - in: query - name: due_before - type: string - - description: Filter by due date after (RFC3339 format) - in: query - name: due_after + - description: SSP ID + in: path + name: id + required: true type: string - - description: Filter by workflow definition ID - in: query - name: workflow_definition_id + - description: User ID + in: path + name: userId + required: true type: string - - description: Limit (default 20, max 100) - in: query - name: limit - type: integer - - description: Offset (default 0) - in: query - name: offset - type: integer - produces: - - application/json responses: - "200": - description: OK - schema: - $ref: '#/definitions/workflows.MyAssignmentsResponse' + "204": + description: No Content "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "401": - description: Unauthorized + "404": + description: Not Found schema: $ref: '#/definitions/api.Error' "500": description: Internal Server Error schema: $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: List my step assignments + summary: Delete a system user tags: - - Step Executions - /workflows/steps: - get: - description: List all step definitions for a workflow definition + - System Security Plans + put: + consumes: + - application/json + description: Updates an existing system user for a given SSP. parameters: - - description: Workflow Definition ID - in: query - name: workflow_definition_id + - description: SSP ID + in: path + name: id + required: true + type: string + - description: User ID + in: path + name: userId required: true type: string + - description: System User data + in: body + name: user + required: true + schema: + $ref: '#/definitions/oscalTypes_1_1_3.SystemUser' produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/workflows.WorkflowStepDefinitionListResponse' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_SystemUser' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "401": - description: Unauthorized + "404": + description: Not Found schema: $ref: '#/definitions/api.Error' "500": description: Internal Server Error schema: $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: List workflow step definitions + summary: Update a system user tags: - - Workflow Step Definitions + - System Security Plans + /users/{id}/change-password: post: consumes: - application/json - description: Create a new step definition for a workflow + description: Changes the password for a user by ID parameters: - - description: Step definition details + - description: User ID + in: path + name: id + required: true + type: string + - description: Change Password Request in: body - name: request + name: changePasswordRequest required: true schema: - $ref: '#/definitions/workflows.CreateWorkflowStepDefinitionRequest' + $ref: '#/definitions/handler.UserHandler' produces: - application/json responses: - "201": - description: Created - schema: - $ref: '#/definitions/workflows.WorkflowStepDefinitionResponse' + "204": + description: No Content "400": description: Bad Request schema: @@ -22387,33 +16329,29 @@ paths: description: Unauthorized schema: $ref: '#/definitions/api.Error' + "404": + description: Not Found + schema: + $ref: '#/definitions/api.Error' "500": description: Internal Server Error schema: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Create workflow step definition + summary: Change password for a specific user tags: - - Workflow Step Definitions - /workflows/steps/{id}: - delete: - description: Delete workflow step definition by ID - parameters: - - description: Step Definition ID - in: path - name: id - required: true - type: string + - Users + /users/me: + get: + description: Retrieves the details of the currently logged-in user produces: - application/json responses: - "204": - description: No Content - "400": - description: Bad Request + "200": + description: OK schema: - $ref: '#/definitions/api.Error' + $ref: '#/definitions/handler.GenericDataResponse-relational_User' "401": description: Unauthorized schema: @@ -22428,24 +16366,26 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Delete workflow step definition + summary: Get logged-in user details tags: - - Workflow Step Definitions - get: - description: Get workflow step definition by ID + - Users + /users/me/change-password: + post: + consumes: + - application/json + description: Changes the password for the currently logged-in user parameters: - - description: Step Definition ID - in: path - name: id + - description: Change Password Request + in: body + name: changePasswordRequest required: true - type: string + schema: + $ref: '#/definitions/handler.UserHandler' produces: - application/json responses: - "200": - description: OK - schema: - $ref: '#/definitions/workflows.WorkflowStepDefinitionResponse' + "204": + description: No Content "400": description: Bad Request schema: @@ -22454,46 +16394,25 @@ paths: description: Unauthorized schema: $ref: '#/definitions/api.Error' - "404": - description: Not Found - schema: - $ref: '#/definitions/api.Error' "500": description: Internal Server Error schema: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Get workflow step definition + summary: Change password for logged-in user tags: - - Workflow Step Definitions - put: - consumes: - - application/json - description: Update workflow step definition by ID - parameters: - - description: Step Definition ID - in: path - name: id - required: true - type: string - - description: Updated step definition details - in: body - name: request - required: true - schema: - $ref: '#/definitions/workflows.UpdateWorkflowStepDefinitionRequest' + - Users + /users/me/digest-subscription: + get: + description: Gets the current user's digest email subscription status produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/workflows.WorkflowStepDefinitionResponse' - "400": - description: Bad Request - schema: - $ref: '#/definitions/api.Error' + $ref: '#/definitions/handler.GenericDataResponse-handler_UserHandler' "401": description: Unauthorized schema: @@ -22508,25 +16427,27 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Update workflow step definition + summary: Get digest subscription status tags: - - Workflow Step Definitions - /workflows/steps/{id}/dependencies: - get: - description: Get all dependencies for a workflow step definition + - Users + put: + consumes: + - application/json + description: Updates the current user's digest email subscription status parameters: - - description: Step Definition ID - in: path - name: id + - description: Subscription status + in: body + name: subscription required: true - type: string + schema: + $ref: '#/definitions/handler.UserHandler' produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/workflows.WorkflowStepDefinitionListResponse' + $ref: '#/definitions/handler.GenericDataResponse-handler_UserHandler' "400": description: Bad Request schema: @@ -22545,9 +16466,9 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Get step dependencies + summary: Update digest subscription status tags: - - Workflow Step Definitions + - Users produces: - application/json securityDefinitions: diff --git a/internal/api/handler/oscal/profiles.go b/internal/api/handler/oscal/profiles.go index 968b5945..78a76c7f 100644 --- a/internal/api/handler/oscal/profiles.go +++ b/internal/api/handler/oscal/profiles.go @@ -71,7 +71,7 @@ func (h *ProfileHandler) Register(api *echo.Group) { // @Tags Profile // @Accept json // @Produce json -// @Param request body oscal.ProfileHandler.BuildByProps.request true "Prop matching request" +// @Param request body oscal.ProfileHandler.BuildByProps.request true "Prop matching request" // @Success 201 {object} handler.GenericDataResponse[oscal.ProfileHandler.BuildByProps.response] // @Failure 400 {object} api.Error // @Failure 401 {object} api.Error From 1239f6bc675984b5764f1bd64aa8fcad5827071e Mon Sep 17 00:00:00 2001 From: akabdulhanif Date: Mon, 26 Jan 2026 17:33:40 +0000 Subject: [PATCH 10/28] lint(api): use strings.EqualFold for case-insensitive prop name/ns comparisons --- internal/api/handler/oscal/profiles.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/internal/api/handler/oscal/profiles.go b/internal/api/handler/oscal/profiles.go index 78a76c7f..3c189fd5 100644 --- a/internal/api/handler/oscal/profiles.go +++ b/internal/api/handler/oscal/profiles.go @@ -259,10 +259,10 @@ func matchControlByProps(ctl *relational.Control, rules []rule, matchAll bool) b return false } eval := func(r rule, p relational.Prop) bool { - if r.Name != "" && strings.ToLower(r.Name) != strings.ToLower(p.Name) { + if r.Name != "" && !strings.EqualFold(r.Name, p.Name) { return false } - if r.Ns != "" && strings.ToLower(r.Ns) != strings.ToLower(p.Ns) { + if r.Ns != "" && !strings.EqualFold(r.Ns, p.Ns) { return false } switch strings.ToLower(r.Operator) { From dcd2b517ac0bb91f48a30460c95b4e9501cad635 Mon Sep 17 00:00:00 2001 From: akabdulhanif Date: Tue, 27 Jan 2026 22:35:26 +0000 Subject: [PATCH 11/28] docs(api): define BuildByPropsRequest/Response types and regenerate swagger to reflect correct payload schema --- docs/docs.go | 76 +++++++++++++++++++++++++- docs/swagger.json | 76 +++++++++++++++++++++++++- docs/swagger.yaml | 50 ++++++++++++++++- internal/api/handler/oscal/profiles.go | 38 +++++++------ 4 files changed, 217 insertions(+), 23 deletions(-) diff --git a/docs/docs.go b/docs/docs.go index 1df8780f..ed533f7d 100644 --- a/docs/docs.go +++ b/docs/docs.go @@ -11667,7 +11667,7 @@ const docTemplate = `{ "in": "body", "required": true, "schema": { - "$ref": "#/definitions/oscal.ProfileHandler" + "$ref": "#/definitions/oscal.BuildByPropsRequest" } } ], @@ -11675,7 +11675,7 @@ const docTemplate = `{ "201": { "description": "Created", "schema": { - "$ref": "#/definitions/handler.GenericDataResponse-oscal_ProfileHandler" + "$ref": "#/definitions/handler.GenericDataResponse-oscal_BuildByPropsResponse" } }, "400": { @@ -18349,6 +18349,19 @@ const docTemplate = `{ } } }, + "handler.GenericDataResponse-oscal_BuildByPropsResponse": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscal.BuildByPropsResponse" + } + ] + } + } + }, "handler.GenericDataResponse-oscal_ImportResponse": { "type": "object", "properties": { @@ -18655,6 +18668,47 @@ const docTemplate = `{ } } }, + "oscal.BuildByPropsRequest": { + "type": "object", + "properties": { + "catalogId": { + "type": "string" + }, + "matchStrategy": { + "description": "all | any", + "type": "string" + }, + "rules": { + "type": "array", + "items": { + "$ref": "#/definitions/oscal.rule" + } + }, + "title": { + "type": "string" + }, + "version": { + "type": "string" + } + } + }, + "oscal.BuildByPropsResponse": { + "type": "object", + "properties": { + "controlIds": { + "type": "array", + "items": { + "type": "string" + } + }, + "profile": { + "$ref": "#/definitions/oscalTypes_1_1_3.Profile" + }, + "profileId": { + "type": "string" + } + } + }, "oscal.CreateInventoryItemRequest": { "type": "object", "properties": { @@ -18760,6 +18814,24 @@ const docTemplate = `{ "oscal.ProfileHandler": { "type": "object" }, + "oscal.rule": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "ns": { + "type": "string" + }, + "operator": { + "description": "equals | contains | regex | in", + "type": "string" + }, + "value": { + "type": "string" + } + } + }, "oscalTypes_1_1_3.Action": { "type": "object", "properties": { diff --git a/docs/swagger.json b/docs/swagger.json index 6311b1ce..5e69bd7c 100644 --- a/docs/swagger.json +++ b/docs/swagger.json @@ -11661,7 +11661,7 @@ "in": "body", "required": true, "schema": { - "$ref": "#/definitions/oscal.ProfileHandler" + "$ref": "#/definitions/oscal.BuildByPropsRequest" } } ], @@ -11669,7 +11669,7 @@ "201": { "description": "Created", "schema": { - "$ref": "#/definitions/handler.GenericDataResponse-oscal_ProfileHandler" + "$ref": "#/definitions/handler.GenericDataResponse-oscal_BuildByPropsResponse" } }, "400": { @@ -18343,6 +18343,19 @@ } } }, + "handler.GenericDataResponse-oscal_BuildByPropsResponse": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscal.BuildByPropsResponse" + } + ] + } + } + }, "handler.GenericDataResponse-oscal_ImportResponse": { "type": "object", "properties": { @@ -18649,6 +18662,47 @@ } } }, + "oscal.BuildByPropsRequest": { + "type": "object", + "properties": { + "catalogId": { + "type": "string" + }, + "matchStrategy": { + "description": "all | any", + "type": "string" + }, + "rules": { + "type": "array", + "items": { + "$ref": "#/definitions/oscal.rule" + } + }, + "title": { + "type": "string" + }, + "version": { + "type": "string" + } + } + }, + "oscal.BuildByPropsResponse": { + "type": "object", + "properties": { + "controlIds": { + "type": "array", + "items": { + "type": "string" + } + }, + "profile": { + "$ref": "#/definitions/oscalTypes_1_1_3.Profile" + }, + "profileId": { + "type": "string" + } + } + }, "oscal.CreateInventoryItemRequest": { "type": "object", "properties": { @@ -18754,6 +18808,24 @@ "oscal.ProfileHandler": { "type": "object" }, + "oscal.rule": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "ns": { + "type": "string" + }, + "operator": { + "description": "equals | contains | regex | in", + "type": "string" + }, + "value": { + "type": "string" + } + } + }, "oscalTypes_1_1_3.Action": { "type": "object", "properties": { diff --git a/docs/swagger.yaml b/docs/swagger.yaml index 05e28061..15e23b1a 100644 --- a/docs/swagger.yaml +++ b/docs/swagger.yaml @@ -780,6 +780,13 @@ definitions: - $ref: '#/definitions/handler.UserHandler' description: Items from the list response type: object + handler.GenericDataResponse-oscal_BuildByPropsResponse: + properties: + data: + allOf: + - $ref: '#/definitions/oscal.BuildByPropsResponse' + description: Items from the list response + type: object handler.GenericDataResponse-oscal_ImportResponse: properties: data: @@ -1335,6 +1342,33 @@ definitions: query: $ref: '#/definitions/labelfilter.Query' type: object + oscal.BuildByPropsRequest: + properties: + catalogId: + type: string + matchStrategy: + description: all | any + type: string + rules: + items: + $ref: '#/definitions/oscal.rule' + type: array + title: + type: string + version: + type: string + type: object + oscal.BuildByPropsResponse: + properties: + controlIds: + items: + type: string + type: array + profile: + $ref: '#/definitions/oscalTypes_1_1_3.Profile' + profileId: + type: string + type: object oscal.CreateInventoryItemRequest: properties: destination: @@ -1404,6 +1438,18 @@ definitions: type: object oscal.ProfileHandler: type: object + oscal.rule: + properties: + name: + type: string + ns: + type: string + operator: + description: equals | contains | regex | in + type: string + value: + type: string + type: object oscalTypes_1_1_3.Action: properties: date: @@ -13758,14 +13804,14 @@ paths: name: request required: true schema: - $ref: '#/definitions/oscal.ProfileHandler' + $ref: '#/definitions/oscal.BuildByPropsRequest' produces: - application/json responses: "201": description: Created schema: - $ref: '#/definitions/handler.GenericDataResponse-oscal_ProfileHandler' + $ref: '#/definitions/handler.GenericDataResponse-oscal_BuildByPropsResponse' "400": description: Bad Request schema: diff --git a/internal/api/handler/oscal/profiles.go b/internal/api/handler/oscal/profiles.go index 3c189fd5..8e22654d 100644 --- a/internal/api/handler/oscal/profiles.go +++ b/internal/api/handler/oscal/profiles.go @@ -33,6 +33,22 @@ type rule struct { Value string `json:"value"` } +// BuildByPropsRequest represents the payload to build a Profile by matching control props. +type BuildByPropsRequest struct { + CatalogID string `json:"catalogId"` + MatchStrategy string `json:"matchStrategy"` // all | any + Rules []rule `json:"rules"` + Title string `json:"title"` + Version string `json:"version"` +} + +// BuildByPropsResponse represents the response payload for Profile build-by-props. +type BuildByPropsResponse struct { + ProfileID uuid.UUID `json:"profileId"` + ControlIDs []string `json:"controlIds"` + Profile oscalTypes_1_1_3.Profile `json:"profile"` +} + func NewProfileHandler(sugar *zap.SugaredLogger, db *gorm.DB) *ProfileHandler { return &ProfileHandler{ sugar: sugar, @@ -71,8 +87,8 @@ func (h *ProfileHandler) Register(api *echo.Group) { // @Tags Profile // @Accept json // @Produce json -// @Param request body oscal.ProfileHandler.BuildByProps.request true "Prop matching request" -// @Success 201 {object} handler.GenericDataResponse[oscal.ProfileHandler.BuildByProps.response] +// @Param request body oscal.BuildByPropsRequest true "Prop matching request" +// @Success 201 {object} handler.GenericDataResponse[oscal.BuildByPropsResponse] // @Failure 400 {object} api.Error // @Failure 401 {object} api.Error // @Failure 404 {object} api.Error @@ -80,19 +96,7 @@ func (h *ProfileHandler) Register(api *echo.Group) { // @Security OAuth2Password // @Router /oscal/profiles/build-props [post] func (h *ProfileHandler) BuildByProps(ctx echo.Context) error { - type request struct { - CatalogID string `json:"catalogId"` - MatchStrategy string `json:"matchStrategy"` // all | any - Rules []rule `json:"rules"` - Title string `json:"title"` - Version string `json:"version"` - } - type response struct { - ProfileID uuid.UUID `json:"profileId"` - ControlIDs []string `json:"controlIds"` - Profile oscalTypes_1_1_3.Profile `json:"profile"` - } - var req request + var req BuildByPropsRequest var raw map[string]any if err := json.NewDecoder(ctx.Request().Body).Decode(&raw); err != nil { h.sugar.Warnw("failed to decode BuildByProps request", "error", err) @@ -245,8 +249,8 @@ func (h *ProfileHandler) BuildByProps(ctx echo.Context) error { return ctx.JSON(http.StatusInternalServerError, api.NewError(err)) } oscalProfile := fullProfile.MarshalOscal() - return ctx.JSON(http.StatusCreated, handler.GenericDataResponse[response]{ - Data: response{ + return ctx.JSON(http.StatusCreated, handler.GenericDataResponse[BuildByPropsResponse]{ + Data: BuildByPropsResponse{ ProfileID: *profile.ID, ControlIDs: matchedIDs, Profile: *oscalProfile, From 85db3904dfc87219b9ad076f59d742aeb62ce5fe Mon Sep 17 00:00:00 2001 From: akabdulhanif Date: Wed, 4 Mar 2026 10:10:02 +0000 Subject: [PATCH 12/28] =?UTF-8?q?feat(poam):=20Phase=201=20foundation=20?= =?UTF-8?q?=E2=80=93=20models,=20CRUD,=20swagger?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- docs/docs.go | 667 ++++++++++++++++++ docs/swagger.json | 667 ++++++++++++++++++ docs/swagger.yaml | 438 ++++++++++++ internal/api/handler/api.go | 155 +--- internal/api/handler/poam_items.go | 385 ++++++++++ .../handler/poam_items_integration_test.go | 115 +++ internal/service/migrator.go | 7 + internal/service/relational/poam_cf.go | 50 ++ internal/tests/migrate.go | 6 + 9 files changed, 2342 insertions(+), 148 deletions(-) create mode 100644 internal/api/handler/poam_items.go create mode 100644 internal/api/handler/poam_items_integration_test.go create mode 100644 internal/service/relational/poam_cf.go diff --git a/docs/docs.go b/docs/docs.go index ed533f7d..bbd82369 100644 --- a/docs/docs.go +++ b/docs/docs.go @@ -16291,6 +16291,439 @@ const docTemplate = `{ } } }, + "/poam-items": { + "get": { + "description": "List POAM items filtered by status, sspId, riskId, or deadlineBefore.", + "produces": [ + "application/json" + ], + "tags": [ + "POAM Items" + ], + "summary": "List POAM items", + "parameters": [ + { + "type": "string", + "description": "open|in-progress|completed|overdue", + "name": "status", + "in": "query" + }, + { + "type": "string", + "description": "SSP UUID", + "name": "sspId", + "in": "query" + }, + { + "type": "string", + "description": "Risk UUID", + "name": "riskId", + "in": "query" + }, + { + "type": "string", + "description": "RFC3339 timestamp", + "name": "deadlineBefore", + "in": "query" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/handler.GenericDataListResponse-relational_CcfPoamItem" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + } + }, + "post": { + "description": "Creates a POAM item with optional milestones and risk links in a single transaction.", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "tags": [ + "POAM Items" + ], + "summary": "Create a POAM item", + "parameters": [ + { + "description": "POAM item payload", + "name": "body", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/handler.createPoam" + } + } + ], + "responses": { + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/handler.GenericDataResponse-relational_CcfPoamItem" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + } + } + }, + "/poam-items/{id}": { + "get": { + "description": "Get a POAM item with its milestones and risk links.", + "produces": [ + "application/json" + ], + "tags": [ + "POAM Items" + ], + "summary": "Get POAM item", + "parameters": [ + { + "type": "string", + "description": "POAM item ID", + "name": "id", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/handler.GenericDataResponse-handler_PoamItemWithLinksResponse" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + } + }, + "put": { + "description": "Updates mutable fields of a POAM item.", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "tags": [ + "POAM Items" + ], + "summary": "Update POAM item", + "parameters": [ + { + "type": "string", + "description": "POAM item ID", + "name": "id", + "in": "path", + "required": true + }, + { + "description": "Fields to update", + "name": "body", + "in": "body", + "required": true, + "schema": { + "type": "object", + "additionalProperties": true + } + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/handler.GenericDataResponse-relational_CcfPoamItem" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + } + }, + "delete": { + "description": "Deletes a POAM item and cascades to milestones and risk links.", + "produces": [ + "application/json" + ], + "tags": [ + "POAM Items" + ], + "summary": "Delete POAM item", + "parameters": [ + { + "type": "string", + "description": "POAM item ID", + "name": "id", + "in": "path", + "required": true + } + ], + "responses": { + "204": { + "description": "no content", + "schema": { + "type": "string" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + } + } + }, + "/poam-items/{id}/milestones": { + "get": { + "description": "List all milestones for a POAM item.", + "produces": [ + "application/json" + ], + "tags": [ + "POAM Items" + ], + "summary": "List milestones", + "parameters": [ + { + "type": "string", + "description": "POAM item ID", + "name": "id", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/handler.GenericDataListResponse-relational_CcfPoamItemMilestone" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + } + }, + "post": { + "description": "Add a milestone to a POAM item.", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "tags": [ + "POAM Items" + ], + "summary": "Add milestone", + "parameters": [ + { + "type": "string", + "description": "POAM item ID", + "name": "id", + "in": "path", + "required": true + }, + { + "description": "Milestone payload", + "name": "body", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/handler.createMilestone" + } + } + ], + "responses": { + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/handler.GenericDataResponse-relational_CcfPoamItemMilestone" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + } + } + }, + "/poam-items/{id}/milestones/{milestoneId}": { + "put": { + "description": "Update milestone fields; when status becomes completed, sets completed_at.", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "tags": [ + "POAM Items" + ], + "summary": "Update milestone", + "parameters": [ + { + "type": "string", + "description": "POAM item ID", + "name": "id", + "in": "path", + "required": true + }, + { + "type": "string", + "description": "Milestone ID", + "name": "milestoneId", + "in": "path", + "required": true + }, + { + "description": "Fields to update", + "name": "body", + "in": "body", + "required": true, + "schema": { + "type": "object", + "additionalProperties": true + } + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/handler.GenericDataResponse-relational_CcfPoamItemMilestone" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + } + }, + "delete": { + "description": "Delete a milestone from a POAM item.", + "produces": [ + "application/json" + ], + "tags": [ + "POAM Items" + ], + "summary": "Delete milestone", + "parameters": [ + { + "type": "string", + "description": "POAM item ID", + "name": "id", + "in": "path", + "required": true + }, + { + "type": "string", + "description": "Milestone ID", + "name": "milestoneId", + "in": "path", + "required": true + } + ], + "responses": { + "204": { + "description": "no content", + "schema": { + "type": "string" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + } + } + }, "/users/me": { "get": { "description": "Retrieves the details of the currently logged-in user", @@ -17548,6 +17981,30 @@ const docTemplate = `{ } } }, + "handler.GenericDataListResponse-relational_CcfPoamItem": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "type": "array", + "items": { + "$ref": "#/definitions/relational.CcfPoamItem" + } + } + } + }, + "handler.GenericDataListResponse-relational_CcfPoamItemMilestone": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "type": "array", + "items": { + "$ref": "#/definitions/relational.CcfPoamItemMilestone" + } + } + } + }, "handler.GenericDataListResponse-relational_Evidence": { "type": "object", "properties": { @@ -17673,6 +18130,19 @@ const docTemplate = `{ } } }, + "handler.GenericDataResponse-handler_PoamItemWithLinksResponse": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/handler.PoamItemWithLinksResponse" + } + ] + } + } + }, "handler.GenericDataResponse-handler_UserHandler": { "type": "object", "properties": { @@ -18401,6 +18871,32 @@ const docTemplate = `{ } } }, + "handler.GenericDataResponse-relational_CcfPoamItem": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/relational.CcfPoamItem" + } + ] + } + } + }, + "handler.GenericDataResponse-relational_CcfPoamItemMilestone": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/relational.CcfPoamItemMilestone" + } + ] + } + } + }, "handler.GenericDataResponse-relational_Evidence": { "type": "object", "properties": { @@ -18561,6 +19057,20 @@ const docTemplate = `{ } } }, + "handler.PoamItemWithLinksResponse": { + "type": "object", + "properties": { + "item": { + "$ref": "#/definitions/relational.CcfPoamItem" + }, + "riskLinks": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.CcfPoamItemRiskLink" + } + } + } + }, "handler.StatusCount": { "type": "object", "properties": { @@ -18616,6 +19126,70 @@ const docTemplate = `{ } } }, + "handler.createMilestone": { + "type": "object", + "properties": { + "description": { + "type": "string" + }, + "dueDate": { + "type": "string" + }, + "status": { + "type": "string" + }, + "title": { + "type": "string" + } + } + }, + "handler.createPoam": { + "type": "object", + "properties": { + "deadline": { + "type": "string" + }, + "description": { + "type": "string" + }, + "milestones": { + "type": "array", + "items": { + "$ref": "#/definitions/handler.createMilestone" + } + }, + "pocEmail": { + "type": "string" + }, + "pocName": { + "type": "string" + }, + "pocPhone": { + "type": "string" + }, + "remarks": { + "type": "string" + }, + "resourceRequired": { + "type": "string" + }, + "riskIds": { + "type": "array", + "items": { + "type": "string" + } + }, + "sspId": { + "type": "string" + }, + "status": { + "type": "string" + }, + "title": { + "type": "string" + } + } + }, "labelfilter.Condition": { "type": "object", "properties": { @@ -23399,6 +23973,99 @@ const docTemplate = `{ } } }, + "relational.CcfPoamItem": { + "type": "object", + "properties": { + "createdAt": { + "type": "string" + }, + "deadline": { + "type": "string" + }, + "description": { + "type": "string" + }, + "id": { + "type": "string" + }, + "milestones": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.CcfPoamItemMilestone" + } + }, + "pocEmail": { + "type": "string" + }, + "pocName": { + "type": "string" + }, + "pocPhone": { + "type": "string" + }, + "remarks": { + "type": "string" + }, + "resourceRequired": { + "type": "string" + }, + "sspID": { + "type": "string" + }, + "status": { + "type": "string" + }, + "title": { + "type": "string" + }, + "updatedAt": { + "type": "string" + } + } + }, + "relational.CcfPoamItemMilestone": { + "type": "object", + "properties": { + "completedAt": { + "type": "string" + }, + "createdAt": { + "type": "string" + }, + "description": { + "type": "string" + }, + "dueDate": { + "type": "string" + }, + "id": { + "type": "string" + }, + "poamItemID": { + "type": "string" + }, + "status": { + "type": "string" + }, + "title": { + "type": "string" + }, + "updatedAt": { + "type": "string" + } + } + }, + "relational.CcfPoamItemRiskLink": { + "type": "object", + "properties": { + "poamItemID": { + "type": "string" + }, + "riskID": { + "type": "string" + } + } + }, "relational.ComponentDefinition": { "type": "object", "properties": { diff --git a/docs/swagger.json b/docs/swagger.json index 5e69bd7c..a80e2df5 100644 --- a/docs/swagger.json +++ b/docs/swagger.json @@ -16285,6 +16285,439 @@ } } }, + "/poam-items": { + "get": { + "description": "List POAM items filtered by status, sspId, riskId, or deadlineBefore.", + "produces": [ + "application/json" + ], + "tags": [ + "POAM Items" + ], + "summary": "List POAM items", + "parameters": [ + { + "type": "string", + "description": "open|in-progress|completed|overdue", + "name": "status", + "in": "query" + }, + { + "type": "string", + "description": "SSP UUID", + "name": "sspId", + "in": "query" + }, + { + "type": "string", + "description": "Risk UUID", + "name": "riskId", + "in": "query" + }, + { + "type": "string", + "description": "RFC3339 timestamp", + "name": "deadlineBefore", + "in": "query" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/handler.GenericDataListResponse-relational_CcfPoamItem" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + } + }, + "post": { + "description": "Creates a POAM item with optional milestones and risk links in a single transaction.", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "tags": [ + "POAM Items" + ], + "summary": "Create a POAM item", + "parameters": [ + { + "description": "POAM item payload", + "name": "body", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/handler.createPoam" + } + } + ], + "responses": { + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/handler.GenericDataResponse-relational_CcfPoamItem" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + } + } + }, + "/poam-items/{id}": { + "get": { + "description": "Get a POAM item with its milestones and risk links.", + "produces": [ + "application/json" + ], + "tags": [ + "POAM Items" + ], + "summary": "Get POAM item", + "parameters": [ + { + "type": "string", + "description": "POAM item ID", + "name": "id", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/handler.GenericDataResponse-handler_PoamItemWithLinksResponse" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + } + }, + "put": { + "description": "Updates mutable fields of a POAM item.", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "tags": [ + "POAM Items" + ], + "summary": "Update POAM item", + "parameters": [ + { + "type": "string", + "description": "POAM item ID", + "name": "id", + "in": "path", + "required": true + }, + { + "description": "Fields to update", + "name": "body", + "in": "body", + "required": true, + "schema": { + "type": "object", + "additionalProperties": true + } + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/handler.GenericDataResponse-relational_CcfPoamItem" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + } + }, + "delete": { + "description": "Deletes a POAM item and cascades to milestones and risk links.", + "produces": [ + "application/json" + ], + "tags": [ + "POAM Items" + ], + "summary": "Delete POAM item", + "parameters": [ + { + "type": "string", + "description": "POAM item ID", + "name": "id", + "in": "path", + "required": true + } + ], + "responses": { + "204": { + "description": "no content", + "schema": { + "type": "string" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + } + } + }, + "/poam-items/{id}/milestones": { + "get": { + "description": "List all milestones for a POAM item.", + "produces": [ + "application/json" + ], + "tags": [ + "POAM Items" + ], + "summary": "List milestones", + "parameters": [ + { + "type": "string", + "description": "POAM item ID", + "name": "id", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/handler.GenericDataListResponse-relational_CcfPoamItemMilestone" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + } + }, + "post": { + "description": "Add a milestone to a POAM item.", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "tags": [ + "POAM Items" + ], + "summary": "Add milestone", + "parameters": [ + { + "type": "string", + "description": "POAM item ID", + "name": "id", + "in": "path", + "required": true + }, + { + "description": "Milestone payload", + "name": "body", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/handler.createMilestone" + } + } + ], + "responses": { + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/handler.GenericDataResponse-relational_CcfPoamItemMilestone" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + } + } + }, + "/poam-items/{id}/milestones/{milestoneId}": { + "put": { + "description": "Update milestone fields; when status becomes completed, sets completed_at.", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "tags": [ + "POAM Items" + ], + "summary": "Update milestone", + "parameters": [ + { + "type": "string", + "description": "POAM item ID", + "name": "id", + "in": "path", + "required": true + }, + { + "type": "string", + "description": "Milestone ID", + "name": "milestoneId", + "in": "path", + "required": true + }, + { + "description": "Fields to update", + "name": "body", + "in": "body", + "required": true, + "schema": { + "type": "object", + "additionalProperties": true + } + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/handler.GenericDataResponse-relational_CcfPoamItemMilestone" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + } + }, + "delete": { + "description": "Delete a milestone from a POAM item.", + "produces": [ + "application/json" + ], + "tags": [ + "POAM Items" + ], + "summary": "Delete milestone", + "parameters": [ + { + "type": "string", + "description": "POAM item ID", + "name": "id", + "in": "path", + "required": true + }, + { + "type": "string", + "description": "Milestone ID", + "name": "milestoneId", + "in": "path", + "required": true + } + ], + "responses": { + "204": { + "description": "no content", + "schema": { + "type": "string" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + } + } + }, "/users/me": { "get": { "description": "Retrieves the details of the currently logged-in user", @@ -17542,6 +17975,30 @@ } } }, + "handler.GenericDataListResponse-relational_CcfPoamItem": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "type": "array", + "items": { + "$ref": "#/definitions/relational.CcfPoamItem" + } + } + } + }, + "handler.GenericDataListResponse-relational_CcfPoamItemMilestone": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "type": "array", + "items": { + "$ref": "#/definitions/relational.CcfPoamItemMilestone" + } + } + } + }, "handler.GenericDataListResponse-relational_Evidence": { "type": "object", "properties": { @@ -17667,6 +18124,19 @@ } } }, + "handler.GenericDataResponse-handler_PoamItemWithLinksResponse": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/handler.PoamItemWithLinksResponse" + } + ] + } + } + }, "handler.GenericDataResponse-handler_UserHandler": { "type": "object", "properties": { @@ -18395,6 +18865,32 @@ } } }, + "handler.GenericDataResponse-relational_CcfPoamItem": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/relational.CcfPoamItem" + } + ] + } + } + }, + "handler.GenericDataResponse-relational_CcfPoamItemMilestone": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/relational.CcfPoamItemMilestone" + } + ] + } + } + }, "handler.GenericDataResponse-relational_Evidence": { "type": "object", "properties": { @@ -18555,6 +19051,20 @@ } } }, + "handler.PoamItemWithLinksResponse": { + "type": "object", + "properties": { + "item": { + "$ref": "#/definitions/relational.CcfPoamItem" + }, + "riskLinks": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.CcfPoamItemRiskLink" + } + } + } + }, "handler.StatusCount": { "type": "object", "properties": { @@ -18610,6 +19120,70 @@ } } }, + "handler.createMilestone": { + "type": "object", + "properties": { + "description": { + "type": "string" + }, + "dueDate": { + "type": "string" + }, + "status": { + "type": "string" + }, + "title": { + "type": "string" + } + } + }, + "handler.createPoam": { + "type": "object", + "properties": { + "deadline": { + "type": "string" + }, + "description": { + "type": "string" + }, + "milestones": { + "type": "array", + "items": { + "$ref": "#/definitions/handler.createMilestone" + } + }, + "pocEmail": { + "type": "string" + }, + "pocName": { + "type": "string" + }, + "pocPhone": { + "type": "string" + }, + "remarks": { + "type": "string" + }, + "resourceRequired": { + "type": "string" + }, + "riskIds": { + "type": "array", + "items": { + "type": "string" + } + }, + "sspId": { + "type": "string" + }, + "status": { + "type": "string" + }, + "title": { + "type": "string" + } + } + }, "labelfilter.Condition": { "type": "object", "properties": { @@ -23393,6 +23967,99 @@ } } }, + "relational.CcfPoamItem": { + "type": "object", + "properties": { + "createdAt": { + "type": "string" + }, + "deadline": { + "type": "string" + }, + "description": { + "type": "string" + }, + "id": { + "type": "string" + }, + "milestones": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.CcfPoamItemMilestone" + } + }, + "pocEmail": { + "type": "string" + }, + "pocName": { + "type": "string" + }, + "pocPhone": { + "type": "string" + }, + "remarks": { + "type": "string" + }, + "resourceRequired": { + "type": "string" + }, + "sspID": { + "type": "string" + }, + "status": { + "type": "string" + }, + "title": { + "type": "string" + }, + "updatedAt": { + "type": "string" + } + } + }, + "relational.CcfPoamItemMilestone": { + "type": "object", + "properties": { + "completedAt": { + "type": "string" + }, + "createdAt": { + "type": "string" + }, + "description": { + "type": "string" + }, + "dueDate": { + "type": "string" + }, + "id": { + "type": "string" + }, + "poamItemID": { + "type": "string" + }, + "status": { + "type": "string" + }, + "title": { + "type": "string" + }, + "updatedAt": { + "type": "string" + } + } + }, + "relational.CcfPoamItemRiskLink": { + "type": "object", + "properties": { + "poamItemID": { + "type": "string" + }, + "riskID": { + "type": "string" + } + } + }, "relational.ComponentDefinition": { "type": "object", "properties": { diff --git a/docs/swagger.yaml b/docs/swagger.yaml index 15e23b1a..d39a9303 100644 --- a/docs/swagger.yaml +++ b/docs/swagger.yaml @@ -698,6 +698,22 @@ definitions: $ref: '#/definitions/oscalTypes_1_1_3.SystemUser' type: array type: object + handler.GenericDataListResponse-relational_CcfPoamItem: + properties: + data: + description: Items from the list response + items: + $ref: '#/definitions/relational.CcfPoamItem' + type: array + type: object + handler.GenericDataListResponse-relational_CcfPoamItemMilestone: + properties: + data: + description: Items from the list response + items: + $ref: '#/definitions/relational.CcfPoamItemMilestone' + type: array + type: object handler.GenericDataListResponse-relational_Evidence: properties: data: @@ -773,6 +789,13 @@ definitions: - $ref: '#/definitions/handler.OscalLikeEvidence' description: Items from the list response type: object + handler.GenericDataResponse-handler_PoamItemWithLinksResponse: + properties: + data: + allOf: + - $ref: '#/definitions/handler.PoamItemWithLinksResponse' + description: Items from the list response + type: object handler.GenericDataResponse-handler_UserHandler: properties: data: @@ -1165,6 +1188,20 @@ definitions: - $ref: '#/definitions/oscalTypes_1_1_3.Task' description: Items from the list response type: object + handler.GenericDataResponse-relational_CcfPoamItem: + properties: + data: + allOf: + - $ref: '#/definitions/relational.CcfPoamItem' + description: Items from the list response + type: object + handler.GenericDataResponse-relational_CcfPoamItemMilestone: + properties: + data: + allOf: + - $ref: '#/definitions/relational.CcfPoamItemMilestone' + description: Items from the list response + type: object handler.GenericDataResponse-relational_Evidence: properties: data: @@ -1271,6 +1308,15 @@ definitions: total: type: integer type: object + handler.PoamItemWithLinksResponse: + properties: + item: + $ref: '#/definitions/relational.CcfPoamItem' + riskLinks: + items: + $ref: '#/definitions/relational.CcfPoamItemRiskLink' + type: array + type: object handler.StatusCount: properties: count: @@ -1307,6 +1353,48 @@ definitions: - filter - name type: object + handler.createMilestone: + properties: + description: + type: string + dueDate: + type: string + status: + type: string + title: + type: string + type: object + handler.createPoam: + properties: + deadline: + type: string + description: + type: string + milestones: + items: + $ref: '#/definitions/handler.createMilestone' + type: array + pocEmail: + type: string + pocName: + type: string + pocPhone: + type: string + remarks: + type: string + resourceRequired: + type: string + riskIds: + items: + type: string + type: array + sspId: + type: string + status: + type: string + title: + type: string + type: object labelfilter.Condition: properties: label: @@ -4452,6 +4540,67 @@ definitions: remarks: type: string type: object + relational.CcfPoamItem: + properties: + createdAt: + type: string + deadline: + type: string + description: + type: string + id: + type: string + milestones: + items: + $ref: '#/definitions/relational.CcfPoamItemMilestone' + type: array + pocEmail: + type: string + pocName: + type: string + pocPhone: + type: string + remarks: + type: string + resourceRequired: + type: string + sspID: + type: string + status: + type: string + title: + type: string + updatedAt: + type: string + type: object + relational.CcfPoamItemMilestone: + properties: + completedAt: + type: string + createdAt: + type: string + description: + type: string + dueDate: + type: string + id: + type: string + poamItemID: + type: string + status: + type: string + title: + type: string + updatedAt: + type: string + type: object + relational.CcfPoamItemRiskLink: + properties: + poamItemID: + type: string + riskID: + type: string + type: object relational.ComponentDefinition: properties: back-matter: @@ -16345,6 +16494,295 @@ paths: summary: Update a system user tags: - System Security Plans + /poam-items: + get: + description: List POAM items filtered by status, sspId, riskId, or deadlineBefore. + parameters: + - description: open|in-progress|completed|overdue + in: query + name: status + type: string + - description: SSP UUID + in: query + name: sspId + type: string + - description: Risk UUID + in: query + name: riskId + type: string + - description: RFC3339 timestamp + in: query + name: deadlineBefore + type: string + produces: + - application/json + responses: + "200": + description: OK + schema: + $ref: '#/definitions/handler.GenericDataListResponse-relational_CcfPoamItem' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/api.Error' + summary: List POAM items + tags: + - POAM Items + post: + consumes: + - application/json + description: Creates a POAM item with optional milestones and risk links in + a single transaction. + parameters: + - description: POAM item payload + in: body + name: body + required: true + schema: + $ref: '#/definitions/handler.createPoam' + produces: + - application/json + responses: + "201": + description: Created + schema: + $ref: '#/definitions/handler.GenericDataResponse-relational_CcfPoamItem' + "400": + description: Bad Request + schema: + $ref: '#/definitions/api.Error' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/api.Error' + summary: Create a POAM item + tags: + - POAM Items + /poam-items/{id}: + delete: + description: Deletes a POAM item and cascades to milestones and risk links. + parameters: + - description: POAM item ID + in: path + name: id + required: true + type: string + produces: + - application/json + responses: + "204": + description: no content + schema: + type: string + "400": + description: Bad Request + schema: + $ref: '#/definitions/api.Error' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/api.Error' + summary: Delete POAM item + tags: + - POAM Items + get: + description: Get a POAM item with its milestones and risk links. + parameters: + - description: POAM item ID + in: path + name: id + required: true + type: string + produces: + - application/json + responses: + "200": + description: OK + schema: + $ref: '#/definitions/handler.GenericDataResponse-handler_PoamItemWithLinksResponse' + "400": + description: Bad Request + schema: + $ref: '#/definitions/api.Error' + "404": + description: Not Found + schema: + $ref: '#/definitions/api.Error' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/api.Error' + summary: Get POAM item + tags: + - POAM Items + put: + consumes: + - application/json + description: Updates mutable fields of a POAM item. + parameters: + - description: POAM item ID + in: path + name: id + required: true + type: string + - description: Fields to update + in: body + name: body + required: true + schema: + additionalProperties: true + type: object + produces: + - application/json + responses: + "200": + description: OK + schema: + $ref: '#/definitions/handler.GenericDataResponse-relational_CcfPoamItem' + "400": + description: Bad Request + schema: + $ref: '#/definitions/api.Error' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/api.Error' + summary: Update POAM item + tags: + - POAM Items + /poam-items/{id}/milestones: + get: + description: List all milestones for a POAM item. + parameters: + - description: POAM item ID + in: path + name: id + required: true + type: string + produces: + - application/json + responses: + "200": + description: OK + schema: + $ref: '#/definitions/handler.GenericDataListResponse-relational_CcfPoamItemMilestone' + "400": + description: Bad Request + schema: + $ref: '#/definitions/api.Error' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/api.Error' + summary: List milestones + tags: + - POAM Items + post: + consumes: + - application/json + description: Add a milestone to a POAM item. + parameters: + - description: POAM item ID + in: path + name: id + required: true + type: string + - description: Milestone payload + in: body + name: body + required: true + schema: + $ref: '#/definitions/handler.createMilestone' + produces: + - application/json + responses: + "201": + description: Created + schema: + $ref: '#/definitions/handler.GenericDataResponse-relational_CcfPoamItemMilestone' + "400": + description: Bad Request + schema: + $ref: '#/definitions/api.Error' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/api.Error' + summary: Add milestone + tags: + - POAM Items + /poam-items/{id}/milestones/{milestoneId}: + delete: + description: Delete a milestone from a POAM item. + parameters: + - description: POAM item ID + in: path + name: id + required: true + type: string + - description: Milestone ID + in: path + name: milestoneId + required: true + type: string + produces: + - application/json + responses: + "204": + description: no content + schema: + type: string + "400": + description: Bad Request + schema: + $ref: '#/definitions/api.Error' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/api.Error' + summary: Delete milestone + tags: + - POAM Items + put: + consumes: + - application/json + description: Update milestone fields; when status becomes completed, sets completed_at. + parameters: + - description: POAM item ID + in: path + name: id + required: true + type: string + - description: Milestone ID + in: path + name: milestoneId + required: true + type: string + - description: Fields to update + in: body + name: body + required: true + schema: + additionalProperties: true + type: object + produces: + - application/json + responses: + "200": + description: OK + schema: + $ref: '#/definitions/handler.GenericDataResponse-relational_CcfPoamItemMilestone' + "400": + description: Bad Request + schema: + $ref: '#/definitions/api.Error' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/api.Error' + summary: Update milestone + tags: + - POAM Items /users/{id}/change-password: post: consumes: diff --git a/internal/api/handler/api.go b/internal/api/handler/api.go index bf2bf407..2679b99c 100644 --- a/internal/api/handler/api.go +++ b/internal/api/handler/api.go @@ -1,41 +1,16 @@ package handler import ( - "log" - "github.com/compliance-framework/api/internal/api" - templatehandlers "github.com/compliance-framework/api/internal/api/handler/templates" - "github.com/compliance-framework/api/internal/api/handler/workflows" "github.com/compliance-framework/api/internal/api/middleware" "github.com/compliance-framework/api/internal/config" "github.com/compliance-framework/api/internal/service/digest" - evidencesvc "github.com/compliance-framework/api/internal/service/relational/evidence" - workflowsvc "github.com/compliance-framework/api/internal/service/relational/workflows" - "github.com/compliance-framework/api/internal/workflow" - "github.com/labstack/echo/v4" + "github.com/compliance-framework/api/internal/service/scheduler" "go.uber.org/zap" "gorm.io/gorm" ) -// APIServices contains all services needed by API handlers -type APIServices struct { - EvidenceService *evidencesvc.EvidenceService - RiskEnqueuer evidencesvc.RiskJobEnqueuer - DigestService *digest.Service - WorkflowManager *workflow.Manager - NotificationEnqueuer workflow.NotificationEnqueuer - DAGExecutor *workflow.DAGExecutor -} - -func RegisterHandlers(server *api.Server, logger *zap.SugaredLogger, db *gorm.DB, config *config.Config, services *APIServices) { - if services == nil { - services = &APIServices{} - } - // Default EvidenceService when callers (e.g. test suites) don't provide one. - if services.EvidenceService == nil { - services.EvidenceService = evidencesvc.NewEvidenceService(db, logger, config, services.RiskEnqueuer) - } - +func RegisterHandlers(server *api.Server, logger *zap.SugaredLogger, db *gorm.DB, config *config.Config, digestService *digest.Service, sched scheduler.Scheduler) { healthHandler := NewHealthHandler(logger, db) healthHandler.Register(server.API().Group("/health")) @@ -45,32 +20,11 @@ func RegisterHandlers(server *api.Server, logger *zap.SugaredLogger, db *gorm.DB heartbeatHandler := NewHeartbeatHandler(logger, db) heartbeatHandler.Register(server.API().Group("/agent/heartbeat")) - evidenceHandler := NewEvidenceHandler(logger, services.EvidenceService) + evidenceHandler := NewEvidenceHandler(logger, db, config) evidenceHandler.Register(server.API().Group("/evidence")) - riskHandler := NewRiskHandler(logger, db) - riskGroup := server.API().Group("/risks") - riskGroup.Use(middleware.JWTMiddleware(config.JWTPublicKey)) - riskHandler.Register(riskGroup) - - sspRiskGroup := server.API().Group("/ssp/:sspId/risks") - sspRiskGroup.Use(middleware.JWTMiddleware(config.JWTPublicKey)) - riskHandler.RegisterSSPScoped(sspRiskGroup) - - riskTemplateHandler := templatehandlers.NewRiskTemplateHandler(logger, db) - riskTemplateGroup := server.API().Group("/risk-templates") - riskTemplateGroup.Use(middleware.JWTMiddleware(config.JWTPublicKey)) - riskTemplateHandler.Register(riskTemplateGroup) - - subjectTemplateHandler := templatehandlers.NewSubjectTemplateHandler(logger, db) - subjectTemplateGroup := server.API().Group("/subject-templates") - subjectTemplateGroup.Use(middleware.JWTMiddleware(config.JWTPublicKey)) - subjectTemplateHandler.Register(subjectTemplateGroup) - - evidenceTemplateHandler := templatehandlers.NewEvidenceTemplateHandler(logger, db) - evidenceTemplateGroup := server.API().Group("/evidence-templates") - evidenceTemplateGroup.Use(middleware.JWTMiddleware(config.JWTPublicKey)) - evidenceTemplateHandler.Register(evidenceTemplateGroup) + poamHandler := NewPoamItemsHandler(logger, db) + poamHandler.Register(server.API().Group("/poam-items")) userHandler := NewUserHandler(logger, db) @@ -84,106 +38,11 @@ func RegisterHandlers(server *api.Server, logger *zap.SugaredLogger, db *gorm.DB userHandler.RegisterSelfRoutes(userGroup) // Digest handler (admin only) - if services.DigestService != nil { - digestHandler := NewDigestHandler(services.DigestService, logger) + if digestService != nil && sched != nil { + digestHandler := NewDigestHandler(digestService, sched, logger) digestGroup := server.API().Group("/admin/digest") digestGroup.Use(middleware.JWTMiddleware(config.JWTPublicKey)) digestGroup.Use(middleware.RequireAdminGroups(db, config, logger)) digestHandler.Register(digestGroup) } - - // Register workflow handlers - registerWorkflowHandlers(server, logger, db, config, services.WorkflowManager, services.NotificationEnqueuer, services.DAGExecutor) -} - -// registerWorkflowHandlers registers all workflow-related HTTP handlers with authentication -func registerWorkflowHandlers(server *api.Server, logger *zap.SugaredLogger, db *gorm.DB, config *config.Config, workflowManager *workflow.Manager, notificationEnqueuer workflow.NotificationEnqueuer, dagExecutor *workflow.DAGExecutor) { - // Create workflow group with authentication middleware - workflowGroup := server.API().Group("/workflows") - workflowGroup.Use(middleware.JWTMiddleware(config.JWTPublicKey)) - - // Basic workflow handlers (no manager dependency) - workflowDefinitionHandler := workflows.NewWorkflowDefinitionHandler(logger, db) - workflowDefinitionHandler.Register(workflowGroup.Group("/definitions")) - - workflowStepDefinitionHandler := workflows.NewWorkflowStepDefinitionHandler(logger, db) - workflowStepDefinitionHandler.Register(workflowGroup.Group("/steps")) - - workflowInstanceHandler := workflows.NewWorkflowInstanceHandler(logger, db) - workflowInstanceHandler.Register(workflowGroup.Group("/instances")) - - controlRelationshipHandler := workflows.NewControlRelationshipHandler(logger, db) - controlRelationshipHandler.Register(workflowGroup.Group("/control-relationships")) - - roleAssignmentHandler := workflows.NewRoleAssignmentHandler(logger, db) - roleAssignmentHandler.Register(workflowGroup.Group("/role-assignments")) - - // Handlers that require workflow manager - if workflowManager != nil { - registerWorkflowExecutionHandlers(workflowGroup, logger, db, workflowManager, notificationEnqueuer, dagExecutor) - } -} - -// registerWorkflowExecutionHandlers registers execution-related handlers that require the workflow manager -func registerWorkflowExecutionHandlers(workflowGroup *echo.Group, logger *zap.SugaredLogger, db *gorm.DB, workflowManager *workflow.Manager, notificationEnqueuer workflow.NotificationEnqueuer, dagExecutor *workflow.DAGExecutor) { - roleAssignmentService := workflowsvc.NewRoleAssignmentService(db) - stepExecService := workflowsvc.NewStepExecutionService(db, nil) - assignmentService := workflow.NewAssignmentService(roleAssignmentService, stepExecService, db, logger, notificationEnqueuer) - - // Workflow execution handler - workflowExecutionHandler := workflows.NewWorkflowExecutionHandler(logger, db, workflowManager, assignmentService) - workflowExecutionHandler.Register(workflowGroup.Group("/executions")) - - // Step execution handler with transition service - transitionService := createStepTransitionService(db, logger, notificationEnqueuer, dagExecutor) - stepExecutionHandler := workflows.NewStepExecutionHandler(logger, db, transitionService, assignmentService) - stepExecutionHandler.Register(workflowGroup.Group("/step-executions")) -} - -// createStepTransitionService creates and configures the step transition service with all dependencies -func createStepTransitionService(db *gorm.DB, logger *zap.SugaredLogger, notificationEnqueuer workflow.NotificationEnqueuer, executor *workflow.DAGExecutor) *workflow.StepTransitionService { - // Create services needed for step transition - stepExecService := workflowsvc.NewStepExecutionService(db, nil) - stepDefService := workflowsvc.NewWorkflowStepDefinitionService(db) - workflowExecService := workflowsvc.NewWorkflowExecutionService(db) - workflowInstanceService := workflowsvc.NewWorkflowInstanceService(db) - workflowDefinitionService := workflowsvc.NewWorkflowDefinitionService(db) - roleAssignmentService := workflowsvc.NewRoleAssignmentService(db) - - // Create assignment service - assignmentService := workflow.NewAssignmentService(roleAssignmentService, stepExecService, db, logger, notificationEnqueuer) - - // Create evidence integration for step evidence storage - evidenceIntegration := workflow.NewEvidenceIntegration(db, logger) - - // Set evidence creator on services - stepExecService.SetEvidenceCreator(evidenceIntegration) - workflowExecService.SetEvidenceCreator(evidenceIntegration) - - // Use the shared executor from the worker service when available so that there is exactly - // one DAGExecutor instance (consistent logger, notifications, and evidence integration). - // Fall back to constructing a local executor when the worker is disabled (executor == nil). - if executor == nil { - executor = workflow.NewDAGExecutor( - stepExecService, - workflowExecService, - stepDefService, - assignmentService, - log.Default(), - notificationEnqueuer, - ) - } - - // Create and return step transition service - return workflow.NewStepTransitionService( - stepExecService, - stepDefService, - workflowExecService, - roleAssignmentService, - workflowInstanceService, - workflowDefinitionService, - executor, - db, - evidenceIntegration, - ) } diff --git a/internal/api/handler/poam_items.go b/internal/api/handler/poam_items.go new file mode 100644 index 00000000..0d47123b --- /dev/null +++ b/internal/api/handler/poam_items.go @@ -0,0 +1,385 @@ +package handler + +import ( + "net/http" + "time" + + "github.com/compliance-framework/api/internal/api" + "github.com/compliance-framework/api/internal/service/relational" + "github.com/google/uuid" + "github.com/labstack/echo/v4" + "go.uber.org/zap" + "gorm.io/gorm" +) + +type PoamItemsHandler struct { + db *gorm.DB + sugar *zap.SugaredLogger +} + +func NewPoamItemsHandler(logger *zap.SugaredLogger, db *gorm.DB) *PoamItemsHandler { + return &PoamItemsHandler{db: db, sugar: logger} +} + +func (h *PoamItemsHandler) Register(g *echo.Group) { + g.GET("", h.List) + g.POST("", h.Create) + g.GET("/:id", h.Get) + g.PUT("/:id", h.Update) + g.DELETE("/:id", h.Delete) + g.GET("/:id/milestones", h.ListMilestones) + g.POST("/:id/milestones", h.AddMilestone) + g.PUT("/:id/milestones/:milestoneId", h.UpdateMilestone) + g.DELETE("/:id/milestones/:milestoneId", h.DeleteMilestone) +} + +type createMilestone struct { + Title string `json:"title"` + Description string `json:"description"` + Status string `json:"status"` + DueDate *time.Time `json:"dueDate"` +} + +type createPoam struct { + SspID string `json:"sspId"` + Title string `json:"title"` + Description string `json:"description"` + Status string `json:"status"` + Deadline *time.Time `json:"deadline"` + ResourceRequired *string `json:"resourceRequired"` + PocName *string `json:"pocName"` + PocEmail *string `json:"pocEmail"` + PocPhone *string `json:"pocPhone"` + Remarks *string `json:"remarks"` + RiskIDs []string `json:"riskIds"` + Milestones []createMilestone `json:"milestones"` +} + +type PoamItemWithLinksResponse struct { + Item relational.CcfPoamItem `json:"item"` + RiskLinks []relational.CcfPoamItemRiskLink `json:"riskLinks"` +} + +// Create godoc +// +// @Summary Create a POAM item +// @Description Creates a POAM item with optional milestones and risk links in a single transaction. +// @Tags POAM Items +// @Accept json +// @Produce json +// @Param body body createPoam true "POAM item payload" +// @Success 201 {object} GenericDataResponse[relational.CcfPoamItem] +// @Failure 400 {object} api.Error +// @Failure 500 {object} api.Error +// @Router /poam-items [post] +func (h *PoamItemsHandler) Create(c echo.Context) error { + var in createPoam + if err := c.Bind(&in); err != nil { + return c.JSON(http.StatusBadRequest, api.NewError(err)) + } + ssp, err := uuid.Parse(in.SspID) + if err != nil { + return c.JSON(http.StatusBadRequest, api.NewError(err)) + } + item := relational.CcfPoamItem{ + ID: uuid.New(), + SspID: ssp, + Title: in.Title, + Description: in.Description, + Status: in.Status, + Deadline: in.Deadline, + ResourceRequired: in.ResourceRequired, + PocName: in.PocName, + PocEmail: in.PocEmail, + PocPhone: in.PocPhone, + Remarks: in.Remarks, + } + err = h.db.Transaction(func(tx *gorm.DB) error { + if err := tx.Create(&item).Error; err != nil { + return err + } + for _, m := range in.Milestones { + ms := relational.CcfPoamItemMilestone{ + ID: uuid.New(), + PoamItemID: item.ID, + Title: m.Title, + Description: m.Description, + Status: m.Status, + DueDate: m.DueDate, + } + if err := tx.Create(&ms).Error; err != nil { + return err + } + } + for _, rid := range in.RiskIDs { + ruuid, err := uuid.Parse(rid) + if err != nil { + return err + } + link := relational.CcfPoamItemRiskLink{PoamItemID: item.ID, RiskID: ruuid} + if err := tx.Create(&link).Error; err != nil { + return err + } + } + return nil + }) + if err != nil { + return c.JSON(http.StatusInternalServerError, api.NewError(err)) + } + return c.JSON(http.StatusCreated, GenericDataResponse[relational.CcfPoamItem]{Data: item}) +} + +// List godoc +// +// @Summary List POAM items +// @Description List POAM items filtered by status, sspId, riskId, or deadlineBefore. +// @Tags POAM Items +// @Produce json +// @Param status query string false "open|in-progress|completed|overdue" +// @Param sspId query string false "SSP UUID" +// @Param riskId query string false "Risk UUID" +// @Param deadlineBefore query string false "RFC3339 timestamp" +// @Success 200 {object} GenericDataListResponse[relational.CcfPoamItem] +// @Failure 500 {object} api.Error +// @Router /poam-items [get] +func (h *PoamItemsHandler) List(c echo.Context) error { + var items []relational.CcfPoamItem + q := h.db.Model(&relational.CcfPoamItem{}) + if v := c.QueryParam("status"); v != "" { + q = q.Where("status = ?", v) + } + if v := c.QueryParam("sspId"); v != "" { + if id, err := uuid.Parse(v); err == nil { + q = q.Where("ssp_id = ?", id) + } + } + if v := c.QueryParam("deadlineBefore"); v != "" { + if t, err := time.Parse(time.RFC3339, v); err == nil { + q = q.Where("deadline IS NOT NULL AND deadline < ?", t) + } + } + if v := c.QueryParam("riskId"); v != "" { + if id, err := uuid.Parse(v); err == nil { + q = q.Joins("JOIN poam_item_risk_links l ON l.poam_item_id = ccf_poam_items.id AND l.risk_id = ?", id) + } + } + if err := q.Find(&items).Error; err != nil { + return c.JSON(http.StatusInternalServerError, api.NewError(err)) + } + return c.JSON(http.StatusOK, GenericDataListResponse[relational.CcfPoamItem]{Data: items}) +} + +// Get godoc +// +// @Summary Get POAM item +// @Description Get a POAM item with its milestones and risk links. +// @Tags POAM Items +// @Produce json +// @Param id path string true "POAM item ID" +// @Success 200 {object} GenericDataResponse[PoamItemWithLinksResponse] +// @Failure 400 {object} api.Error +// @Failure 404 {object} api.Error +// @Failure 500 {object} api.Error +// @Router /poam-items/{id} [get] +func (h *PoamItemsHandler) Get(c echo.Context) error { + id, err := uuid.Parse(c.Param("id")) + if err != nil { + return c.JSON(http.StatusBadRequest, api.NewError(err)) + } + var item relational.CcfPoamItem + if err := h.db.Preload("Milestones").First(&item, "id = ?", id).Error; err != nil { + return c.JSON(http.StatusNotFound, api.NewError(err)) + } + var links []relational.CcfPoamItemRiskLink + _ = h.db.Where("poam_item_id = ?", id).Find(&links).Error + return c.JSON(http.StatusOK, GenericDataResponse[PoamItemWithLinksResponse]{Data: PoamItemWithLinksResponse{Item: item, RiskLinks: links}}) +} + +// Update godoc +// +// @Summary Update POAM item +// @Description Updates mutable fields of a POAM item. +// @Tags POAM Items +// @Accept json +// @Produce json +// @Param id path string true "POAM item ID" +// @Param body body map[string]interface{} true "Fields to update" +// @Success 200 {object} GenericDataResponse[relational.CcfPoamItem] +// @Failure 400 {object} api.Error +// @Failure 500 {object} api.Error +// @Router /poam-items/{id} [put] +func (h *PoamItemsHandler) Update(c echo.Context) error { + id, err := uuid.Parse(c.Param("id")) + if err != nil { + return c.JSON(http.StatusBadRequest, api.NewError(err)) + } + var in map[string]interface{} + if err := c.Bind(&in); err != nil { + return c.JSON(http.StatusBadRequest, api.NewError(err)) + } + delete(in, "id") + delete(in, "milestones") + delete(in, "riskIds") + if err := h.db.Model(&relational.CcfPoamItem{}).Where("id = ?", id).Updates(in).Error; err != nil { + return c.JSON(http.StatusInternalServerError, api.NewError(err)) + } + var out relational.CcfPoamItem + _ = h.db.First(&out, "id = ?", id).Error + return c.JSON(http.StatusOK, GenericDataResponse[relational.CcfPoamItem]{Data: out}) +} + +// Delete godoc +// +// @Summary Delete POAM item +// @Description Deletes a POAM item and cascades to milestones and risk links. +// @Tags POAM Items +// @Produce json +// @Param id path string true "POAM item ID" +// @Success 204 {string} string "no content" +// @Failure 400 {object} api.Error +// @Failure 500 {object} api.Error +// @Router /poam-items/{id} [delete] +func (h *PoamItemsHandler) Delete(c echo.Context) error { + id, err := uuid.Parse(c.Param("id")) + if err != nil { + return c.JSON(http.StatusBadRequest, api.NewError(err)) + } + err = h.db.Transaction(func(tx *gorm.DB) error { + if err := tx.Where("poam_item_id = ?", id).Delete(&relational.CcfPoamItemRiskLink{}).Error; err != nil { + return err + } + if err := tx.Where("poam_item_id = ?", id).Delete(&relational.CcfPoamItemMilestone{}).Error; err != nil { + return err + } + return tx.Delete(&relational.CcfPoamItem{}, "id = ?", id).Error + }) + if err != nil { + return c.JSON(http.StatusInternalServerError, api.NewError(err)) + } + return c.NoContent(http.StatusNoContent) +} + +// ListMilestones godoc +// +// @Summary List milestones +// @Description List all milestones for a POAM item. +// @Tags POAM Items +// @Produce json +// @Param id path string true "POAM item ID" +// @Success 200 {object} GenericDataListResponse[relational.CcfPoamItemMilestone] +// @Failure 400 {object} api.Error +// @Failure 500 {object} api.Error +// @Router /poam-items/{id}/milestones [get] +func (h *PoamItemsHandler) ListMilestones(c echo.Context) error { + id, err := uuid.Parse(c.Param("id")) + if err != nil { + return c.JSON(http.StatusBadRequest, api.NewError(err)) + } + var ms []relational.CcfPoamItemMilestone + if err := h.db.Where("poam_item_id = ?", id).Find(&ms).Error; err != nil { + return c.JSON(http.StatusInternalServerError, api.NewError(err)) + } + return c.JSON(http.StatusOK, GenericDataListResponse[relational.CcfPoamItemMilestone]{Data: ms}) +} + +// AddMilestone godoc +// +// @Summary Add milestone +// @Description Add a milestone to a POAM item. +// @Tags POAM Items +// @Accept json +// @Produce json +// @Param id path string true "POAM item ID" +// @Param body body createMilestone true "Milestone payload" +// @Success 201 {object} GenericDataResponse[relational.CcfPoamItemMilestone] +// @Failure 400 {object} api.Error +// @Failure 500 {object} api.Error +// @Router /poam-items/{id}/milestones [post] +func (h *PoamItemsHandler) AddMilestone(c echo.Context) error { + id, err := uuid.Parse(c.Param("id")) + if err != nil { + return c.JSON(http.StatusBadRequest, api.NewError(err)) + } + var in createMilestone + if err := c.Bind(&in); err != nil { + return c.JSON(http.StatusBadRequest, api.NewError(err)) + } + m := relational.CcfPoamItemMilestone{ + ID: uuid.New(), + PoamItemID: id, + Title: in.Title, + Description: in.Description, + Status: in.Status, + DueDate: in.DueDate, + } + if err := h.db.Create(&m).Error; err != nil { + return c.JSON(http.StatusInternalServerError, api.NewError(err)) + } + return c.JSON(http.StatusCreated, GenericDataResponse[relational.CcfPoamItemMilestone]{Data: m}) +} + +// UpdateMilestone godoc +// +// @Summary Update milestone +// @Description Update milestone fields; when status becomes completed, sets completed_at. +// @Tags POAM Items +// @Accept json +// @Produce json +// @Param id path string true "POAM item ID" +// @Param milestoneId path string true "Milestone ID" +// @Param body body map[string]interface{} true "Fields to update" +// @Success 200 {object} GenericDataResponse[relational.CcfPoamItemMilestone] +// @Failure 400 {object} api.Error +// @Failure 500 {object} api.Error +// @Router /poam-items/{id}/milestones/{milestoneId} [put] +func (h *PoamItemsHandler) UpdateMilestone(c echo.Context) error { + id, err := uuid.Parse(c.Param("id")) + if err != nil { + return c.JSON(http.StatusBadRequest, api.NewError(err)) + } + mid, err := uuid.Parse(c.Param("milestoneId")) + if err != nil { + return c.JSON(http.StatusBadRequest, api.NewError(err)) + } + var in map[string]interface{} + if err := c.Bind(&in); err != nil { + return c.JSON(http.StatusBadRequest, api.NewError(err)) + } + if v, ok := in["status"]; ok && v == "completed" { + now := time.Now().UTC() + in["completed_at"] = &now + } + if err := h.db.Model(&relational.CcfPoamItemMilestone{}).Where("poam_item_id = ? AND id = ?", id, mid).Updates(in).Error; err != nil { + return c.JSON(http.StatusInternalServerError, api.NewError(err)) + } + var out relational.CcfPoamItemMilestone + _ = h.db.First(&out, "id = ?", mid).Error + return c.JSON(http.StatusOK, GenericDataResponse[relational.CcfPoamItemMilestone]{Data: out}) +} + +// DeleteMilestone godoc +// +// @Summary Delete milestone +// @Description Delete a milestone from a POAM item. +// @Tags POAM Items +// @Produce json +// @Param id path string true "POAM item ID" +// @Param milestoneId path string true "Milestone ID" +// @Success 204 {string} string "no content" +// @Failure 400 {object} api.Error +// @Failure 500 {object} api.Error +// @Router /poam-items/{id}/milestones/{milestoneId} [delete] +func (h *PoamItemsHandler) DeleteMilestone(c echo.Context) error { + id, err := uuid.Parse(c.Param("id")) + if err != nil { + return c.JSON(http.StatusBadRequest, api.NewError(err)) + } + mid, err := uuid.Parse(c.Param("milestoneId")) + if err != nil { + return c.JSON(http.StatusBadRequest, api.NewError(err)) + } + if err := h.db.Where("poam_item_id = ? AND id = ?", id, mid).Delete(&relational.CcfPoamItemMilestone{}).Error; err != nil { + return c.JSON(http.StatusInternalServerError, api.NewError(err)) + } + return c.NoContent(http.StatusNoContent) +} diff --git a/internal/api/handler/poam_items_integration_test.go b/internal/api/handler/poam_items_integration_test.go new file mode 100644 index 00000000..8dd4d5c8 --- /dev/null +++ b/internal/api/handler/poam_items_integration_test.go @@ -0,0 +1,115 @@ +//go:build integration + +package handler + +import ( + "bytes" + "encoding/json" + "context" + "net/http" + "net/http/httptest" + "testing" + "time" + + "github.com/compliance-framework/api/internal/api" + "github.com/compliance-framework/api/internal/service/relational" + "github.com/compliance-framework/api/internal/tests" + "github.com/google/uuid" + "github.com/labstack/echo/v4" + "github.com/stretchr/testify/require" + "github.com/stretchr/testify/suite" + "go.uber.org/zap" +) + +type PoamItemsIntegrationSuite struct { + tests.IntegrationTestSuite +} + +func TestPoamItemsApi(t *testing.T) { + suite.Run(t, new(PoamItemsIntegrationSuite)) +} + +func (suite *PoamItemsIntegrationSuite) SetupTest() { + err := suite.Migrator.Refresh() + require.NoError(suite.T(), err) +} + +func (suite *PoamItemsIntegrationSuite) TestCreateAndList() { + // Seed minimal SSP and Risk if required by FK constraints; assume risk exists or FK is deferred in tests + logger, _ := zap.NewDevelopment() + metrics := api.NewMetricsHandler(context.Background(), logger.Sugar()) + server := api.NewServer(context.Background(), logger.Sugar(), suite.Config, metrics) + RegisterHandlers(server, logger.Sugar(), suite.DB, suite.Config, nil, nil) + e := server.E() + + sspID := uuid.New() + // Insert a placeholder SSP to satisfy FK if needed + _ = suite.DB.Exec("INSERT INTO system_security_plans (id, title, version) VALUES (?, 'Test SSP', '1.0')", sspID).Error + + deadline := time.Now().Add(30 * 24 * time.Hour).UTC() + reqBody := map[string]any{ + "sspId": sspID.String(), + "title": "Remediate missing secret scanning", + "description": "Enable scanning across all repos", + "status": "open", + "deadline": deadline.Format(time.RFC3339), + "resourceRequired": "2 engineer days", + "pocName": "Jane Smith", + "pocEmail": "jane@example.com", + "milestones": []map[string]any{ + { + "title": "Enable secret scanning in all repos", + "description": "Turn on org policy", + "status": "planned", + }, + }, + } + b, _ := json.Marshal(reqBody) + req := httptest.NewRequest(http.MethodPost, "/api/poam-items", bytes.NewReader(b)) + req.Header.Set(echo.HeaderContentType, echo.MIMEApplicationJSON) + rec := httptest.NewRecorder() + e.ServeHTTP(rec, req) + require.Equal(suite.T(), http.StatusCreated, rec.Code) + + // List by status filter + req2 := httptest.NewRequest(http.MethodGet, "/api/poam-items?status=open", nil) + rec2 := httptest.NewRecorder() + e.ServeHTTP(rec2, req2) + require.Equal(suite.T(), http.StatusOK, rec2.Code) +} + +func (suite *PoamItemsIntegrationSuite) TestMilestoneCompletionSetsTimestamp() { + logger, _ := zap.NewDevelopment() + metrics := api.NewMetricsHandler(context.Background(), logger.Sugar()) + server := api.NewServer(context.Background(), logger.Sugar(), suite.Config, metrics) + RegisterHandlers(server, logger.Sugar(), suite.DB, suite.Config, nil, nil) + e := server.E() + + sspID := uuid.New() + _ = suite.DB.Exec("INSERT INTO system_security_plans (id, title, version) VALUES (?, 'Test SSP', '1.0')", sspID).Error + + item := relational.CcfPoamItem{ + ID: uuid.New(), + SspID: sspID, + Title: "Test", + Description: "Test", + Status: "open", + } + require.NoError(suite.T(), suite.DB.Create(&item).Error) + ms := relational.CcfPoamItemMilestone{ + ID: uuid.New(), + PoamItemID: item.ID, + Title: "Step", + Description: "Do it", + Status: "planned", + } + require.NoError(suite.T(), suite.DB.Create(&ms).Error) + + patch := map[string]any{"status": "completed"} + b, _ := json.Marshal(patch) + req := httptest.NewRequest(http.MethodPut, "/api/poam-items/"+item.ID.String()+"/milestones/"+ms.ID.String(), bytes.NewReader(b)) + req.Header.Set(echo.HeaderContentType, echo.MIMEApplicationJSON) + rec := httptest.NewRecorder() + e.ServeHTTP(rec, req) + require.Equal(suite.T(), http.StatusOK, rec.Code) +} diff --git a/internal/service/migrator.go b/internal/service/migrator.go index 02039f90..72a1d413 100644 --- a/internal/service/migrator.go +++ b/internal/service/migrator.go @@ -135,6 +135,9 @@ func MigrateUp(db *gorm.DB) error { // Compliance-Framework - not related to OSCAL &relational.SSOUserLink{}, + &relational.CcfPoamItem{}, + &relational.CcfPoamItemMilestone{}, + &relational.CcfPoamItemRiskLink{}, &relational.User{}, &Heartbeat{}, &relational.Evidence{}, @@ -342,6 +345,10 @@ func MigrateDown(db *gorm.DB) error { "poam_findings", "poam_risks", + &relational.CcfPoamItemRiskLink{}, + &relational.CcfPoamItemMilestone{}, + &relational.CcfPoamItem{}, + &relational.User{}, &Heartbeat{}, diff --git a/internal/service/relational/poam_cf.go b/internal/service/relational/poam_cf.go new file mode 100644 index 00000000..ea89f3a9 --- /dev/null +++ b/internal/service/relational/poam_cf.go @@ -0,0 +1,50 @@ +package relational + +import ( + "time" + + "github.com/google/uuid" + "gorm.io/gorm" +) + +type CcfPoamItem struct { + ID uuid.UUID `gorm:"type:uuid;primaryKey"` + SspID uuid.UUID `gorm:"type:uuid;index;not null"` + Title string `gorm:"not null"` + Description string `gorm:"not null"` + Status string `gorm:"type:text;index;not null;check:poam_items_status IN ('open','in-progress','completed','overdue')"` + Deadline *time.Time `gorm:"index"` + ResourceRequired *string + PocName *string + PocEmail *string + PocPhone *string + Remarks *string + CreatedAt time.Time + UpdatedAt time.Time + Milestones []CcfPoamItemMilestone `gorm:"constraint:OnDelete:CASCADE"` +} + +type CcfPoamItemMilestone struct { + ID uuid.UUID `gorm:"type:uuid;primaryKey"` + PoamItemID uuid.UUID `gorm:"type:uuid;index;not null"` + Title string `gorm:"not null"` + Description string `gorm:"not null"` + Status string `gorm:"type:text;not null;check:poam_item_milestone_status IN ('planned','completed')"` + DueDate *time.Time + CompletedAt *time.Time + CreatedAt time.Time + UpdatedAt time.Time +} + +type CcfPoamItemRiskLink struct { + PoamItemID uuid.UUID `gorm:"type:uuid;not null;index:poam_item_risk_links_unique,unique"` + RiskID uuid.UUID `gorm:"type:uuid;not null;index:poam_item_risk_links_unique,unique"` +} + +func (l *CcfPoamItemRiskLink) TableName() string { + return "poam_item_risk_links" +} + +func (l *CcfPoamItemRiskLink) BeforeCreate(tx *gorm.DB) (err error) { + return nil +} diff --git a/internal/tests/migrate.go b/internal/tests/migrate.go index b8769fba..c490f0b9 100644 --- a/internal/tests/migrate.go +++ b/internal/tests/migrate.go @@ -165,6 +165,9 @@ func (t *TestMigrator) Up() error { &relational.User{}, &service.Heartbeat{}, + &relational.CcfPoamItem{}, + &relational.CcfPoamItemMilestone{}, + &relational.CcfPoamItemRiskLink{}, &relational.Evidence{}, &relational.Labels{}, &relational.SelectSubjectById{}, @@ -286,6 +289,9 @@ func (t *TestMigrator) Down() error { "result_risks", "control_selection_assessed_controls_included", "control_selection_assessed_controls_excluded", + &relational.CcfPoamItemRiskLink{}, + &relational.CcfPoamItemMilestone{}, + &relational.CcfPoamItem{}, &relational.Profile{}, &relational.Import{}, &relational.Merge{}, From 44a2f04237ba2c43606748650b66a78169f3810a Mon Sep 17 00:00:00 2001 From: akabdulhanif Date: Wed, 4 Mar 2026 10:38:48 +0000 Subject: [PATCH 13/28] docs(poam): add API design document --- docs/POAM-Design.md | 69 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 69 insertions(+) create mode 100644 docs/POAM-Design.md diff --git a/docs/POAM-Design.md b/docs/POAM-Design.md new file mode 100644 index 00000000..5f4ead0e --- /dev/null +++ b/docs/POAM-Design.md @@ -0,0 +1,69 @@ +Title: POAM Phase 1 – API Design + +Context +- Purpose: Implement Plan of Action and Milestones (POAM) foundation for Risk Register. +- Scope: CRUD for PoamItem and Milestones, optional linkage to Risks, list filters, OpenAPI docs. + +Data Model +- poam_items + - id (uuid, pk), ssp_id (uuid, not null, FK→system_security_plans.id) + - title (text), description (text) + - status (text enum: open|in-progress|completed|overdue) + - deadline (timestamptz, null), resource_required (text, null) + - poc_name/email/phone (text, null), remarks (text, null) + - created_at, updated_at + - indexes: (status), (ssp_id), (deadline) +- poam_item_milestones + - id (uuid, pk), poam_item_id (uuid, not null, FK→poam_items.id on delete cascade) + - title (text), description (text) + - status (text enum: planned|completed) + - due_date (timestamptz, null), completed_at (timestamptz, null) + - created_at, updated_at + - index: (poam_item_id) +- poam_item_risk_links + - poam_item_id (uuid, not null, FK→poam_items.id on delete cascade) + - risk_id (uuid, not null, FK→risks.id on delete cascade) + - unique: (poam_item_id, risk_id) + +OSCAL Mapping (Phase 1 alignment) +- PoamItem → oscal.poam-item: uuid/title/description, related-risks via links, CCF props (ccf:deadline, ccf:poc-name, ccf:poc-email, ccf:status). +- Milestone → oscal remediation milestone (title, description, due_date, completed_at). + +API Endpoints (/api/poam-items) +- GET /poam-items + - Filters: status, sspId, riskId (join), deadlineBefore (RFC3339) + - Returns list of items +- POST /poam-items + - Transactional create of item, optional milestones, and risk links +- GET /poam-items/{id} + - Returns item with milestones and risk links +- PUT /poam-items/{id} + - Updates mutable fields +- DELETE /poam-items/{id} + - Deletes item and cascades to milestones and links +- GET /poam-items/{id}/milestones + - Lists milestones for an item +- POST /poam-items/{id}/milestones + - Adds milestone +- PUT /poam-items/{id}/milestones/{milestoneId} + - Updates milestone; if status becomes completed, sets completed_at +- DELETE /poam-items/{id}/milestones/{milestoneId} + - Deletes milestone + +Validation & Errors +- UUID parsing for ids +- Status enums enforced at model/DB +- pocEmail basic format validation (client-side preferred; server accepts text) +- 400 for invalid input, 404 for not found, 409 for unique link violation, 500 for DB errors + +Auth & Security +- Protected by existing JWT middleware +- Scoped by sspId; align with Risk CRUD authorization + +OpenAPI +- swag annotations included in handler +- docs/swagger.(yaml|json) regenerated via `make swag` + +Testing +- Unit tests for model constraints and transactional create +- Integration tests for create/list and milestone completed_at behavior (require Docker) From 86bf0c003151dd83c7a2925f1e5a02989ac4df5c Mon Sep 17 00:00:00 2001 From: AKAbdulHanif Date: Sun, 8 Mar 2026 11:25:35 -0400 Subject: [PATCH 14/28] fix(poam): align Phase 1 implementation to Confluence authoritative design Corrects the initial Phase 1 implementation (BCH-1175) to match the Confluence v15 design document authored by Gustavo Carvalho. ## Model changes (poam_cf.go) - Rename deadline -> planned_completion_date (OSCAL-aligned) - Rename due_date -> scheduled_completion_date on milestones - Rename completed_at -> completion_date on milestones - Add lifecycle fields: source_type (enum: risk-promotion|manual|import), primary_owner_user_id, created_from_risk_id, acceptance_rationale, last_status_change_at, completed_at on PoamItem - Add order_index on CcfPoamItemMilestone - Add CcfPoamItemEvidenceLink, CcfPoamItemFindingLink, CcfPoamItemControlLink link tables (in addition to the existing risk link table) - Remove Jira-only fields: poc_name, poc_email, poc_phone, resource_required, remarks (these were ticket simplifications not in Confluence design) ## Migrator changes (migrator.go, tests/migrate.go) - Register all four link tables in both production and test migrators: CcfPoamItemRiskLink, CcfPoamItemEvidenceLink, CcfPoamItemFindingLink, CcfPoamItemControlLink ## Handler changes (poam_items.go) - Update createPoamRequest / updatePoamRequest to use Confluence field names - Add EvidenceIDs, FindingIDs, ControlRefs to create payload - Add overdueOnly and ownerRef query filters to GET /poam-items - Add link sub-resource endpoints: GET /:id/risks, /evidence, /controls, /findings - Set last_status_change_at on every status transition - Set completed_at on PoamItem when status -> completed - Rename controlRef -> poamControlRef to avoid collision with filter_import.go - Update milestone create/update to use scheduled_completion_date and completion_date field names ## Test changes (poam_items_integration_test.go) - Complete rewrite: 35 integration test cases covering - POST with minimal payload, milestones, risk links, all link types, invalid input - GET list with all filters: status, sspId, riskId, dueBefore, overdueOnly, ownerRef - GET /:id with milestone ordering and all link sets - PUT scalar fields, status->completed sets completed_at, status change sets last_status_change_at, not-found - DELETE with cascade verification across all link tables - GET/POST/PUT/DELETE milestones including completion_date auto-set - GET sub-resource link endpoints (risks, evidence, controls, findings) - Uniqueness constraint enforcement on duplicate risk links --- internal/api/handler/poam_items.go | 963 ++++++++++++------ .../handler/poam_items_integration_test.go | 835 +++++++++++++-- internal/service/migrator.go | 6 + internal/service/relational/poam_cf.go | 99 +- internal/tests/migrate.go | 6 + 5 files changed, 1492 insertions(+), 417 deletions(-) diff --git a/internal/api/handler/poam_items.go b/internal/api/handler/poam_items.go index 0d47123b..beca8b6d 100644 --- a/internal/api/handler/poam_items.go +++ b/internal/api/handler/poam_items.go @@ -1,385 +1,708 @@ package handler import ( - "net/http" - "time" +"net/http" +"time" - "github.com/compliance-framework/api/internal/api" - "github.com/compliance-framework/api/internal/service/relational" - "github.com/google/uuid" - "github.com/labstack/echo/v4" - "go.uber.org/zap" - "gorm.io/gorm" +"github.com/compliance-framework/api/internal/api" +"github.com/compliance-framework/api/internal/service/relational" +"github.com/google/uuid" +"github.com/labstack/echo/v4" +"go.uber.org/zap" +"gorm.io/gorm" ) type PoamItemsHandler struct { - db *gorm.DB - sugar *zap.SugaredLogger +db *gorm.DB +sugar *zap.SugaredLogger } func NewPoamItemsHandler(logger *zap.SugaredLogger, db *gorm.DB) *PoamItemsHandler { - return &PoamItemsHandler{db: db, sugar: logger} +return &PoamItemsHandler{db: db, sugar: logger} } func (h *PoamItemsHandler) Register(g *echo.Group) { - g.GET("", h.List) - g.POST("", h.Create) - g.GET("/:id", h.Get) - g.PUT("/:id", h.Update) - g.DELETE("/:id", h.Delete) - g.GET("/:id/milestones", h.ListMilestones) - g.POST("/:id/milestones", h.AddMilestone) - g.PUT("/:id/milestones/:milestoneId", h.UpdateMilestone) - g.DELETE("/:id/milestones/:milestoneId", h.DeleteMilestone) +g.GET("", h.List) +g.POST("", h.Create) +g.GET("/:id", h.Get) +g.PUT("/:id", h.Update) +g.DELETE("/:id", h.Delete) +g.GET("/:id/milestones", h.ListMilestones) +g.POST("/:id/milestones", h.AddMilestone) +g.PUT("/:id/milestones/:milestoneId", h.UpdateMilestone) +g.DELETE("/:id/milestones/:milestoneId", h.DeleteMilestone) +g.GET("/:id/risks", h.ListRisks) +g.GET("/:id/evidence", h.ListEvidence) +g.GET("/:id/controls", h.ListControls) +g.GET("/:id/findings", h.ListFindings) } -type createMilestone struct { - Title string `json:"title"` - Description string `json:"description"` - Status string `json:"status"` - DueDate *time.Time `json:"dueDate"` +type createMilestoneRequest struct { +Title string `json:"title"` +Description string `json:"description"` +Status string `json:"status"` +ScheduledCompletionDate *time.Time `json:"scheduledCompletionDate"` +OrderIndex int `json:"orderIndex"` } -type createPoam struct { - SspID string `json:"sspId"` - Title string `json:"title"` - Description string `json:"description"` - Status string `json:"status"` - Deadline *time.Time `json:"deadline"` - ResourceRequired *string `json:"resourceRequired"` - PocName *string `json:"pocName"` - PocEmail *string `json:"pocEmail"` - PocPhone *string `json:"pocPhone"` - Remarks *string `json:"remarks"` - RiskIDs []string `json:"riskIds"` - Milestones []createMilestone `json:"milestones"` +type poamControlRef struct { +CatalogID string `json:"catalogId"` +ControlID string `json:"controlId"` } -type PoamItemWithLinksResponse struct { - Item relational.CcfPoamItem `json:"item"` - RiskLinks []relational.CcfPoamItemRiskLink `json:"riskLinks"` +type createPoamRequest struct { +SspID string `json:"sspId"` +Title string `json:"title"` +Description string `json:"description"` +Status string `json:"status"` +PrimaryOwnerUserID *string `json:"primaryOwnerUserId"` +SourceType string `json:"sourceType"` +PlannedCompletionDate *time.Time `json:"plannedCompletionDate"` +CreatedFromRiskID *string `json:"createdFromRiskId"` +AcceptanceRationale *string `json:"acceptanceRationale"` +RiskIDs []string `json:"riskIds"` +EvidenceIDs []string `json:"evidenceIds"` +ControlRefs []poamControlRef `json:"controlRefs"` +FindingIDs []string `json:"findingIds"` +Milestones []createMilestoneRequest `json:"milestones"` +} + +type updatePoamRequest struct { +Title *string `json:"title"` +Description *string `json:"description"` +Status *string `json:"status"` +PrimaryOwnerUserID *string `json:"primaryOwnerUserId"` +PlannedCompletionDate *time.Time `json:"plannedCompletionDate"` +CompletedAt *time.Time `json:"completedAt"` +AcceptanceRationale *string `json:"acceptanceRationale"` +} + +type updateMilestoneRequest struct { +Title *string `json:"title"` +Description *string `json:"description"` +Status *string `json:"status"` +ScheduledCompletionDate *time.Time `json:"scheduledCompletionDate"` +OrderIndex *int `json:"orderIndex"` +} + +type PoamItemResponse struct { +relational.CcfPoamItem +RiskLinks []relational.CcfPoamItemRiskLink `json:"riskLinks"` +EvidenceLinks []relational.CcfPoamItemEvidenceLink `json:"evidenceLinks"` +ControlLinks []relational.CcfPoamItemControlLink `json:"controlLinks"` +FindingLinks []relational.CcfPoamItemFindingLink `json:"findingLinks"` +} + +func (h *PoamItemsHandler) itemExists(id uuid.UUID) (bool, error) { +var count int64 +err := h.db.Model(&relational.CcfPoamItem{}).Where("id = ?", id).Count(&count).Error +return count > 0, err } // Create godoc // -// @Summary Create a POAM item -// @Description Creates a POAM item with optional milestones and risk links in a single transaction. -// @Tags POAM Items -// @Accept json -// @Produce json -// @Param body body createPoam true "POAM item payload" -// @Success 201 {object} GenericDataResponse[relational.CcfPoamItem] -// @Failure 400 {object} api.Error -// @Failure 500 {object} api.Error -// @Router /poam-items [post] +//@SummaryCreate a POAM item +//@DescriptionCreates a POAM item with optional milestones and risk/evidence/control/finding links in a single transaction. +//@TagsPOAM Items +//@Acceptjson +//@Producejson +//@ParambodybodycreatePoamRequesttrue"POAM item payload" +//@Success201{object}GenericDataResponse[relational.CcfPoamItem] +//@Failure400{object}api.Error +//@Failure500{object}api.Error +//@Router/poam-items [post] func (h *PoamItemsHandler) Create(c echo.Context) error { - var in createPoam - if err := c.Bind(&in); err != nil { - return c.JSON(http.StatusBadRequest, api.NewError(err)) - } - ssp, err := uuid.Parse(in.SspID) - if err != nil { - return c.JSON(http.StatusBadRequest, api.NewError(err)) - } - item := relational.CcfPoamItem{ - ID: uuid.New(), - SspID: ssp, - Title: in.Title, - Description: in.Description, - Status: in.Status, - Deadline: in.Deadline, - ResourceRequired: in.ResourceRequired, - PocName: in.PocName, - PocEmail: in.PocEmail, - PocPhone: in.PocPhone, - Remarks: in.Remarks, - } - err = h.db.Transaction(func(tx *gorm.DB) error { - if err := tx.Create(&item).Error; err != nil { - return err - } - for _, m := range in.Milestones { - ms := relational.CcfPoamItemMilestone{ - ID: uuid.New(), - PoamItemID: item.ID, - Title: m.Title, - Description: m.Description, - Status: m.Status, - DueDate: m.DueDate, - } - if err := tx.Create(&ms).Error; err != nil { - return err - } - } - for _, rid := range in.RiskIDs { - ruuid, err := uuid.Parse(rid) - if err != nil { - return err - } - link := relational.CcfPoamItemRiskLink{PoamItemID: item.ID, RiskID: ruuid} - if err := tx.Create(&link).Error; err != nil { - return err - } - } - return nil - }) - if err != nil { - return c.JSON(http.StatusInternalServerError, api.NewError(err)) - } - return c.JSON(http.StatusCreated, GenericDataResponse[relational.CcfPoamItem]{Data: item}) +var in createPoamRequest +if err := c.Bind(&in); err != nil { +return c.JSON(http.StatusBadRequest, api.NewError(err)) +} +sspID, err := uuid.Parse(in.SspID) +if err != nil { +return c.JSON(http.StatusBadRequest, api.NewError(err)) +} +sourceType := in.SourceType +if sourceType == "" { +sourceType = "manual" +} +item := relational.CcfPoamItem{ +ID: uuid.New(), +SspID: sspID, +Title: in.Title, +Description: in.Description, +Status: in.Status, +SourceType: sourceType, +PlannedCompletionDate: in.PlannedCompletionDate, +AcceptanceRationale: in.AcceptanceRationale, +LastStatusChangeAt: time.Now().UTC(), +} +if in.PrimaryOwnerUserID != nil { +ownerID, err := uuid.Parse(*in.PrimaryOwnerUserID) +if err != nil { +return c.JSON(http.StatusBadRequest, api.NewError(err)) +} +item.PrimaryOwnerUserID = &ownerID +} +if in.CreatedFromRiskID != nil { +riskID, err := uuid.Parse(*in.CreatedFromRiskID) +if err != nil { +return c.JSON(http.StatusBadRequest, api.NewError(err)) +} +item.CreatedFromRiskID = &riskID +} +err = h.db.Transaction(func(tx *gorm.DB) error { +if err := tx.Create(&item).Error; err != nil { +return err +} +for i, m := range in.Milestones { +orderIdx := m.OrderIndex +if orderIdx == 0 { +orderIdx = i +} +ms := relational.CcfPoamItemMilestone{ +ID: uuid.New(), +PoamItemID: item.ID, +Title: m.Title, +Description: m.Description, +Status: m.Status, +ScheduledCompletionDate: m.ScheduledCompletionDate, +OrderIndex: orderIdx, +} +if err := tx.Create(&ms).Error; err != nil { +return err +} +} +for _, rid := range in.RiskIDs { +ruuid, err := uuid.Parse(rid) +if err != nil { +return err +} +if err := tx.Create(&relational.CcfPoamItemRiskLink{PoamItemID: item.ID, RiskID: ruuid}).Error; err != nil { +return err +} +} +for _, eid := range in.EvidenceIDs { +euuid, err := uuid.Parse(eid) +if err != nil { +return err +} +if err := tx.Create(&relational.CcfPoamItemEvidenceLink{PoamItemID: item.ID, EvidenceID: euuid}).Error; err != nil { +return err +} +} +for _, cr := range in.ControlRefs { +catID, err := uuid.Parse(cr.CatalogID) +if err != nil { +return err +} +if err := tx.Create(&relational.CcfPoamItemControlLink{ +PoamItemID: item.ID, +CatalogID: catID, +ControlID: cr.ControlID, +}).Error; err != nil { +return err +} +} +for _, fid := range in.FindingIDs { +fuuid, err := uuid.Parse(fid) +if err != nil { +return err +} +if err := tx.Create(&relational.CcfPoamItemFindingLink{PoamItemID: item.ID, FindingID: fuuid}).Error; err != nil { +return err +} +} +return nil +}) +if err != nil { +return c.JSON(http.StatusInternalServerError, api.NewError(err)) +} +h.db.Preload("Milestones", func(db *gorm.DB) *gorm.DB { +return db.Order("order_index ASC") +}).First(&item, "id = ?", item.ID) +return c.JSON(http.StatusCreated, GenericDataResponse[relational.CcfPoamItem]{Data: item}) } // List godoc // -// @Summary List POAM items -// @Description List POAM items filtered by status, sspId, riskId, or deadlineBefore. -// @Tags POAM Items -// @Produce json -// @Param status query string false "open|in-progress|completed|overdue" -// @Param sspId query string false "SSP UUID" -// @Param riskId query string false "Risk UUID" -// @Param deadlineBefore query string false "RFC3339 timestamp" -// @Success 200 {object} GenericDataListResponse[relational.CcfPoamItem] -// @Failure 500 {object} api.Error -// @Router /poam-items [get] +//@SummaryList POAM items +//@DescriptionList POAM items with optional filters: status, sspId, riskId, dueBefore, overdueOnly, ownerRef. +//@TagsPOAM Items +//@Producejson +//@Paramstatusquerystringfalse"open|in-progress|completed|overdue" +//@ParamsspIdquerystringfalse"SSP UUID" +//@ParamriskIdquerystringfalse"Risk UUID" +//@ParamdueBeforequerystringfalse"RFC3339 timestamp" +//@ParamoverdueOnlyqueryboolfalse"true — items past planned_completion_date" +//@ParamownerRefquerystringfalse"UUID of primary_owner_user_id" +//@Success200{object}GenericDataListResponse[relational.CcfPoamItem] +//@Failure500{object}api.Error +//@Router/poam-items [get] func (h *PoamItemsHandler) List(c echo.Context) error { - var items []relational.CcfPoamItem - q := h.db.Model(&relational.CcfPoamItem{}) - if v := c.QueryParam("status"); v != "" { - q = q.Where("status = ?", v) - } - if v := c.QueryParam("sspId"); v != "" { - if id, err := uuid.Parse(v); err == nil { - q = q.Where("ssp_id = ?", id) - } - } - if v := c.QueryParam("deadlineBefore"); v != "" { - if t, err := time.Parse(time.RFC3339, v); err == nil { - q = q.Where("deadline IS NOT NULL AND deadline < ?", t) - } - } - if v := c.QueryParam("riskId"); v != "" { - if id, err := uuid.Parse(v); err == nil { - q = q.Joins("JOIN poam_item_risk_links l ON l.poam_item_id = ccf_poam_items.id AND l.risk_id = ?", id) - } - } - if err := q.Find(&items).Error; err != nil { - return c.JSON(http.StatusInternalServerError, api.NewError(err)) - } - return c.JSON(http.StatusOK, GenericDataListResponse[relational.CcfPoamItem]{Data: items}) +var items []relational.CcfPoamItem +q := h.db.Model(&relational.CcfPoamItem{}) +if v := c.QueryParam("status"); v != "" { +q = q.Where("status = ?", v) +} +if v := c.QueryParam("sspId"); v != "" { +if id, err := uuid.Parse(v); err == nil { +q = q.Where("ssp_id = ?", id) +} +} +if v := c.QueryParam("ownerRef"); v != "" { +if id, err := uuid.Parse(v); err == nil { +q = q.Where("primary_owner_user_id = ?", id) +} +} +if v := c.QueryParam("dueBefore"); v != "" { +if t, err := time.Parse(time.RFC3339, v); err == nil { +q = q.Where("planned_completion_date IS NOT NULL AND planned_completion_date < ?", t) +} +} +if c.QueryParam("overdueOnly") == "true" { +now := time.Now().UTC() +q = q.Where("status IN ('open','in-progress') AND planned_completion_date IS NOT NULL AND planned_completion_date < ?", now) +} +if v := c.QueryParam("riskId"); v != "" { +if id, err := uuid.Parse(v); err == nil { +q = q.Joins("JOIN ccf_poam_item_risk_links rl ON rl.poam_item_id = ccf_poam_items.id AND rl.risk_id = ?", id) +} +} +if err := q.Find(&items).Error; err != nil { +return c.JSON(http.StatusInternalServerError, api.NewError(err)) +} +return c.JSON(http.StatusOK, GenericDataListResponse[relational.CcfPoamItem]{Data: items}) } // Get godoc // -// @Summary Get POAM item -// @Description Get a POAM item with its milestones and risk links. -// @Tags POAM Items -// @Produce json -// @Param id path string true "POAM item ID" -// @Success 200 {object} GenericDataResponse[PoamItemWithLinksResponse] -// @Failure 400 {object} api.Error -// @Failure 404 {object} api.Error -// @Failure 500 {object} api.Error -// @Router /poam-items/{id} [get] +//@SummaryGet POAM item +//@DescriptionGet a single POAM item with its milestones and all link sets. +//@TagsPOAM Items +//@Producejson +//@Paramidpathstringtrue"POAM item ID" +//@Success200{object}GenericDataResponse[PoamItemResponse] +//@Failure400{object}api.Error +//@Failure404{object}api.Error +//@Router/poam-items/{id} [get] func (h *PoamItemsHandler) Get(c echo.Context) error { - id, err := uuid.Parse(c.Param("id")) - if err != nil { - return c.JSON(http.StatusBadRequest, api.NewError(err)) - } - var item relational.CcfPoamItem - if err := h.db.Preload("Milestones").First(&item, "id = ?", id).Error; err != nil { - return c.JSON(http.StatusNotFound, api.NewError(err)) - } - var links []relational.CcfPoamItemRiskLink - _ = h.db.Where("poam_item_id = ?", id).Find(&links).Error - return c.JSON(http.StatusOK, GenericDataResponse[PoamItemWithLinksResponse]{Data: PoamItemWithLinksResponse{Item: item, RiskLinks: links}}) +id, err := uuid.Parse(c.Param("id")) +if err != nil { +return c.JSON(http.StatusBadRequest, api.NewError(err)) +} +var item relational.CcfPoamItem +if err := h.db.Preload("Milestones", func(db *gorm.DB) *gorm.DB { +return db.Order("order_index ASC") +}).First(&item, "id = ?", id).Error; err != nil { +return c.JSON(http.StatusNotFound, api.NewError(err)) +} +var riskLinks []relational.CcfPoamItemRiskLink +h.db.Where("poam_item_id = ?", id).Find(&riskLinks) +var evidenceLinks []relational.CcfPoamItemEvidenceLink +h.db.Where("poam_item_id = ?", id).Find(&evidenceLinks) +var controlLinks []relational.CcfPoamItemControlLink +h.db.Where("poam_item_id = ?", id).Find(&controlLinks) +var findingLinks []relational.CcfPoamItemFindingLink +h.db.Where("poam_item_id = ?", id).Find(&findingLinks) +resp := PoamItemResponse{ +CcfPoamItem: item, +RiskLinks: riskLinks, +EvidenceLinks: evidenceLinks, +ControlLinks: controlLinks, +FindingLinks: findingLinks, +} +return c.JSON(http.StatusOK, GenericDataResponse[PoamItemResponse]{Data: resp}) } // Update godoc // -// @Summary Update POAM item -// @Description Updates mutable fields of a POAM item. -// @Tags POAM Items -// @Accept json -// @Produce json -// @Param id path string true "POAM item ID" -// @Param body body map[string]interface{} true "Fields to update" -// @Success 200 {object} GenericDataResponse[relational.CcfPoamItem] -// @Failure 400 {object} api.Error -// @Failure 500 {object} api.Error -// @Router /poam-items/{id} [put] +//@SummaryUpdate POAM item +//@DescriptionUpdate scalar fields of a POAM item. Setting status to 'completed' automatically sets completed_at. +//@TagsPOAM Items +//@Acceptjson +//@Producejson +//@Paramidpathstringtrue"POAM item ID" +//@ParambodybodyupdatePoamRequesttrue"Fields to update" +//@Success200{object}GenericDataResponse[relational.CcfPoamItem] +//@Failure400{object}api.Error +//@Failure404{object}api.Error +//@Failure500{object}api.Error +//@Router/poam-items/{id} [put] func (h *PoamItemsHandler) Update(c echo.Context) error { - id, err := uuid.Parse(c.Param("id")) - if err != nil { - return c.JSON(http.StatusBadRequest, api.NewError(err)) - } - var in map[string]interface{} - if err := c.Bind(&in); err != nil { - return c.JSON(http.StatusBadRequest, api.NewError(err)) - } - delete(in, "id") - delete(in, "milestones") - delete(in, "riskIds") - if err := h.db.Model(&relational.CcfPoamItem{}).Where("id = ?", id).Updates(in).Error; err != nil { - return c.JSON(http.StatusInternalServerError, api.NewError(err)) - } - var out relational.CcfPoamItem - _ = h.db.First(&out, "id = ?", id).Error - return c.JSON(http.StatusOK, GenericDataResponse[relational.CcfPoamItem]{Data: out}) +id, err := uuid.Parse(c.Param("id")) +if err != nil { +return c.JSON(http.StatusBadRequest, api.NewError(err)) +} +exists, err := h.itemExists(id) +if err != nil { +return c.JSON(http.StatusInternalServerError, api.NewError(err)) +} +if !exists { +return c.JSON(http.StatusNotFound, api.NewError(gorm.ErrRecordNotFound)) +} +var in updatePoamRequest +if err := c.Bind(&in); err != nil { +return c.JSON(http.StatusBadRequest, api.NewError(err)) +} +updates := map[string]interface{}{} +if in.Title != nil { +updates["title"] = *in.Title +} +if in.Description != nil { +updates["description"] = *in.Description +} +if in.Status != nil { +updates["status"] = *in.Status +updates["last_status_change_at"] = time.Now().UTC() +if *in.Status == "completed" { +now := time.Now().UTC() +updates["completed_at"] = &now +} +} +if in.PrimaryOwnerUserID != nil { +ownerID, err := uuid.Parse(*in.PrimaryOwnerUserID) +if err != nil { +return c.JSON(http.StatusBadRequest, api.NewError(err)) +} +updates["primary_owner_user_id"] = ownerID +} +if in.PlannedCompletionDate != nil { +updates["planned_completion_date"] = in.PlannedCompletionDate +} +if in.CompletedAt != nil { +updates["completed_at"] = in.CompletedAt +} +if in.AcceptanceRationale != nil { +updates["acceptance_rationale"] = *in.AcceptanceRationale +} +if err := h.db.Model(&relational.CcfPoamItem{}).Where("id = ?", id).Updates(updates).Error; err != nil { +return c.JSON(http.StatusInternalServerError, api.NewError(err)) +} +var out relational.CcfPoamItem +h.db.Preload("Milestones", func(db *gorm.DB) *gorm.DB { +return db.Order("order_index ASC") +}).First(&out, "id = ?", id) +return c.JSON(http.StatusOK, GenericDataResponse[relational.CcfPoamItem]{Data: out}) } // Delete godoc // -// @Summary Delete POAM item -// @Description Deletes a POAM item and cascades to milestones and risk links. -// @Tags POAM Items -// @Produce json -// @Param id path string true "POAM item ID" -// @Success 204 {string} string "no content" -// @Failure 400 {object} api.Error -// @Failure 500 {object} api.Error -// @Router /poam-items/{id} [delete] +//@SummaryDelete POAM item +//@DescriptionDelete a POAM item and cascade-delete its milestones and all link records. +//@TagsPOAM Items +//@Paramidpathstringtrue"POAM item ID" +//@Success204"No Content" +//@Failure400{object}api.Error +//@Failure404{object}api.Error +//@Failure500{object}api.Error +//@Router/poam-items/{id} [delete] func (h *PoamItemsHandler) Delete(c echo.Context) error { - id, err := uuid.Parse(c.Param("id")) - if err != nil { - return c.JSON(http.StatusBadRequest, api.NewError(err)) - } - err = h.db.Transaction(func(tx *gorm.DB) error { - if err := tx.Where("poam_item_id = ?", id).Delete(&relational.CcfPoamItemRiskLink{}).Error; err != nil { - return err - } - if err := tx.Where("poam_item_id = ?", id).Delete(&relational.CcfPoamItemMilestone{}).Error; err != nil { - return err - } - return tx.Delete(&relational.CcfPoamItem{}, "id = ?", id).Error - }) - if err != nil { - return c.JSON(http.StatusInternalServerError, api.NewError(err)) - } - return c.NoContent(http.StatusNoContent) +id, err := uuid.Parse(c.Param("id")) +if err != nil { +return c.JSON(http.StatusBadRequest, api.NewError(err)) +} +exists, err := h.itemExists(id) +if err != nil { +return c.JSON(http.StatusInternalServerError, api.NewError(err)) +} +if !exists { +return c.JSON(http.StatusNotFound, api.NewError(gorm.ErrRecordNotFound)) +} +err = h.db.Transaction(func(tx *gorm.DB) error { +if err := tx.Where("poam_item_id = ?", id).Delete(&relational.CcfPoamItemRiskLink{}).Error; err != nil { +return err +} +if err := tx.Where("poam_item_id = ?", id).Delete(&relational.CcfPoamItemEvidenceLink{}).Error; err != nil { +return err +} +if err := tx.Where("poam_item_id = ?", id).Delete(&relational.CcfPoamItemControlLink{}).Error; err != nil { +return err +} +if err := tx.Where("poam_item_id = ?", id).Delete(&relational.CcfPoamItemFindingLink{}).Error; err != nil { +return err +} +if err := tx.Where("poam_item_id = ?", id).Delete(&relational.CcfPoamItemMilestone{}).Error; err != nil { +return err +} +return tx.Delete(&relational.CcfPoamItem{}, "id = ?", id).Error +}) +if err != nil { +return c.JSON(http.StatusInternalServerError, api.NewError(err)) +} +return c.NoContent(http.StatusNoContent) } // ListMilestones godoc // -// @Summary List milestones -// @Description List all milestones for a POAM item. -// @Tags POAM Items -// @Produce json -// @Param id path string true "POAM item ID" -// @Success 200 {object} GenericDataListResponse[relational.CcfPoamItemMilestone] -// @Failure 400 {object} api.Error -// @Failure 500 {object} api.Error -// @Router /poam-items/{id}/milestones [get] +//@SummaryList milestones +//@DescriptionList all milestones for a POAM item, ordered by order_index. +//@TagsPOAM Items +//@Producejson +//@Paramidpathstringtrue"POAM item ID" +//@Success200{object}GenericDataListResponse[relational.CcfPoamItemMilestone] +//@Failure400{object}api.Error +//@Failure404{object}api.Error +//@Failure500{object}api.Error +//@Router/poam-items/{id}/milestones [get] func (h *PoamItemsHandler) ListMilestones(c echo.Context) error { - id, err := uuid.Parse(c.Param("id")) - if err != nil { - return c.JSON(http.StatusBadRequest, api.NewError(err)) - } - var ms []relational.CcfPoamItemMilestone - if err := h.db.Where("poam_item_id = ?", id).Find(&ms).Error; err != nil { - return c.JSON(http.StatusInternalServerError, api.NewError(err)) - } - return c.JSON(http.StatusOK, GenericDataListResponse[relational.CcfPoamItemMilestone]{Data: ms}) +id, err := uuid.Parse(c.Param("id")) +if err != nil { +return c.JSON(http.StatusBadRequest, api.NewError(err)) +} +exists, err := h.itemExists(id) +if err != nil { +return c.JSON(http.StatusInternalServerError, api.NewError(err)) +} +if !exists { +return c.JSON(http.StatusNotFound, api.NewError(gorm.ErrRecordNotFound)) +} +var ms []relational.CcfPoamItemMilestone +if err := h.db.Where("poam_item_id = ?", id).Order("order_index ASC").Find(&ms).Error; err != nil { +return c.JSON(http.StatusInternalServerError, api.NewError(err)) +} +return c.JSON(http.StatusOK, GenericDataListResponse[relational.CcfPoamItemMilestone]{Data: ms}) } // AddMilestone godoc // -// @Summary Add milestone -// @Description Add a milestone to a POAM item. -// @Tags POAM Items -// @Accept json -// @Produce json -// @Param id path string true "POAM item ID" -// @Param body body createMilestone true "Milestone payload" -// @Success 201 {object} GenericDataResponse[relational.CcfPoamItemMilestone] -// @Failure 400 {object} api.Error -// @Failure 500 {object} api.Error -// @Router /poam-items/{id}/milestones [post] +//@SummaryAdd milestone +//@DescriptionAdd a milestone to a POAM item. +//@TagsPOAM Items +//@Acceptjson +//@Producejson +//@Paramidpathstringtrue"POAM item ID" +//@ParambodybodycreateMilestoneRequesttrue"Milestone payload" +//@Success201{object}GenericDataResponse[relational.CcfPoamItemMilestone] +//@Failure400{object}api.Error +//@Failure404{object}api.Error +//@Failure500{object}api.Error +//@Router/poam-items/{id}/milestones [post] func (h *PoamItemsHandler) AddMilestone(c echo.Context) error { - id, err := uuid.Parse(c.Param("id")) - if err != nil { - return c.JSON(http.StatusBadRequest, api.NewError(err)) - } - var in createMilestone - if err := c.Bind(&in); err != nil { - return c.JSON(http.StatusBadRequest, api.NewError(err)) - } - m := relational.CcfPoamItemMilestone{ - ID: uuid.New(), - PoamItemID: id, - Title: in.Title, - Description: in.Description, - Status: in.Status, - DueDate: in.DueDate, - } - if err := h.db.Create(&m).Error; err != nil { - return c.JSON(http.StatusInternalServerError, api.NewError(err)) - } - return c.JSON(http.StatusCreated, GenericDataResponse[relational.CcfPoamItemMilestone]{Data: m}) +id, err := uuid.Parse(c.Param("id")) +if err != nil { +return c.JSON(http.StatusBadRequest, api.NewError(err)) +} +exists, err := h.itemExists(id) +if err != nil { +return c.JSON(http.StatusInternalServerError, api.NewError(err)) +} +if !exists { +return c.JSON(http.StatusNotFound, api.NewError(gorm.ErrRecordNotFound)) +} +var in createMilestoneRequest +if err := c.Bind(&in); err != nil { +return c.JSON(http.StatusBadRequest, api.NewError(err)) +} +m := relational.CcfPoamItemMilestone{ +ID: uuid.New(), +PoamItemID: id, +Title: in.Title, +Description: in.Description, +Status: in.Status, +ScheduledCompletionDate: in.ScheduledCompletionDate, +OrderIndex: in.OrderIndex, +} +if err := h.db.Create(&m).Error; err != nil { +return c.JSON(http.StatusInternalServerError, api.NewError(err)) +} +return c.JSON(http.StatusCreated, GenericDataResponse[relational.CcfPoamItemMilestone]{Data: m}) } // UpdateMilestone godoc // -// @Summary Update milestone -// @Description Update milestone fields; when status becomes completed, sets completed_at. -// @Tags POAM Items -// @Accept json -// @Produce json -// @Param id path string true "POAM item ID" -// @Param milestoneId path string true "Milestone ID" -// @Param body body map[string]interface{} true "Fields to update" -// @Success 200 {object} GenericDataResponse[relational.CcfPoamItemMilestone] -// @Failure 400 {object} api.Error -// @Failure 500 {object} api.Error -// @Router /poam-items/{id}/milestones/{milestoneId} [put] +//@SummaryUpdate milestone +//@DescriptionUpdate milestone fields. When status becomes 'completed', completion_date is set automatically. +//@TagsPOAM Items +//@Acceptjson +//@Producejson +//@Paramidpathstringtrue"POAM item ID" +//@ParammilestoneIdpathstringtrue"Milestone ID" +//@ParambodybodyupdateMilestoneRequesttrue"Fields to update" +//@Success200{object}GenericDataResponse[relational.CcfPoamItemMilestone] +//@Failure400{object}api.Error +//@Failure404{object}api.Error +//@Failure500{object}api.Error +//@Router/poam-items/{id}/milestones/{milestoneId} [put] func (h *PoamItemsHandler) UpdateMilestone(c echo.Context) error { - id, err := uuid.Parse(c.Param("id")) - if err != nil { - return c.JSON(http.StatusBadRequest, api.NewError(err)) - } - mid, err := uuid.Parse(c.Param("milestoneId")) - if err != nil { - return c.JSON(http.StatusBadRequest, api.NewError(err)) - } - var in map[string]interface{} - if err := c.Bind(&in); err != nil { - return c.JSON(http.StatusBadRequest, api.NewError(err)) - } - if v, ok := in["status"]; ok && v == "completed" { - now := time.Now().UTC() - in["completed_at"] = &now - } - if err := h.db.Model(&relational.CcfPoamItemMilestone{}).Where("poam_item_id = ? AND id = ?", id, mid).Updates(in).Error; err != nil { - return c.JSON(http.StatusInternalServerError, api.NewError(err)) - } - var out relational.CcfPoamItemMilestone - _ = h.db.First(&out, "id = ?", mid).Error - return c.JSON(http.StatusOK, GenericDataResponse[relational.CcfPoamItemMilestone]{Data: out}) +id, err := uuid.Parse(c.Param("id")) +if err != nil { +return c.JSON(http.StatusBadRequest, api.NewError(err)) +} +mid, err := uuid.Parse(c.Param("milestoneId")) +if err != nil { +return c.JSON(http.StatusBadRequest, api.NewError(err)) +} +var in updateMilestoneRequest +if err := c.Bind(&in); err != nil { +return c.JSON(http.StatusBadRequest, api.NewError(err)) +} +updates := map[string]interface{}{} +if in.Title != nil { +updates["title"] = *in.Title +} +if in.Description != nil { +updates["description"] = *in.Description +} +if in.Status != nil { +updates["status"] = *in.Status +if *in.Status == "completed" { +now := time.Now().UTC() +updates["completion_date"] = &now +} +} +if in.ScheduledCompletionDate != nil { +updates["scheduled_completion_date"] = in.ScheduledCompletionDate +} +if in.OrderIndex != nil { +updates["order_index"] = *in.OrderIndex +} +result := h.db.Model(&relational.CcfPoamItemMilestone{}). +Where("poam_item_id = ? AND id = ?", id, mid). +Updates(updates) +if result.Error != nil { +return c.JSON(http.StatusInternalServerError, api.NewError(result.Error)) +} +if result.RowsAffected == 0 { +return c.JSON(http.StatusNotFound, api.NewError(gorm.ErrRecordNotFound)) +} +var out relational.CcfPoamItemMilestone +h.db.First(&out, "id = ?", mid) +return c.JSON(http.StatusOK, GenericDataResponse[relational.CcfPoamItemMilestone]{Data: out}) } // DeleteMilestone godoc // -// @Summary Delete milestone -// @Description Delete a milestone from a POAM item. -// @Tags POAM Items -// @Produce json -// @Param id path string true "POAM item ID" -// @Param milestoneId path string true "Milestone ID" -// @Success 204 {string} string "no content" -// @Failure 400 {object} api.Error -// @Failure 500 {object} api.Error -// @Router /poam-items/{id}/milestones/{milestoneId} [delete] +//@SummaryDelete milestone +//@TagsPOAM Items +//@Paramidpathstringtrue"POAM item ID" +//@ParammilestoneIdpathstringtrue"Milestone ID" +//@Success204"No Content" +//@Failure400{object}api.Error +//@Failure404{object}api.Error +//@Failure500{object}api.Error +//@Router/poam-items/{id}/milestones/{milestoneId} [delete] func (h *PoamItemsHandler) DeleteMilestone(c echo.Context) error { - id, err := uuid.Parse(c.Param("id")) - if err != nil { - return c.JSON(http.StatusBadRequest, api.NewError(err)) - } - mid, err := uuid.Parse(c.Param("milestoneId")) - if err != nil { - return c.JSON(http.StatusBadRequest, api.NewError(err)) - } - if err := h.db.Where("poam_item_id = ? AND id = ?", id, mid).Delete(&relational.CcfPoamItemMilestone{}).Error; err != nil { - return c.JSON(http.StatusInternalServerError, api.NewError(err)) - } - return c.NoContent(http.StatusNoContent) +id, err := uuid.Parse(c.Param("id")) +if err != nil { +return c.JSON(http.StatusBadRequest, api.NewError(err)) +} +mid, err := uuid.Parse(c.Param("milestoneId")) +if err != nil { +return c.JSON(http.StatusBadRequest, api.NewError(err)) +} +result := h.db.Where("poam_item_id = ? AND id = ?", id, mid).Delete(&relational.CcfPoamItemMilestone{}) +if result.Error != nil { +return c.JSON(http.StatusInternalServerError, api.NewError(result.Error)) +} +if result.RowsAffected == 0 { +return c.JSON(http.StatusNotFound, api.NewError(gorm.ErrRecordNotFound)) +} +return c.NoContent(http.StatusNoContent) +} + +// ListRisks godoc +// +//@SummaryList linked risks +//@TagsPOAM Items +//@Producejson +//@Paramidpathstringtrue"POAM item ID" +//@Success200{object}GenericDataListResponse[relational.CcfPoamItemRiskLink] +//@Failure400{object}api.Error +//@Failure404{object}api.Error +//@Router/poam-items/{id}/risks [get] +func (h *PoamItemsHandler) ListRisks(c echo.Context) error { +id, err := uuid.Parse(c.Param("id")) +if err != nil { +return c.JSON(http.StatusBadRequest, api.NewError(err)) +} +exists, err := h.itemExists(id) +if err != nil { +return c.JSON(http.StatusInternalServerError, api.NewError(err)) +} +if !exists { +return c.JSON(http.StatusNotFound, api.NewError(gorm.ErrRecordNotFound)) +} +var links []relational.CcfPoamItemRiskLink +h.db.Where("poam_item_id = ?", id).Find(&links) +return c.JSON(http.StatusOK, GenericDataListResponse[relational.CcfPoamItemRiskLink]{Data: links}) +} + +// ListEvidence godoc +// +//@SummaryList linked evidence +//@TagsPOAM Items +//@Producejson +//@Paramidpathstringtrue"POAM item ID" +//@Success200{object}GenericDataListResponse[relational.CcfPoamItemEvidenceLink] +//@Failure400{object}api.Error +//@Failure404{object}api.Error +//@Router/poam-items/{id}/evidence [get] +func (h *PoamItemsHandler) ListEvidence(c echo.Context) error { +id, err := uuid.Parse(c.Param("id")) +if err != nil { +return c.JSON(http.StatusBadRequest, api.NewError(err)) +} +exists, err := h.itemExists(id) +if err != nil { +return c.JSON(http.StatusInternalServerError, api.NewError(err)) +} +if !exists { +return c.JSON(http.StatusNotFound, api.NewError(gorm.ErrRecordNotFound)) +} +var links []relational.CcfPoamItemEvidenceLink +h.db.Where("poam_item_id = ?", id).Find(&links) +return c.JSON(http.StatusOK, GenericDataListResponse[relational.CcfPoamItemEvidenceLink]{Data: links}) +} + +// ListControls godoc +// +//@SummaryList linked controls +//@TagsPOAM Items +//@Producejson +//@Paramidpathstringtrue"POAM item ID" +//@Success200{object}GenericDataListResponse[relational.CcfPoamItemControlLink] +//@Failure400{object}api.Error +//@Failure404{object}api.Error +//@Router/poam-items/{id}/controls [get] +func (h *PoamItemsHandler) ListControls(c echo.Context) error { +id, err := uuid.Parse(c.Param("id")) +if err != nil { +return c.JSON(http.StatusBadRequest, api.NewError(err)) +} +exists, err := h.itemExists(id) +if err != nil { +return c.JSON(http.StatusInternalServerError, api.NewError(err)) +} +if !exists { +return c.JSON(http.StatusNotFound, api.NewError(gorm.ErrRecordNotFound)) +} +var links []relational.CcfPoamItemControlLink +h.db.Where("poam_item_id = ?", id).Find(&links) +return c.JSON(http.StatusOK, GenericDataListResponse[relational.CcfPoamItemControlLink]{Data: links}) +} + +// ListFindings godoc +// +//@SummaryList linked findings +//@TagsPOAM Items +//@Producejson +//@Paramidpathstringtrue"POAM item ID" +//@Success200{object}GenericDataListResponse[relational.CcfPoamItemFindingLink] +//@Failure400{object}api.Error +//@Failure404{object}api.Error +//@Router/poam-items/{id}/findings [get] +func (h *PoamItemsHandler) ListFindings(c echo.Context) error { +id, err := uuid.Parse(c.Param("id")) +if err != nil { +return c.JSON(http.StatusBadRequest, api.NewError(err)) +} +exists, err := h.itemExists(id) +if err != nil { +return c.JSON(http.StatusInternalServerError, api.NewError(err)) +} +if !exists { +return c.JSON(http.StatusNotFound, api.NewError(gorm.ErrRecordNotFound)) +} +var links []relational.CcfPoamItemFindingLink +h.db.Where("poam_item_id = ?", id).Find(&links) +return c.JSON(http.StatusOK, GenericDataListResponse[relational.CcfPoamItemFindingLink]{Data: links}) } diff --git a/internal/api/handler/poam_items_integration_test.go b/internal/api/handler/poam_items_integration_test.go index 8dd4d5c8..6629317f 100644 --- a/internal/api/handler/poam_items_integration_test.go +++ b/internal/api/handler/poam_items_integration_test.go @@ -4,8 +4,9 @@ package handler import ( "bytes" - "encoding/json" "context" + "encoding/json" + "fmt" "net/http" "net/http/httptest" "testing" @@ -16,100 +17,798 @@ import ( "github.com/compliance-framework/api/internal/tests" "github.com/google/uuid" "github.com/labstack/echo/v4" - "github.com/stretchr/testify/require" + "github.com/stretchr/testify/assert" "github.com/stretchr/testify/suite" "go.uber.org/zap" ) -type PoamItemsIntegrationSuite struct { - tests.IntegrationTestSuite -} +// --------------------------------------------------------------------------- +// Suite bootstrap +// --------------------------------------------------------------------------- func TestPoamItemsApi(t *testing.T) { - suite.Run(t, new(PoamItemsIntegrationSuite)) + suite.Run(t, new(PoamItemsApiIntegrationSuite)) } -func (suite *PoamItemsIntegrationSuite) SetupTest() { - err := suite.Migrator.Refresh() - require.NoError(suite.T(), err) +type PoamItemsApiIntegrationSuite struct { + tests.IntegrationTestSuite } -func (suite *PoamItemsIntegrationSuite) TestCreateAndList() { - // Seed minimal SSP and Risk if required by FK constraints; assume risk exists or FK is deferred in tests +func (suite *PoamItemsApiIntegrationSuite) newServer() *api.Server { logger, _ := zap.NewDevelopment() metrics := api.NewMetricsHandler(context.Background(), logger.Sugar()) server := api.NewServer(context.Background(), logger.Sugar(), suite.Config, metrics) RegisterHandlers(server, logger.Sugar(), suite.DB, suite.Config, nil, nil) - e := server.E() - - sspID := uuid.New() - // Insert a placeholder SSP to satisfy FK if needed - _ = suite.DB.Exec("INSERT INTO system_security_plans (id, title, version) VALUES (?, 'Test SSP', '1.0')", sspID).Error - - deadline := time.Now().Add(30 * 24 * time.Hour).UTC() - reqBody := map[string]any{ - "sspId": sspID.String(), - "title": "Remediate missing secret scanning", - "description": "Enable scanning across all repos", - "status": "open", - "deadline": deadline.Format(time.RFC3339), - "resourceRequired": "2 engineer days", - "pocName": "Jane Smith", - "pocEmail": "jane@example.com", - "milestones": []map[string]any{ - { - "title": "Enable secret scanning in all repos", - "description": "Turn on org policy", - "status": "planned", - }, + return server +} + +func (suite *PoamItemsApiIntegrationSuite) seedItem(sspID uuid.UUID, title, status string) relational.CcfPoamItem { + item := relational.CcfPoamItem{ + ID: uuid.New(), + SspID: sspID, + Title: title, + Description: "seeded for test", + Status: status, + SourceType: "manual", + LastStatusChangeAt: time.Now().UTC(), + } + suite.Require().NoError(suite.DB.Create(&item).Error) + return item +} + +func (suite *PoamItemsApiIntegrationSuite) seedMilestone(poamID uuid.UUID, title, status string, orderIdx int) relational.CcfPoamItemMilestone { + m := relational.CcfPoamItemMilestone{ + ID: uuid.New(), + PoamItemID: poamID, + Title: title, + Status: status, + OrderIndex: orderIdx, + } + suite.Require().NoError(suite.DB.Create(&m).Error) + return m +} + +// --------------------------------------------------------------------------- +// POST /poam-items +// --------------------------------------------------------------------------- + +func (suite *PoamItemsApiIntegrationSuite) TestCreate_MinimalPayload() { + suite.Require().NoError(suite.Migrator.Refresh()) + sspID := uuid.New() + body := createPoamRequest{ + SspID: sspID.String(), + Title: "Remediate secret scanning", + Description: "Enable secret scanning across all repos", + Status: "open", + } + raw, _ := json.Marshal(body) + rec := httptest.NewRecorder() + req := httptest.NewRequest(http.MethodPost, "/api/poam-items", bytes.NewReader(raw)) + req.Header.Set(echo.HeaderContentType, echo.MIMEApplicationJSON) + suite.newServer().E().ServeHTTP(rec, req) + assert.Equal(suite.T(), http.StatusCreated, rec.Code) + var resp GenericDataResponse[relational.CcfPoamItem] + suite.Require().NoError(json.Unmarshal(rec.Body.Bytes(), &resp)) + assert.Equal(suite.T(), "Remediate secret scanning", resp.Data.Title) + assert.Equal(suite.T(), "open", resp.Data.Status) + assert.Equal(suite.T(), "manual", resp.Data.SourceType) + assert.NotEqual(suite.T(), uuid.Nil, resp.Data.ID) +} + +func (suite *PoamItemsApiIntegrationSuite) TestCreate_WithMilestonesAndLinks() { + suite.Require().NoError(suite.Migrator.Refresh()) + sspID := uuid.New() + due := time.Now().Add(30 * 24 * time.Hour).UTC().Truncate(time.Second) + body := createPoamRequest{ + SspID: sspID.String(), + Title: "Patch OS vulnerabilities", + Description: "Apply all critical OS patches", + Status: "open", + SourceType: "risk-promotion", + Milestones: []createMilestoneRequest{ + {Title: "Patch staging", Status: "planned", ScheduledCompletionDate: &due, OrderIndex: 0}, + {Title: "Patch production", Status: "planned", OrderIndex: 1}, }, } - b, _ := json.Marshal(reqBody) - req := httptest.NewRequest(http.MethodPost, "/api/poam-items", bytes.NewReader(b)) + raw, _ := json.Marshal(body) + rec := httptest.NewRecorder() + req := httptest.NewRequest(http.MethodPost, "/api/poam-items", bytes.NewReader(raw)) + req.Header.Set(echo.HeaderContentType, echo.MIMEApplicationJSON) + suite.newServer().E().ServeHTTP(rec, req) + assert.Equal(suite.T(), http.StatusCreated, rec.Code) + var resp GenericDataResponse[relational.CcfPoamItem] + suite.Require().NoError(json.Unmarshal(rec.Body.Bytes(), &resp)) + assert.Equal(suite.T(), "risk-promotion", resp.Data.SourceType) + assert.Len(suite.T(), resp.Data.Milestones, 2) + assert.Equal(suite.T(), "Patch staging", resp.Data.Milestones[0].Title) + assert.Equal(suite.T(), "Patch production", resp.Data.Milestones[1].Title) +} + +func (suite *PoamItemsApiIntegrationSuite) TestCreate_WithRiskLinks() { + suite.Require().NoError(suite.Migrator.Refresh()) + sspID := uuid.New() + riskID := uuid.New() + body := createPoamRequest{ + SspID: sspID.String(), + Title: "Linked to risk", + Description: "POAM item linked to a risk", + Status: "open", + RiskIDs: []string{riskID.String()}, + } + raw, _ := json.Marshal(body) + rec := httptest.NewRecorder() + req := httptest.NewRequest(http.MethodPost, "/api/poam-items", bytes.NewReader(raw)) req.Header.Set(echo.HeaderContentType, echo.MIMEApplicationJSON) + suite.newServer().E().ServeHTTP(rec, req) + assert.Equal(suite.T(), http.StatusCreated, rec.Code) + var resp GenericDataResponse[relational.CcfPoamItem] + suite.Require().NoError(json.Unmarshal(rec.Body.Bytes(), &resp)) + var links []relational.CcfPoamItemRiskLink + suite.Require().NoError(suite.DB.Where("poam_item_id = ?", resp.Data.ID).Find(&links).Error) + assert.Len(suite.T(), links, 1) + assert.Equal(suite.T(), riskID, links[0].RiskID) +} + +func (suite *PoamItemsApiIntegrationSuite) TestCreate_WithAllLinkTypes() { + suite.Require().NoError(suite.Migrator.Refresh()) + sspID := uuid.New() + riskID := uuid.New() + evidenceID := uuid.New() + findingID := uuid.New() + catalogID := uuid.New() + body := createPoamRequest{ + SspID: sspID.String(), + Title: "Full link test", + Description: "POAM item with all link types", + Status: "open", + RiskIDs: []string{riskID.String()}, + EvidenceIDs: []string{evidenceID.String()}, + FindingIDs: []string{findingID.String()}, + ControlRefs: []controlRef{{CatalogID: catalogID.String(), ControlID: "AC-1"}}, + } + raw, _ := json.Marshal(body) rec := httptest.NewRecorder() - e.ServeHTTP(rec, req) - require.Equal(suite.T(), http.StatusCreated, rec.Code) + req := httptest.NewRequest(http.MethodPost, "/api/poam-items", bytes.NewReader(raw)) + req.Header.Set(echo.HeaderContentType, echo.MIMEApplicationJSON) + suite.newServer().E().ServeHTTP(rec, req) + assert.Equal(suite.T(), http.StatusCreated, rec.Code) + var resp GenericDataResponse[relational.CcfPoamItem] + suite.Require().NoError(json.Unmarshal(rec.Body.Bytes(), &resp)) + itemID := resp.Data.ID + var riskLinks []relational.CcfPoamItemRiskLink + suite.DB.Where("poam_item_id = ?", itemID).Find(&riskLinks) + assert.Len(suite.T(), riskLinks, 1) + var evidenceLinks []relational.CcfPoamItemEvidenceLink + suite.DB.Where("poam_item_id = ?", itemID).Find(&evidenceLinks) + assert.Len(suite.T(), evidenceLinks, 1) + var findingLinks []relational.CcfPoamItemFindingLink + suite.DB.Where("poam_item_id = ?", itemID).Find(&findingLinks) + assert.Len(suite.T(), findingLinks, 1) + var controlLinks []relational.CcfPoamItemControlLink + suite.DB.Where("poam_item_id = ?", itemID).Find(&controlLinks) + assert.Len(suite.T(), controlLinks, 1) + assert.Equal(suite.T(), "AC-1", controlLinks[0].ControlID) +} - // List by status filter - req2 := httptest.NewRequest(http.MethodGet, "/api/poam-items?status=open", nil) - rec2 := httptest.NewRecorder() - e.ServeHTTP(rec2, req2) - require.Equal(suite.T(), http.StatusOK, rec2.Code) +func (suite *PoamItemsApiIntegrationSuite) TestCreate_InvalidSspID() { + suite.Require().NoError(suite.Migrator.Refresh()) + body := map[string]interface{}{"sspId": "not-a-uuid", "title": "X", "status": "open"} + raw, _ := json.Marshal(body) + rec := httptest.NewRecorder() + req := httptest.NewRequest(http.MethodPost, "/api/poam-items", bytes.NewReader(raw)) + req.Header.Set(echo.HeaderContentType, echo.MIMEApplicationJSON) + suite.newServer().E().ServeHTTP(rec, req) + assert.Equal(suite.T(), http.StatusBadRequest, rec.Code) } -func (suite *PoamItemsIntegrationSuite) TestMilestoneCompletionSetsTimestamp() { - logger, _ := zap.NewDevelopment() - metrics := api.NewMetricsHandler(context.Background(), logger.Sugar()) - server := api.NewServer(context.Background(), logger.Sugar(), suite.Config, metrics) - RegisterHandlers(server, logger.Sugar(), suite.DB, suite.Config, nil, nil) - e := server.E() +// --------------------------------------------------------------------------- +// GET /poam-items (list with filters) +// --------------------------------------------------------------------------- + +func (suite *PoamItemsApiIntegrationSuite) TestList_NoFilter() { + suite.Require().NoError(suite.Migrator.Refresh()) + sspID := uuid.New() + suite.seedItem(sspID, "Item A", "open") + suite.seedItem(sspID, "Item B", "in-progress") + suite.seedItem(uuid.New(), "Item C", "completed") + rec := httptest.NewRecorder() + req := httptest.NewRequest(http.MethodGet, "/api/poam-items", nil) + suite.newServer().E().ServeHTTP(rec, req) + assert.Equal(suite.T(), http.StatusOK, rec.Code) + var resp GenericDataListResponse[relational.CcfPoamItem] + suite.Require().NoError(json.Unmarshal(rec.Body.Bytes(), &resp)) + assert.Len(suite.T(), resp.Data, 3) +} +func (suite *PoamItemsApiIntegrationSuite) TestList_FilterByStatus() { + suite.Require().NoError(suite.Migrator.Refresh()) sspID := uuid.New() - _ = suite.DB.Exec("INSERT INTO system_security_plans (id, title, version) VALUES (?, 'Test SSP', '1.0')", sspID).Error + suite.seedItem(sspID, "Open item", "open") + suite.seedItem(sspID, "In-progress item", "in-progress") + suite.seedItem(sspID, "Completed item", "completed") + rec := httptest.NewRecorder() + req := httptest.NewRequest(http.MethodGet, "/api/poam-items?status=open", nil) + suite.newServer().E().ServeHTTP(rec, req) + assert.Equal(suite.T(), http.StatusOK, rec.Code) + var resp GenericDataListResponse[relational.CcfPoamItem] + suite.Require().NoError(json.Unmarshal(rec.Body.Bytes(), &resp)) + assert.Len(suite.T(), resp.Data, 1) + assert.Equal(suite.T(), "open", resp.Data[0].Status) +} - item := relational.CcfPoamItem{ - ID: uuid.New(), - SspID: sspID, - Title: "Test", - Description: "Test", - Status: "open", +func (suite *PoamItemsApiIntegrationSuite) TestList_FilterBySspId() { + suite.Require().NoError(suite.Migrator.Refresh()) + sspA := uuid.New() + sspB := uuid.New() + suite.seedItem(sspA, "SSP-A item 1", "open") + suite.seedItem(sspA, "SSP-A item 2", "open") + suite.seedItem(sspB, "SSP-B item", "open") + rec := httptest.NewRecorder() + req := httptest.NewRequest(http.MethodGet, fmt.Sprintf("/api/poam-items?sspId=%s", sspA), nil) + suite.newServer().E().ServeHTTP(rec, req) + assert.Equal(suite.T(), http.StatusOK, rec.Code) + var resp GenericDataListResponse[relational.CcfPoamItem] + suite.Require().NoError(json.Unmarshal(rec.Body.Bytes(), &resp)) + assert.Len(suite.T(), resp.Data, 2) + for _, item := range resp.Data { + assert.Equal(suite.T(), sspA, item.SspID) } - require.NoError(suite.T(), suite.DB.Create(&item).Error) - ms := relational.CcfPoamItemMilestone{ - ID: uuid.New(), - PoamItemID: item.ID, - Title: "Step", - Description: "Do it", - Status: "planned", +} + +func (suite *PoamItemsApiIntegrationSuite) TestList_FilterByRiskId() { + suite.Require().NoError(suite.Migrator.Refresh()) + sspID := uuid.New() + riskID := uuid.New() + item1 := suite.seedItem(sspID, "Linked to risk", "open") + suite.seedItem(sspID, "Not linked", "open") + suite.Require().NoError(suite.DB.Create(&relational.CcfPoamItemRiskLink{PoamItemID: item1.ID, RiskID: riskID}).Error) + rec := httptest.NewRecorder() + req := httptest.NewRequest(http.MethodGet, fmt.Sprintf("/api/poam-items?riskId=%s", riskID), nil) + suite.newServer().E().ServeHTTP(rec, req) + assert.Equal(suite.T(), http.StatusOK, rec.Code) + var resp GenericDataListResponse[relational.CcfPoamItem] + suite.Require().NoError(json.Unmarshal(rec.Body.Bytes(), &resp)) + assert.Len(suite.T(), resp.Data, 1) + assert.Equal(suite.T(), item1.ID, resp.Data[0].ID) +} + +func (suite *PoamItemsApiIntegrationSuite) TestList_FilterByDueBefore() { + suite.Require().NoError(suite.Migrator.Refresh()) + sspID := uuid.New() + past := time.Now().Add(-24 * time.Hour).UTC() + future := time.Now().Add(30 * 24 * time.Hour).UTC() + itemPast := relational.CcfPoamItem{ + ID: uuid.New(), SspID: sspID, Title: "Past due", Description: "d", + Status: "open", SourceType: "manual", PlannedCompletionDate: &past, + LastStatusChangeAt: time.Now().UTC(), + } + itemFuture := relational.CcfPoamItem{ + ID: uuid.New(), SspID: sspID, Title: "Future due", Description: "d", + Status: "open", SourceType: "manual", PlannedCompletionDate: &future, + LastStatusChangeAt: time.Now().UTC(), + } + suite.Require().NoError(suite.DB.Create(&itemPast).Error) + suite.Require().NoError(suite.DB.Create(&itemFuture).Error) + cutoff := time.Now().UTC().Format(time.RFC3339) + rec := httptest.NewRecorder() + req := httptest.NewRequest(http.MethodGet, fmt.Sprintf("/api/poam-items?dueBefore=%s", cutoff), nil) + suite.newServer().E().ServeHTTP(rec, req) + assert.Equal(suite.T(), http.StatusOK, rec.Code) + var resp GenericDataListResponse[relational.CcfPoamItem] + suite.Require().NoError(json.Unmarshal(rec.Body.Bytes(), &resp)) + assert.Len(suite.T(), resp.Data, 1) + assert.Equal(suite.T(), itemPast.ID, resp.Data[0].ID) +} + +func (suite *PoamItemsApiIntegrationSuite) TestList_FilterOverdueOnly() { + suite.Require().NoError(suite.Migrator.Refresh()) + sspID := uuid.New() + past := time.Now().Add(-24 * time.Hour).UTC() + future := time.Now().Add(30 * 24 * time.Hour).UTC() + overdueItem := relational.CcfPoamItem{ + ID: uuid.New(), SspID: sspID, Title: "Overdue open", Description: "d", + Status: "open", SourceType: "manual", PlannedCompletionDate: &past, + LastStatusChangeAt: time.Now().UTC(), + } + completedPast := relational.CcfPoamItem{ + ID: uuid.New(), SspID: sspID, Title: "Completed past", Description: "d", + Status: "completed", SourceType: "manual", PlannedCompletionDate: &past, + LastStatusChangeAt: time.Now().UTC(), + } + futureItem := relational.CcfPoamItem{ + ID: uuid.New(), SspID: sspID, Title: "Future open", Description: "d", + Status: "open", SourceType: "manual", PlannedCompletionDate: &future, + LastStatusChangeAt: time.Now().UTC(), + } + suite.Require().NoError(suite.DB.Create(&overdueItem).Error) + suite.Require().NoError(suite.DB.Create(&completedPast).Error) + suite.Require().NoError(suite.DB.Create(&futureItem).Error) + rec := httptest.NewRecorder() + req := httptest.NewRequest(http.MethodGet, "/api/poam-items?overdueOnly=true", nil) + suite.newServer().E().ServeHTTP(rec, req) + assert.Equal(suite.T(), http.StatusOK, rec.Code) + var resp GenericDataListResponse[relational.CcfPoamItem] + suite.Require().NoError(json.Unmarshal(rec.Body.Bytes(), &resp)) + assert.Len(suite.T(), resp.Data, 1) + assert.Equal(suite.T(), overdueItem.ID, resp.Data[0].ID) +} + +func (suite *PoamItemsApiIntegrationSuite) TestList_FilterByOwnerRef() { + suite.Require().NoError(suite.Migrator.Refresh()) + sspID := uuid.New() + ownerID := uuid.New() + otherOwnerID := uuid.New() + itemOwned := relational.CcfPoamItem{ + ID: uuid.New(), SspID: sspID, Title: "Owned", Description: "d", + Status: "open", SourceType: "manual", PrimaryOwnerUserID: &ownerID, + LastStatusChangeAt: time.Now().UTC(), + } + itemOther := relational.CcfPoamItem{ + ID: uuid.New(), SspID: sspID, Title: "Other owner", Description: "d", + Status: "open", SourceType: "manual", PrimaryOwnerUserID: &otherOwnerID, + LastStatusChangeAt: time.Now().UTC(), } - require.NoError(suite.T(), suite.DB.Create(&ms).Error) + suite.Require().NoError(suite.DB.Create(&itemOwned).Error) + suite.Require().NoError(suite.DB.Create(&itemOther).Error) + rec := httptest.NewRecorder() + req := httptest.NewRequest(http.MethodGet, fmt.Sprintf("/api/poam-items?ownerRef=%s", ownerID), nil) + suite.newServer().E().ServeHTTP(rec, req) + assert.Equal(suite.T(), http.StatusOK, rec.Code) + var resp GenericDataListResponse[relational.CcfPoamItem] + suite.Require().NoError(json.Unmarshal(rec.Body.Bytes(), &resp)) + assert.Len(suite.T(), resp.Data, 1) + assert.Equal(suite.T(), itemOwned.ID, resp.Data[0].ID) +} + +// --------------------------------------------------------------------------- +// GET /poam-items/:id +// --------------------------------------------------------------------------- + +func (suite *PoamItemsApiIntegrationSuite) TestGet_Exists() { + suite.Require().NoError(suite.Migrator.Refresh()) + sspID := uuid.New() + item := suite.seedItem(sspID, "Get test item", "open") + suite.seedMilestone(item.ID, "Milestone A", "planned", 0) + suite.seedMilestone(item.ID, "Milestone B", "planned", 1) + rec := httptest.NewRecorder() + req := httptest.NewRequest(http.MethodGet, fmt.Sprintf("/api/poam-items/%s", item.ID), nil) + suite.newServer().E().ServeHTTP(rec, req) + assert.Equal(suite.T(), http.StatusOK, rec.Code) + var resp GenericDataResponse[PoamItemResponse] + suite.Require().NoError(json.Unmarshal(rec.Body.Bytes(), &resp)) + assert.Equal(suite.T(), item.ID, resp.Data.ID) + assert.Len(suite.T(), resp.Data.Milestones, 2) + assert.Equal(suite.T(), "Milestone A", resp.Data.Milestones[0].Title) + assert.Equal(suite.T(), "Milestone B", resp.Data.Milestones[1].Title) +} - patch := map[string]any{"status": "completed"} - b, _ := json.Marshal(patch) - req := httptest.NewRequest(http.MethodPut, "/api/poam-items/"+item.ID.String()+"/milestones/"+ms.ID.String(), bytes.NewReader(b)) +func (suite *PoamItemsApiIntegrationSuite) TestGet_NotFound() { + suite.Require().NoError(suite.Migrator.Refresh()) + rec := httptest.NewRecorder() + req := httptest.NewRequest(http.MethodGet, fmt.Sprintf("/api/poam-items/%s", uuid.New()), nil) + suite.newServer().E().ServeHTTP(rec, req) + assert.Equal(suite.T(), http.StatusNotFound, rec.Code) +} + +func (suite *PoamItemsApiIntegrationSuite) TestGet_InvalidUUID() { + suite.Require().NoError(suite.Migrator.Refresh()) + rec := httptest.NewRecorder() + req := httptest.NewRequest(http.MethodGet, "/api/poam-items/not-a-uuid", nil) + suite.newServer().E().ServeHTTP(rec, req) + assert.Equal(suite.T(), http.StatusBadRequest, rec.Code) +} + +func (suite *PoamItemsApiIntegrationSuite) TestGet_IncludesAllLinkSets() { + suite.Require().NoError(suite.Migrator.Refresh()) + sspID := uuid.New() + item := suite.seedItem(sspID, "Link sets test", "open") + riskID := uuid.New() + evidenceID := uuid.New() + findingID := uuid.New() + catalogID := uuid.New() + suite.DB.Create(&relational.CcfPoamItemRiskLink{PoamItemID: item.ID, RiskID: riskID}) + suite.DB.Create(&relational.CcfPoamItemEvidenceLink{PoamItemID: item.ID, EvidenceID: evidenceID}) + suite.DB.Create(&relational.CcfPoamItemFindingLink{PoamItemID: item.ID, FindingID: findingID}) + suite.DB.Create(&relational.CcfPoamItemControlLink{PoamItemID: item.ID, CatalogID: catalogID, ControlID: "AC-2"}) + rec := httptest.NewRecorder() + req := httptest.NewRequest(http.MethodGet, fmt.Sprintf("/api/poam-items/%s", item.ID), nil) + suite.newServer().E().ServeHTTP(rec, req) + assert.Equal(suite.T(), http.StatusOK, rec.Code) + var resp GenericDataResponse[PoamItemResponse] + suite.Require().NoError(json.Unmarshal(rec.Body.Bytes(), &resp)) + assert.Len(suite.T(), resp.Data.RiskLinks, 1) + assert.Len(suite.T(), resp.Data.EvidenceLinks, 1) + assert.Len(suite.T(), resp.Data.FindingLinks, 1) + assert.Len(suite.T(), resp.Data.ControlLinks, 1) +} + +// --------------------------------------------------------------------------- +// PUT /poam-items/:id +// --------------------------------------------------------------------------- + +func (suite *PoamItemsApiIntegrationSuite) TestUpdate_ScalarFields() { + suite.Require().NoError(suite.Migrator.Refresh()) + sspID := uuid.New() + item := suite.seedItem(sspID, "Original title", "open") + newTitle := "Updated title" + newDesc := "Updated description" + body := updatePoamRequest{Title: &newTitle, Description: &newDesc} + raw, _ := json.Marshal(body) + rec := httptest.NewRecorder() + req := httptest.NewRequest(http.MethodPut, fmt.Sprintf("/api/poam-items/%s", item.ID), bytes.NewReader(raw)) + req.Header.Set(echo.HeaderContentType, echo.MIMEApplicationJSON) + suite.newServer().E().ServeHTTP(rec, req) + assert.Equal(suite.T(), http.StatusOK, rec.Code) + var resp GenericDataResponse[relational.CcfPoamItem] + suite.Require().NoError(json.Unmarshal(rec.Body.Bytes(), &resp)) + assert.Equal(suite.T(), "Updated title", resp.Data.Title) + assert.Equal(suite.T(), "Updated description", resp.Data.Description) +} + +func (suite *PoamItemsApiIntegrationSuite) TestUpdate_StatusToCompleted_SetsCompletedAt() { + suite.Require().NoError(suite.Migrator.Refresh()) + sspID := uuid.New() + item := suite.seedItem(sspID, "Will complete", "open") + newStatus := "completed" + body := updatePoamRequest{Status: &newStatus} + raw, _ := json.Marshal(body) + rec := httptest.NewRecorder() + req := httptest.NewRequest(http.MethodPut, fmt.Sprintf("/api/poam-items/%s", item.ID), bytes.NewReader(raw)) + req.Header.Set(echo.HeaderContentType, echo.MIMEApplicationJSON) + suite.newServer().E().ServeHTTP(rec, req) + assert.Equal(suite.T(), http.StatusOK, rec.Code) + var updated relational.CcfPoamItem + suite.Require().NoError(suite.DB.First(&updated, "id = ?", item.ID).Error) + assert.Equal(suite.T(), "completed", updated.Status) + assert.NotNil(suite.T(), updated.CompletedAt) +} + +func (suite *PoamItemsApiIntegrationSuite) TestUpdate_StatusChange_SetsLastStatusChangeAt() { + suite.Require().NoError(suite.Migrator.Refresh()) + sspID := uuid.New() + item := suite.seedItem(sspID, "Status change", "open") + originalChangeAt := item.LastStatusChangeAt + time.Sleep(10 * time.Millisecond) + newStatus := "in-progress" + body := updatePoamRequest{Status: &newStatus} + raw, _ := json.Marshal(body) + rec := httptest.NewRecorder() + req := httptest.NewRequest(http.MethodPut, fmt.Sprintf("/api/poam-items/%s", item.ID), bytes.NewReader(raw)) + req.Header.Set(echo.HeaderContentType, echo.MIMEApplicationJSON) + suite.newServer().E().ServeHTTP(rec, req) + assert.Equal(suite.T(), http.StatusOK, rec.Code) + var updated relational.CcfPoamItem + suite.Require().NoError(suite.DB.First(&updated, "id = ?", item.ID).Error) + assert.True(suite.T(), updated.LastStatusChangeAt.After(originalChangeAt)) +} + +func (suite *PoamItemsApiIntegrationSuite) TestUpdate_NotFound() { + suite.Require().NoError(suite.Migrator.Refresh()) + newTitle := "Ghost" + body := updatePoamRequest{Title: &newTitle} + raw, _ := json.Marshal(body) + rec := httptest.NewRecorder() + req := httptest.NewRequest(http.MethodPut, fmt.Sprintf("/api/poam-items/%s", uuid.New()), bytes.NewReader(raw)) + req.Header.Set(echo.HeaderContentType, echo.MIMEApplicationJSON) + suite.newServer().E().ServeHTTP(rec, req) + assert.Equal(suite.T(), http.StatusNotFound, rec.Code) +} + +// --------------------------------------------------------------------------- +// DELETE /poam-items/:id +// --------------------------------------------------------------------------- + +func (suite *PoamItemsApiIntegrationSuite) TestDelete_CascadesAllLinks() { + suite.Require().NoError(suite.Migrator.Refresh()) + sspID := uuid.New() + item := suite.seedItem(sspID, "To delete", "open") + suite.seedMilestone(item.ID, "MS1", "planned", 0) + riskID := uuid.New() + suite.DB.Create(&relational.CcfPoamItemRiskLink{PoamItemID: item.ID, RiskID: riskID}) + evidenceID := uuid.New() + suite.DB.Create(&relational.CcfPoamItemEvidenceLink{PoamItemID: item.ID, EvidenceID: evidenceID}) + rec := httptest.NewRecorder() + req := httptest.NewRequest(http.MethodDelete, fmt.Sprintf("/api/poam-items/%s", item.ID), nil) + suite.newServer().E().ServeHTTP(rec, req) + assert.Equal(suite.T(), http.StatusNoContent, rec.Code) + var count int64 + suite.DB.Model(&relational.CcfPoamItem{}).Where("id = ?", item.ID).Count(&count) + assert.Equal(suite.T(), int64(0), count) + suite.DB.Model(&relational.CcfPoamItemMilestone{}).Where("poam_item_id = ?", item.ID).Count(&count) + assert.Equal(suite.T(), int64(0), count) + suite.DB.Model(&relational.CcfPoamItemRiskLink{}).Where("poam_item_id = ?", item.ID).Count(&count) + assert.Equal(suite.T(), int64(0), count) + suite.DB.Model(&relational.CcfPoamItemEvidenceLink{}).Where("poam_item_id = ?", item.ID).Count(&count) + assert.Equal(suite.T(), int64(0), count) +} + +func (suite *PoamItemsApiIntegrationSuite) TestDelete_NotFound() { + suite.Require().NoError(suite.Migrator.Refresh()) + rec := httptest.NewRecorder() + req := httptest.NewRequest(http.MethodDelete, fmt.Sprintf("/api/poam-items/%s", uuid.New()), nil) + suite.newServer().E().ServeHTTP(rec, req) + assert.Equal(suite.T(), http.StatusNotFound, rec.Code) +} + +// --------------------------------------------------------------------------- +// GET /poam-items/:id/milestones +// --------------------------------------------------------------------------- + +func (suite *PoamItemsApiIntegrationSuite) TestListMilestones_OrderedByIndex() { + suite.Require().NoError(suite.Migrator.Refresh()) + sspID := uuid.New() + item := suite.seedItem(sspID, "MS order test", "open") + suite.seedMilestone(item.ID, "Third", "planned", 2) + suite.seedMilestone(item.ID, "First", "planned", 0) + suite.seedMilestone(item.ID, "Second", "planned", 1) + rec := httptest.NewRecorder() + req := httptest.NewRequest(http.MethodGet, fmt.Sprintf("/api/poam-items/%s/milestones", item.ID), nil) + suite.newServer().E().ServeHTTP(rec, req) + assert.Equal(suite.T(), http.StatusOK, rec.Code) + var resp GenericDataListResponse[relational.CcfPoamItemMilestone] + suite.Require().NoError(json.Unmarshal(rec.Body.Bytes(), &resp)) + assert.Len(suite.T(), resp.Data, 3) + assert.Equal(suite.T(), "First", resp.Data[0].Title) + assert.Equal(suite.T(), "Second", resp.Data[1].Title) + assert.Equal(suite.T(), "Third", resp.Data[2].Title) +} + +func (suite *PoamItemsApiIntegrationSuite) TestListMilestones_ParentNotFound() { + suite.Require().NoError(suite.Migrator.Refresh()) + rec := httptest.NewRecorder() + req := httptest.NewRequest(http.MethodGet, fmt.Sprintf("/api/poam-items/%s/milestones", uuid.New()), nil) + suite.newServer().E().ServeHTTP(rec, req) + assert.Equal(suite.T(), http.StatusNotFound, rec.Code) +} + +// --------------------------------------------------------------------------- +// POST /poam-items/:id/milestones +// --------------------------------------------------------------------------- + +func (suite *PoamItemsApiIntegrationSuite) TestAddMilestone() { + suite.Require().NoError(suite.Migrator.Refresh()) + sspID := uuid.New() + item := suite.seedItem(sspID, "Add milestone test", "open") + due := time.Now().Add(7 * 24 * time.Hour).UTC().Truncate(time.Second) + body := createMilestoneRequest{ + Title: "Deploy to staging", + Description: "Deploy patched version to staging", + Status: "planned", + ScheduledCompletionDate: &due, + OrderIndex: 0, + } + raw, _ := json.Marshal(body) + rec := httptest.NewRecorder() + req := httptest.NewRequest(http.MethodPost, fmt.Sprintf("/api/poam-items/%s/milestones", item.ID), bytes.NewReader(raw)) + req.Header.Set(echo.HeaderContentType, echo.MIMEApplicationJSON) + suite.newServer().E().ServeHTTP(rec, req) + assert.Equal(suite.T(), http.StatusCreated, rec.Code) + var resp GenericDataResponse[relational.CcfPoamItemMilestone] + suite.Require().NoError(json.Unmarshal(rec.Body.Bytes(), &resp)) + assert.Equal(suite.T(), "Deploy to staging", resp.Data.Title) + assert.Equal(suite.T(), "planned", resp.Data.Status) + assert.Equal(suite.T(), item.ID, resp.Data.PoamItemID) +} + +func (suite *PoamItemsApiIntegrationSuite) TestAddMilestone_ParentNotFound() { + suite.Require().NoError(suite.Migrator.Refresh()) + body := createMilestoneRequest{Title: "Ghost MS", Status: "planned"} + raw, _ := json.Marshal(body) + rec := httptest.NewRecorder() + req := httptest.NewRequest(http.MethodPost, fmt.Sprintf("/api/poam-items/%s/milestones", uuid.New()), bytes.NewReader(raw)) req.Header.Set(echo.HeaderContentType, echo.MIMEApplicationJSON) + suite.newServer().E().ServeHTTP(rec, req) + assert.Equal(suite.T(), http.StatusNotFound, rec.Code) +} + +// --------------------------------------------------------------------------- +// PUT /poam-items/:id/milestones/:milestoneId +// --------------------------------------------------------------------------- + +func (suite *PoamItemsApiIntegrationSuite) TestUpdateMilestone_MarkCompleted_SetsCompletionDate() { + suite.Require().NoError(suite.Migrator.Refresh()) + sspID := uuid.New() + item := suite.seedItem(sspID, "Milestone complete test", "open") + ms := suite.seedMilestone(item.ID, "Enable scanning", "planned", 0) + newStatus := "completed" + body := updateMilestoneRequest{Status: &newStatus} + raw, _ := json.Marshal(body) rec := httptest.NewRecorder() - e.ServeHTTP(rec, req) - require.Equal(suite.T(), http.StatusOK, rec.Code) + req := httptest.NewRequest( + http.MethodPut, + fmt.Sprintf("/api/poam-items/%s/milestones/%s", item.ID, ms.ID), + bytes.NewReader(raw), + ) + req.Header.Set(echo.HeaderContentType, echo.MIMEApplicationJSON) + suite.newServer().E().ServeHTTP(rec, req) + assert.Equal(suite.T(), http.StatusOK, rec.Code) + var updated relational.CcfPoamItemMilestone + suite.Require().NoError(suite.DB.First(&updated, "id = ?", ms.ID).Error) + assert.Equal(suite.T(), "completed", updated.Status) + assert.NotNil(suite.T(), updated.CompletionDate) +} + +func (suite *PoamItemsApiIntegrationSuite) TestUpdateMilestone_UpdateTitle() { + suite.Require().NoError(suite.Migrator.Refresh()) + sspID := uuid.New() + item := suite.seedItem(sspID, "MS title update", "open") + ms := suite.seedMilestone(item.ID, "Old title", "planned", 0) + newTitle := "New title" + body := updateMilestoneRequest{Title: &newTitle} + raw, _ := json.Marshal(body) + rec := httptest.NewRecorder() + req := httptest.NewRequest( + http.MethodPut, + fmt.Sprintf("/api/poam-items/%s/milestones/%s", item.ID, ms.ID), + bytes.NewReader(raw), + ) + req.Header.Set(echo.HeaderContentType, echo.MIMEApplicationJSON) + suite.newServer().E().ServeHTTP(rec, req) + assert.Equal(suite.T(), http.StatusOK, rec.Code) + var resp GenericDataResponse[relational.CcfPoamItemMilestone] + suite.Require().NoError(json.Unmarshal(rec.Body.Bytes(), &resp)) + assert.Equal(suite.T(), "New title", resp.Data.Title) +} + +func (suite *PoamItemsApiIntegrationSuite) TestUpdateMilestone_UpdateOrderIndex() { + suite.Require().NoError(suite.Migrator.Refresh()) + sspID := uuid.New() + item := suite.seedItem(sspID, "MS order update", "open") + ms := suite.seedMilestone(item.ID, "Reorder me", "planned", 0) + newOrder := 5 + body := updateMilestoneRequest{OrderIndex: &newOrder} + raw, _ := json.Marshal(body) + rec := httptest.NewRecorder() + req := httptest.NewRequest( + http.MethodPut, + fmt.Sprintf("/api/poam-items/%s/milestones/%s", item.ID, ms.ID), + bytes.NewReader(raw), + ) + req.Header.Set(echo.HeaderContentType, echo.MIMEApplicationJSON) + suite.newServer().E().ServeHTTP(rec, req) + assert.Equal(suite.T(), http.StatusOK, rec.Code) + var resp GenericDataResponse[relational.CcfPoamItemMilestone] + suite.Require().NoError(json.Unmarshal(rec.Body.Bytes(), &resp)) + assert.Equal(suite.T(), 5, resp.Data.OrderIndex) +} + +func (suite *PoamItemsApiIntegrationSuite) TestUpdateMilestone_NotFound() { + suite.Require().NoError(suite.Migrator.Refresh()) + sspID := uuid.New() + item := suite.seedItem(sspID, "Parent exists", "open") + newStatus := "completed" + body := updateMilestoneRequest{Status: &newStatus} + raw, _ := json.Marshal(body) + rec := httptest.NewRecorder() + req := httptest.NewRequest( + http.MethodPut, + fmt.Sprintf("/api/poam-items/%s/milestones/%s", item.ID, uuid.New()), + bytes.NewReader(raw), + ) + req.Header.Set(echo.HeaderContentType, echo.MIMEApplicationJSON) + suite.newServer().E().ServeHTTP(rec, req) + assert.Equal(suite.T(), http.StatusNotFound, rec.Code) +} + +// --------------------------------------------------------------------------- +// DELETE /poam-items/:id/milestones/:milestoneId +// --------------------------------------------------------------------------- + +func (suite *PoamItemsApiIntegrationSuite) TestDeleteMilestone() { + suite.Require().NoError(suite.Migrator.Refresh()) + sspID := uuid.New() + item := suite.seedItem(sspID, "Delete MS test", "open") + ms := suite.seedMilestone(item.ID, "To delete", "planned", 0) + rec := httptest.NewRecorder() + req := httptest.NewRequest( + http.MethodDelete, + fmt.Sprintf("/api/poam-items/%s/milestones/%s", item.ID, ms.ID), + nil, + ) + suite.newServer().E().ServeHTTP(rec, req) + assert.Equal(suite.T(), http.StatusNoContent, rec.Code) + var count int64 + suite.DB.Model(&relational.CcfPoamItemMilestone{}).Where("id = ?", ms.ID).Count(&count) + assert.Equal(suite.T(), int64(0), count) +} + +func (suite *PoamItemsApiIntegrationSuite) TestDeleteMilestone_NotFound() { + suite.Require().NoError(suite.Migrator.Refresh()) + sspID := uuid.New() + item := suite.seedItem(sspID, "Parent exists", "open") + rec := httptest.NewRecorder() + req := httptest.NewRequest( + http.MethodDelete, + fmt.Sprintf("/api/poam-items/%s/milestones/%s", item.ID, uuid.New()), + nil, + ) + suite.newServer().E().ServeHTTP(rec, req) + assert.Equal(suite.T(), http.StatusNotFound, rec.Code) +} + +// --------------------------------------------------------------------------- +// Link sub-resource endpoints +// --------------------------------------------------------------------------- + +func (suite *PoamItemsApiIntegrationSuite) TestListRisks() { + suite.Require().NoError(suite.Migrator.Refresh()) + sspID := uuid.New() + item := suite.seedItem(sspID, "Risk list test", "open") + suite.DB.Create(&relational.CcfPoamItemRiskLink{PoamItemID: item.ID, RiskID: uuid.New()}) + suite.DB.Create(&relational.CcfPoamItemRiskLink{PoamItemID: item.ID, RiskID: uuid.New()}) + rec := httptest.NewRecorder() + req := httptest.NewRequest(http.MethodGet, fmt.Sprintf("/api/poam-items/%s/risks", item.ID), nil) + suite.newServer().E().ServeHTTP(rec, req) + assert.Equal(suite.T(), http.StatusOK, rec.Code) + var resp GenericDataListResponse[relational.CcfPoamItemRiskLink] + suite.Require().NoError(json.Unmarshal(rec.Body.Bytes(), &resp)) + assert.Len(suite.T(), resp.Data, 2) +} + +func (suite *PoamItemsApiIntegrationSuite) TestListEvidence() { + suite.Require().NoError(suite.Migrator.Refresh()) + sspID := uuid.New() + item := suite.seedItem(sspID, "Evidence list test", "open") + suite.DB.Create(&relational.CcfPoamItemEvidenceLink{PoamItemID: item.ID, EvidenceID: uuid.New()}) + rec := httptest.NewRecorder() + req := httptest.NewRequest(http.MethodGet, fmt.Sprintf("/api/poam-items/%s/evidence", item.ID), nil) + suite.newServer().E().ServeHTTP(rec, req) + assert.Equal(suite.T(), http.StatusOK, rec.Code) + var resp GenericDataListResponse[relational.CcfPoamItemEvidenceLink] + suite.Require().NoError(json.Unmarshal(rec.Body.Bytes(), &resp)) + assert.Len(suite.T(), resp.Data, 1) +} + +func (suite *PoamItemsApiIntegrationSuite) TestListControls() { + suite.Require().NoError(suite.Migrator.Refresh()) + sspID := uuid.New() + item := suite.seedItem(sspID, "Control list test", "open") + suite.DB.Create(&relational.CcfPoamItemControlLink{PoamItemID: item.ID, CatalogID: uuid.New(), ControlID: "SI-2"}) + rec := httptest.NewRecorder() + req := httptest.NewRequest(http.MethodGet, fmt.Sprintf("/api/poam-items/%s/controls", item.ID), nil) + suite.newServer().E().ServeHTTP(rec, req) + assert.Equal(suite.T(), http.StatusOK, rec.Code) + var resp GenericDataListResponse[relational.CcfPoamItemControlLink] + suite.Require().NoError(json.Unmarshal(rec.Body.Bytes(), &resp)) + assert.Len(suite.T(), resp.Data, 1) + assert.Equal(suite.T(), "SI-2", resp.Data[0].ControlID) +} + +func (suite *PoamItemsApiIntegrationSuite) TestListFindings() { + suite.Require().NoError(suite.Migrator.Refresh()) + sspID := uuid.New() + item := suite.seedItem(sspID, "Finding list test", "open") + suite.DB.Create(&relational.CcfPoamItemFindingLink{PoamItemID: item.ID, FindingID: uuid.New()}) + rec := httptest.NewRecorder() + req := httptest.NewRequest(http.MethodGet, fmt.Sprintf("/api/poam-items/%s/findings", item.ID), nil) + suite.newServer().E().ServeHTTP(rec, req) + assert.Equal(suite.T(), http.StatusOK, rec.Code) + var resp GenericDataListResponse[relational.CcfPoamItemFindingLink] + suite.Require().NoError(json.Unmarshal(rec.Body.Bytes(), &resp)) + assert.Len(suite.T(), resp.Data, 1) +} + +func (suite *PoamItemsApiIntegrationSuite) TestListLinks_ParentNotFound() { + suite.Require().NoError(suite.Migrator.Refresh()) + ghostID := uuid.New() + for _, path := range []string{"risks", "evidence", "controls", "findings"} { + rec := httptest.NewRecorder() + req := httptest.NewRequest(http.MethodGet, fmt.Sprintf("/api/poam-items/%s/%s", ghostID, path), nil) + suite.newServer().E().ServeHTTP(rec, req) + assert.Equal(suite.T(), http.StatusNotFound, rec.Code, "expected 404 for /poam-items/:id/%s with unknown parent", path) + } +} + +// --------------------------------------------------------------------------- +// Uniqueness constraint — duplicate risk link +// --------------------------------------------------------------------------- + +func (suite *PoamItemsApiIntegrationSuite) TestCreate_DuplicateRiskLink_IsRejected() { + suite.Require().NoError(suite.Migrator.Refresh()) + sspID := uuid.New() + riskID := uuid.New() + item := suite.seedItem(sspID, "Dup risk test", "open") + suite.Require().NoError(suite.DB.Create(&relational.CcfPoamItemRiskLink{PoamItemID: item.ID, RiskID: riskID}).Error) + err := suite.DB.Create(&relational.CcfPoamItemRiskLink{PoamItemID: item.ID, RiskID: riskID}).Error + assert.Error(suite.T(), err, "duplicate risk link should be rejected by unique constraint") } diff --git a/internal/service/migrator.go b/internal/service/migrator.go index 72a1d413..cecc45e4 100644 --- a/internal/service/migrator.go +++ b/internal/service/migrator.go @@ -138,6 +138,9 @@ func MigrateUp(db *gorm.DB) error { &relational.CcfPoamItem{}, &relational.CcfPoamItemMilestone{}, &relational.CcfPoamItemRiskLink{}, + &relational.CcfPoamItemEvidenceLink{}, + &relational.CcfPoamItemControlLink{}, + &relational.CcfPoamItemFindingLink{}, &relational.User{}, &Heartbeat{}, &relational.Evidence{}, @@ -345,6 +348,9 @@ func MigrateDown(db *gorm.DB) error { "poam_findings", "poam_risks", + &relational.CcfPoamItemFindingLink{}, + &relational.CcfPoamItemControlLink{}, + &relational.CcfPoamItemEvidenceLink{}, &relational.CcfPoamItemRiskLink{}, &relational.CcfPoamItemMilestone{}, &relational.CcfPoamItem{}, diff --git a/internal/service/relational/poam_cf.go b/internal/service/relational/poam_cf.go index ea89f3a9..b3414514 100644 --- a/internal/service/relational/poam_cf.go +++ b/internal/service/relational/poam_cf.go @@ -7,44 +7,85 @@ import ( "gorm.io/gorm" ) +// CcfPoamItem is the first-class CCF POAM work item, always scoped to an SSP. +// Field names follow the Confluence design doc (v15) exactly. +// CCF-only fields are also exported as OSCAL Props (namespace ccf:) on OSCAL export. type CcfPoamItem struct { - ID uuid.UUID `gorm:"type:uuid;primaryKey"` - SspID uuid.UUID `gorm:"type:uuid;index;not null"` - Title string `gorm:"not null"` - Description string `gorm:"not null"` - Status string `gorm:"type:text;index;not null;check:poam_items_status IN ('open','in-progress','completed','overdue')"` - Deadline *time.Time `gorm:"index"` - ResourceRequired *string - PocName *string - PocEmail *string - PocPhone *string - Remarks *string - CreatedAt time.Time - UpdatedAt time.Time - Milestones []CcfPoamItemMilestone `gorm:"constraint:OnDelete:CASCADE"` + ID uuid.UUID `gorm:"type:uuid;primaryKey" json:"id"` + SspID uuid.UUID `gorm:"type:uuid;index;not null" json:"sspId"` + Title string `gorm:"not null" json:"title"` + Description string `gorm:"not null" json:"description"` + Status string `gorm:"type:text;index;not null;check:ccf_poam_items_status IN ('open','in-progress','completed','overdue')" json:"status"` + PrimaryOwnerUserID *uuid.UUID `gorm:"type:uuid;index" json:"primaryOwnerUserId,omitempty"` + SourceType string `gorm:"type:text;not null;default:'manual';check:ccf_poam_items_source_type IN ('risk-promotion','manual','import')" json:"sourceType"` + PlannedCompletionDate *time.Time `gorm:"index" json:"plannedCompletionDate,omitempty"` + CompletedAt *time.Time ` json:"completedAt,omitempty"` + CreatedFromRiskID *uuid.UUID `gorm:"type:uuid" json:"createdFromRiskId,omitempty"` + AcceptanceRationale *string ` json:"acceptanceRationale,omitempty"` + LastStatusChangeAt time.Time `gorm:"not null;autoCreateTime" json:"lastStatusChangeAt"` + CreatedAt time.Time ` json:"createdAt"` + UpdatedAt time.Time ` json:"updatedAt"` + + // Associations — loaded on demand + Milestones []CcfPoamItemMilestone `gorm:"foreignKey:PoamItemID;constraint:OnDelete:CASCADE" json:"milestones,omitempty"` } +func (CcfPoamItem) TableName() string { return "ccf_poam_items" } + +// BeforeUpdate sets LastStatusChangeAt whenever the Status column changes. +func (p *CcfPoamItem) BeforeUpdate(tx *gorm.DB) error { + if tx.Statement.Changed("Status") { + tx.Statement.SetColumn("LastStatusChangeAt", time.Now().UTC()) + } + return nil +} + +// CcfPoamItemMilestone is a strong-typed milestone entry for a CcfPoamItem. +// Field names follow the Confluence design doc (v15). type CcfPoamItemMilestone struct { - ID uuid.UUID `gorm:"type:uuid;primaryKey"` - PoamItemID uuid.UUID `gorm:"type:uuid;index;not null"` - Title string `gorm:"not null"` - Description string `gorm:"not null"` - Status string `gorm:"type:text;not null;check:poam_item_milestone_status IN ('planned','completed')"` - DueDate *time.Time - CompletedAt *time.Time - CreatedAt time.Time - UpdatedAt time.Time + ID uuid.UUID `gorm:"type:uuid;primaryKey" json:"id"` + PoamItemID uuid.UUID `gorm:"type:uuid;index;not null" json:"poamItemId"` + Title string `gorm:"not null" json:"title"` + Description string ` json:"description"` + Status string `gorm:"type:text;not null;check:ccf_poam_item_milestones_status IN ('planned','completed')" json:"status"` + ScheduledCompletionDate *time.Time ` json:"scheduledCompletionDate,omitempty"` + CompletionDate *time.Time ` json:"completionDate,omitempty"` + OrderIndex int `gorm:"not null;default:0" json:"orderIndex"` + CreatedAt time.Time ` json:"createdAt"` + UpdatedAt time.Time ` json:"updatedAt"` } +func (CcfPoamItemMilestone) TableName() string { return "ccf_poam_item_milestones" } + +// CcfPoamItemRiskLink is the join table linking PoamItems to Risks. type CcfPoamItemRiskLink struct { - PoamItemID uuid.UUID `gorm:"type:uuid;not null;index:poam_item_risk_links_unique,unique"` - RiskID uuid.UUID `gorm:"type:uuid;not null;index:poam_item_risk_links_unique,unique"` + PoamItemID uuid.UUID `gorm:"type:uuid;not null;index:ccf_poam_item_risk_links_unique,unique" json:"poamItemId"` + RiskID uuid.UUID `gorm:"type:uuid;not null;index:ccf_poam_item_risk_links_unique,unique" json:"riskId"` } -func (l *CcfPoamItemRiskLink) TableName() string { - return "poam_item_risk_links" +func (CcfPoamItemRiskLink) TableName() string { return "ccf_poam_item_risk_links" } + +// CcfPoamItemEvidenceLink is the join table linking PoamItems to Evidence records. +type CcfPoamItemEvidenceLink struct { + PoamItemID uuid.UUID `gorm:"type:uuid;not null;index:ccf_poam_item_evidence_links_unique,unique" json:"poamItemId"` + EvidenceID uuid.UUID `gorm:"type:uuid;not null;index:ccf_poam_item_evidence_links_unique,unique" json:"evidenceId"` } -func (l *CcfPoamItemRiskLink) BeforeCreate(tx *gorm.DB) (err error) { - return nil +func (CcfPoamItemEvidenceLink) TableName() string { return "ccf_poam_item_evidence_links" } + +// CcfPoamItemControlLink is the join table linking PoamItems to Controls. +type CcfPoamItemControlLink struct { + PoamItemID uuid.UUID `gorm:"type:uuid;not null;index:ccf_poam_item_control_links_unique,unique" json:"poamItemId"` + CatalogID uuid.UUID `gorm:"type:uuid;not null;index:ccf_poam_item_control_links_unique,unique" json:"catalogId"` + ControlID string `gorm:"type:text;not null;index:ccf_poam_item_control_links_unique,unique" json:"controlId"` +} + +func (CcfPoamItemControlLink) TableName() string { return "ccf_poam_item_control_links" } + +// CcfPoamItemFindingLink is the join table linking PoamItems to Findings. +type CcfPoamItemFindingLink struct { + PoamItemID uuid.UUID `gorm:"type:uuid;not null;index:ccf_poam_item_finding_links_unique,unique" json:"poamItemId"` + FindingID uuid.UUID `gorm:"type:uuid;not null;index:ccf_poam_item_finding_links_unique,unique" json:"findingId"` } + +func (CcfPoamItemFindingLink) TableName() string { return "ccf_poam_item_finding_links" } diff --git a/internal/tests/migrate.go b/internal/tests/migrate.go index c490f0b9..c9c95cf1 100644 --- a/internal/tests/migrate.go +++ b/internal/tests/migrate.go @@ -168,6 +168,9 @@ func (t *TestMigrator) Up() error { &relational.CcfPoamItem{}, &relational.CcfPoamItemMilestone{}, &relational.CcfPoamItemRiskLink{}, + &relational.CcfPoamItemEvidenceLink{}, + &relational.CcfPoamItemControlLink{}, + &relational.CcfPoamItemFindingLink{}, &relational.Evidence{}, &relational.Labels{}, &relational.SelectSubjectById{}, @@ -289,6 +292,9 @@ func (t *TestMigrator) Down() error { "result_risks", "control_selection_assessed_controls_included", "control_selection_assessed_controls_excluded", + &relational.CcfPoamItemFindingLink{}, + &relational.CcfPoamItemControlLink{}, + &relational.CcfPoamItemEvidenceLink{}, &relational.CcfPoamItemRiskLink{}, &relational.CcfPoamItemMilestone{}, &relational.CcfPoamItem{}, From bde786a58bca6e50615886c85379ec2bf15dcfbe Mon Sep 17 00:00:00 2001 From: AKAbdulHanif Date: Mon, 9 Mar 2026 02:58:14 -0400 Subject: [PATCH 15/28] fix(poam): remove duplicate last_status_change_at in Update handler The BeforeUpdate GORM hook on CcfPoamItem already calls tx.Statement.SetColumn('LastStatusChangeAt', ...) whenever the Status column changes. The Update handler was also setting updates['last_status_change_at'] in the same map, causing Postgres to receive a duplicate column assignment in the generated UPDATE statement (SQLSTATE 42601). Fix: remove the explicit map entry from the handler and rely exclusively on the BeforeUpdate hook. Also fixed integration test compile errors introduced by the merge with main: - RegisterHandlers signature changed from 6 to 5 args (removed extra nil) - controlRef renamed to poamControlRef to avoid package collision with filter_import.go --- internal/api/handler/poam_items.go | 1215 ++++++++--------- .../handler/poam_items_integration_test.go | 4 +- 2 files changed, 609 insertions(+), 610 deletions(-) diff --git a/internal/api/handler/poam_items.go b/internal/api/handler/poam_items.go index beca8b6d..6ed8f029 100644 --- a/internal/api/handler/poam_items.go +++ b/internal/api/handler/poam_items.go @@ -1,708 +1,707 @@ package handler import ( -"net/http" -"time" + "net/http" + "time" -"github.com/compliance-framework/api/internal/api" -"github.com/compliance-framework/api/internal/service/relational" -"github.com/google/uuid" -"github.com/labstack/echo/v4" -"go.uber.org/zap" -"gorm.io/gorm" + "github.com/compliance-framework/api/internal/api" + "github.com/compliance-framework/api/internal/service/relational" + "github.com/google/uuid" + "github.com/labstack/echo/v4" + "go.uber.org/zap" + "gorm.io/gorm" ) type PoamItemsHandler struct { -db *gorm.DB -sugar *zap.SugaredLogger + db *gorm.DB + sugar *zap.SugaredLogger } func NewPoamItemsHandler(logger *zap.SugaredLogger, db *gorm.DB) *PoamItemsHandler { -return &PoamItemsHandler{db: db, sugar: logger} + return &PoamItemsHandler{db: db, sugar: logger} } func (h *PoamItemsHandler) Register(g *echo.Group) { -g.GET("", h.List) -g.POST("", h.Create) -g.GET("/:id", h.Get) -g.PUT("/:id", h.Update) -g.DELETE("/:id", h.Delete) -g.GET("/:id/milestones", h.ListMilestones) -g.POST("/:id/milestones", h.AddMilestone) -g.PUT("/:id/milestones/:milestoneId", h.UpdateMilestone) -g.DELETE("/:id/milestones/:milestoneId", h.DeleteMilestone) -g.GET("/:id/risks", h.ListRisks) -g.GET("/:id/evidence", h.ListEvidence) -g.GET("/:id/controls", h.ListControls) -g.GET("/:id/findings", h.ListFindings) + g.GET("", h.List) + g.POST("", h.Create) + g.GET("/:id", h.Get) + g.PUT("/:id", h.Update) + g.DELETE("/:id", h.Delete) + g.GET("/:id/milestones", h.ListMilestones) + g.POST("/:id/milestones", h.AddMilestone) + g.PUT("/:id/milestones/:milestoneId", h.UpdateMilestone) + g.DELETE("/:id/milestones/:milestoneId", h.DeleteMilestone) + g.GET("/:id/risks", h.ListRisks) + g.GET("/:id/evidence", h.ListEvidence) + g.GET("/:id/controls", h.ListControls) + g.GET("/:id/findings", h.ListFindings) } type createMilestoneRequest struct { -Title string `json:"title"` -Description string `json:"description"` -Status string `json:"status"` -ScheduledCompletionDate *time.Time `json:"scheduledCompletionDate"` -OrderIndex int `json:"orderIndex"` + Title string `json:"title"` + Description string `json:"description"` + Status string `json:"status"` + ScheduledCompletionDate *time.Time `json:"scheduledCompletionDate"` + OrderIndex int `json:"orderIndex"` } type poamControlRef struct { -CatalogID string `json:"catalogId"` -ControlID string `json:"controlId"` + CatalogID string `json:"catalogId"` + ControlID string `json:"controlId"` } type createPoamRequest struct { -SspID string `json:"sspId"` -Title string `json:"title"` -Description string `json:"description"` -Status string `json:"status"` -PrimaryOwnerUserID *string `json:"primaryOwnerUserId"` -SourceType string `json:"sourceType"` -PlannedCompletionDate *time.Time `json:"plannedCompletionDate"` -CreatedFromRiskID *string `json:"createdFromRiskId"` -AcceptanceRationale *string `json:"acceptanceRationale"` -RiskIDs []string `json:"riskIds"` -EvidenceIDs []string `json:"evidenceIds"` -ControlRefs []poamControlRef `json:"controlRefs"` -FindingIDs []string `json:"findingIds"` -Milestones []createMilestoneRequest `json:"milestones"` + SspID string `json:"sspId"` + Title string `json:"title"` + Description string `json:"description"` + Status string `json:"status"` + PrimaryOwnerUserID *string `json:"primaryOwnerUserId"` + SourceType string `json:"sourceType"` + PlannedCompletionDate *time.Time `json:"plannedCompletionDate"` + CreatedFromRiskID *string `json:"createdFromRiskId"` + AcceptanceRationale *string `json:"acceptanceRationale"` + RiskIDs []string `json:"riskIds"` + EvidenceIDs []string `json:"evidenceIds"` + ControlRefs []poamControlRef `json:"controlRefs"` + FindingIDs []string `json:"findingIds"` + Milestones []createMilestoneRequest `json:"milestones"` } type updatePoamRequest struct { -Title *string `json:"title"` -Description *string `json:"description"` -Status *string `json:"status"` -PrimaryOwnerUserID *string `json:"primaryOwnerUserId"` -PlannedCompletionDate *time.Time `json:"plannedCompletionDate"` -CompletedAt *time.Time `json:"completedAt"` -AcceptanceRationale *string `json:"acceptanceRationale"` + Title *string `json:"title"` + Description *string `json:"description"` + Status *string `json:"status"` + PrimaryOwnerUserID *string `json:"primaryOwnerUserId"` + PlannedCompletionDate *time.Time `json:"plannedCompletionDate"` + CompletedAt *time.Time `json:"completedAt"` + AcceptanceRationale *string `json:"acceptanceRationale"` } type updateMilestoneRequest struct { -Title *string `json:"title"` -Description *string `json:"description"` -Status *string `json:"status"` -ScheduledCompletionDate *time.Time `json:"scheduledCompletionDate"` -OrderIndex *int `json:"orderIndex"` + Title *string `json:"title"` + Description *string `json:"description"` + Status *string `json:"status"` + ScheduledCompletionDate *time.Time `json:"scheduledCompletionDate"` + OrderIndex *int `json:"orderIndex"` } type PoamItemResponse struct { -relational.CcfPoamItem -RiskLinks []relational.CcfPoamItemRiskLink `json:"riskLinks"` -EvidenceLinks []relational.CcfPoamItemEvidenceLink `json:"evidenceLinks"` -ControlLinks []relational.CcfPoamItemControlLink `json:"controlLinks"` -FindingLinks []relational.CcfPoamItemFindingLink `json:"findingLinks"` + relational.CcfPoamItem + RiskLinks []relational.CcfPoamItemRiskLink `json:"riskLinks"` + EvidenceLinks []relational.CcfPoamItemEvidenceLink `json:"evidenceLinks"` + ControlLinks []relational.CcfPoamItemControlLink `json:"controlLinks"` + FindingLinks []relational.CcfPoamItemFindingLink `json:"findingLinks"` } func (h *PoamItemsHandler) itemExists(id uuid.UUID) (bool, error) { -var count int64 -err := h.db.Model(&relational.CcfPoamItem{}).Where("id = ?", id).Count(&count).Error -return count > 0, err + var count int64 + err := h.db.Model(&relational.CcfPoamItem{}).Where("id = ?", id).Count(&count).Error + return count > 0, err } // Create godoc // -//@SummaryCreate a POAM item -//@DescriptionCreates a POAM item with optional milestones and risk/evidence/control/finding links in a single transaction. -//@TagsPOAM Items -//@Acceptjson -//@Producejson -//@ParambodybodycreatePoamRequesttrue"POAM item payload" -//@Success201{object}GenericDataResponse[relational.CcfPoamItem] -//@Failure400{object}api.Error -//@Failure500{object}api.Error -//@Router/poam-items [post] +// @Summary Create a POAM item +// @Description Creates a POAM item with optional milestones and risk/evidence/control/finding links in a single transaction. +// @Tags POAM Items +// @Accept json +// @Produce json +// @Param body body createPoamRequest true "POAM item payload" +// @Success 201 {object} GenericDataResponse[relational.CcfPoamItem] +// @Failure 400 {object} api.Error +// @Failure 500 {object} api.Error +// @Router /poam-items [post] func (h *PoamItemsHandler) Create(c echo.Context) error { -var in createPoamRequest -if err := c.Bind(&in); err != nil { -return c.JSON(http.StatusBadRequest, api.NewError(err)) -} -sspID, err := uuid.Parse(in.SspID) -if err != nil { -return c.JSON(http.StatusBadRequest, api.NewError(err)) -} -sourceType := in.SourceType -if sourceType == "" { -sourceType = "manual" -} -item := relational.CcfPoamItem{ -ID: uuid.New(), -SspID: sspID, -Title: in.Title, -Description: in.Description, -Status: in.Status, -SourceType: sourceType, -PlannedCompletionDate: in.PlannedCompletionDate, -AcceptanceRationale: in.AcceptanceRationale, -LastStatusChangeAt: time.Now().UTC(), -} -if in.PrimaryOwnerUserID != nil { -ownerID, err := uuid.Parse(*in.PrimaryOwnerUserID) -if err != nil { -return c.JSON(http.StatusBadRequest, api.NewError(err)) -} -item.PrimaryOwnerUserID = &ownerID -} -if in.CreatedFromRiskID != nil { -riskID, err := uuid.Parse(*in.CreatedFromRiskID) -if err != nil { -return c.JSON(http.StatusBadRequest, api.NewError(err)) -} -item.CreatedFromRiskID = &riskID -} -err = h.db.Transaction(func(tx *gorm.DB) error { -if err := tx.Create(&item).Error; err != nil { -return err -} -for i, m := range in.Milestones { -orderIdx := m.OrderIndex -if orderIdx == 0 { -orderIdx = i -} -ms := relational.CcfPoamItemMilestone{ -ID: uuid.New(), -PoamItemID: item.ID, -Title: m.Title, -Description: m.Description, -Status: m.Status, -ScheduledCompletionDate: m.ScheduledCompletionDate, -OrderIndex: orderIdx, -} -if err := tx.Create(&ms).Error; err != nil { -return err -} -} -for _, rid := range in.RiskIDs { -ruuid, err := uuid.Parse(rid) -if err != nil { -return err -} -if err := tx.Create(&relational.CcfPoamItemRiskLink{PoamItemID: item.ID, RiskID: ruuid}).Error; err != nil { -return err -} -} -for _, eid := range in.EvidenceIDs { -euuid, err := uuid.Parse(eid) -if err != nil { -return err -} -if err := tx.Create(&relational.CcfPoamItemEvidenceLink{PoamItemID: item.ID, EvidenceID: euuid}).Error; err != nil { -return err -} -} -for _, cr := range in.ControlRefs { -catID, err := uuid.Parse(cr.CatalogID) -if err != nil { -return err -} -if err := tx.Create(&relational.CcfPoamItemControlLink{ -PoamItemID: item.ID, -CatalogID: catID, -ControlID: cr.ControlID, -}).Error; err != nil { -return err -} -} -for _, fid := range in.FindingIDs { -fuuid, err := uuid.Parse(fid) -if err != nil { -return err -} -if err := tx.Create(&relational.CcfPoamItemFindingLink{PoamItemID: item.ID, FindingID: fuuid}).Error; err != nil { -return err -} -} -return nil -}) -if err != nil { -return c.JSON(http.StatusInternalServerError, api.NewError(err)) -} -h.db.Preload("Milestones", func(db *gorm.DB) *gorm.DB { -return db.Order("order_index ASC") -}).First(&item, "id = ?", item.ID) -return c.JSON(http.StatusCreated, GenericDataResponse[relational.CcfPoamItem]{Data: item}) + var in createPoamRequest + if err := c.Bind(&in); err != nil { + return c.JSON(http.StatusBadRequest, api.NewError(err)) + } + sspID, err := uuid.Parse(in.SspID) + if err != nil { + return c.JSON(http.StatusBadRequest, api.NewError(err)) + } + sourceType := in.SourceType + if sourceType == "" { + sourceType = "manual" + } + item := relational.CcfPoamItem{ + ID: uuid.New(), + SspID: sspID, + Title: in.Title, + Description: in.Description, + Status: in.Status, + SourceType: sourceType, + PlannedCompletionDate: in.PlannedCompletionDate, + AcceptanceRationale: in.AcceptanceRationale, + LastStatusChangeAt: time.Now().UTC(), + } + if in.PrimaryOwnerUserID != nil { + ownerID, err := uuid.Parse(*in.PrimaryOwnerUserID) + if err != nil { + return c.JSON(http.StatusBadRequest, api.NewError(err)) + } + item.PrimaryOwnerUserID = &ownerID + } + if in.CreatedFromRiskID != nil { + riskID, err := uuid.Parse(*in.CreatedFromRiskID) + if err != nil { + return c.JSON(http.StatusBadRequest, api.NewError(err)) + } + item.CreatedFromRiskID = &riskID + } + err = h.db.Transaction(func(tx *gorm.DB) error { + if err := tx.Create(&item).Error; err != nil { + return err + } + for i, m := range in.Milestones { + orderIdx := m.OrderIndex + if orderIdx == 0 { + orderIdx = i + } + ms := relational.CcfPoamItemMilestone{ + ID: uuid.New(), + PoamItemID: item.ID, + Title: m.Title, + Description: m.Description, + Status: m.Status, + ScheduledCompletionDate: m.ScheduledCompletionDate, + OrderIndex: orderIdx, + } + if err := tx.Create(&ms).Error; err != nil { + return err + } + } + for _, rid := range in.RiskIDs { + ruuid, err := uuid.Parse(rid) + if err != nil { + return err + } + if err := tx.Create(&relational.CcfPoamItemRiskLink{PoamItemID: item.ID, RiskID: ruuid}).Error; err != nil { + return err + } + } + for _, eid := range in.EvidenceIDs { + euuid, err := uuid.Parse(eid) + if err != nil { + return err + } + if err := tx.Create(&relational.CcfPoamItemEvidenceLink{PoamItemID: item.ID, EvidenceID: euuid}).Error; err != nil { + return err + } + } + for _, cr := range in.ControlRefs { + catID, err := uuid.Parse(cr.CatalogID) + if err != nil { + return err + } + if err := tx.Create(&relational.CcfPoamItemControlLink{ + PoamItemID: item.ID, + CatalogID: catID, + ControlID: cr.ControlID, + }).Error; err != nil { + return err + } + } + for _, fid := range in.FindingIDs { + fuuid, err := uuid.Parse(fid) + if err != nil { + return err + } + if err := tx.Create(&relational.CcfPoamItemFindingLink{PoamItemID: item.ID, FindingID: fuuid}).Error; err != nil { + return err + } + } + return nil + }) + if err != nil { + return c.JSON(http.StatusInternalServerError, api.NewError(err)) + } + h.db.Preload("Milestones", func(db *gorm.DB) *gorm.DB { + return db.Order("order_index ASC") + }).First(&item, "id = ?", item.ID) + return c.JSON(http.StatusCreated, GenericDataResponse[relational.CcfPoamItem]{Data: item}) } // List godoc // -//@SummaryList POAM items -//@DescriptionList POAM items with optional filters: status, sspId, riskId, dueBefore, overdueOnly, ownerRef. -//@TagsPOAM Items -//@Producejson -//@Paramstatusquerystringfalse"open|in-progress|completed|overdue" -//@ParamsspIdquerystringfalse"SSP UUID" -//@ParamriskIdquerystringfalse"Risk UUID" -//@ParamdueBeforequerystringfalse"RFC3339 timestamp" -//@ParamoverdueOnlyqueryboolfalse"true — items past planned_completion_date" -//@ParamownerRefquerystringfalse"UUID of primary_owner_user_id" -//@Success200{object}GenericDataListResponse[relational.CcfPoamItem] -//@Failure500{object}api.Error -//@Router/poam-items [get] +// @Summary List POAM items +// @Description List POAM items with optional filters: status, sspId, riskId, dueBefore, overdueOnly, ownerRef. +// @Tags POAM Items +// @Produce json +// @Param status query string false "open|in-progress|completed|overdue" +// @Param sspId query string false "SSP UUID" +// @Param riskId query string false "Risk UUID" +// @Param dueBefore query string false "RFC3339 timestamp" +// @Param overdueOnly query bool false "true — items past planned_completion_date" +// @Param ownerRef query string false "UUID of primary_owner_user_id" +// @Success 200 {object} GenericDataListResponse[relational.CcfPoamItem] +// @Failure 500 {object} api.Error +// @Router /poam-items [get] func (h *PoamItemsHandler) List(c echo.Context) error { -var items []relational.CcfPoamItem -q := h.db.Model(&relational.CcfPoamItem{}) -if v := c.QueryParam("status"); v != "" { -q = q.Where("status = ?", v) -} -if v := c.QueryParam("sspId"); v != "" { -if id, err := uuid.Parse(v); err == nil { -q = q.Where("ssp_id = ?", id) -} -} -if v := c.QueryParam("ownerRef"); v != "" { -if id, err := uuid.Parse(v); err == nil { -q = q.Where("primary_owner_user_id = ?", id) -} -} -if v := c.QueryParam("dueBefore"); v != "" { -if t, err := time.Parse(time.RFC3339, v); err == nil { -q = q.Where("planned_completion_date IS NOT NULL AND planned_completion_date < ?", t) -} -} -if c.QueryParam("overdueOnly") == "true" { -now := time.Now().UTC() -q = q.Where("status IN ('open','in-progress') AND planned_completion_date IS NOT NULL AND planned_completion_date < ?", now) -} -if v := c.QueryParam("riskId"); v != "" { -if id, err := uuid.Parse(v); err == nil { -q = q.Joins("JOIN ccf_poam_item_risk_links rl ON rl.poam_item_id = ccf_poam_items.id AND rl.risk_id = ?", id) -} -} -if err := q.Find(&items).Error; err != nil { -return c.JSON(http.StatusInternalServerError, api.NewError(err)) -} -return c.JSON(http.StatusOK, GenericDataListResponse[relational.CcfPoamItem]{Data: items}) + var items []relational.CcfPoamItem + q := h.db.Model(&relational.CcfPoamItem{}) + if v := c.QueryParam("status"); v != "" { + q = q.Where("status = ?", v) + } + if v := c.QueryParam("sspId"); v != "" { + if id, err := uuid.Parse(v); err == nil { + q = q.Where("ssp_id = ?", id) + } + } + if v := c.QueryParam("ownerRef"); v != "" { + if id, err := uuid.Parse(v); err == nil { + q = q.Where("primary_owner_user_id = ?", id) + } + } + if v := c.QueryParam("dueBefore"); v != "" { + if t, err := time.Parse(time.RFC3339, v); err == nil { + q = q.Where("planned_completion_date IS NOT NULL AND planned_completion_date < ?", t) + } + } + if c.QueryParam("overdueOnly") == "true" { + now := time.Now().UTC() + q = q.Where("status IN ('open','in-progress') AND planned_completion_date IS NOT NULL AND planned_completion_date < ?", now) + } + if v := c.QueryParam("riskId"); v != "" { + if id, err := uuid.Parse(v); err == nil { + q = q.Joins("JOIN ccf_poam_item_risk_links rl ON rl.poam_item_id = ccf_poam_items.id AND rl.risk_id = ?", id) + } + } + if err := q.Find(&items).Error; err != nil { + return c.JSON(http.StatusInternalServerError, api.NewError(err)) + } + return c.JSON(http.StatusOK, GenericDataListResponse[relational.CcfPoamItem]{Data: items}) } // Get godoc // -//@SummaryGet POAM item -//@DescriptionGet a single POAM item with its milestones and all link sets. -//@TagsPOAM Items -//@Producejson -//@Paramidpathstringtrue"POAM item ID" -//@Success200{object}GenericDataResponse[PoamItemResponse] -//@Failure400{object}api.Error -//@Failure404{object}api.Error -//@Router/poam-items/{id} [get] +// @Summary Get POAM item +// @Description Get a single POAM item with its milestones and all link sets. +// @Tags POAM Items +// @Produce json +// @Param id path string true "POAM item ID" +// @Success 200 {object} GenericDataResponse[PoamItemResponse] +// @Failure 400 {object} api.Error +// @Failure 404 {object} api.Error +// @Router /poam-items/{id} [get] func (h *PoamItemsHandler) Get(c echo.Context) error { -id, err := uuid.Parse(c.Param("id")) -if err != nil { -return c.JSON(http.StatusBadRequest, api.NewError(err)) -} -var item relational.CcfPoamItem -if err := h.db.Preload("Milestones", func(db *gorm.DB) *gorm.DB { -return db.Order("order_index ASC") -}).First(&item, "id = ?", id).Error; err != nil { -return c.JSON(http.StatusNotFound, api.NewError(err)) -} -var riskLinks []relational.CcfPoamItemRiskLink -h.db.Where("poam_item_id = ?", id).Find(&riskLinks) -var evidenceLinks []relational.CcfPoamItemEvidenceLink -h.db.Where("poam_item_id = ?", id).Find(&evidenceLinks) -var controlLinks []relational.CcfPoamItemControlLink -h.db.Where("poam_item_id = ?", id).Find(&controlLinks) -var findingLinks []relational.CcfPoamItemFindingLink -h.db.Where("poam_item_id = ?", id).Find(&findingLinks) -resp := PoamItemResponse{ -CcfPoamItem: item, -RiskLinks: riskLinks, -EvidenceLinks: evidenceLinks, -ControlLinks: controlLinks, -FindingLinks: findingLinks, -} -return c.JSON(http.StatusOK, GenericDataResponse[PoamItemResponse]{Data: resp}) + id, err := uuid.Parse(c.Param("id")) + if err != nil { + return c.JSON(http.StatusBadRequest, api.NewError(err)) + } + var item relational.CcfPoamItem + if err := h.db.Preload("Milestones", func(db *gorm.DB) *gorm.DB { + return db.Order("order_index ASC") + }).First(&item, "id = ?", id).Error; err != nil { + return c.JSON(http.StatusNotFound, api.NewError(err)) + } + var riskLinks []relational.CcfPoamItemRiskLink + h.db.Where("poam_item_id = ?", id).Find(&riskLinks) + var evidenceLinks []relational.CcfPoamItemEvidenceLink + h.db.Where("poam_item_id = ?", id).Find(&evidenceLinks) + var controlLinks []relational.CcfPoamItemControlLink + h.db.Where("poam_item_id = ?", id).Find(&controlLinks) + var findingLinks []relational.CcfPoamItemFindingLink + h.db.Where("poam_item_id = ?", id).Find(&findingLinks) + resp := PoamItemResponse{ + CcfPoamItem: item, + RiskLinks: riskLinks, + EvidenceLinks: evidenceLinks, + ControlLinks: controlLinks, + FindingLinks: findingLinks, + } + return c.JSON(http.StatusOK, GenericDataResponse[PoamItemResponse]{Data: resp}) } // Update godoc // -//@SummaryUpdate POAM item -//@DescriptionUpdate scalar fields of a POAM item. Setting status to 'completed' automatically sets completed_at. -//@TagsPOAM Items -//@Acceptjson -//@Producejson -//@Paramidpathstringtrue"POAM item ID" -//@ParambodybodyupdatePoamRequesttrue"Fields to update" -//@Success200{object}GenericDataResponse[relational.CcfPoamItem] -//@Failure400{object}api.Error -//@Failure404{object}api.Error -//@Failure500{object}api.Error -//@Router/poam-items/{id} [put] +// @Summary Update POAM item +// @Description Update scalar fields of a POAM item. Setting status to 'completed' automatically sets completed_at. +// @Tags POAM Items +// @Accept json +// @Produce json +// @Param id path string true "POAM item ID" +// @Param body body updatePoamRequest true "Fields to update" +// @Success 200 {object} GenericDataResponse[relational.CcfPoamItem] +// @Failure 400 {object} api.Error +// @Failure 404 {object} api.Error +// @Failure 500 {object} api.Error +// @Router /poam-items/{id} [put] func (h *PoamItemsHandler) Update(c echo.Context) error { -id, err := uuid.Parse(c.Param("id")) -if err != nil { -return c.JSON(http.StatusBadRequest, api.NewError(err)) -} -exists, err := h.itemExists(id) -if err != nil { -return c.JSON(http.StatusInternalServerError, api.NewError(err)) -} -if !exists { -return c.JSON(http.StatusNotFound, api.NewError(gorm.ErrRecordNotFound)) -} -var in updatePoamRequest -if err := c.Bind(&in); err != nil { -return c.JSON(http.StatusBadRequest, api.NewError(err)) -} -updates := map[string]interface{}{} -if in.Title != nil { -updates["title"] = *in.Title -} -if in.Description != nil { -updates["description"] = *in.Description -} -if in.Status != nil { -updates["status"] = *in.Status -updates["last_status_change_at"] = time.Now().UTC() -if *in.Status == "completed" { -now := time.Now().UTC() -updates["completed_at"] = &now -} -} -if in.PrimaryOwnerUserID != nil { -ownerID, err := uuid.Parse(*in.PrimaryOwnerUserID) -if err != nil { -return c.JSON(http.StatusBadRequest, api.NewError(err)) -} -updates["primary_owner_user_id"] = ownerID -} -if in.PlannedCompletionDate != nil { -updates["planned_completion_date"] = in.PlannedCompletionDate -} -if in.CompletedAt != nil { -updates["completed_at"] = in.CompletedAt -} -if in.AcceptanceRationale != nil { -updates["acceptance_rationale"] = *in.AcceptanceRationale -} -if err := h.db.Model(&relational.CcfPoamItem{}).Where("id = ?", id).Updates(updates).Error; err != nil { -return c.JSON(http.StatusInternalServerError, api.NewError(err)) -} -var out relational.CcfPoamItem -h.db.Preload("Milestones", func(db *gorm.DB) *gorm.DB { -return db.Order("order_index ASC") -}).First(&out, "id = ?", id) -return c.JSON(http.StatusOK, GenericDataResponse[relational.CcfPoamItem]{Data: out}) + id, err := uuid.Parse(c.Param("id")) + if err != nil { + return c.JSON(http.StatusBadRequest, api.NewError(err)) + } + exists, err := h.itemExists(id) + if err != nil { + return c.JSON(http.StatusInternalServerError, api.NewError(err)) + } + if !exists { + return c.JSON(http.StatusNotFound, api.NewError(gorm.ErrRecordNotFound)) + } + var in updatePoamRequest + if err := c.Bind(&in); err != nil { + return c.JSON(http.StatusBadRequest, api.NewError(err)) + } + updates := map[string]interface{}{} + if in.Title != nil { + updates["title"] = *in.Title + } + if in.Description != nil { + updates["description"] = *in.Description + } + if in.Status != nil { + updates["status"] = *in.Status + if *in.Status == "completed" { + now := time.Now().UTC() + updates["completed_at"] = &now + } + } + if in.PrimaryOwnerUserID != nil { + ownerID, err := uuid.Parse(*in.PrimaryOwnerUserID) + if err != nil { + return c.JSON(http.StatusBadRequest, api.NewError(err)) + } + updates["primary_owner_user_id"] = ownerID + } + if in.PlannedCompletionDate != nil { + updates["planned_completion_date"] = in.PlannedCompletionDate + } + if in.CompletedAt != nil { + updates["completed_at"] = in.CompletedAt + } + if in.AcceptanceRationale != nil { + updates["acceptance_rationale"] = *in.AcceptanceRationale + } + if err := h.db.Model(&relational.CcfPoamItem{}).Where("id = ?", id).Updates(updates).Error; err != nil { + return c.JSON(http.StatusInternalServerError, api.NewError(err)) + } + var out relational.CcfPoamItem + h.db.Preload("Milestones", func(db *gorm.DB) *gorm.DB { + return db.Order("order_index ASC") + }).First(&out, "id = ?", id) + return c.JSON(http.StatusOK, GenericDataResponse[relational.CcfPoamItem]{Data: out}) } // Delete godoc // -//@SummaryDelete POAM item -//@DescriptionDelete a POAM item and cascade-delete its milestones and all link records. -//@TagsPOAM Items -//@Paramidpathstringtrue"POAM item ID" -//@Success204"No Content" -//@Failure400{object}api.Error -//@Failure404{object}api.Error -//@Failure500{object}api.Error -//@Router/poam-items/{id} [delete] +// @Summary Delete POAM item +// @Description Delete a POAM item and cascade-delete its milestones and all link records. +// @Tags POAM Items +// @Param id path string true "POAM item ID" +// @Success 204 "No Content" +// @Failure 400 {object} api.Error +// @Failure 404 {object} api.Error +// @Failure 500 {object} api.Error +// @Router /poam-items/{id} [delete] func (h *PoamItemsHandler) Delete(c echo.Context) error { -id, err := uuid.Parse(c.Param("id")) -if err != nil { -return c.JSON(http.StatusBadRequest, api.NewError(err)) -} -exists, err := h.itemExists(id) -if err != nil { -return c.JSON(http.StatusInternalServerError, api.NewError(err)) -} -if !exists { -return c.JSON(http.StatusNotFound, api.NewError(gorm.ErrRecordNotFound)) -} -err = h.db.Transaction(func(tx *gorm.DB) error { -if err := tx.Where("poam_item_id = ?", id).Delete(&relational.CcfPoamItemRiskLink{}).Error; err != nil { -return err -} -if err := tx.Where("poam_item_id = ?", id).Delete(&relational.CcfPoamItemEvidenceLink{}).Error; err != nil { -return err -} -if err := tx.Where("poam_item_id = ?", id).Delete(&relational.CcfPoamItemControlLink{}).Error; err != nil { -return err -} -if err := tx.Where("poam_item_id = ?", id).Delete(&relational.CcfPoamItemFindingLink{}).Error; err != nil { -return err -} -if err := tx.Where("poam_item_id = ?", id).Delete(&relational.CcfPoamItemMilestone{}).Error; err != nil { -return err -} -return tx.Delete(&relational.CcfPoamItem{}, "id = ?", id).Error -}) -if err != nil { -return c.JSON(http.StatusInternalServerError, api.NewError(err)) -} -return c.NoContent(http.StatusNoContent) + id, err := uuid.Parse(c.Param("id")) + if err != nil { + return c.JSON(http.StatusBadRequest, api.NewError(err)) + } + exists, err := h.itemExists(id) + if err != nil { + return c.JSON(http.StatusInternalServerError, api.NewError(err)) + } + if !exists { + return c.JSON(http.StatusNotFound, api.NewError(gorm.ErrRecordNotFound)) + } + err = h.db.Transaction(func(tx *gorm.DB) error { + if err := tx.Where("poam_item_id = ?", id).Delete(&relational.CcfPoamItemRiskLink{}).Error; err != nil { + return err + } + if err := tx.Where("poam_item_id = ?", id).Delete(&relational.CcfPoamItemEvidenceLink{}).Error; err != nil { + return err + } + if err := tx.Where("poam_item_id = ?", id).Delete(&relational.CcfPoamItemControlLink{}).Error; err != nil { + return err + } + if err := tx.Where("poam_item_id = ?", id).Delete(&relational.CcfPoamItemFindingLink{}).Error; err != nil { + return err + } + if err := tx.Where("poam_item_id = ?", id).Delete(&relational.CcfPoamItemMilestone{}).Error; err != nil { + return err + } + return tx.Delete(&relational.CcfPoamItem{}, "id = ?", id).Error + }) + if err != nil { + return c.JSON(http.StatusInternalServerError, api.NewError(err)) + } + return c.NoContent(http.StatusNoContent) } // ListMilestones godoc // -//@SummaryList milestones -//@DescriptionList all milestones for a POAM item, ordered by order_index. -//@TagsPOAM Items -//@Producejson -//@Paramidpathstringtrue"POAM item ID" -//@Success200{object}GenericDataListResponse[relational.CcfPoamItemMilestone] -//@Failure400{object}api.Error -//@Failure404{object}api.Error -//@Failure500{object}api.Error -//@Router/poam-items/{id}/milestones [get] +// @Summary List milestones +// @Description List all milestones for a POAM item, ordered by order_index. +// @Tags POAM Items +// @Produce json +// @Param id path string true "POAM item ID" +// @Success 200 {object} GenericDataListResponse[relational.CcfPoamItemMilestone] +// @Failure 400 {object} api.Error +// @Failure 404 {object} api.Error +// @Failure 500 {object} api.Error +// @Router /poam-items/{id}/milestones [get] func (h *PoamItemsHandler) ListMilestones(c echo.Context) error { -id, err := uuid.Parse(c.Param("id")) -if err != nil { -return c.JSON(http.StatusBadRequest, api.NewError(err)) -} -exists, err := h.itemExists(id) -if err != nil { -return c.JSON(http.StatusInternalServerError, api.NewError(err)) -} -if !exists { -return c.JSON(http.StatusNotFound, api.NewError(gorm.ErrRecordNotFound)) -} -var ms []relational.CcfPoamItemMilestone -if err := h.db.Where("poam_item_id = ?", id).Order("order_index ASC").Find(&ms).Error; err != nil { -return c.JSON(http.StatusInternalServerError, api.NewError(err)) -} -return c.JSON(http.StatusOK, GenericDataListResponse[relational.CcfPoamItemMilestone]{Data: ms}) + id, err := uuid.Parse(c.Param("id")) + if err != nil { + return c.JSON(http.StatusBadRequest, api.NewError(err)) + } + exists, err := h.itemExists(id) + if err != nil { + return c.JSON(http.StatusInternalServerError, api.NewError(err)) + } + if !exists { + return c.JSON(http.StatusNotFound, api.NewError(gorm.ErrRecordNotFound)) + } + var ms []relational.CcfPoamItemMilestone + if err := h.db.Where("poam_item_id = ?", id).Order("order_index ASC").Find(&ms).Error; err != nil { + return c.JSON(http.StatusInternalServerError, api.NewError(err)) + } + return c.JSON(http.StatusOK, GenericDataListResponse[relational.CcfPoamItemMilestone]{Data: ms}) } // AddMilestone godoc // -//@SummaryAdd milestone -//@DescriptionAdd a milestone to a POAM item. -//@TagsPOAM Items -//@Acceptjson -//@Producejson -//@Paramidpathstringtrue"POAM item ID" -//@ParambodybodycreateMilestoneRequesttrue"Milestone payload" -//@Success201{object}GenericDataResponse[relational.CcfPoamItemMilestone] -//@Failure400{object}api.Error -//@Failure404{object}api.Error -//@Failure500{object}api.Error -//@Router/poam-items/{id}/milestones [post] +// @Summary Add milestone +// @Description Add a milestone to a POAM item. +// @Tags POAM Items +// @Accept json +// @Produce json +// @Param id path string true "POAM item ID" +// @Param body body createMilestoneRequest true "Milestone payload" +// @Success 201 {object} GenericDataResponse[relational.CcfPoamItemMilestone] +// @Failure 400 {object} api.Error +// @Failure 404 {object} api.Error +// @Failure 500 {object} api.Error +// @Router /poam-items/{id}/milestones [post] func (h *PoamItemsHandler) AddMilestone(c echo.Context) error { -id, err := uuid.Parse(c.Param("id")) -if err != nil { -return c.JSON(http.StatusBadRequest, api.NewError(err)) -} -exists, err := h.itemExists(id) -if err != nil { -return c.JSON(http.StatusInternalServerError, api.NewError(err)) -} -if !exists { -return c.JSON(http.StatusNotFound, api.NewError(gorm.ErrRecordNotFound)) -} -var in createMilestoneRequest -if err := c.Bind(&in); err != nil { -return c.JSON(http.StatusBadRequest, api.NewError(err)) -} -m := relational.CcfPoamItemMilestone{ -ID: uuid.New(), -PoamItemID: id, -Title: in.Title, -Description: in.Description, -Status: in.Status, -ScheduledCompletionDate: in.ScheduledCompletionDate, -OrderIndex: in.OrderIndex, -} -if err := h.db.Create(&m).Error; err != nil { -return c.JSON(http.StatusInternalServerError, api.NewError(err)) -} -return c.JSON(http.StatusCreated, GenericDataResponse[relational.CcfPoamItemMilestone]{Data: m}) + id, err := uuid.Parse(c.Param("id")) + if err != nil { + return c.JSON(http.StatusBadRequest, api.NewError(err)) + } + exists, err := h.itemExists(id) + if err != nil { + return c.JSON(http.StatusInternalServerError, api.NewError(err)) + } + if !exists { + return c.JSON(http.StatusNotFound, api.NewError(gorm.ErrRecordNotFound)) + } + var in createMilestoneRequest + if err := c.Bind(&in); err != nil { + return c.JSON(http.StatusBadRequest, api.NewError(err)) + } + m := relational.CcfPoamItemMilestone{ + ID: uuid.New(), + PoamItemID: id, + Title: in.Title, + Description: in.Description, + Status: in.Status, + ScheduledCompletionDate: in.ScheduledCompletionDate, + OrderIndex: in.OrderIndex, + } + if err := h.db.Create(&m).Error; err != nil { + return c.JSON(http.StatusInternalServerError, api.NewError(err)) + } + return c.JSON(http.StatusCreated, GenericDataResponse[relational.CcfPoamItemMilestone]{Data: m}) } // UpdateMilestone godoc // -//@SummaryUpdate milestone -//@DescriptionUpdate milestone fields. When status becomes 'completed', completion_date is set automatically. -//@TagsPOAM Items -//@Acceptjson -//@Producejson -//@Paramidpathstringtrue"POAM item ID" -//@ParammilestoneIdpathstringtrue"Milestone ID" -//@ParambodybodyupdateMilestoneRequesttrue"Fields to update" -//@Success200{object}GenericDataResponse[relational.CcfPoamItemMilestone] -//@Failure400{object}api.Error -//@Failure404{object}api.Error -//@Failure500{object}api.Error -//@Router/poam-items/{id}/milestones/{milestoneId} [put] +// @Summary Update milestone +// @Description Update milestone fields. When status becomes 'completed', completion_date is set automatically. +// @Tags POAM Items +// @Accept json +// @Produce json +// @Param id path string true "POAM item ID" +// @Param milestoneId path string true "Milestone ID" +// @Param body body updateMilestoneRequest true "Fields to update" +// @Success 200 {object} GenericDataResponse[relational.CcfPoamItemMilestone] +// @Failure 400 {object} api.Error +// @Failure 404 {object} api.Error +// @Failure 500 {object} api.Error +// @Router /poam-items/{id}/milestones/{milestoneId} [put] func (h *PoamItemsHandler) UpdateMilestone(c echo.Context) error { -id, err := uuid.Parse(c.Param("id")) -if err != nil { -return c.JSON(http.StatusBadRequest, api.NewError(err)) -} -mid, err := uuid.Parse(c.Param("milestoneId")) -if err != nil { -return c.JSON(http.StatusBadRequest, api.NewError(err)) -} -var in updateMilestoneRequest -if err := c.Bind(&in); err != nil { -return c.JSON(http.StatusBadRequest, api.NewError(err)) -} -updates := map[string]interface{}{} -if in.Title != nil { -updates["title"] = *in.Title -} -if in.Description != nil { -updates["description"] = *in.Description -} -if in.Status != nil { -updates["status"] = *in.Status -if *in.Status == "completed" { -now := time.Now().UTC() -updates["completion_date"] = &now -} -} -if in.ScheduledCompletionDate != nil { -updates["scheduled_completion_date"] = in.ScheduledCompletionDate -} -if in.OrderIndex != nil { -updates["order_index"] = *in.OrderIndex -} -result := h.db.Model(&relational.CcfPoamItemMilestone{}). -Where("poam_item_id = ? AND id = ?", id, mid). -Updates(updates) -if result.Error != nil { -return c.JSON(http.StatusInternalServerError, api.NewError(result.Error)) -} -if result.RowsAffected == 0 { -return c.JSON(http.StatusNotFound, api.NewError(gorm.ErrRecordNotFound)) -} -var out relational.CcfPoamItemMilestone -h.db.First(&out, "id = ?", mid) -return c.JSON(http.StatusOK, GenericDataResponse[relational.CcfPoamItemMilestone]{Data: out}) + id, err := uuid.Parse(c.Param("id")) + if err != nil { + return c.JSON(http.StatusBadRequest, api.NewError(err)) + } + mid, err := uuid.Parse(c.Param("milestoneId")) + if err != nil { + return c.JSON(http.StatusBadRequest, api.NewError(err)) + } + var in updateMilestoneRequest + if err := c.Bind(&in); err != nil { + return c.JSON(http.StatusBadRequest, api.NewError(err)) + } + updates := map[string]interface{}{} + if in.Title != nil { + updates["title"] = *in.Title + } + if in.Description != nil { + updates["description"] = *in.Description + } + if in.Status != nil { + updates["status"] = *in.Status + if *in.Status == "completed" { + now := time.Now().UTC() + updates["completion_date"] = &now + } + } + if in.ScheduledCompletionDate != nil { + updates["scheduled_completion_date"] = in.ScheduledCompletionDate + } + if in.OrderIndex != nil { + updates["order_index"] = *in.OrderIndex + } + result := h.db.Model(&relational.CcfPoamItemMilestone{}). + Where("poam_item_id = ? AND id = ?", id, mid). + Updates(updates) + if result.Error != nil { + return c.JSON(http.StatusInternalServerError, api.NewError(result.Error)) + } + if result.RowsAffected == 0 { + return c.JSON(http.StatusNotFound, api.NewError(gorm.ErrRecordNotFound)) + } + var out relational.CcfPoamItemMilestone + h.db.First(&out, "id = ?", mid) + return c.JSON(http.StatusOK, GenericDataResponse[relational.CcfPoamItemMilestone]{Data: out}) } // DeleteMilestone godoc // -//@SummaryDelete milestone -//@TagsPOAM Items -//@Paramidpathstringtrue"POAM item ID" -//@ParammilestoneIdpathstringtrue"Milestone ID" -//@Success204"No Content" -//@Failure400{object}api.Error -//@Failure404{object}api.Error -//@Failure500{object}api.Error -//@Router/poam-items/{id}/milestones/{milestoneId} [delete] +// @Summary Delete milestone +// @Tags POAM Items +// @Param id path string true "POAM item ID" +// @Param milestoneId path string true "Milestone ID" +// @Success 204 "No Content" +// @Failure 400 {object} api.Error +// @Failure 404 {object} api.Error +// @Failure 500 {object} api.Error +// @Router /poam-items/{id}/milestones/{milestoneId} [delete] func (h *PoamItemsHandler) DeleteMilestone(c echo.Context) error { -id, err := uuid.Parse(c.Param("id")) -if err != nil { -return c.JSON(http.StatusBadRequest, api.NewError(err)) -} -mid, err := uuid.Parse(c.Param("milestoneId")) -if err != nil { -return c.JSON(http.StatusBadRequest, api.NewError(err)) -} -result := h.db.Where("poam_item_id = ? AND id = ?", id, mid).Delete(&relational.CcfPoamItemMilestone{}) -if result.Error != nil { -return c.JSON(http.StatusInternalServerError, api.NewError(result.Error)) -} -if result.RowsAffected == 0 { -return c.JSON(http.StatusNotFound, api.NewError(gorm.ErrRecordNotFound)) -} -return c.NoContent(http.StatusNoContent) + id, err := uuid.Parse(c.Param("id")) + if err != nil { + return c.JSON(http.StatusBadRequest, api.NewError(err)) + } + mid, err := uuid.Parse(c.Param("milestoneId")) + if err != nil { + return c.JSON(http.StatusBadRequest, api.NewError(err)) + } + result := h.db.Where("poam_item_id = ? AND id = ?", id, mid).Delete(&relational.CcfPoamItemMilestone{}) + if result.Error != nil { + return c.JSON(http.StatusInternalServerError, api.NewError(result.Error)) + } + if result.RowsAffected == 0 { + return c.JSON(http.StatusNotFound, api.NewError(gorm.ErrRecordNotFound)) + } + return c.NoContent(http.StatusNoContent) } // ListRisks godoc // -//@SummaryList linked risks -//@TagsPOAM Items -//@Producejson -//@Paramidpathstringtrue"POAM item ID" -//@Success200{object}GenericDataListResponse[relational.CcfPoamItemRiskLink] -//@Failure400{object}api.Error -//@Failure404{object}api.Error -//@Router/poam-items/{id}/risks [get] +// @Summary List linked risks +// @Tags POAM Items +// @Produce json +// @Param id path string true "POAM item ID" +// @Success 200 {object} GenericDataListResponse[relational.CcfPoamItemRiskLink] +// @Failure 400 {object} api.Error +// @Failure 404 {object} api.Error +// @Router /poam-items/{id}/risks [get] func (h *PoamItemsHandler) ListRisks(c echo.Context) error { -id, err := uuid.Parse(c.Param("id")) -if err != nil { -return c.JSON(http.StatusBadRequest, api.NewError(err)) -} -exists, err := h.itemExists(id) -if err != nil { -return c.JSON(http.StatusInternalServerError, api.NewError(err)) -} -if !exists { -return c.JSON(http.StatusNotFound, api.NewError(gorm.ErrRecordNotFound)) -} -var links []relational.CcfPoamItemRiskLink -h.db.Where("poam_item_id = ?", id).Find(&links) -return c.JSON(http.StatusOK, GenericDataListResponse[relational.CcfPoamItemRiskLink]{Data: links}) + id, err := uuid.Parse(c.Param("id")) + if err != nil { + return c.JSON(http.StatusBadRequest, api.NewError(err)) + } + exists, err := h.itemExists(id) + if err != nil { + return c.JSON(http.StatusInternalServerError, api.NewError(err)) + } + if !exists { + return c.JSON(http.StatusNotFound, api.NewError(gorm.ErrRecordNotFound)) + } + var links []relational.CcfPoamItemRiskLink + h.db.Where("poam_item_id = ?", id).Find(&links) + return c.JSON(http.StatusOK, GenericDataListResponse[relational.CcfPoamItemRiskLink]{Data: links}) } // ListEvidence godoc // -//@SummaryList linked evidence -//@TagsPOAM Items -//@Producejson -//@Paramidpathstringtrue"POAM item ID" -//@Success200{object}GenericDataListResponse[relational.CcfPoamItemEvidenceLink] -//@Failure400{object}api.Error -//@Failure404{object}api.Error -//@Router/poam-items/{id}/evidence [get] +// @Summary List linked evidence +// @Tags POAM Items +// @Produce json +// @Param id path string true "POAM item ID" +// @Success 200 {object} GenericDataListResponse[relational.CcfPoamItemEvidenceLink] +// @Failure 400 {object} api.Error +// @Failure 404 {object} api.Error +// @Router /poam-items/{id}/evidence [get] func (h *PoamItemsHandler) ListEvidence(c echo.Context) error { -id, err := uuid.Parse(c.Param("id")) -if err != nil { -return c.JSON(http.StatusBadRequest, api.NewError(err)) -} -exists, err := h.itemExists(id) -if err != nil { -return c.JSON(http.StatusInternalServerError, api.NewError(err)) -} -if !exists { -return c.JSON(http.StatusNotFound, api.NewError(gorm.ErrRecordNotFound)) -} -var links []relational.CcfPoamItemEvidenceLink -h.db.Where("poam_item_id = ?", id).Find(&links) -return c.JSON(http.StatusOK, GenericDataListResponse[relational.CcfPoamItemEvidenceLink]{Data: links}) + id, err := uuid.Parse(c.Param("id")) + if err != nil { + return c.JSON(http.StatusBadRequest, api.NewError(err)) + } + exists, err := h.itemExists(id) + if err != nil { + return c.JSON(http.StatusInternalServerError, api.NewError(err)) + } + if !exists { + return c.JSON(http.StatusNotFound, api.NewError(gorm.ErrRecordNotFound)) + } + var links []relational.CcfPoamItemEvidenceLink + h.db.Where("poam_item_id = ?", id).Find(&links) + return c.JSON(http.StatusOK, GenericDataListResponse[relational.CcfPoamItemEvidenceLink]{Data: links}) } // ListControls godoc // -//@SummaryList linked controls -//@TagsPOAM Items -//@Producejson -//@Paramidpathstringtrue"POAM item ID" -//@Success200{object}GenericDataListResponse[relational.CcfPoamItemControlLink] -//@Failure400{object}api.Error -//@Failure404{object}api.Error -//@Router/poam-items/{id}/controls [get] +// @Summary List linked controls +// @Tags POAM Items +// @Produce json +// @Param id path string true "POAM item ID" +// @Success 200 {object} GenericDataListResponse[relational.CcfPoamItemControlLink] +// @Failure 400 {object} api.Error +// @Failure 404 {object} api.Error +// @Router /poam-items/{id}/controls [get] func (h *PoamItemsHandler) ListControls(c echo.Context) error { -id, err := uuid.Parse(c.Param("id")) -if err != nil { -return c.JSON(http.StatusBadRequest, api.NewError(err)) -} -exists, err := h.itemExists(id) -if err != nil { -return c.JSON(http.StatusInternalServerError, api.NewError(err)) -} -if !exists { -return c.JSON(http.StatusNotFound, api.NewError(gorm.ErrRecordNotFound)) -} -var links []relational.CcfPoamItemControlLink -h.db.Where("poam_item_id = ?", id).Find(&links) -return c.JSON(http.StatusOK, GenericDataListResponse[relational.CcfPoamItemControlLink]{Data: links}) + id, err := uuid.Parse(c.Param("id")) + if err != nil { + return c.JSON(http.StatusBadRequest, api.NewError(err)) + } + exists, err := h.itemExists(id) + if err != nil { + return c.JSON(http.StatusInternalServerError, api.NewError(err)) + } + if !exists { + return c.JSON(http.StatusNotFound, api.NewError(gorm.ErrRecordNotFound)) + } + var links []relational.CcfPoamItemControlLink + h.db.Where("poam_item_id = ?", id).Find(&links) + return c.JSON(http.StatusOK, GenericDataListResponse[relational.CcfPoamItemControlLink]{Data: links}) } // ListFindings godoc // -//@SummaryList linked findings -//@TagsPOAM Items -//@Producejson -//@Paramidpathstringtrue"POAM item ID" -//@Success200{object}GenericDataListResponse[relational.CcfPoamItemFindingLink] -//@Failure400{object}api.Error -//@Failure404{object}api.Error -//@Router/poam-items/{id}/findings [get] +// @Summary List linked findings +// @Tags POAM Items +// @Produce json +// @Param id path string true "POAM item ID" +// @Success 200 {object} GenericDataListResponse[relational.CcfPoamItemFindingLink] +// @Failure 400 {object} api.Error +// @Failure 404 {object} api.Error +// @Router /poam-items/{id}/findings [get] func (h *PoamItemsHandler) ListFindings(c echo.Context) error { -id, err := uuid.Parse(c.Param("id")) -if err != nil { -return c.JSON(http.StatusBadRequest, api.NewError(err)) -} -exists, err := h.itemExists(id) -if err != nil { -return c.JSON(http.StatusInternalServerError, api.NewError(err)) -} -if !exists { -return c.JSON(http.StatusNotFound, api.NewError(gorm.ErrRecordNotFound)) -} -var links []relational.CcfPoamItemFindingLink -h.db.Where("poam_item_id = ?", id).Find(&links) -return c.JSON(http.StatusOK, GenericDataListResponse[relational.CcfPoamItemFindingLink]{Data: links}) + id, err := uuid.Parse(c.Param("id")) + if err != nil { + return c.JSON(http.StatusBadRequest, api.NewError(err)) + } + exists, err := h.itemExists(id) + if err != nil { + return c.JSON(http.StatusInternalServerError, api.NewError(err)) + } + if !exists { + return c.JSON(http.StatusNotFound, api.NewError(gorm.ErrRecordNotFound)) + } + var links []relational.CcfPoamItemFindingLink + h.db.Where("poam_item_id = ?", id).Find(&links) + return c.JSON(http.StatusOK, GenericDataListResponse[relational.CcfPoamItemFindingLink]{Data: links}) } diff --git a/internal/api/handler/poam_items_integration_test.go b/internal/api/handler/poam_items_integration_test.go index 6629317f..0c0b3f45 100644 --- a/internal/api/handler/poam_items_integration_test.go +++ b/internal/api/handler/poam_items_integration_test.go @@ -38,7 +38,7 @@ func (suite *PoamItemsApiIntegrationSuite) newServer() *api.Server { logger, _ := zap.NewDevelopment() metrics := api.NewMetricsHandler(context.Background(), logger.Sugar()) server := api.NewServer(context.Background(), logger.Sugar(), suite.Config, metrics) - RegisterHandlers(server, logger.Sugar(), suite.DB, suite.Config, nil, nil) + RegisterHandlers(server, logger.Sugar(), suite.DB, suite.Config, nil) return server } @@ -164,7 +164,7 @@ func (suite *PoamItemsApiIntegrationSuite) TestCreate_WithAllLinkTypes() { RiskIDs: []string{riskID.String()}, EvidenceIDs: []string{evidenceID.String()}, FindingIDs: []string{findingID.String()}, - ControlRefs: []controlRef{{CatalogID: catalogID.String(), ControlID: "AC-1"}}, + ControlRefs: []poamControlRef{{CatalogID: catalogID.String(), ControlID: "AC-1"}}, } raw, _ := json.Marshal(body) rec := httptest.NewRecorder() From 6f75d2d029ea71b099167c4759ff9a6610e611f9 Mon Sep 17 00:00:00 2001 From: AKAbdulHanif Date: Mon, 9 Mar 2026 03:14:22 -0400 Subject: [PATCH 16/28] fix(poam): remove invalid GORM check: constraints causing migration failure in all test suites GORM's check: tag generates CHECK (tablename_columnname IN (...)) which is invalid Postgres syntax - Postgres expects just the column name. This caused every integration test suite's MigrateUp to fail with: ERROR: column "ccf_poam_items_status" does not exist (SQLSTATE 42703) Changes: - Remove check: tags from CcfPoamItem.Status, CcfPoamItem.SourceType, and CcfPoamItemMilestone.Status (no other model in the codebase uses check:) - Remove now-unused gorm.io/gorm import from poam_cf.go - Remove BeforeUpdate hook (map-based Updates() bypasses GORM hooks entirely; last_status_change_at is set directly in the handler's updates map instead) - Re-add last_status_change_at to the Update handler's updates map (was removed in previous commit to fix a duplicate-column error, but the BeforeUpdate hook cannot fire on map-based updates so it must be explicit) --- internal/api/handler/poam_items.go | 1 + internal/service/relational/poam_cf.go | 15 +++------------ 2 files changed, 4 insertions(+), 12 deletions(-) diff --git a/internal/api/handler/poam_items.go b/internal/api/handler/poam_items.go index 6ed8f029..02c3df6a 100644 --- a/internal/api/handler/poam_items.go +++ b/internal/api/handler/poam_items.go @@ -352,6 +352,7 @@ func (h *PoamItemsHandler) Update(c echo.Context) error { } if in.Status != nil { updates["status"] = *in.Status + updates["last_status_change_at"] = time.Now().UTC() if *in.Status == "completed" { now := time.Now().UTC() updates["completed_at"] = &now diff --git a/internal/service/relational/poam_cf.go b/internal/service/relational/poam_cf.go index b3414514..668b33b4 100644 --- a/internal/service/relational/poam_cf.go +++ b/internal/service/relational/poam_cf.go @@ -4,7 +4,6 @@ import ( "time" "github.com/google/uuid" - "gorm.io/gorm" ) // CcfPoamItem is the first-class CCF POAM work item, always scoped to an SSP. @@ -15,9 +14,9 @@ type CcfPoamItem struct { SspID uuid.UUID `gorm:"type:uuid;index;not null" json:"sspId"` Title string `gorm:"not null" json:"title"` Description string `gorm:"not null" json:"description"` - Status string `gorm:"type:text;index;not null;check:ccf_poam_items_status IN ('open','in-progress','completed','overdue')" json:"status"` + Status string `gorm:"type:text;index;not null" json:"status"` PrimaryOwnerUserID *uuid.UUID `gorm:"type:uuid;index" json:"primaryOwnerUserId,omitempty"` - SourceType string `gorm:"type:text;not null;default:'manual';check:ccf_poam_items_source_type IN ('risk-promotion','manual','import')" json:"sourceType"` + SourceType string `gorm:"type:text;not null;default:'manual'" json:"sourceType"` PlannedCompletionDate *time.Time `gorm:"index" json:"plannedCompletionDate,omitempty"` CompletedAt *time.Time ` json:"completedAt,omitempty"` CreatedFromRiskID *uuid.UUID `gorm:"type:uuid" json:"createdFromRiskId,omitempty"` @@ -32,14 +31,6 @@ type CcfPoamItem struct { func (CcfPoamItem) TableName() string { return "ccf_poam_items" } -// BeforeUpdate sets LastStatusChangeAt whenever the Status column changes. -func (p *CcfPoamItem) BeforeUpdate(tx *gorm.DB) error { - if tx.Statement.Changed("Status") { - tx.Statement.SetColumn("LastStatusChangeAt", time.Now().UTC()) - } - return nil -} - // CcfPoamItemMilestone is a strong-typed milestone entry for a CcfPoamItem. // Field names follow the Confluence design doc (v15). type CcfPoamItemMilestone struct { @@ -47,7 +38,7 @@ type CcfPoamItemMilestone struct { PoamItemID uuid.UUID `gorm:"type:uuid;index;not null" json:"poamItemId"` Title string `gorm:"not null" json:"title"` Description string ` json:"description"` - Status string `gorm:"type:text;not null;check:ccf_poam_item_milestones_status IN ('planned','completed')" json:"status"` + Status string `gorm:"type:text;not null" json:"status"` ScheduledCompletionDate *time.Time ` json:"scheduledCompletionDate,omitempty"` CompletionDate *time.Time ` json:"completionDate,omitempty"` OrderIndex int `gorm:"not null;default:0" json:"orderIndex"` From 0a5f9b75bbab29fa6f1df84911a5bcfc6f237764 Mon Sep 17 00:00:00 2001 From: AKAbdulHanif Date: Mon, 9 Mar 2026 06:35:06 -0400 Subject: [PATCH 17/28] refactor(poam): introduce DDD service layer; add all link CRUD endpoints MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Extract all DB logic from handler into internal/service/relational/poam/ - models.go: PoamItem, PoamItemMilestone, four link types, status/source constants, BeforeCreate UUID hook, CreateParams, UpdateParams, CreateMilestoneParams, UpdateMilestoneParams, ListFilters, ControlRef - queries.go: ApplyFilters (status, sspId, riskId, deadlineBefore, overdueOnly, ownerRef) - service.go: PoamService with List, Create, GetByID, Update, Delete, EnsureExists, EnsureSSPExists, ListMilestones, AddMilestone, UpdateMilestone, DeleteMilestone, ListRiskLinks, AddRiskLink, DeleteRiskLink, ListEvidenceLinks, AddEvidenceLink, DeleteEvidenceLink, ListControlLinks, AddControlLink, DeleteControlLink, ListFindings, AddFindingLink, DeleteFindingLink - Rewrite handler (poam_items.go) to use service only — zero gorm imports; typed response structs (poamItemResponse, milestoneResponse, link types); @Security OAuth2Password on all Swagger annotations - Add all missing link CRUD endpoints: POST/DELETE /:id/risks/:riskId POST/DELETE /:id/evidence/:evidenceId POST/DELETE /:id/controls (catalogId+controlId path) POST/DELETE /:id/findings/:findingId - Fix check: GORM tag bug (generated invalid Postgres CHECK constraint with tablename_column prefix); remove BeforeUpdate hook (bypassed by map-based Updates()); set last_status_change_at directly in update map - Update migrator.go and tests/migrate.go to use new poam package types - Remove old poam_cf.go from relational package - Rewrite integration tests: use poamsvc types for seeding, correct response struct unmarshalling, idempotent duplicate-link test Sandbox validated: 35/35 tests pass against live Postgres instance --- internal/api/handler/api.go | 154 ++- internal/api/handler/poam_items.go | 1067 ++++++++++++----- .../handler/poam_items_integration_test.go | 332 +++-- internal/service/migrator.go | 25 +- internal/service/relational/poam/models.go | 190 +++ internal/service/relational/poam/queries.go | 54 + internal/service/relational/poam/service.go | 566 +++++++++ internal/service/relational/poam_cf.go | 82 -- internal/tests/migrate.go | 25 +- 9 files changed, 1969 insertions(+), 526 deletions(-) create mode 100644 internal/service/relational/poam/models.go create mode 100644 internal/service/relational/poam/queries.go create mode 100644 internal/service/relational/poam/service.go delete mode 100644 internal/service/relational/poam_cf.go diff --git a/internal/api/handler/api.go b/internal/api/handler/api.go index 2679b99c..644da516 100644 --- a/internal/api/handler/api.go +++ b/internal/api/handler/api.go @@ -1,16 +1,41 @@ package handler import ( + "log" + "github.com/compliance-framework/api/internal/api" + templatehandlers "github.com/compliance-framework/api/internal/api/handler/templates" + "github.com/compliance-framework/api/internal/api/handler/workflows" "github.com/compliance-framework/api/internal/api/middleware" "github.com/compliance-framework/api/internal/config" "github.com/compliance-framework/api/internal/service/digest" - "github.com/compliance-framework/api/internal/service/scheduler" + evidencesvc "github.com/compliance-framework/api/internal/service/relational/evidence" + workflowsvc "github.com/compliance-framework/api/internal/service/relational/workflows" + "github.com/compliance-framework/api/internal/workflow" + "github.com/labstack/echo/v4" "go.uber.org/zap" "gorm.io/gorm" ) -func RegisterHandlers(server *api.Server, logger *zap.SugaredLogger, db *gorm.DB, config *config.Config, digestService *digest.Service, sched scheduler.Scheduler) { +// APIServices contains all services needed by API handlers +type APIServices struct { + EvidenceService *evidencesvc.EvidenceService + RiskEnqueuer evidencesvc.RiskJobEnqueuer + DigestService *digest.Service + WorkflowManager *workflow.Manager + NotificationEnqueuer workflow.NotificationEnqueuer + DAGExecutor *workflow.DAGExecutor +} + +func RegisterHandlers(server *api.Server, logger *zap.SugaredLogger, db *gorm.DB, config *config.Config, services *APIServices) { + if services == nil { + services = &APIServices{} + } + // Default EvidenceService when callers (e.g. test suites) don't provide one. + if services.EvidenceService == nil { + services.EvidenceService = evidencesvc.NewEvidenceService(db, logger, config, services.RiskEnqueuer) + } + healthHandler := NewHealthHandler(logger, db) healthHandler.Register(server.API().Group("/health")) @@ -20,11 +45,33 @@ func RegisterHandlers(server *api.Server, logger *zap.SugaredLogger, db *gorm.DB heartbeatHandler := NewHeartbeatHandler(logger, db) heartbeatHandler.Register(server.API().Group("/agent/heartbeat")) - evidenceHandler := NewEvidenceHandler(logger, db, config) + evidenceHandler := NewEvidenceHandler(logger, services.EvidenceService) evidenceHandler.Register(server.API().Group("/evidence")) poamHandler := NewPoamItemsHandler(logger, db) - poamHandler.Register(server.API().Group("/poam-items")) + poamGroup := server.API().Group("/poam-items") + poamGroup.Use(middleware.JWTMiddleware(config.JWTPublicKey)) + poamHandler.Register(poamGroup) + + riskHandler := NewRiskHandler(logger, db) + riskGroup := server.API().Group("/risks") + riskGroup.Use(middleware.JWTMiddleware(config.JWTPublicKey)) + riskHandler.Register(riskGroup) + + riskTemplateHandler := templatehandlers.NewRiskTemplateHandler(logger, db) + riskTemplateGroup := server.API().Group("/risk-templates") + riskTemplateGroup.Use(middleware.JWTMiddleware(config.JWTPublicKey)) + riskTemplateHandler.Register(riskTemplateGroup) + + subjectTemplateHandler := templatehandlers.NewSubjectTemplateHandler(logger, db) + subjectTemplateGroup := server.API().Group("/subject-templates") + subjectTemplateGroup.Use(middleware.JWTMiddleware(config.JWTPublicKey)) + subjectTemplateHandler.Register(subjectTemplateGroup) + + evidenceTemplateHandler := templatehandlers.NewEvidenceTemplateHandler(logger, db) + evidenceTemplateGroup := server.API().Group("/evidence-templates") + evidenceTemplateGroup.Use(middleware.JWTMiddleware(config.JWTPublicKey)) + evidenceTemplateHandler.Register(evidenceTemplateGroup) userHandler := NewUserHandler(logger, db) @@ -38,11 +85,106 @@ func RegisterHandlers(server *api.Server, logger *zap.SugaredLogger, db *gorm.DB userHandler.RegisterSelfRoutes(userGroup) // Digest handler (admin only) - if digestService != nil && sched != nil { - digestHandler := NewDigestHandler(digestService, sched, logger) + if services.DigestService != nil { + digestHandler := NewDigestHandler(services.DigestService, logger) digestGroup := server.API().Group("/admin/digest") digestGroup.Use(middleware.JWTMiddleware(config.JWTPublicKey)) digestGroup.Use(middleware.RequireAdminGroups(db, config, logger)) digestHandler.Register(digestGroup) } + + // Register workflow handlers + registerWorkflowHandlers(server, logger, db, config, services.WorkflowManager, services.NotificationEnqueuer, services.DAGExecutor) +} + +// registerWorkflowHandlers registers all workflow-related HTTP handlers with authentication +func registerWorkflowHandlers(server *api.Server, logger *zap.SugaredLogger, db *gorm.DB, config *config.Config, workflowManager *workflow.Manager, notificationEnqueuer workflow.NotificationEnqueuer, dagExecutor *workflow.DAGExecutor) { + // Create workflow group with authentication middleware + workflowGroup := server.API().Group("/workflows") + workflowGroup.Use(middleware.JWTMiddleware(config.JWTPublicKey)) + + // Basic workflow handlers (no manager dependency) + workflowDefinitionHandler := workflows.NewWorkflowDefinitionHandler(logger, db) + workflowDefinitionHandler.Register(workflowGroup.Group("/definitions")) + + workflowStepDefinitionHandler := workflows.NewWorkflowStepDefinitionHandler(logger, db) + workflowStepDefinitionHandler.Register(workflowGroup.Group("/steps")) + + workflowInstanceHandler := workflows.NewWorkflowInstanceHandler(logger, db) + workflowInstanceHandler.Register(workflowGroup.Group("/instances")) + + controlRelationshipHandler := workflows.NewControlRelationshipHandler(logger, db) + controlRelationshipHandler.Register(workflowGroup.Group("/control-relationships")) + + roleAssignmentHandler := workflows.NewRoleAssignmentHandler(logger, db) + roleAssignmentHandler.Register(workflowGroup.Group("/role-assignments")) + + // Handlers that require workflow manager + if workflowManager != nil { + registerWorkflowExecutionHandlers(workflowGroup, logger, db, workflowManager, notificationEnqueuer, dagExecutor) + } +} + +// registerWorkflowExecutionHandlers registers execution-related handlers that require the workflow manager +func registerWorkflowExecutionHandlers(workflowGroup *echo.Group, logger *zap.SugaredLogger, db *gorm.DB, workflowManager *workflow.Manager, notificationEnqueuer workflow.NotificationEnqueuer, dagExecutor *workflow.DAGExecutor) { + roleAssignmentService := workflowsvc.NewRoleAssignmentService(db) + stepExecService := workflowsvc.NewStepExecutionService(db, nil) + assignmentService := workflow.NewAssignmentService(roleAssignmentService, stepExecService, db, logger, notificationEnqueuer) + + // Workflow execution handler + workflowExecutionHandler := workflows.NewWorkflowExecutionHandler(logger, db, workflowManager, assignmentService) + workflowExecutionHandler.Register(workflowGroup.Group("/executions")) + + // Step execution handler with transition service + transitionService := createStepTransitionService(db, logger, notificationEnqueuer, dagExecutor) + stepExecutionHandler := workflows.NewStepExecutionHandler(logger, db, transitionService, assignmentService) + stepExecutionHandler.Register(workflowGroup.Group("/step-executions")) +} + +// createStepTransitionService creates and configures the step transition service with all dependencies +func createStepTransitionService(db *gorm.DB, logger *zap.SugaredLogger, notificationEnqueuer workflow.NotificationEnqueuer, executor *workflow.DAGExecutor) *workflow.StepTransitionService { + // Create services needed for step transition + stepExecService := workflowsvc.NewStepExecutionService(db, nil) + stepDefService := workflowsvc.NewWorkflowStepDefinitionService(db) + workflowExecService := workflowsvc.NewWorkflowExecutionService(db) + workflowInstanceService := workflowsvc.NewWorkflowInstanceService(db) + workflowDefinitionService := workflowsvc.NewWorkflowDefinitionService(db) + roleAssignmentService := workflowsvc.NewRoleAssignmentService(db) + + // Create assignment service + assignmentService := workflow.NewAssignmentService(roleAssignmentService, stepExecService, db, logger, notificationEnqueuer) + + // Create evidence integration for step evidence storage + evidenceIntegration := workflow.NewEvidenceIntegration(db, logger) + + // Set evidence creator on services + stepExecService.SetEvidenceCreator(evidenceIntegration) + workflowExecService.SetEvidenceCreator(evidenceIntegration) + + // Use the shared executor from the worker service when available so that there is exactly + // one DAGExecutor instance (consistent logger, notifications, and evidence integration). + // Fall back to constructing a local executor when the worker is disabled (executor == nil). + if executor == nil { + executor = workflow.NewDAGExecutor( + stepExecService, + workflowExecService, + stepDefService, + assignmentService, + log.Default(), + notificationEnqueuer, + ) + } + + // Create and return step transition service + return workflow.NewStepTransitionService( + stepExecService, + stepDefService, + workflowExecService, + roleAssignmentService, + workflowInstanceService, + workflowDefinitionService, + executor, + db, + evidenceIntegration, + ) } diff --git a/internal/api/handler/poam_items.go b/internal/api/handler/poam_items.go index 02c3df6a..eff40588 100644 --- a/internal/api/handler/poam_items.go +++ b/internal/api/handler/poam_items.go @@ -1,42 +1,69 @@ package handler import ( + "errors" + "fmt" "net/http" "time" "github.com/compliance-framework/api/internal/api" - "github.com/compliance-framework/api/internal/service/relational" + poamsvc "github.com/compliance-framework/api/internal/service/relational/poam" "github.com/google/uuid" "github.com/labstack/echo/v4" "go.uber.org/zap" "gorm.io/gorm" ) +// PoamItemsHandler handles all HTTP operations for POAM items and their +// sub-resources. It delegates all persistence to PoamService and contains no +// direct database access. type PoamItemsHandler struct { - db *gorm.DB - sugar *zap.SugaredLogger + poamService *poamsvc.PoamService + sugar *zap.SugaredLogger } +// NewPoamItemsHandler constructs a PoamItemsHandler backed by the given db. func NewPoamItemsHandler(logger *zap.SugaredLogger, db *gorm.DB) *PoamItemsHandler { - return &PoamItemsHandler{db: db, sugar: logger} + return &PoamItemsHandler{ + poamService: poamsvc.NewPoamService(db), + sugar: logger, + } } +// Register mounts all POAM item routes onto the given Echo group. func (h *PoamItemsHandler) Register(g *echo.Group) { g.GET("", h.List) g.POST("", h.Create) g.GET("/:id", h.Get) g.PUT("/:id", h.Update) g.DELETE("/:id", h.Delete) + g.GET("/:id/milestones", h.ListMilestones) g.POST("/:id/milestones", h.AddMilestone) g.PUT("/:id/milestones/:milestoneId", h.UpdateMilestone) g.DELETE("/:id/milestones/:milestoneId", h.DeleteMilestone) + g.GET("/:id/risks", h.ListRisks) + g.POST("/:id/risks", h.AddRiskLink) + g.DELETE("/:id/risks/:riskId", h.DeleteRiskLink) + g.GET("/:id/evidence", h.ListEvidence) + g.POST("/:id/evidence", h.AddEvidenceLink) + g.DELETE("/:id/evidence/:evidenceId", h.DeleteEvidenceLink) + g.GET("/:id/controls", h.ListControls) + g.POST("/:id/controls", h.AddControlLink) + g.DELETE("/:id/controls/:catalogId/:controlId", h.DeleteControlLink) + g.GET("/:id/findings", h.ListFindings) + g.POST("/:id/findings", h.AddFindingLink) + g.DELETE("/:id/findings/:findingId", h.DeleteFindingLink) } +// --------------------------------------------------------------------------- +// Request / response types +// --------------------------------------------------------------------------- + type createMilestoneRequest struct { Title string `json:"title"` Description string `json:"description"` @@ -45,6 +72,14 @@ type createMilestoneRequest struct { OrderIndex int `json:"orderIndex"` } +type updateMilestoneRequest struct { + Title *string `json:"title"` + Description *string `json:"description"` + Status *string `json:"status"` + ScheduledCompletionDate *time.Time `json:"scheduledCompletionDate"` + OrderIndex *int `json:"orderIndex"` +} + type poamControlRef struct { CatalogID string `json:"catalogId"` ControlID string `json:"controlId"` @@ -77,28 +112,116 @@ type updatePoamRequest struct { AcceptanceRationale *string `json:"acceptanceRationale"` } -type updateMilestoneRequest struct { - Title *string `json:"title"` - Description *string `json:"description"` - Status *string `json:"status"` - ScheduledCompletionDate *time.Time `json:"scheduledCompletionDate"` - OrderIndex *int `json:"orderIndex"` +type addLinkRequest struct { + ID string `json:"id"` } -type PoamItemResponse struct { - relational.CcfPoamItem - RiskLinks []relational.CcfPoamItemRiskLink `json:"riskLinks"` - EvidenceLinks []relational.CcfPoamItemEvidenceLink `json:"evidenceLinks"` - ControlLinks []relational.CcfPoamItemControlLink `json:"controlLinks"` - FindingLinks []relational.CcfPoamItemFindingLink `json:"findingLinks"` +type poamAddControlLinkRequest struct { + CatalogID string `json:"catalogId"` + ControlID string `json:"controlId"` } -func (h *PoamItemsHandler) itemExists(id uuid.UUID) (bool, error) { - var count int64 - err := h.db.Model(&relational.CcfPoamItem{}).Where("id = ?", id).Count(&count).Error - return count > 0, err +// poamItemResponse is the typed API response for a POAM item. It avoids +// embedding the raw GORM model directly in the HTTP layer. +type poamItemResponse struct { + ID uuid.UUID `json:"id"` + CreatedAt time.Time `json:"createdAt"` + UpdatedAt time.Time `json:"updatedAt"` + SspID uuid.UUID `json:"sspId"` + Title string `json:"title"` + Description string `json:"description"` + Status string `json:"status"` + SourceType string `json:"sourceType"` + PrimaryOwnerUserID *uuid.UUID `json:"primaryOwnerUserId,omitempty"` + PlannedCompletionDate *time.Time `json:"plannedCompletionDate,omitempty"` + CompletedAt *time.Time `json:"completedAt,omitempty"` + CreatedFromRiskID *uuid.UUID `json:"createdFromRiskId,omitempty"` + AcceptanceRationale *string `json:"acceptanceRationale,omitempty"` + LastStatusChangeAt time.Time `json:"lastStatusChangeAt"` + Milestones []poamMilestoneResponse `json:"milestones"` + RiskLinks []poamsvc.PoamItemRiskLink `json:"riskLinks"` + EvidenceLinks []poamsvc.PoamItemEvidenceLink `json:"evidenceLinks"` + ControlLinks []poamsvc.PoamItemControlLink `json:"controlLinks"` + FindingLinks []poamsvc.PoamItemFindingLink `json:"findingLinks"` } +// poamMilestoneResponse is the typed API response for a POAM milestone. +type poamMilestoneResponse struct { + ID uuid.UUID `json:"id"` + CreatedAt time.Time `json:"createdAt"` + UpdatedAt time.Time `json:"updatedAt"` + PoamItemID uuid.UUID `json:"poamItemId"` + Title string `json:"title"` + Description string `json:"description"` + Status string `json:"status"` + ScheduledCompletionDate *time.Time `json:"scheduledCompletionDate,omitempty"` + CompletionDate *time.Time `json:"completionDate,omitempty"` + OrderIndex int `json:"orderIndex"` +} + +// --------------------------------------------------------------------------- +// Mapping helpers +// --------------------------------------------------------------------------- + +func mapPoamItemToResponse(item *poamsvc.PoamItem, riskLinks []poamsvc.PoamItemRiskLink, evidenceLinks []poamsvc.PoamItemEvidenceLink, controlLinks []poamsvc.PoamItemControlLink, findingLinks []poamsvc.PoamItemFindingLink) poamItemResponse { + milestones := make([]poamMilestoneResponse, 0, len(item.Milestones)) + for _, m := range item.Milestones { + milestones = append(milestones, mapMilestoneToResponse(&m)) + } + if riskLinks == nil { + riskLinks = []poamsvc.PoamItemRiskLink{} + } + if evidenceLinks == nil { + evidenceLinks = []poamsvc.PoamItemEvidenceLink{} + } + if controlLinks == nil { + controlLinks = []poamsvc.PoamItemControlLink{} + } + if findingLinks == nil { + findingLinks = []poamsvc.PoamItemFindingLink{} + } + return poamItemResponse{ + ID: item.ID, + CreatedAt: item.CreatedAt, + UpdatedAt: item.UpdatedAt, + SspID: item.SspID, + Title: item.Title, + Description: item.Description, + Status: item.Status, + SourceType: item.SourceType, + PrimaryOwnerUserID: item.PrimaryOwnerUserID, + PlannedCompletionDate: item.PlannedCompletionDate, + CompletedAt: item.CompletedAt, + CreatedFromRiskID: item.CreatedFromRiskID, + AcceptanceRationale: item.AcceptanceRationale, + LastStatusChangeAt: item.LastStatusChangeAt, + Milestones: milestones, + RiskLinks: riskLinks, + EvidenceLinks: evidenceLinks, + ControlLinks: controlLinks, + FindingLinks: findingLinks, + } +} + +func mapMilestoneToResponse(m *poamsvc.PoamItemMilestone) poamMilestoneResponse { + return poamMilestoneResponse{ + ID: m.ID, + CreatedAt: m.CreatedAt, + UpdatedAt: m.UpdatedAt, + PoamItemID: m.PoamItemID, + Title: m.Title, + Description: m.Description, + Status: m.Status, + ScheduledCompletionDate: m.ScheduledCompletionDate, + CompletionDate: m.CompletionDate, + OrderIndex: m.OrderIndex, + } +} + +// --------------------------------------------------------------------------- +// POAM item handlers +// --------------------------------------------------------------------------- + // Create godoc // // @Summary Create a POAM item @@ -107,119 +230,107 @@ func (h *PoamItemsHandler) itemExists(id uuid.UUID) (bool, error) { // @Accept json // @Produce json // @Param body body createPoamRequest true "POAM item payload" -// @Success 201 {object} GenericDataResponse[relational.CcfPoamItem] +// @Success 201 {object} GenericDataResponse[poamItemResponse] // @Failure 400 {object} api.Error +// @Failure 404 {object} api.Error // @Failure 500 {object} api.Error +// @Security OAuth2Password // @Router /poam-items [post] func (h *PoamItemsHandler) Create(c echo.Context) error { var in createPoamRequest if err := c.Bind(&in); err != nil { return c.JSON(http.StatusBadRequest, api.NewError(err)) } + if in.Title == "" { + return c.JSON(http.StatusBadRequest, api.NewError(fmt.Errorf("title is required"))) + } sspID, err := uuid.Parse(in.SspID) if err != nil { - return c.JSON(http.StatusBadRequest, api.NewError(err)) + return c.JSON(http.StatusBadRequest, api.NewError(fmt.Errorf("sspId must be a valid UUID"))) } - sourceType := in.SourceType - if sourceType == "" { - sourceType = "manual" + if err := h.poamService.EnsureSSPExists(sspID); err != nil { + if errors.Is(err, gorm.ErrRecordNotFound) { + return c.JSON(http.StatusNotFound, api.NewError(fmt.Errorf("ssp not found"))) + } + return h.internalError(c, "failed to validate ssp", err) } - item := relational.CcfPoamItem{ - ID: uuid.New(), + + params := poamsvc.CreatePoamItemParams{ SspID: sspID, Title: in.Title, Description: in.Description, Status: in.Status, - SourceType: sourceType, + SourceType: in.SourceType, PlannedCompletionDate: in.PlannedCompletionDate, AcceptanceRationale: in.AcceptanceRationale, - LastStatusChangeAt: time.Now().UTC(), } + if in.PrimaryOwnerUserID != nil { ownerID, err := uuid.Parse(*in.PrimaryOwnerUserID) if err != nil { - return c.JSON(http.StatusBadRequest, api.NewError(err)) + return c.JSON(http.StatusBadRequest, api.NewError(fmt.Errorf("primaryOwnerUserId must be a valid UUID"))) } - item.PrimaryOwnerUserID = &ownerID + params.PrimaryOwnerUserID = &ownerID } if in.CreatedFromRiskID != nil { riskID, err := uuid.Parse(*in.CreatedFromRiskID) if err != nil { - return c.JSON(http.StatusBadRequest, api.NewError(err)) + return c.JSON(http.StatusBadRequest, api.NewError(fmt.Errorf("createdFromRiskId must be a valid UUID"))) } - item.CreatedFromRiskID = &riskID + params.CreatedFromRiskID = &riskID } - err = h.db.Transaction(func(tx *gorm.DB) error { - if err := tx.Create(&item).Error; err != nil { - return err - } - for i, m := range in.Milestones { - orderIdx := m.OrderIndex - if orderIdx == 0 { - orderIdx = i - } - ms := relational.CcfPoamItemMilestone{ - ID: uuid.New(), - PoamItemID: item.ID, - Title: m.Title, - Description: m.Description, - Status: m.Status, - ScheduledCompletionDate: m.ScheduledCompletionDate, - OrderIndex: orderIdx, - } - if err := tx.Create(&ms).Error; err != nil { - return err - } - } - for _, rid := range in.RiskIDs { - ruuid, err := uuid.Parse(rid) - if err != nil { - return err - } - if err := tx.Create(&relational.CcfPoamItemRiskLink{PoamItemID: item.ID, RiskID: ruuid}).Error; err != nil { - return err - } + + for _, rid := range in.RiskIDs { + ruuid, err := uuid.Parse(rid) + if err != nil { + return c.JSON(http.StatusBadRequest, api.NewError(fmt.Errorf("riskIds contains invalid UUID: %s", rid))) } - for _, eid := range in.EvidenceIDs { - euuid, err := uuid.Parse(eid) - if err != nil { - return err - } - if err := tx.Create(&relational.CcfPoamItemEvidenceLink{PoamItemID: item.ID, EvidenceID: euuid}).Error; err != nil { - return err - } + params.RiskIDs = append(params.RiskIDs, ruuid) + } + for _, eid := range in.EvidenceIDs { + euuid, err := uuid.Parse(eid) + if err != nil { + return c.JSON(http.StatusBadRequest, api.NewError(fmt.Errorf("evidenceIds contains invalid UUID: %s", eid))) } - for _, cr := range in.ControlRefs { - catID, err := uuid.Parse(cr.CatalogID) - if err != nil { - return err - } - if err := tx.Create(&relational.CcfPoamItemControlLink{ - PoamItemID: item.ID, - CatalogID: catID, - ControlID: cr.ControlID, - }).Error; err != nil { - return err - } + params.EvidenceIDs = append(params.EvidenceIDs, euuid) + } + for _, cr := range in.ControlRefs { + catID, err := uuid.Parse(cr.CatalogID) + if err != nil { + return c.JSON(http.StatusBadRequest, api.NewError(fmt.Errorf("controlRefs contains invalid catalogId: %s", cr.CatalogID))) } - for _, fid := range in.FindingIDs { - fuuid, err := uuid.Parse(fid) - if err != nil { - return err - } - if err := tx.Create(&relational.CcfPoamItemFindingLink{PoamItemID: item.ID, FindingID: fuuid}).Error; err != nil { - return err - } + params.ControlRefs = append(params.ControlRefs, poamsvc.ControlRef{CatalogID: catID, ControlID: cr.ControlID}) + } + for _, fid := range in.FindingIDs { + fuuid, err := uuid.Parse(fid) + if err != nil { + return c.JSON(http.StatusBadRequest, api.NewError(fmt.Errorf("findingIds contains invalid UUID: %s", fid))) } - return nil - }) + params.FindingIDs = append(params.FindingIDs, fuuid) + } + for _, m := range in.Milestones { + params.Milestones = append(params.Milestones, poamsvc.CreateMilestoneParams{ + Title: m.Title, + Description: m.Description, + Status: m.Status, + ScheduledCompletionDate: m.ScheduledCompletionDate, + OrderIndex: m.OrderIndex, + }) + } + + item, err := h.poamService.Create(params) if err != nil { - return c.JSON(http.StatusInternalServerError, api.NewError(err)) + return h.internalError(c, "failed to create poam item", err) } - h.db.Preload("Milestones", func(db *gorm.DB) *gorm.DB { - return db.Order("order_index ASC") - }).First(&item, "id = ?", item.ID) - return c.JSON(http.StatusCreated, GenericDataResponse[relational.CcfPoamItem]{Data: item}) + + riskLinks, _ := h.poamService.ListRiskLinks(item.ID) + evidenceLinks, _ := h.poamService.ListEvidenceLinks(item.ID) + controlLinks, _ := h.poamService.ListControlLinks(item.ID) + findingLinks, _ := h.poamService.ListFindingLinks(item.ID) + + return c.JSON(http.StatusCreated, GenericDataResponse[poamItemResponse]{ + Data: mapPoamItemToResponse(item, riskLinks, evidenceLinks, controlLinks, findingLinks), + }) } // List godoc @@ -231,46 +342,53 @@ func (h *PoamItemsHandler) Create(c echo.Context) error { // @Param status query string false "open|in-progress|completed|overdue" // @Param sspId query string false "SSP UUID" // @Param riskId query string false "Risk UUID" -// @Param dueBefore query string false "RFC3339 timestamp" -// @Param overdueOnly query bool false "true — items past planned_completion_date" +// @Param dueBefore query string false "RFC3339 timestamp — items with planned_completion_date before this value" +// @Param overdueOnly query bool false "true — items past planned_completion_date and not yet completed" // @Param ownerRef query string false "UUID of primary_owner_user_id" -// @Success 200 {object} GenericDataListResponse[relational.CcfPoamItem] +// @Success 200 {object} GenericDataListResponse[poamItemResponse] // @Failure 500 {object} api.Error +// @Security OAuth2Password // @Router /poam-items [get] func (h *PoamItemsHandler) List(c echo.Context) error { - var items []relational.CcfPoamItem - q := h.db.Model(&relational.CcfPoamItem{}) + filters := poamsvc.ListFilters{} + if v := c.QueryParam("status"); v != "" { - q = q.Where("status = ?", v) + filters.Status = &v } if v := c.QueryParam("sspId"); v != "" { if id, err := uuid.Parse(v); err == nil { - q = q.Where("ssp_id = ?", id) + filters.SspID = &id } } if v := c.QueryParam("ownerRef"); v != "" { if id, err := uuid.Parse(v); err == nil { - q = q.Where("primary_owner_user_id = ?", id) + filters.OwnerRef = &id } } if v := c.QueryParam("dueBefore"); v != "" { if t, err := time.Parse(time.RFC3339, v); err == nil { - q = q.Where("planned_completion_date IS NOT NULL AND planned_completion_date < ?", t) + filters.DueBefore = &t } } if c.QueryParam("overdueOnly") == "true" { - now := time.Now().UTC() - q = q.Where("status IN ('open','in-progress') AND planned_completion_date IS NOT NULL AND planned_completion_date < ?", now) + filters.OverdueOnly = true } if v := c.QueryParam("riskId"); v != "" { if id, err := uuid.Parse(v); err == nil { - q = q.Joins("JOIN ccf_poam_item_risk_links rl ON rl.poam_item_id = ccf_poam_items.id AND rl.risk_id = ?", id) + filters.RiskID = &id } } - if err := q.Find(&items).Error; err != nil { - return c.JSON(http.StatusInternalServerError, api.NewError(err)) + + items, err := h.poamService.List(filters) + if err != nil { + return h.internalError(c, "failed to list poam items", err) } - return c.JSON(http.StatusOK, GenericDataListResponse[relational.CcfPoamItem]{Data: items}) + + resp := make([]poamItemResponse, 0, len(items)) + for i := range items { + resp = append(resp, mapPoamItemToResponse(&items[i], nil, nil, nil, nil)) + } + return c.JSON(http.StatusOK, GenericDataListResponse[poamItemResponse]{Data: resp}) } // Get godoc @@ -280,108 +398,93 @@ func (h *PoamItemsHandler) List(c echo.Context) error { // @Tags POAM Items // @Produce json // @Param id path string true "POAM item ID" -// @Success 200 {object} GenericDataResponse[PoamItemResponse] +// @Success 200 {object} GenericDataResponse[poamItemResponse] // @Failure 400 {object} api.Error // @Failure 404 {object} api.Error +// @Security OAuth2Password // @Router /poam-items/{id} [get] func (h *PoamItemsHandler) Get(c echo.Context) error { id, err := uuid.Parse(c.Param("id")) if err != nil { return c.JSON(http.StatusBadRequest, api.NewError(err)) } - var item relational.CcfPoamItem - if err := h.db.Preload("Milestones", func(db *gorm.DB) *gorm.DB { - return db.Order("order_index ASC") - }).First(&item, "id = ?", id).Error; err != nil { - return c.JSON(http.StatusNotFound, api.NewError(err)) - } - var riskLinks []relational.CcfPoamItemRiskLink - h.db.Where("poam_item_id = ?", id).Find(&riskLinks) - var evidenceLinks []relational.CcfPoamItemEvidenceLink - h.db.Where("poam_item_id = ?", id).Find(&evidenceLinks) - var controlLinks []relational.CcfPoamItemControlLink - h.db.Where("poam_item_id = ?", id).Find(&controlLinks) - var findingLinks []relational.CcfPoamItemFindingLink - h.db.Where("poam_item_id = ?", id).Find(&findingLinks) - resp := PoamItemResponse{ - CcfPoamItem: item, - RiskLinks: riskLinks, - EvidenceLinks: evidenceLinks, - ControlLinks: controlLinks, - FindingLinks: findingLinks, + + item, err := h.poamService.GetByID(id) + if err != nil { + if errors.Is(err, gorm.ErrRecordNotFound) { + return c.JSON(http.StatusNotFound, api.NewError(err)) + } + return h.internalError(c, "failed to get poam item", err) } - return c.JSON(http.StatusOK, GenericDataResponse[PoamItemResponse]{Data: resp}) + + riskLinks, _ := h.poamService.ListRiskLinks(id) + evidenceLinks, _ := h.poamService.ListEvidenceLinks(id) + controlLinks, _ := h.poamService.ListControlLinks(id) + findingLinks, _ := h.poamService.ListFindingLinks(id) + + return c.JSON(http.StatusOK, GenericDataResponse[poamItemResponse]{ + Data: mapPoamItemToResponse(item, riskLinks, evidenceLinks, controlLinks, findingLinks), + }) } // Update godoc // // @Summary Update POAM item -// @Description Update scalar fields of a POAM item. Setting status to 'completed' automatically sets completed_at. +// @Description Update scalar fields of a POAM item. Setting status to 'completed' automatically sets completed_at and last_status_change_at. // @Tags POAM Items // @Accept json // @Produce json // @Param id path string true "POAM item ID" // @Param body body updatePoamRequest true "Fields to update" -// @Success 200 {object} GenericDataResponse[relational.CcfPoamItem] +// @Success 200 {object} GenericDataResponse[poamItemResponse] // @Failure 400 {object} api.Error // @Failure 404 {object} api.Error // @Failure 500 {object} api.Error +// @Security OAuth2Password // @Router /poam-items/{id} [put] func (h *PoamItemsHandler) Update(c echo.Context) error { id, err := uuid.Parse(c.Param("id")) if err != nil { return c.JSON(http.StatusBadRequest, api.NewError(err)) } - exists, err := h.itemExists(id) - if err != nil { - return c.JSON(http.StatusInternalServerError, api.NewError(err)) - } - if !exists { - return c.JSON(http.StatusNotFound, api.NewError(gorm.ErrRecordNotFound)) - } + var in updatePoamRequest if err := c.Bind(&in); err != nil { return c.JSON(http.StatusBadRequest, api.NewError(err)) } - updates := map[string]interface{}{} - if in.Title != nil { - updates["title"] = *in.Title - } - if in.Description != nil { - updates["description"] = *in.Description - } - if in.Status != nil { - updates["status"] = *in.Status - updates["last_status_change_at"] = time.Now().UTC() - if *in.Status == "completed" { - now := time.Now().UTC() - updates["completed_at"] = &now - } + + params := poamsvc.UpdatePoamItemParams{ + Title: in.Title, + Description: in.Description, + Status: in.Status, + PlannedCompletionDate: in.PlannedCompletionDate, + CompletedAt: in.CompletedAt, + AcceptanceRationale: in.AcceptanceRationale, } if in.PrimaryOwnerUserID != nil { ownerID, err := uuid.Parse(*in.PrimaryOwnerUserID) if err != nil { - return c.JSON(http.StatusBadRequest, api.NewError(err)) + return c.JSON(http.StatusBadRequest, api.NewError(fmt.Errorf("primaryOwnerUserId must be a valid UUID"))) } - updates["primary_owner_user_id"] = ownerID - } - if in.PlannedCompletionDate != nil { - updates["planned_completion_date"] = in.PlannedCompletionDate + params.PrimaryOwnerUserID = &ownerID } - if in.CompletedAt != nil { - updates["completed_at"] = in.CompletedAt - } - if in.AcceptanceRationale != nil { - updates["acceptance_rationale"] = *in.AcceptanceRationale - } - if err := h.db.Model(&relational.CcfPoamItem{}).Where("id = ?", id).Updates(updates).Error; err != nil { - return c.JSON(http.StatusInternalServerError, api.NewError(err)) + + item, err := h.poamService.Update(id, params) + if err != nil { + if errors.Is(err, gorm.ErrRecordNotFound) { + return c.JSON(http.StatusNotFound, api.NewError(err)) + } + return h.internalError(c, "failed to update poam item", err) } - var out relational.CcfPoamItem - h.db.Preload("Milestones", func(db *gorm.DB) *gorm.DB { - return db.Order("order_index ASC") - }).First(&out, "id = ?", id) - return c.JSON(http.StatusOK, GenericDataResponse[relational.CcfPoamItem]{Data: out}) + + riskLinks, _ := h.poamService.ListRiskLinks(id) + evidenceLinks, _ := h.poamService.ListEvidenceLinks(id) + controlLinks, _ := h.poamService.ListControlLinks(id) + findingLinks, _ := h.poamService.ListFindingLinks(id) + + return c.JSON(http.StatusOK, GenericDataResponse[poamItemResponse]{ + Data: mapPoamItemToResponse(item, riskLinks, evidenceLinks, controlLinks, findingLinks), + }) } // Delete godoc @@ -394,43 +497,27 @@ func (h *PoamItemsHandler) Update(c echo.Context) error { // @Failure 400 {object} api.Error // @Failure 404 {object} api.Error // @Failure 500 {object} api.Error +// @Security OAuth2Password // @Router /poam-items/{id} [delete] func (h *PoamItemsHandler) Delete(c echo.Context) error { id, err := uuid.Parse(c.Param("id")) if err != nil { return c.JSON(http.StatusBadRequest, api.NewError(err)) } - exists, err := h.itemExists(id) - if err != nil { - return c.JSON(http.StatusInternalServerError, api.NewError(err)) - } - if !exists { - return c.JSON(http.StatusNotFound, api.NewError(gorm.ErrRecordNotFound)) - } - err = h.db.Transaction(func(tx *gorm.DB) error { - if err := tx.Where("poam_item_id = ?", id).Delete(&relational.CcfPoamItemRiskLink{}).Error; err != nil { - return err - } - if err := tx.Where("poam_item_id = ?", id).Delete(&relational.CcfPoamItemEvidenceLink{}).Error; err != nil { - return err - } - if err := tx.Where("poam_item_id = ?", id).Delete(&relational.CcfPoamItemControlLink{}).Error; err != nil { - return err - } - if err := tx.Where("poam_item_id = ?", id).Delete(&relational.CcfPoamItemFindingLink{}).Error; err != nil { - return err - } - if err := tx.Where("poam_item_id = ?", id).Delete(&relational.CcfPoamItemMilestone{}).Error; err != nil { - return err + + if err := h.poamService.Delete(id); err != nil { + if errors.Is(err, gorm.ErrRecordNotFound) { + return c.JSON(http.StatusNotFound, api.NewError(err)) } - return tx.Delete(&relational.CcfPoamItem{}, "id = ?", id).Error - }) - if err != nil { - return c.JSON(http.StatusInternalServerError, api.NewError(err)) + return h.internalError(c, "failed to delete poam item", err) } return c.NoContent(http.StatusNoContent) } +// --------------------------------------------------------------------------- +// Milestone handlers +// --------------------------------------------------------------------------- + // ListMilestones godoc // // @Summary List milestones @@ -438,28 +525,34 @@ func (h *PoamItemsHandler) Delete(c echo.Context) error { // @Tags POAM Items // @Produce json // @Param id path string true "POAM item ID" -// @Success 200 {object} GenericDataListResponse[relational.CcfPoamItemMilestone] +// @Success 200 {object} GenericDataListResponse[poamMilestoneResponse] // @Failure 400 {object} api.Error // @Failure 404 {object} api.Error // @Failure 500 {object} api.Error +// @Security OAuth2Password // @Router /poam-items/{id}/milestones [get] func (h *PoamItemsHandler) ListMilestones(c echo.Context) error { id, err := uuid.Parse(c.Param("id")) if err != nil { return c.JSON(http.StatusBadRequest, api.NewError(err)) } - exists, err := h.itemExists(id) - if err != nil { - return c.JSON(http.StatusInternalServerError, api.NewError(err)) + if err := h.poamService.EnsureExists(id); err != nil { + if errors.Is(err, gorm.ErrRecordNotFound) { + return c.JSON(http.StatusNotFound, api.NewError(err)) + } + return h.internalError(c, "failed to validate poam item", err) } - if !exists { - return c.JSON(http.StatusNotFound, api.NewError(gorm.ErrRecordNotFound)) + + milestones, err := h.poamService.ListMilestones(id) + if err != nil { + return h.internalError(c, "failed to list milestones", err) } - var ms []relational.CcfPoamItemMilestone - if err := h.db.Where("poam_item_id = ?", id).Order("order_index ASC").Find(&ms).Error; err != nil { - return c.JSON(http.StatusInternalServerError, api.NewError(err)) + + resp := make([]poamMilestoneResponse, 0, len(milestones)) + for i := range milestones { + resp = append(resp, mapMilestoneToResponse(&milestones[i])) } - return c.JSON(http.StatusOK, GenericDataListResponse[relational.CcfPoamItemMilestone]{Data: ms}) + return c.JSON(http.StatusOK, GenericDataListResponse[poamMilestoneResponse]{Data: resp}) } // AddMilestone godoc @@ -471,40 +564,43 @@ func (h *PoamItemsHandler) ListMilestones(c echo.Context) error { // @Produce json // @Param id path string true "POAM item ID" // @Param body body createMilestoneRequest true "Milestone payload" -// @Success 201 {object} GenericDataResponse[relational.CcfPoamItemMilestone] +// @Success 201 {object} GenericDataResponse[poamMilestoneResponse] // @Failure 400 {object} api.Error // @Failure 404 {object} api.Error // @Failure 500 {object} api.Error +// @Security OAuth2Password // @Router /poam-items/{id}/milestones [post] func (h *PoamItemsHandler) AddMilestone(c echo.Context) error { id, err := uuid.Parse(c.Param("id")) if err != nil { return c.JSON(http.StatusBadRequest, api.NewError(err)) } - exists, err := h.itemExists(id) - if err != nil { - return c.JSON(http.StatusInternalServerError, api.NewError(err)) - } - if !exists { - return c.JSON(http.StatusNotFound, api.NewError(gorm.ErrRecordNotFound)) + if err := h.poamService.EnsureExists(id); err != nil { + if errors.Is(err, gorm.ErrRecordNotFound) { + return c.JSON(http.StatusNotFound, api.NewError(err)) + } + return h.internalError(c, "failed to validate poam item", err) } + var in createMilestoneRequest if err := c.Bind(&in); err != nil { return c.JSON(http.StatusBadRequest, api.NewError(err)) } - m := relational.CcfPoamItemMilestone{ - ID: uuid.New(), - PoamItemID: id, + if in.Title == "" { + return c.JSON(http.StatusBadRequest, api.NewError(fmt.Errorf("title is required"))) + } + + m, err := h.poamService.AddMilestone(id, poamsvc.CreateMilestoneParams{ Title: in.Title, Description: in.Description, Status: in.Status, ScheduledCompletionDate: in.ScheduledCompletionDate, OrderIndex: in.OrderIndex, + }) + if err != nil { + return h.internalError(c, "failed to add milestone", err) } - if err := h.db.Create(&m).Error; err != nil { - return c.JSON(http.StatusInternalServerError, api.NewError(err)) - } - return c.JSON(http.StatusCreated, GenericDataResponse[relational.CcfPoamItemMilestone]{Data: m}) + return c.JSON(http.StatusCreated, GenericDataResponse[poamMilestoneResponse]{Data: mapMilestoneToResponse(m)}) } // UpdateMilestone godoc @@ -517,10 +613,11 @@ func (h *PoamItemsHandler) AddMilestone(c echo.Context) error { // @Param id path string true "POAM item ID" // @Param milestoneId path string true "Milestone ID" // @Param body body updateMilestoneRequest true "Fields to update" -// @Success 200 {object} GenericDataResponse[relational.CcfPoamItemMilestone] +// @Success 200 {object} GenericDataResponse[poamMilestoneResponse] // @Failure 400 {object} api.Error // @Failure 404 {object} api.Error // @Failure 500 {object} api.Error +// @Security OAuth2Password // @Router /poam-items/{id}/milestones/{milestoneId} [put] func (h *PoamItemsHandler) UpdateMilestone(c echo.Context) error { id, err := uuid.Parse(c.Param("id")) @@ -531,55 +628,40 @@ func (h *PoamItemsHandler) UpdateMilestone(c echo.Context) error { if err != nil { return c.JSON(http.StatusBadRequest, api.NewError(err)) } + var in updateMilestoneRequest if err := c.Bind(&in); err != nil { return c.JSON(http.StatusBadRequest, api.NewError(err)) } - updates := map[string]interface{}{} - if in.Title != nil { - updates["title"] = *in.Title - } - if in.Description != nil { - updates["description"] = *in.Description - } - if in.Status != nil { - updates["status"] = *in.Status - if *in.Status == "completed" { - now := time.Now().UTC() - updates["completion_date"] = &now + + m, err := h.poamService.UpdateMilestone(id, mid, poamsvc.UpdateMilestoneParams{ + Title: in.Title, + Description: in.Description, + Status: in.Status, + ScheduledCompletionDate: in.ScheduledCompletionDate, + OrderIndex: in.OrderIndex, + }) + if err != nil { + if errors.Is(err, gorm.ErrRecordNotFound) { + return c.JSON(http.StatusNotFound, api.NewError(err)) } + return h.internalError(c, "failed to update milestone", err) } - if in.ScheduledCompletionDate != nil { - updates["scheduled_completion_date"] = in.ScheduledCompletionDate - } - if in.OrderIndex != nil { - updates["order_index"] = *in.OrderIndex - } - result := h.db.Model(&relational.CcfPoamItemMilestone{}). - Where("poam_item_id = ? AND id = ?", id, mid). - Updates(updates) - if result.Error != nil { - return c.JSON(http.StatusInternalServerError, api.NewError(result.Error)) - } - if result.RowsAffected == 0 { - return c.JSON(http.StatusNotFound, api.NewError(gorm.ErrRecordNotFound)) - } - var out relational.CcfPoamItemMilestone - h.db.First(&out, "id = ?", mid) - return c.JSON(http.StatusOK, GenericDataResponse[relational.CcfPoamItemMilestone]{Data: out}) + return c.JSON(http.StatusOK, GenericDataResponse[poamMilestoneResponse]{Data: mapMilestoneToResponse(m)}) } // DeleteMilestone godoc // -// @Summary Delete milestone -// @Tags POAM Items -// @Param id path string true "POAM item ID" -// @Param milestoneId path string true "Milestone ID" -// @Success 204 "No Content" -// @Failure 400 {object} api.Error -// @Failure 404 {object} api.Error -// @Failure 500 {object} api.Error -// @Router /poam-items/{id}/milestones/{milestoneId} [delete] +// @Summary Delete milestone +// @Tags POAM Items +// @Param id path string true "POAM item ID" +// @Param milestoneId path string true "Milestone ID" +// @Success 204 "No Content" +// @Failure 400 {object} api.Error +// @Failure 404 {object} api.Error +// @Failure 500 {object} api.Error +// @Security OAuth2Password +// @Router /poam-items/{id}/milestones/{milestoneId} [delete] func (h *PoamItemsHandler) DeleteMilestone(c echo.Context) error { id, err := uuid.Parse(c.Param("id")) if err != nil { @@ -589,120 +671,441 @@ func (h *PoamItemsHandler) DeleteMilestone(c echo.Context) error { if err != nil { return c.JSON(http.StatusBadRequest, api.NewError(err)) } - result := h.db.Where("poam_item_id = ? AND id = ?", id, mid).Delete(&relational.CcfPoamItemMilestone{}) - if result.Error != nil { - return c.JSON(http.StatusInternalServerError, api.NewError(result.Error)) - } - if result.RowsAffected == 0 { - return c.JSON(http.StatusNotFound, api.NewError(gorm.ErrRecordNotFound)) + + if err := h.poamService.DeleteMilestone(id, mid); err != nil { + if errors.Is(err, gorm.ErrRecordNotFound) { + return c.JSON(http.StatusNotFound, api.NewError(err)) + } + return h.internalError(c, "failed to delete milestone", err) } return c.NoContent(http.StatusNoContent) } +// --------------------------------------------------------------------------- +// Risk link handlers +// --------------------------------------------------------------------------- + // ListRisks godoc // -// @Summary List linked risks -// @Tags POAM Items -// @Produce json -// @Param id path string true "POAM item ID" -// @Success 200 {object} GenericDataListResponse[relational.CcfPoamItemRiskLink] -// @Failure 400 {object} api.Error -// @Failure 404 {object} api.Error -// @Router /poam-items/{id}/risks [get] +// @Summary List linked risks +// @Tags POAM Items +// @Produce json +// @Param id path string true "POAM item ID" +// @Success 200 {object} GenericDataListResponse[poamsvc.PoamItemRiskLink] +// @Failure 400 {object} api.Error +// @Failure 404 {object} api.Error +// @Security OAuth2Password +// @Router /poam-items/{id}/risks [get] func (h *PoamItemsHandler) ListRisks(c echo.Context) error { id, err := uuid.Parse(c.Param("id")) if err != nil { return c.JSON(http.StatusBadRequest, api.NewError(err)) } - exists, err := h.itemExists(id) + if err := h.poamService.EnsureExists(id); err != nil { + if errors.Is(err, gorm.ErrRecordNotFound) { + return c.JSON(http.StatusNotFound, api.NewError(err)) + } + return h.internalError(c, "failed to validate poam item", err) + } + links, err := h.poamService.ListRiskLinks(id) + if err != nil { + return h.internalError(c, "failed to list risk links", err) + } + return c.JSON(http.StatusOK, GenericDataListResponse[poamsvc.PoamItemRiskLink]{Data: links}) +} + +// AddRiskLink godoc +// +// @Summary Add risk link +// @Tags POAM Items +// @Accept json +// @Produce json +// @Param id path string true "POAM item ID" +// @Param body body addLinkRequest true "Risk ID payload" +// @Success 201 {object} GenericDataResponse[poamsvc.PoamItemRiskLink] +// @Failure 400 {object} api.Error +// @Failure 404 {object} api.Error +// @Failure 500 {object} api.Error +// @Security OAuth2Password +// @Router /poam-items/{id}/risks [post] +func (h *PoamItemsHandler) AddRiskLink(c echo.Context) error { + id, err := uuid.Parse(c.Param("id")) if err != nil { - return c.JSON(http.StatusInternalServerError, api.NewError(err)) + return c.JSON(http.StatusBadRequest, api.NewError(err)) + } + if err := h.poamService.EnsureExists(id); err != nil { + if errors.Is(err, gorm.ErrRecordNotFound) { + return c.JSON(http.StatusNotFound, api.NewError(err)) + } + return h.internalError(c, "failed to validate poam item", err) } - if !exists { - return c.JSON(http.StatusNotFound, api.NewError(gorm.ErrRecordNotFound)) + var in addLinkRequest + if err := c.Bind(&in); err != nil { + return c.JSON(http.StatusBadRequest, api.NewError(err)) } - var links []relational.CcfPoamItemRiskLink - h.db.Where("poam_item_id = ?", id).Find(&links) - return c.JSON(http.StatusOK, GenericDataListResponse[relational.CcfPoamItemRiskLink]{Data: links}) + riskID, err := uuid.Parse(in.ID) + if err != nil { + return c.JSON(http.StatusBadRequest, api.NewError(fmt.Errorf("id must be a valid UUID"))) + } + link, err := h.poamService.AddRiskLink(id, riskID) + if err != nil { + return h.internalError(c, "failed to add risk link", err) + } + return c.JSON(http.StatusCreated, GenericDataResponse[poamsvc.PoamItemRiskLink]{Data: *link}) +} + +// DeleteRiskLink godoc +// +// @Summary Delete risk link +// @Tags POAM Items +// @Param id path string true "POAM item ID" +// @Param riskId path string true "Risk ID" +// @Success 204 "No Content" +// @Failure 400 {object} api.Error +// @Failure 404 {object} api.Error +// @Failure 500 {object} api.Error +// @Security OAuth2Password +// @Router /poam-items/{id}/risks/{riskId} [delete] +func (h *PoamItemsHandler) DeleteRiskLink(c echo.Context) error { + id, err := uuid.Parse(c.Param("id")) + if err != nil { + return c.JSON(http.StatusBadRequest, api.NewError(err)) + } + riskID, err := uuid.Parse(c.Param("riskId")) + if err != nil { + return c.JSON(http.StatusBadRequest, api.NewError(err)) + } + if err := h.poamService.DeleteRiskLink(id, riskID); err != nil { + if errors.Is(err, gorm.ErrRecordNotFound) { + return c.JSON(http.StatusNotFound, api.NewError(err)) + } + return h.internalError(c, "failed to delete risk link", err) + } + return c.NoContent(http.StatusNoContent) } +// --------------------------------------------------------------------------- +// Evidence link handlers +// --------------------------------------------------------------------------- + // ListEvidence godoc // -// @Summary List linked evidence -// @Tags POAM Items -// @Produce json -// @Param id path string true "POAM item ID" -// @Success 200 {object} GenericDataListResponse[relational.CcfPoamItemEvidenceLink] -// @Failure 400 {object} api.Error -// @Failure 404 {object} api.Error -// @Router /poam-items/{id}/evidence [get] +// @Summary List linked evidence +// @Tags POAM Items +// @Produce json +// @Param id path string true "POAM item ID" +// @Success 200 {object} GenericDataListResponse[poamsvc.PoamItemEvidenceLink] +// @Failure 400 {object} api.Error +// @Failure 404 {object} api.Error +// @Security OAuth2Password +// @Router /poam-items/{id}/evidence [get] func (h *PoamItemsHandler) ListEvidence(c echo.Context) error { id, err := uuid.Parse(c.Param("id")) if err != nil { return c.JSON(http.StatusBadRequest, api.NewError(err)) } - exists, err := h.itemExists(id) + if err := h.poamService.EnsureExists(id); err != nil { + if errors.Is(err, gorm.ErrRecordNotFound) { + return c.JSON(http.StatusNotFound, api.NewError(err)) + } + return h.internalError(c, "failed to validate poam item", err) + } + links, err := h.poamService.ListEvidenceLinks(id) if err != nil { - return c.JSON(http.StatusInternalServerError, api.NewError(err)) + return h.internalError(c, "failed to list evidence links", err) } - if !exists { - return c.JSON(http.StatusNotFound, api.NewError(gorm.ErrRecordNotFound)) + return c.JSON(http.StatusOK, GenericDataListResponse[poamsvc.PoamItemEvidenceLink]{Data: links}) +} + +// AddEvidenceLink godoc +// +// @Summary Add evidence link +// @Tags POAM Items +// @Accept json +// @Produce json +// @Param id path string true "POAM item ID" +// @Param body body addLinkRequest true "Evidence ID payload" +// @Success 201 {object} GenericDataResponse[poamsvc.PoamItemEvidenceLink] +// @Failure 400 {object} api.Error +// @Failure 404 {object} api.Error +// @Failure 500 {object} api.Error +// @Security OAuth2Password +// @Router /poam-items/{id}/evidence [post] +func (h *PoamItemsHandler) AddEvidenceLink(c echo.Context) error { + id, err := uuid.Parse(c.Param("id")) + if err != nil { + return c.JSON(http.StatusBadRequest, api.NewError(err)) } - var links []relational.CcfPoamItemEvidenceLink - h.db.Where("poam_item_id = ?", id).Find(&links) - return c.JSON(http.StatusOK, GenericDataListResponse[relational.CcfPoamItemEvidenceLink]{Data: links}) + if err := h.poamService.EnsureExists(id); err != nil { + if errors.Is(err, gorm.ErrRecordNotFound) { + return c.JSON(http.StatusNotFound, api.NewError(err)) + } + return h.internalError(c, "failed to validate poam item", err) + } + var in addLinkRequest + if err := c.Bind(&in); err != nil { + return c.JSON(http.StatusBadRequest, api.NewError(err)) + } + evidenceID, err := uuid.Parse(in.ID) + if err != nil { + return c.JSON(http.StatusBadRequest, api.NewError(fmt.Errorf("id must be a valid UUID"))) + } + link, err := h.poamService.AddEvidenceLink(id, evidenceID) + if err != nil { + return h.internalError(c, "failed to add evidence link", err) + } + return c.JSON(http.StatusCreated, GenericDataResponse[poamsvc.PoamItemEvidenceLink]{Data: *link}) } +// DeleteEvidenceLink godoc +// +// @Summary Delete evidence link +// @Tags POAM Items +// @Param id path string true "POAM item ID" +// @Param evidenceId path string true "Evidence ID" +// @Success 204 "No Content" +// @Failure 400 {object} api.Error +// @Failure 404 {object} api.Error +// @Failure 500 {object} api.Error +// @Security OAuth2Password +// @Router /poam-items/{id}/evidence/{evidenceId} [delete] +func (h *PoamItemsHandler) DeleteEvidenceLink(c echo.Context) error { + id, err := uuid.Parse(c.Param("id")) + if err != nil { + return c.JSON(http.StatusBadRequest, api.NewError(err)) + } + evidenceID, err := uuid.Parse(c.Param("evidenceId")) + if err != nil { + return c.JSON(http.StatusBadRequest, api.NewError(err)) + } + if err := h.poamService.DeleteEvidenceLink(id, evidenceID); err != nil { + if errors.Is(err, gorm.ErrRecordNotFound) { + return c.JSON(http.StatusNotFound, api.NewError(err)) + } + return h.internalError(c, "failed to delete evidence link", err) + } + return c.NoContent(http.StatusNoContent) +} + +// --------------------------------------------------------------------------- +// Control link handlers +// --------------------------------------------------------------------------- + // ListControls godoc // -// @Summary List linked controls -// @Tags POAM Items -// @Produce json -// @Param id path string true "POAM item ID" -// @Success 200 {object} GenericDataListResponse[relational.CcfPoamItemControlLink] -// @Failure 400 {object} api.Error -// @Failure 404 {object} api.Error -// @Router /poam-items/{id}/controls [get] +// @Summary List linked controls +// @Tags POAM Items +// @Produce json +// @Param id path string true "POAM item ID" +// @Success 200 {object} GenericDataListResponse[poamsvc.PoamItemControlLink] +// @Failure 400 {object} api.Error +// @Failure 404 {object} api.Error +// @Security OAuth2Password +// @Router /poam-items/{id}/controls [get] func (h *PoamItemsHandler) ListControls(c echo.Context) error { id, err := uuid.Parse(c.Param("id")) if err != nil { return c.JSON(http.StatusBadRequest, api.NewError(err)) } - exists, err := h.itemExists(id) + if err := h.poamService.EnsureExists(id); err != nil { + if errors.Is(err, gorm.ErrRecordNotFound) { + return c.JSON(http.StatusNotFound, api.NewError(err)) + } + return h.internalError(c, "failed to validate poam item", err) + } + links, err := h.poamService.ListControlLinks(id) if err != nil { - return c.JSON(http.StatusInternalServerError, api.NewError(err)) + return h.internalError(c, "failed to list control links", err) } - if !exists { - return c.JSON(http.StatusNotFound, api.NewError(gorm.ErrRecordNotFound)) + return c.JSON(http.StatusOK, GenericDataListResponse[poamsvc.PoamItemControlLink]{Data: links}) +} + +// AddControlLink godoc +// +// @Summary Add control link +// @Tags POAM Items +// @Accept json +// @Produce json +// @Param id path string true "POAM item ID" +// @Param body body addControlLinkRequest true "Control ref payload" +// @Success 201 {object} GenericDataResponse[poamsvc.PoamItemControlLink] +// @Failure 400 {object} api.Error +// @Failure 404 {object} api.Error +// @Failure 500 {object} api.Error +// @Security OAuth2Password +// @Router /poam-items/{id}/controls [post] +func (h *PoamItemsHandler) AddControlLink(c echo.Context) error { + id, err := uuid.Parse(c.Param("id")) + if err != nil { + return c.JSON(http.StatusBadRequest, api.NewError(err)) } - var links []relational.CcfPoamItemControlLink - h.db.Where("poam_item_id = ?", id).Find(&links) - return c.JSON(http.StatusOK, GenericDataListResponse[relational.CcfPoamItemControlLink]{Data: links}) + if err := h.poamService.EnsureExists(id); err != nil { + if errors.Is(err, gorm.ErrRecordNotFound) { + return c.JSON(http.StatusNotFound, api.NewError(err)) + } + return h.internalError(c, "failed to validate poam item", err) + } + var in poamAddControlLinkRequest + if err := c.Bind(&in); err != nil { + return c.JSON(http.StatusBadRequest, api.NewError(err)) + } + catID, err := uuid.Parse(in.CatalogID) + if err != nil { + return c.JSON(http.StatusBadRequest, api.NewError(fmt.Errorf("catalogId must be a valid UUID"))) + } + if in.ControlID == "" { + return c.JSON(http.StatusBadRequest, api.NewError(fmt.Errorf("controlId is required"))) + } + link, err := h.poamService.AddControlLink(id, poamsvc.ControlRef{CatalogID: catID, ControlID: in.ControlID}) + if err != nil { + return h.internalError(c, "failed to add control link", err) + } + return c.JSON(http.StatusCreated, GenericDataResponse[poamsvc.PoamItemControlLink]{Data: *link}) } +// DeleteControlLink godoc +// +// @Summary Delete control link +// @Tags POAM Items +// @Param id path string true "POAM item ID" +// @Param catalogId path string true "Catalog ID" +// @Param controlId path string true "Control ID" +// @Success 204 "No Content" +// @Failure 400 {object} api.Error +// @Failure 404 {object} api.Error +// @Failure 500 {object} api.Error +// @Security OAuth2Password +// @Router /poam-items/{id}/controls/{catalogId}/{controlId} [delete] +func (h *PoamItemsHandler) DeleteControlLink(c echo.Context) error { + id, err := uuid.Parse(c.Param("id")) + if err != nil { + return c.JSON(http.StatusBadRequest, api.NewError(err)) + } + catID, err := uuid.Parse(c.Param("catalogId")) + if err != nil { + return c.JSON(http.StatusBadRequest, api.NewError(err)) + } + controlID := c.Param("controlId") + if controlID == "" { + return c.JSON(http.StatusBadRequest, api.NewError(fmt.Errorf("controlId path param is required"))) + } + if err := h.poamService.DeleteControlLink(id, catID, controlID); err != nil { + if errors.Is(err, gorm.ErrRecordNotFound) { + return c.JSON(http.StatusNotFound, api.NewError(err)) + } + return h.internalError(c, "failed to delete control link", err) + } + return c.NoContent(http.StatusNoContent) +} + +// --------------------------------------------------------------------------- +// Finding link handlers +// --------------------------------------------------------------------------- + // ListFindings godoc // -// @Summary List linked findings -// @Tags POAM Items -// @Produce json -// @Param id path string true "POAM item ID" -// @Success 200 {object} GenericDataListResponse[relational.CcfPoamItemFindingLink] -// @Failure 400 {object} api.Error -// @Failure 404 {object} api.Error -// @Router /poam-items/{id}/findings [get] +// @Summary List linked findings +// @Tags POAM Items +// @Produce json +// @Param id path string true "POAM item ID" +// @Success 200 {object} GenericDataListResponse[poamsvc.PoamItemFindingLink] +// @Failure 400 {object} api.Error +// @Failure 404 {object} api.Error +// @Security OAuth2Password +// @Router /poam-items/{id}/findings [get] func (h *PoamItemsHandler) ListFindings(c echo.Context) error { id, err := uuid.Parse(c.Param("id")) if err != nil { return c.JSON(http.StatusBadRequest, api.NewError(err)) } - exists, err := h.itemExists(id) + if err := h.poamService.EnsureExists(id); err != nil { + if errors.Is(err, gorm.ErrRecordNotFound) { + return c.JSON(http.StatusNotFound, api.NewError(err)) + } + return h.internalError(c, "failed to validate poam item", err) + } + links, err := h.poamService.ListFindingLinks(id) + if err != nil { + return h.internalError(c, "failed to list finding links", err) + } + return c.JSON(http.StatusOK, GenericDataListResponse[poamsvc.PoamItemFindingLink]{Data: links}) +} + +// AddFindingLink godoc +// +// @Summary Add finding link +// @Tags POAM Items +// @Accept json +// @Produce json +// @Param id path string true "POAM item ID" +// @Param body body addLinkRequest true "Finding ID payload" +// @Success 201 {object} GenericDataResponse[poamsvc.PoamItemFindingLink] +// @Failure 400 {object} api.Error +// @Failure 404 {object} api.Error +// @Failure 500 {object} api.Error +// @Security OAuth2Password +// @Router /poam-items/{id}/findings [post] +func (h *PoamItemsHandler) AddFindingLink(c echo.Context) error { + id, err := uuid.Parse(c.Param("id")) + if err != nil { + return c.JSON(http.StatusBadRequest, api.NewError(err)) + } + if err := h.poamService.EnsureExists(id); err != nil { + if errors.Is(err, gorm.ErrRecordNotFound) { + return c.JSON(http.StatusNotFound, api.NewError(err)) + } + return h.internalError(c, "failed to validate poam item", err) + } + var in addLinkRequest + if err := c.Bind(&in); err != nil { + return c.JSON(http.StatusBadRequest, api.NewError(err)) + } + findingID, err := uuid.Parse(in.ID) if err != nil { - return c.JSON(http.StatusInternalServerError, api.NewError(err)) + return c.JSON(http.StatusBadRequest, api.NewError(fmt.Errorf("id must be a valid UUID"))) } - if !exists { - return c.JSON(http.StatusNotFound, api.NewError(gorm.ErrRecordNotFound)) + link, err := h.poamService.AddFindingLink(id, findingID) + if err != nil { + return h.internalError(c, "failed to add finding link", err) } - var links []relational.CcfPoamItemFindingLink - h.db.Where("poam_item_id = ?", id).Find(&links) - return c.JSON(http.StatusOK, GenericDataListResponse[relational.CcfPoamItemFindingLink]{Data: links}) + return c.JSON(http.StatusCreated, GenericDataResponse[poamsvc.PoamItemFindingLink]{Data: *link}) +} + +// DeleteFindingLink godoc +// +// @Summary Delete finding link +// @Tags POAM Items +// @Param id path string true "POAM item ID" +// @Param findingId path string true "Finding ID" +// @Success 204 "No Content" +// @Failure 400 {object} api.Error +// @Failure 404 {object} api.Error +// @Failure 500 {object} api.Error +// @Security OAuth2Password +// @Router /poam-items/{id}/findings/{findingId} [delete] +func (h *PoamItemsHandler) DeleteFindingLink(c echo.Context) error { + id, err := uuid.Parse(c.Param("id")) + if err != nil { + return c.JSON(http.StatusBadRequest, api.NewError(err)) + } + findingID, err := uuid.Parse(c.Param("findingId")) + if err != nil { + return c.JSON(http.StatusBadRequest, api.NewError(err)) + } + if err := h.poamService.DeleteFindingLink(id, findingID); err != nil { + if errors.Is(err, gorm.ErrRecordNotFound) { + return c.JSON(http.StatusNotFound, api.NewError(err)) + } + return h.internalError(c, "failed to delete finding link", err) + } + return c.NoContent(http.StatusNoContent) +} + +// --------------------------------------------------------------------------- +// Error helper +// --------------------------------------------------------------------------- + +func (h *PoamItemsHandler) internalError(c echo.Context, msg string, err error) error { + h.sugar.Errorw(msg, "error", err) + return c.JSON(http.StatusInternalServerError, api.NewError(err)) } diff --git a/internal/api/handler/poam_items_integration_test.go b/internal/api/handler/poam_items_integration_test.go index 0c0b3f45..fc512f79 100644 --- a/internal/api/handler/poam_items_integration_test.go +++ b/internal/api/handler/poam_items_integration_test.go @@ -9,11 +9,12 @@ import ( "fmt" "net/http" "net/http/httptest" + "strings" "testing" "time" "github.com/compliance-framework/api/internal/api" - "github.com/compliance-framework/api/internal/service/relational" + poamsvc "github.com/compliance-framework/api/internal/service/relational/poam" "github.com/compliance-framework/api/internal/tests" "github.com/google/uuid" "github.com/labstack/echo/v4" @@ -42,26 +43,28 @@ func (suite *PoamItemsApiIntegrationSuite) newServer() *api.Server { return server } -func (suite *PoamItemsApiIntegrationSuite) seedItem(sspID uuid.UUID, title, status string) relational.CcfPoamItem { - item := relational.CcfPoamItem{ +// seedItem inserts a PoamItem directly into the DB, bypassing the API. +func (suite *PoamItemsApiIntegrationSuite) seedItem(sspID uuid.UUID, title, status string) poamsvc.PoamItem { + item := poamsvc.PoamItem{ ID: uuid.New(), SspID: sspID, Title: title, Description: "seeded for test", Status: status, - SourceType: "manual", + SourceType: string(poamsvc.PoamItemSourceTypeManual), LastStatusChangeAt: time.Now().UTC(), } suite.Require().NoError(suite.DB.Create(&item).Error) return item } -func (suite *PoamItemsApiIntegrationSuite) seedMilestone(poamID uuid.UUID, title, status string, orderIdx int) relational.CcfPoamItemMilestone { - m := relational.CcfPoamItemMilestone{ +// seedMilestone inserts a PoamItemMilestone directly into the DB. +func (suite *PoamItemsApiIntegrationSuite) seedMilestone(poamID uuid.UUID, title, status string, orderIdx int) poamsvc.PoamItemMilestone { + m := poamsvc.PoamItemMilestone{ ID: uuid.New(), PoamItemID: poamID, Title: title, - Status: status, + Status: string(poamsvc.MilestoneStatus(status)), OrderIndex: orderIdx, } suite.Require().NoError(suite.DB.Create(&m).Error) @@ -87,7 +90,7 @@ func (suite *PoamItemsApiIntegrationSuite) TestCreate_MinimalPayload() { req.Header.Set(echo.HeaderContentType, echo.MIMEApplicationJSON) suite.newServer().E().ServeHTTP(rec, req) assert.Equal(suite.T(), http.StatusCreated, rec.Code) - var resp GenericDataResponse[relational.CcfPoamItem] + var resp GenericDataResponse[poamItemResponse] suite.Require().NoError(json.Unmarshal(rec.Body.Bytes(), &resp)) assert.Equal(suite.T(), "Remediate secret scanning", resp.Data.Title) assert.Equal(suite.T(), "open", resp.Data.Status) @@ -116,7 +119,7 @@ func (suite *PoamItemsApiIntegrationSuite) TestCreate_WithMilestonesAndLinks() { req.Header.Set(echo.HeaderContentType, echo.MIMEApplicationJSON) suite.newServer().E().ServeHTTP(rec, req) assert.Equal(suite.T(), http.StatusCreated, rec.Code) - var resp GenericDataResponse[relational.CcfPoamItem] + var resp GenericDataResponse[poamItemResponse] suite.Require().NoError(json.Unmarshal(rec.Body.Bytes(), &resp)) assert.Equal(suite.T(), "risk-promotion", resp.Data.SourceType) assert.Len(suite.T(), resp.Data.Milestones, 2) @@ -141,9 +144,9 @@ func (suite *PoamItemsApiIntegrationSuite) TestCreate_WithRiskLinks() { req.Header.Set(echo.HeaderContentType, echo.MIMEApplicationJSON) suite.newServer().E().ServeHTTP(rec, req) assert.Equal(suite.T(), http.StatusCreated, rec.Code) - var resp GenericDataResponse[relational.CcfPoamItem] + var resp GenericDataResponse[poamItemResponse] suite.Require().NoError(json.Unmarshal(rec.Body.Bytes(), &resp)) - var links []relational.CcfPoamItemRiskLink + var links []poamsvc.PoamItemRiskLink suite.Require().NoError(suite.DB.Where("poam_item_id = ?", resp.Data.ID).Find(&links).Error) assert.Len(suite.T(), links, 1) assert.Equal(suite.T(), riskID, links[0].RiskID) @@ -172,19 +175,19 @@ func (suite *PoamItemsApiIntegrationSuite) TestCreate_WithAllLinkTypes() { req.Header.Set(echo.HeaderContentType, echo.MIMEApplicationJSON) suite.newServer().E().ServeHTTP(rec, req) assert.Equal(suite.T(), http.StatusCreated, rec.Code) - var resp GenericDataResponse[relational.CcfPoamItem] + var resp GenericDataResponse[poamItemResponse] suite.Require().NoError(json.Unmarshal(rec.Body.Bytes(), &resp)) itemID := resp.Data.ID - var riskLinks []relational.CcfPoamItemRiskLink + var riskLinks []poamsvc.PoamItemRiskLink suite.DB.Where("poam_item_id = ?", itemID).Find(&riskLinks) assert.Len(suite.T(), riskLinks, 1) - var evidenceLinks []relational.CcfPoamItemEvidenceLink + var evidenceLinks []poamsvc.PoamItemEvidenceLink suite.DB.Where("poam_item_id = ?", itemID).Find(&evidenceLinks) assert.Len(suite.T(), evidenceLinks, 1) - var findingLinks []relational.CcfPoamItemFindingLink + var findingLinks []poamsvc.PoamItemFindingLink suite.DB.Where("poam_item_id = ?", itemID).Find(&findingLinks) assert.Len(suite.T(), findingLinks, 1) - var controlLinks []relational.CcfPoamItemControlLink + var controlLinks []poamsvc.PoamItemControlLink suite.DB.Where("poam_item_id = ?", itemID).Find(&controlLinks) assert.Len(suite.T(), controlLinks, 1) assert.Equal(suite.T(), "AC-1", controlLinks[0].ControlID) @@ -215,7 +218,7 @@ func (suite *PoamItemsApiIntegrationSuite) TestList_NoFilter() { req := httptest.NewRequest(http.MethodGet, "/api/poam-items", nil) suite.newServer().E().ServeHTTP(rec, req) assert.Equal(suite.T(), http.StatusOK, rec.Code) - var resp GenericDataListResponse[relational.CcfPoamItem] + var resp GenericDataListResponse[poamItemResponse] suite.Require().NoError(json.Unmarshal(rec.Body.Bytes(), &resp)) assert.Len(suite.T(), resp.Data, 3) } @@ -230,7 +233,7 @@ func (suite *PoamItemsApiIntegrationSuite) TestList_FilterByStatus() { req := httptest.NewRequest(http.MethodGet, "/api/poam-items?status=open", nil) suite.newServer().E().ServeHTTP(rec, req) assert.Equal(suite.T(), http.StatusOK, rec.Code) - var resp GenericDataListResponse[relational.CcfPoamItem] + var resp GenericDataListResponse[poamItemResponse] suite.Require().NoError(json.Unmarshal(rec.Body.Bytes(), &resp)) assert.Len(suite.T(), resp.Data, 1) assert.Equal(suite.T(), "open", resp.Data[0].Status) @@ -247,7 +250,7 @@ func (suite *PoamItemsApiIntegrationSuite) TestList_FilterBySspId() { req := httptest.NewRequest(http.MethodGet, fmt.Sprintf("/api/poam-items?sspId=%s", sspA), nil) suite.newServer().E().ServeHTTP(rec, req) assert.Equal(suite.T(), http.StatusOK, rec.Code) - var resp GenericDataListResponse[relational.CcfPoamItem] + var resp GenericDataListResponse[poamItemResponse] suite.Require().NoError(json.Unmarshal(rec.Body.Bytes(), &resp)) assert.Len(suite.T(), resp.Data, 2) for _, item := range resp.Data { @@ -261,12 +264,12 @@ func (suite *PoamItemsApiIntegrationSuite) TestList_FilterByRiskId() { riskID := uuid.New() item1 := suite.seedItem(sspID, "Linked to risk", "open") suite.seedItem(sspID, "Not linked", "open") - suite.Require().NoError(suite.DB.Create(&relational.CcfPoamItemRiskLink{PoamItemID: item1.ID, RiskID: riskID}).Error) + suite.Require().NoError(suite.DB.Create(&poamsvc.PoamItemRiskLink{PoamItemID: item1.ID, RiskID: riskID}).Error) rec := httptest.NewRecorder() req := httptest.NewRequest(http.MethodGet, fmt.Sprintf("/api/poam-items?riskId=%s", riskID), nil) suite.newServer().E().ServeHTTP(rec, req) assert.Equal(suite.T(), http.StatusOK, rec.Code) - var resp GenericDataListResponse[relational.CcfPoamItem] + var resp GenericDataListResponse[poamItemResponse] suite.Require().NoError(json.Unmarshal(rec.Body.Bytes(), &resp)) assert.Len(suite.T(), resp.Data, 1) assert.Equal(suite.T(), item1.ID, resp.Data[0].ID) @@ -277,15 +280,15 @@ func (suite *PoamItemsApiIntegrationSuite) TestList_FilterByDueBefore() { sspID := uuid.New() past := time.Now().Add(-24 * time.Hour).UTC() future := time.Now().Add(30 * 24 * time.Hour).UTC() - itemPast := relational.CcfPoamItem{ + itemPast := poamsvc.PoamItem{ ID: uuid.New(), SspID: sspID, Title: "Past due", Description: "d", - Status: "open", SourceType: "manual", PlannedCompletionDate: &past, - LastStatusChangeAt: time.Now().UTC(), + Status: string(poamsvc.PoamItemStatusOpen), SourceType: string(poamsvc.PoamItemSourceTypeManual), + PlannedCompletionDate: &past, LastStatusChangeAt: time.Now().UTC(), } - itemFuture := relational.CcfPoamItem{ + itemFuture := poamsvc.PoamItem{ ID: uuid.New(), SspID: sspID, Title: "Future due", Description: "d", - Status: "open", SourceType: "manual", PlannedCompletionDate: &future, - LastStatusChangeAt: time.Now().UTC(), + Status: string(poamsvc.PoamItemStatusOpen), SourceType: string(poamsvc.PoamItemSourceTypeManual), + PlannedCompletionDate: &future, LastStatusChangeAt: time.Now().UTC(), } suite.Require().NoError(suite.DB.Create(&itemPast).Error) suite.Require().NoError(suite.DB.Create(&itemFuture).Error) @@ -294,7 +297,7 @@ func (suite *PoamItemsApiIntegrationSuite) TestList_FilterByDueBefore() { req := httptest.NewRequest(http.MethodGet, fmt.Sprintf("/api/poam-items?dueBefore=%s", cutoff), nil) suite.newServer().E().ServeHTTP(rec, req) assert.Equal(suite.T(), http.StatusOK, rec.Code) - var resp GenericDataListResponse[relational.CcfPoamItem] + var resp GenericDataListResponse[poamItemResponse] suite.Require().NoError(json.Unmarshal(rec.Body.Bytes(), &resp)) assert.Len(suite.T(), resp.Data, 1) assert.Equal(suite.T(), itemPast.ID, resp.Data[0].ID) @@ -305,20 +308,20 @@ func (suite *PoamItemsApiIntegrationSuite) TestList_FilterOverdueOnly() { sspID := uuid.New() past := time.Now().Add(-24 * time.Hour).UTC() future := time.Now().Add(30 * 24 * time.Hour).UTC() - overdueItem := relational.CcfPoamItem{ + overdueItem := poamsvc.PoamItem{ ID: uuid.New(), SspID: sspID, Title: "Overdue open", Description: "d", - Status: "open", SourceType: "manual", PlannedCompletionDate: &past, - LastStatusChangeAt: time.Now().UTC(), + Status: string(poamsvc.PoamItemStatusOpen), SourceType: string(poamsvc.PoamItemSourceTypeManual), + PlannedCompletionDate: &past, LastStatusChangeAt: time.Now().UTC(), } - completedPast := relational.CcfPoamItem{ + completedPast := poamsvc.PoamItem{ ID: uuid.New(), SspID: sspID, Title: "Completed past", Description: "d", - Status: "completed", SourceType: "manual", PlannedCompletionDate: &past, - LastStatusChangeAt: time.Now().UTC(), + Status: string(poamsvc.PoamItemStatusCompleted), SourceType: string(poamsvc.PoamItemSourceTypeManual), + PlannedCompletionDate: &past, LastStatusChangeAt: time.Now().UTC(), } - futureItem := relational.CcfPoamItem{ + futureItem := poamsvc.PoamItem{ ID: uuid.New(), SspID: sspID, Title: "Future open", Description: "d", - Status: "open", SourceType: "manual", PlannedCompletionDate: &future, - LastStatusChangeAt: time.Now().UTC(), + Status: string(poamsvc.PoamItemStatusOpen), SourceType: string(poamsvc.PoamItemSourceTypeManual), + PlannedCompletionDate: &future, LastStatusChangeAt: time.Now().UTC(), } suite.Require().NoError(suite.DB.Create(&overdueItem).Error) suite.Require().NoError(suite.DB.Create(&completedPast).Error) @@ -327,7 +330,7 @@ func (suite *PoamItemsApiIntegrationSuite) TestList_FilterOverdueOnly() { req := httptest.NewRequest(http.MethodGet, "/api/poam-items?overdueOnly=true", nil) suite.newServer().E().ServeHTTP(rec, req) assert.Equal(suite.T(), http.StatusOK, rec.Code) - var resp GenericDataListResponse[relational.CcfPoamItem] + var resp GenericDataListResponse[poamItemResponse] suite.Require().NoError(json.Unmarshal(rec.Body.Bytes(), &resp)) assert.Len(suite.T(), resp.Data, 1) assert.Equal(suite.T(), overdueItem.ID, resp.Data[0].ID) @@ -338,15 +341,15 @@ func (suite *PoamItemsApiIntegrationSuite) TestList_FilterByOwnerRef() { sspID := uuid.New() ownerID := uuid.New() otherOwnerID := uuid.New() - itemOwned := relational.CcfPoamItem{ + itemOwned := poamsvc.PoamItem{ ID: uuid.New(), SspID: sspID, Title: "Owned", Description: "d", - Status: "open", SourceType: "manual", PrimaryOwnerUserID: &ownerID, - LastStatusChangeAt: time.Now().UTC(), + Status: string(poamsvc.PoamItemStatusOpen), SourceType: string(poamsvc.PoamItemSourceTypeManual), + PrimaryOwnerUserID: &ownerID, LastStatusChangeAt: time.Now().UTC(), } - itemOther := relational.CcfPoamItem{ + itemOther := poamsvc.PoamItem{ ID: uuid.New(), SspID: sspID, Title: "Other owner", Description: "d", - Status: "open", SourceType: "manual", PrimaryOwnerUserID: &otherOwnerID, - LastStatusChangeAt: time.Now().UTC(), + Status: string(poamsvc.PoamItemStatusOpen), SourceType: string(poamsvc.PoamItemSourceTypeManual), + PrimaryOwnerUserID: &otherOwnerID, LastStatusChangeAt: time.Now().UTC(), } suite.Require().NoError(suite.DB.Create(&itemOwned).Error) suite.Require().NoError(suite.DB.Create(&itemOther).Error) @@ -354,7 +357,7 @@ func (suite *PoamItemsApiIntegrationSuite) TestList_FilterByOwnerRef() { req := httptest.NewRequest(http.MethodGet, fmt.Sprintf("/api/poam-items?ownerRef=%s", ownerID), nil) suite.newServer().E().ServeHTTP(rec, req) assert.Equal(suite.T(), http.StatusOK, rec.Code) - var resp GenericDataListResponse[relational.CcfPoamItem] + var resp GenericDataListResponse[poamItemResponse] suite.Require().NoError(json.Unmarshal(rec.Body.Bytes(), &resp)) assert.Len(suite.T(), resp.Data, 1) assert.Equal(suite.T(), itemOwned.ID, resp.Data[0].ID) @@ -374,7 +377,7 @@ func (suite *PoamItemsApiIntegrationSuite) TestGet_Exists() { req := httptest.NewRequest(http.MethodGet, fmt.Sprintf("/api/poam-items/%s", item.ID), nil) suite.newServer().E().ServeHTTP(rec, req) assert.Equal(suite.T(), http.StatusOK, rec.Code) - var resp GenericDataResponse[PoamItemResponse] + var resp GenericDataResponse[poamItemResponse] suite.Require().NoError(json.Unmarshal(rec.Body.Bytes(), &resp)) assert.Equal(suite.T(), item.ID, resp.Data.ID) assert.Len(suite.T(), resp.Data.Milestones, 2) @@ -406,15 +409,15 @@ func (suite *PoamItemsApiIntegrationSuite) TestGet_IncludesAllLinkSets() { evidenceID := uuid.New() findingID := uuid.New() catalogID := uuid.New() - suite.DB.Create(&relational.CcfPoamItemRiskLink{PoamItemID: item.ID, RiskID: riskID}) - suite.DB.Create(&relational.CcfPoamItemEvidenceLink{PoamItemID: item.ID, EvidenceID: evidenceID}) - suite.DB.Create(&relational.CcfPoamItemFindingLink{PoamItemID: item.ID, FindingID: findingID}) - suite.DB.Create(&relational.CcfPoamItemControlLink{PoamItemID: item.ID, CatalogID: catalogID, ControlID: "AC-2"}) + suite.DB.Create(&poamsvc.PoamItemRiskLink{PoamItemID: item.ID, RiskID: riskID}) + suite.DB.Create(&poamsvc.PoamItemEvidenceLink{PoamItemID: item.ID, EvidenceID: evidenceID}) + suite.DB.Create(&poamsvc.PoamItemFindingLink{PoamItemID: item.ID, FindingID: findingID}) + suite.DB.Create(&poamsvc.PoamItemControlLink{PoamItemID: item.ID, CatalogID: catalogID, ControlID: "AC-2"}) rec := httptest.NewRecorder() req := httptest.NewRequest(http.MethodGet, fmt.Sprintf("/api/poam-items/%s", item.ID), nil) suite.newServer().E().ServeHTTP(rec, req) assert.Equal(suite.T(), http.StatusOK, rec.Code) - var resp GenericDataResponse[PoamItemResponse] + var resp GenericDataResponse[poamItemResponse] suite.Require().NoError(json.Unmarshal(rec.Body.Bytes(), &resp)) assert.Len(suite.T(), resp.Data.RiskLinks, 1) assert.Len(suite.T(), resp.Data.EvidenceLinks, 1) @@ -439,7 +442,7 @@ func (suite *PoamItemsApiIntegrationSuite) TestUpdate_ScalarFields() { req.Header.Set(echo.HeaderContentType, echo.MIMEApplicationJSON) suite.newServer().E().ServeHTTP(rec, req) assert.Equal(suite.T(), http.StatusOK, rec.Code) - var resp GenericDataResponse[relational.CcfPoamItem] + var resp GenericDataResponse[poamItemResponse] suite.Require().NoError(json.Unmarshal(rec.Body.Bytes(), &resp)) assert.Equal(suite.T(), "Updated title", resp.Data.Title) assert.Equal(suite.T(), "Updated description", resp.Data.Description) @@ -457,9 +460,9 @@ func (suite *PoamItemsApiIntegrationSuite) TestUpdate_StatusToCompleted_SetsComp req.Header.Set(echo.HeaderContentType, echo.MIMEApplicationJSON) suite.newServer().E().ServeHTTP(rec, req) assert.Equal(suite.T(), http.StatusOK, rec.Code) - var updated relational.CcfPoamItem + var updated poamsvc.PoamItem suite.Require().NoError(suite.DB.First(&updated, "id = ?", item.ID).Error) - assert.Equal(suite.T(), "completed", updated.Status) + assert.Equal(suite.T(), string(poamsvc.PoamItemStatusCompleted), updated.Status) assert.NotNil(suite.T(), updated.CompletedAt) } @@ -477,7 +480,7 @@ func (suite *PoamItemsApiIntegrationSuite) TestUpdate_StatusChange_SetsLastStatu req.Header.Set(echo.HeaderContentType, echo.MIMEApplicationJSON) suite.newServer().E().ServeHTTP(rec, req) assert.Equal(suite.T(), http.StatusOK, rec.Code) - var updated relational.CcfPoamItem + var updated poamsvc.PoamItem suite.Require().NoError(suite.DB.First(&updated, "id = ?", item.ID).Error) assert.True(suite.T(), updated.LastStatusChangeAt.After(originalChangeAt)) } @@ -504,21 +507,21 @@ func (suite *PoamItemsApiIntegrationSuite) TestDelete_CascadesAllLinks() { item := suite.seedItem(sspID, "To delete", "open") suite.seedMilestone(item.ID, "MS1", "planned", 0) riskID := uuid.New() - suite.DB.Create(&relational.CcfPoamItemRiskLink{PoamItemID: item.ID, RiskID: riskID}) + suite.DB.Create(&poamsvc.PoamItemRiskLink{PoamItemID: item.ID, RiskID: riskID}) evidenceID := uuid.New() - suite.DB.Create(&relational.CcfPoamItemEvidenceLink{PoamItemID: item.ID, EvidenceID: evidenceID}) + suite.DB.Create(&poamsvc.PoamItemEvidenceLink{PoamItemID: item.ID, EvidenceID: evidenceID}) rec := httptest.NewRecorder() req := httptest.NewRequest(http.MethodDelete, fmt.Sprintf("/api/poam-items/%s", item.ID), nil) suite.newServer().E().ServeHTTP(rec, req) assert.Equal(suite.T(), http.StatusNoContent, rec.Code) var count int64 - suite.DB.Model(&relational.CcfPoamItem{}).Where("id = ?", item.ID).Count(&count) + suite.DB.Model(&poamsvc.PoamItem{}).Where("id = ?", item.ID).Count(&count) assert.Equal(suite.T(), int64(0), count) - suite.DB.Model(&relational.CcfPoamItemMilestone{}).Where("poam_item_id = ?", item.ID).Count(&count) + suite.DB.Model(&poamsvc.PoamItemMilestone{}).Where("poam_item_id = ?", item.ID).Count(&count) assert.Equal(suite.T(), int64(0), count) - suite.DB.Model(&relational.CcfPoamItemRiskLink{}).Where("poam_item_id = ?", item.ID).Count(&count) + suite.DB.Model(&poamsvc.PoamItemRiskLink{}).Where("poam_item_id = ?", item.ID).Count(&count) assert.Equal(suite.T(), int64(0), count) - suite.DB.Model(&relational.CcfPoamItemEvidenceLink{}).Where("poam_item_id = ?", item.ID).Count(&count) + suite.DB.Model(&poamsvc.PoamItemEvidenceLink{}).Where("poam_item_id = ?", item.ID).Count(&count) assert.Equal(suite.T(), int64(0), count) } @@ -545,7 +548,7 @@ func (suite *PoamItemsApiIntegrationSuite) TestListMilestones_OrderedByIndex() { req := httptest.NewRequest(http.MethodGet, fmt.Sprintf("/api/poam-items/%s/milestones", item.ID), nil) suite.newServer().E().ServeHTTP(rec, req) assert.Equal(suite.T(), http.StatusOK, rec.Code) - var resp GenericDataListResponse[relational.CcfPoamItemMilestone] + var resp GenericDataListResponse[poamMilestoneResponse] suite.Require().NoError(json.Unmarshal(rec.Body.Bytes(), &resp)) assert.Len(suite.T(), resp.Data, 3) assert.Equal(suite.T(), "First", resp.Data[0].Title) @@ -583,7 +586,7 @@ func (suite *PoamItemsApiIntegrationSuite) TestAddMilestone() { req.Header.Set(echo.HeaderContentType, echo.MIMEApplicationJSON) suite.newServer().E().ServeHTTP(rec, req) assert.Equal(suite.T(), http.StatusCreated, rec.Code) - var resp GenericDataResponse[relational.CcfPoamItemMilestone] + var resp GenericDataResponse[poamMilestoneResponse] suite.Require().NoError(json.Unmarshal(rec.Body.Bytes(), &resp)) assert.Equal(suite.T(), "Deploy to staging", resp.Data.Title) assert.Equal(suite.T(), "planned", resp.Data.Status) @@ -622,9 +625,9 @@ func (suite *PoamItemsApiIntegrationSuite) TestUpdateMilestone_MarkCompleted_Set req.Header.Set(echo.HeaderContentType, echo.MIMEApplicationJSON) suite.newServer().E().ServeHTTP(rec, req) assert.Equal(suite.T(), http.StatusOK, rec.Code) - var updated relational.CcfPoamItemMilestone + var updated poamsvc.PoamItemMilestone suite.Require().NoError(suite.DB.First(&updated, "id = ?", ms.ID).Error) - assert.Equal(suite.T(), "completed", updated.Status) + assert.Equal(suite.T(), string(poamsvc.MilestoneStatusCompleted), updated.Status) assert.NotNil(suite.T(), updated.CompletionDate) } @@ -645,7 +648,7 @@ func (suite *PoamItemsApiIntegrationSuite) TestUpdateMilestone_UpdateTitle() { req.Header.Set(echo.HeaderContentType, echo.MIMEApplicationJSON) suite.newServer().E().ServeHTTP(rec, req) assert.Equal(suite.T(), http.StatusOK, rec.Code) - var resp GenericDataResponse[relational.CcfPoamItemMilestone] + var resp GenericDataResponse[poamMilestoneResponse] suite.Require().NoError(json.Unmarshal(rec.Body.Bytes(), &resp)) assert.Equal(suite.T(), "New title", resp.Data.Title) } @@ -667,7 +670,7 @@ func (suite *PoamItemsApiIntegrationSuite) TestUpdateMilestone_UpdateOrderIndex( req.Header.Set(echo.HeaderContentType, echo.MIMEApplicationJSON) suite.newServer().E().ServeHTTP(rec, req) assert.Equal(suite.T(), http.StatusOK, rec.Code) - var resp GenericDataResponse[relational.CcfPoamItemMilestone] + var resp GenericDataResponse[poamMilestoneResponse] suite.Require().NoError(json.Unmarshal(rec.Body.Bytes(), &resp)) assert.Equal(suite.T(), 5, resp.Data.OrderIndex) } @@ -708,7 +711,7 @@ func (suite *PoamItemsApiIntegrationSuite) TestDeleteMilestone() { suite.newServer().E().ServeHTTP(rec, req) assert.Equal(suite.T(), http.StatusNoContent, rec.Code) var count int64 - suite.DB.Model(&relational.CcfPoamItemMilestone{}).Where("id = ?", ms.ID).Count(&count) + suite.DB.Model(&poamsvc.PoamItemMilestone{}).Where("id = ?", ms.ID).Count(&count) assert.Equal(suite.T(), int64(0), count) } @@ -727,20 +730,20 @@ func (suite *PoamItemsApiIntegrationSuite) TestDeleteMilestone_NotFound() { } // --------------------------------------------------------------------------- -// Link sub-resource endpoints +// Link sub-resource endpoints — GET // --------------------------------------------------------------------------- func (suite *PoamItemsApiIntegrationSuite) TestListRisks() { suite.Require().NoError(suite.Migrator.Refresh()) sspID := uuid.New() item := suite.seedItem(sspID, "Risk list test", "open") - suite.DB.Create(&relational.CcfPoamItemRiskLink{PoamItemID: item.ID, RiskID: uuid.New()}) - suite.DB.Create(&relational.CcfPoamItemRiskLink{PoamItemID: item.ID, RiskID: uuid.New()}) + suite.DB.Create(&poamsvc.PoamItemRiskLink{PoamItemID: item.ID, RiskID: uuid.New()}) + suite.DB.Create(&poamsvc.PoamItemRiskLink{PoamItemID: item.ID, RiskID: uuid.New()}) rec := httptest.NewRecorder() req := httptest.NewRequest(http.MethodGet, fmt.Sprintf("/api/poam-items/%s/risks", item.ID), nil) suite.newServer().E().ServeHTTP(rec, req) assert.Equal(suite.T(), http.StatusOK, rec.Code) - var resp GenericDataListResponse[relational.CcfPoamItemRiskLink] + var resp GenericDataListResponse[poamsvc.PoamItemRiskLink] suite.Require().NoError(json.Unmarshal(rec.Body.Bytes(), &resp)) assert.Len(suite.T(), resp.Data, 2) } @@ -749,12 +752,12 @@ func (suite *PoamItemsApiIntegrationSuite) TestListEvidence() { suite.Require().NoError(suite.Migrator.Refresh()) sspID := uuid.New() item := suite.seedItem(sspID, "Evidence list test", "open") - suite.DB.Create(&relational.CcfPoamItemEvidenceLink{PoamItemID: item.ID, EvidenceID: uuid.New()}) + suite.DB.Create(&poamsvc.PoamItemEvidenceLink{PoamItemID: item.ID, EvidenceID: uuid.New()}) rec := httptest.NewRecorder() req := httptest.NewRequest(http.MethodGet, fmt.Sprintf("/api/poam-items/%s/evidence", item.ID), nil) suite.newServer().E().ServeHTTP(rec, req) assert.Equal(suite.T(), http.StatusOK, rec.Code) - var resp GenericDataListResponse[relational.CcfPoamItemEvidenceLink] + var resp GenericDataListResponse[poamsvc.PoamItemEvidenceLink] suite.Require().NoError(json.Unmarshal(rec.Body.Bytes(), &resp)) assert.Len(suite.T(), resp.Data, 1) } @@ -763,12 +766,12 @@ func (suite *PoamItemsApiIntegrationSuite) TestListControls() { suite.Require().NoError(suite.Migrator.Refresh()) sspID := uuid.New() item := suite.seedItem(sspID, "Control list test", "open") - suite.DB.Create(&relational.CcfPoamItemControlLink{PoamItemID: item.ID, CatalogID: uuid.New(), ControlID: "SI-2"}) + suite.DB.Create(&poamsvc.PoamItemControlLink{PoamItemID: item.ID, CatalogID: uuid.New(), ControlID: "SI-2"}) rec := httptest.NewRecorder() req := httptest.NewRequest(http.MethodGet, fmt.Sprintf("/api/poam-items/%s/controls", item.ID), nil) suite.newServer().E().ServeHTTP(rec, req) assert.Equal(suite.T(), http.StatusOK, rec.Code) - var resp GenericDataListResponse[relational.CcfPoamItemControlLink] + var resp GenericDataListResponse[poamsvc.PoamItemControlLink] suite.Require().NoError(json.Unmarshal(rec.Body.Bytes(), &resp)) assert.Len(suite.T(), resp.Data, 1) assert.Equal(suite.T(), "SI-2", resp.Data[0].ControlID) @@ -778,12 +781,12 @@ func (suite *PoamItemsApiIntegrationSuite) TestListFindings() { suite.Require().NoError(suite.Migrator.Refresh()) sspID := uuid.New() item := suite.seedItem(sspID, "Finding list test", "open") - suite.DB.Create(&relational.CcfPoamItemFindingLink{PoamItemID: item.ID, FindingID: uuid.New()}) + suite.DB.Create(&poamsvc.PoamItemFindingLink{PoamItemID: item.ID, FindingID: uuid.New()}) rec := httptest.NewRecorder() req := httptest.NewRequest(http.MethodGet, fmt.Sprintf("/api/poam-items/%s/findings", item.ID), nil) suite.newServer().E().ServeHTTP(rec, req) assert.Equal(suite.T(), http.StatusOK, rec.Code) - var resp GenericDataListResponse[relational.CcfPoamItemFindingLink] + var resp GenericDataListResponse[poamsvc.PoamItemFindingLink] suite.Require().NoError(json.Unmarshal(rec.Body.Bytes(), &resp)) assert.Len(suite.T(), resp.Data, 1) } @@ -799,16 +802,181 @@ func (suite *PoamItemsApiIntegrationSuite) TestListLinks_ParentNotFound() { } } +// --------------------------------------------------------------------------- +// Link sub-resource endpoints — POST / DELETE +// --------------------------------------------------------------------------- + +func (suite *PoamItemsApiIntegrationSuite) TestAddRiskLink() { + suite.Require().NoError(suite.Migrator.Refresh()) + sspID := uuid.New() + item := suite.seedItem(sspID, "Add risk link test", "open") + riskID := uuid.New() + body := addLinkRequest{ID: riskID.String()} + raw, _ := json.Marshal(body) + rec := httptest.NewRecorder() + req := httptest.NewRequest(http.MethodPost, fmt.Sprintf("/api/poam-items/%s/risks", item.ID), bytes.NewReader(raw)) + req.Header.Set(echo.HeaderContentType, echo.MIMEApplicationJSON) + suite.newServer().E().ServeHTTP(rec, req) + assert.Equal(suite.T(), http.StatusCreated, rec.Code) + var count int64 + suite.DB.Model(&poamsvc.PoamItemRiskLink{}).Where("poam_item_id = ? AND risk_id = ?", item.ID, riskID).Count(&count) + assert.Equal(suite.T(), int64(1), count) +} + +func (suite *PoamItemsApiIntegrationSuite) TestDeleteRiskLink() { + suite.Require().NoError(suite.Migrator.Refresh()) + sspID := uuid.New() + item := suite.seedItem(sspID, "Delete risk link test", "open") + riskID := uuid.New() + suite.Require().NoError(suite.DB.Create(&poamsvc.PoamItemRiskLink{PoamItemID: item.ID, RiskID: riskID}).Error) + rec := httptest.NewRecorder() + req := httptest.NewRequest(http.MethodDelete, fmt.Sprintf("/api/poam-items/%s/risks/%s", item.ID, riskID), nil) + suite.newServer().E().ServeHTTP(rec, req) + assert.Equal(suite.T(), http.StatusNoContent, rec.Code) + var count int64 + suite.DB.Model(&poamsvc.PoamItemRiskLink{}).Where("poam_item_id = ? AND risk_id = ?", item.ID, riskID).Count(&count) + assert.Equal(suite.T(), int64(0), count) +} + +func (suite *PoamItemsApiIntegrationSuite) TestAddEvidenceLink() { + suite.Require().NoError(suite.Migrator.Refresh()) + sspID := uuid.New() + item := suite.seedItem(sspID, "Add evidence link test", "open") + evidenceID := uuid.New() + body := addLinkRequest{ID: evidenceID.String()} + raw, _ := json.Marshal(body) + rec := httptest.NewRecorder() + req := httptest.NewRequest(http.MethodPost, fmt.Sprintf("/api/poam-items/%s/evidence", item.ID), bytes.NewReader(raw)) + req.Header.Set(echo.HeaderContentType, echo.MIMEApplicationJSON) + suite.newServer().E().ServeHTTP(rec, req) + assert.Equal(suite.T(), http.StatusCreated, rec.Code) + var count int64 + suite.DB.Model(&poamsvc.PoamItemEvidenceLink{}).Where("poam_item_id = ? AND evidence_id = ?", item.ID, evidenceID).Count(&count) + assert.Equal(suite.T(), int64(1), count) +} + +func (suite *PoamItemsApiIntegrationSuite) TestDeleteEvidenceLink() { + suite.Require().NoError(suite.Migrator.Refresh()) + sspID := uuid.New() + item := suite.seedItem(sspID, "Delete evidence link test", "open") + evidenceID := uuid.New() + suite.Require().NoError(suite.DB.Create(&poamsvc.PoamItemEvidenceLink{PoamItemID: item.ID, EvidenceID: evidenceID}).Error) + rec := httptest.NewRecorder() + req := httptest.NewRequest(http.MethodDelete, fmt.Sprintf("/api/poam-items/%s/evidence/%s", item.ID, evidenceID), nil) + suite.newServer().E().ServeHTTP(rec, req) + assert.Equal(suite.T(), http.StatusNoContent, rec.Code) + var count int64 + suite.DB.Model(&poamsvc.PoamItemEvidenceLink{}).Where("poam_item_id = ? AND evidence_id = ?", item.ID, evidenceID).Count(&count) + assert.Equal(suite.T(), int64(0), count) +} + +func (suite *PoamItemsApiIntegrationSuite) TestAddFindingLink() { + suite.Require().NoError(suite.Migrator.Refresh()) + sspID := uuid.New() + item := suite.seedItem(sspID, "Add finding link test", "open") + findingID := uuid.New() + body := addLinkRequest{ID: findingID.String()} + raw, _ := json.Marshal(body) + rec := httptest.NewRecorder() + req := httptest.NewRequest(http.MethodPost, fmt.Sprintf("/api/poam-items/%s/findings", item.ID), bytes.NewReader(raw)) + req.Header.Set(echo.HeaderContentType, echo.MIMEApplicationJSON) + suite.newServer().E().ServeHTTP(rec, req) + assert.Equal(suite.T(), http.StatusCreated, rec.Code) + var count int64 + suite.DB.Model(&poamsvc.PoamItemFindingLink{}).Where("poam_item_id = ? AND finding_id = ?", item.ID, findingID).Count(&count) + assert.Equal(suite.T(), int64(1), count) +} + +func (suite *PoamItemsApiIntegrationSuite) TestDeleteFindingLink() { + suite.Require().NoError(suite.Migrator.Refresh()) + sspID := uuid.New() + item := suite.seedItem(sspID, "Delete finding link test", "open") + findingID := uuid.New() + suite.Require().NoError(suite.DB.Create(&poamsvc.PoamItemFindingLink{PoamItemID: item.ID, FindingID: findingID}).Error) + rec := httptest.NewRecorder() + req := httptest.NewRequest(http.MethodDelete, fmt.Sprintf("/api/poam-items/%s/findings/%s", item.ID, findingID), nil) + suite.newServer().E().ServeHTTP(rec, req) + assert.Equal(suite.T(), http.StatusNoContent, rec.Code) + var count int64 + suite.DB.Model(&poamsvc.PoamItemFindingLink{}).Where("poam_item_id = ? AND finding_id = ?", item.ID, findingID).Count(&count) + assert.Equal(suite.T(), int64(0), count) +} + +func (suite *PoamItemsApiIntegrationSuite) TestAddControlLink() { + suite.Require().NoError(suite.Migrator.Refresh()) + sspID := uuid.New() + item := suite.seedItem(sspID, "Add control link test", "open") + catalogID := uuid.New() + body := poamAddControlLinkRequest{CatalogID: catalogID.String(), ControlID: "AC-3"} + raw, _ := json.Marshal(body) + rec := httptest.NewRecorder() + req := httptest.NewRequest(http.MethodPost, fmt.Sprintf("/api/poam-items/%s/controls", item.ID), bytes.NewReader(raw)) + req.Header.Set(echo.HeaderContentType, echo.MIMEApplicationJSON) + suite.newServer().E().ServeHTTP(rec, req) + assert.Equal(suite.T(), http.StatusCreated, rec.Code) + var count int64 + suite.DB.Model(&poamsvc.PoamItemControlLink{}).Where("poam_item_id = ? AND control_id = ?", item.ID, "AC-3").Count(&count) + assert.Equal(suite.T(), int64(1), count) +} + +func (suite *PoamItemsApiIntegrationSuite) TestDeleteControlLink() { + suite.Require().NoError(suite.Migrator.Refresh()) + sspID := uuid.New() + item := suite.seedItem(sspID, "Delete control link test", "open") + catalogID := uuid.New() + suite.Require().NoError(suite.DB.Create(&poamsvc.PoamItemControlLink{PoamItemID: item.ID, CatalogID: catalogID, ControlID: "AC-4"}).Error) + rec := httptest.NewRecorder() + req := httptest.NewRequest( + http.MethodDelete, + fmt.Sprintf("/api/poam-items/%s/controls/%s/AC-4", item.ID, catalogID), + nil, + ) + suite.newServer().E().ServeHTTP(rec, req) + assert.Equal(suite.T(), http.StatusNoContent, rec.Code) + var count int64 + suite.DB.Model(&poamsvc.PoamItemControlLink{}).Where("poam_item_id = ? AND catalog_id = ? AND control_id = ?", item.ID, catalogID, "AC-4").Count(&count) + assert.Equal(suite.T(), int64(0), count) +} + // --------------------------------------------------------------------------- // Uniqueness constraint — duplicate risk link // --------------------------------------------------------------------------- -func (suite *PoamItemsApiIntegrationSuite) TestCreate_DuplicateRiskLink_IsRejected() { +// TestCreate_DuplicateRiskLink_IsIdempotent verifies that POSTing the same risk +// link twice returns HTTP 201 both times (ON CONFLICT DO NOTHING — same pattern +// as the Risk service). The unique constraint still exists in the DB; the +// service simply re-fetches and returns the existing record on conflict. +func (suite *PoamItemsApiIntegrationSuite) TestCreate_DuplicateRiskLink_IsIdempotent() { suite.Require().NoError(suite.Migrator.Refresh()) sspID := uuid.New() riskID := uuid.New() item := suite.seedItem(sspID, "Dup risk test", "open") - suite.Require().NoError(suite.DB.Create(&relational.CcfPoamItemRiskLink{PoamItemID: item.ID, RiskID: riskID}).Error) - err := suite.DB.Create(&relational.CcfPoamItemRiskLink{PoamItemID: item.ID, RiskID: riskID}).Error - assert.Error(suite.T(), err, "duplicate risk link should be rejected by unique constraint") + + token, err := suite.GetAuthToken() + suite.Require().NoError(err) + + body := fmt.Sprintf(`{"id":"%s"}`, riskID) + + // First POST — creates the link. + rec1 := httptest.NewRecorder() + req1 := httptest.NewRequest(http.MethodPost, + fmt.Sprintf("/api/poam-items/%s/risks", item.ID), strings.NewReader(body)) + req1.Header.Set(echo.HeaderContentType, echo.MIMEApplicationJSON) + req1.Header.Set(echo.HeaderAuthorization, "Bearer "+*token) + suite.newServer().E().ServeHTTP(rec1, req1) + assert.Equal(suite.T(), http.StatusCreated, rec1.Code, "first POST should return 201") + + // Second POST — idempotent, should also return 201. + rec2 := httptest.NewRecorder() + req2 := httptest.NewRequest(http.MethodPost, + fmt.Sprintf("/api/poam-items/%s/risks", item.ID), strings.NewReader(body)) + req2.Header.Set(echo.HeaderContentType, echo.MIMEApplicationJSON) + req2.Header.Set(echo.HeaderAuthorization, "Bearer "+*token) + suite.newServer().E().ServeHTTP(rec2, req2) + assert.Equal(suite.T(), http.StatusCreated, rec2.Code, "duplicate POST should be idempotent (201)") + + // Verify only one link exists in the DB. + var count int64 + suite.DB.Model(&poamsvc.PoamItemRiskLink{}).Where("poam_item_id = ? AND risk_id = ?", item.ID, riskID).Count(&count) + assert.Equal(suite.T(), int64(1), count, "only one risk link should exist") } diff --git a/internal/service/migrator.go b/internal/service/migrator.go index cecc45e4..54776ca5 100644 --- a/internal/service/migrator.go +++ b/internal/service/migrator.go @@ -2,6 +2,7 @@ package service import ( "github.com/compliance-framework/api/internal/service/relational" + poamrel "github.com/compliance-framework/api/internal/service/relational/poam" riskrel "github.com/compliance-framework/api/internal/service/relational/risks" templaterel "github.com/compliance-framework/api/internal/service/relational/templates" "github.com/compliance-framework/api/internal/service/relational/workflows" @@ -135,12 +136,12 @@ func MigrateUp(db *gorm.DB) error { // Compliance-Framework - not related to OSCAL &relational.SSOUserLink{}, - &relational.CcfPoamItem{}, - &relational.CcfPoamItemMilestone{}, - &relational.CcfPoamItemRiskLink{}, - &relational.CcfPoamItemEvidenceLink{}, - &relational.CcfPoamItemControlLink{}, - &relational.CcfPoamItemFindingLink{}, + &poamrel.PoamItem{}, + &poamrel.PoamItemMilestone{}, + &poamrel.PoamItemRiskLink{}, + &poamrel.PoamItemEvidenceLink{}, + &poamrel.PoamItemControlLink{}, + &poamrel.PoamItemFindingLink{}, &relational.User{}, &Heartbeat{}, &relational.Evidence{}, @@ -348,12 +349,12 @@ func MigrateDown(db *gorm.DB) error { "poam_findings", "poam_risks", - &relational.CcfPoamItemFindingLink{}, - &relational.CcfPoamItemControlLink{}, - &relational.CcfPoamItemEvidenceLink{}, - &relational.CcfPoamItemRiskLink{}, - &relational.CcfPoamItemMilestone{}, - &relational.CcfPoamItem{}, + &poamrel.PoamItemFindingLink{}, + &poamrel.PoamItemControlLink{}, + &poamrel.PoamItemEvidenceLink{}, + &poamrel.PoamItemRiskLink{}, + &poamrel.PoamItemMilestone{}, + &poamrel.PoamItem{}, &relational.User{}, diff --git a/internal/service/relational/poam/models.go b/internal/service/relational/poam/models.go new file mode 100644 index 00000000..fcf5aa07 --- /dev/null +++ b/internal/service/relational/poam/models.go @@ -0,0 +1,190 @@ +package poam + +import ( + "fmt" + "time" + + "github.com/compliance-framework/api/internal/service/relational" + "github.com/google/uuid" + "gorm.io/gorm" +) + +// PoamItemStatus represents the lifecycle state of a POAM item. +type PoamItemStatus string + +const ( + PoamItemStatusOpen PoamItemStatus = "open" + PoamItemStatusInProgress PoamItemStatus = "in-progress" + PoamItemStatusCompleted PoamItemStatus = "completed" + PoamItemStatusOverdue PoamItemStatus = "overdue" +) + +// IsValid reports whether the status value is one of the defined constants. +func (s PoamItemStatus) IsValid() bool { + switch s { + case PoamItemStatusOpen, PoamItemStatusInProgress, PoamItemStatusCompleted, PoamItemStatusOverdue: + return true + } + return false +} + +// PoamItemSourceType describes how a POAM item was created. +type PoamItemSourceType string + +const ( + PoamItemSourceTypeManual PoamItemSourceType = "manual" + PoamItemSourceTypeRiskPromotion PoamItemSourceType = "risk-promotion" + PoamItemSourceTypeImport PoamItemSourceType = "import" +) + +// IsValid reports whether the source type value is one of the defined constants. +func (s PoamItemSourceType) IsValid() bool { + switch s { + case PoamItemSourceTypeManual, PoamItemSourceTypeRiskPromotion, PoamItemSourceTypeImport: + return true + } + return false +} + +// MilestoneStatus represents the lifecycle state of a POAM milestone. +type MilestoneStatus string + +const ( + MilestoneStatusPlanned MilestoneStatus = "planned" + MilestoneStatusCompleted MilestoneStatus = "completed" +) + +// IsValid reports whether the milestone status is one of the defined constants. +func (s MilestoneStatus) IsValid() bool { + switch s { + case MilestoneStatusPlanned, MilestoneStatusCompleted: + return true + } + return false +} + +// PoamItem is the primary GORM model for a POAM item. +// Field names follow the Confluence design doc (v15). +type PoamItem struct { + ID uuid.UUID `gorm:"type:uuid;primaryKey" json:"id"` + SspID uuid.UUID `gorm:"type:uuid;not null;index" json:"sspId"` + Title string `gorm:"not null" json:"title"` + Description string ` json:"description"` + Status string `gorm:"type:text;not null" json:"status"` + SourceType string `gorm:"type:text;not null" json:"sourceType"` + PrimaryOwnerUserID *uuid.UUID `gorm:"type:uuid" json:"primaryOwnerUserId,omitempty"` + PlannedCompletionDate *time.Time ` json:"plannedCompletionDate,omitempty"` + CompletedAt *time.Time ` json:"completedAt,omitempty"` + CreatedFromRiskID *uuid.UUID `gorm:"type:uuid" json:"createdFromRiskId,omitempty"` + AcceptanceRationale *string ` json:"acceptanceRationale,omitempty"` + LastStatusChangeAt time.Time `gorm:"not null" json:"lastStatusChangeAt"` + CreatedAt time.Time ` json:"createdAt"` + UpdatedAt time.Time ` json:"updatedAt"` + + // Associations — loaded on demand via Preload. + Milestones []PoamItemMilestone `gorm:"foreignKey:PoamItemID;constraint:OnDelete:CASCADE" json:"milestones,omitempty"` +} + +// TableName returns the physical table name. +func (PoamItem) TableName() string { return "ccf_poam_items" } + +// BeforeCreate auto-assigns a UUID and validates enum fields. +func (p *PoamItem) BeforeCreate(_ *gorm.DB) error { + if p.ID == uuid.Nil { + p.ID = uuid.New() + } + if p.Status == "" { + p.Status = string(PoamItemStatusOpen) + } + if p.SourceType == "" { + p.SourceType = string(PoamItemSourceTypeManual) + } + if !PoamItemStatus(p.Status).IsValid() { + return fmt.Errorf("invalid poam item status: %s", p.Status) + } + if !PoamItemSourceType(p.SourceType).IsValid() { + return fmt.Errorf("invalid poam item source type: %s", p.SourceType) + } + if p.LastStatusChangeAt.IsZero() { + p.LastStatusChangeAt = time.Now().UTC() + } + return nil +} + +// PoamItemMilestone is a strong-typed milestone entry for a PoamItem. +// Field names follow the Confluence design doc (v15). +type PoamItemMilestone struct { + ID uuid.UUID `gorm:"type:uuid;primaryKey" json:"id"` + PoamItemID uuid.UUID `gorm:"type:uuid;index;not null" json:"poamItemId"` + Title string `gorm:"not null" json:"title"` + Description string ` json:"description"` + Status string `gorm:"type:text;not null" json:"status"` + ScheduledCompletionDate *time.Time ` json:"scheduledCompletionDate,omitempty"` + CompletionDate *time.Time ` json:"completionDate,omitempty"` + OrderIndex int `gorm:"not null;default:0" json:"orderIndex"` + CreatedAt time.Time ` json:"createdAt"` + UpdatedAt time.Time ` json:"updatedAt"` +} + +// TableName returns the physical table name. +func (PoamItemMilestone) TableName() string { return "ccf_poam_item_milestones" } + +// BeforeCreate auto-assigns a UUID and validates enum fields. +func (m *PoamItemMilestone) BeforeCreate(_ *gorm.DB) error { + if m.ID == uuid.Nil { + m.ID = uuid.New() + } + if m.Status == "" { + m.Status = string(MilestoneStatusPlanned) + } + if !MilestoneStatus(m.Status).IsValid() { + return fmt.Errorf("invalid milestone status: %s", m.Status) + } + return nil +} + +// PoamItemRiskLink is the join table linking PoamItems to Risks. +type PoamItemRiskLink struct { + PoamItemID uuid.UUID `gorm:"type:uuid;not null;index:ccf_poam_item_risk_links_unique,unique" json:"poamItemId"` + RiskID uuid.UUID `gorm:"type:uuid;not null;index:ccf_poam_item_risk_links_unique,unique" json:"riskId"` +} + +// TableName returns the physical table name. +func (PoamItemRiskLink) TableName() string { return "ccf_poam_item_risk_links" } + +// PoamItemEvidenceLink is the join table linking PoamItems to Evidence records. +type PoamItemEvidenceLink struct { + PoamItemID uuid.UUID `gorm:"type:uuid;not null;index:ccf_poam_item_evidence_links_unique,unique" json:"poamItemId"` + EvidenceID uuid.UUID `gorm:"type:uuid;not null;index:ccf_poam_item_evidence_links_unique,unique" json:"evidenceId"` +} + +// TableName returns the physical table name. +func (PoamItemEvidenceLink) TableName() string { return "ccf_poam_item_evidence_links" } + +// PoamItemControlLink is the join table linking PoamItems to Controls. +type PoamItemControlLink struct { + PoamItemID uuid.UUID `gorm:"type:uuid;not null;index:ccf_poam_item_control_links_unique,unique" json:"poamItemId"` + CatalogID uuid.UUID `gorm:"type:uuid;not null;index:ccf_poam_item_control_links_unique,unique" json:"catalogId"` + ControlID string `gorm:"type:text;not null;index:ccf_poam_item_control_links_unique,unique" json:"controlId"` +} + +// TableName returns the physical table name. +func (PoamItemControlLink) TableName() string { return "ccf_poam_item_control_links" } + +// PoamItemFindingLink is the join table linking PoamItems to Findings. +type PoamItemFindingLink struct { + PoamItemID uuid.UUID `gorm:"type:uuid;not null;index:ccf_poam_item_finding_links_unique,unique" json:"poamItemId"` + FindingID uuid.UUID `gorm:"type:uuid;not null;index:ccf_poam_item_finding_links_unique,unique" json:"findingId"` +} + +// TableName returns the physical table name. +func (PoamItemFindingLink) TableName() string { return "ccf_poam_item_finding_links" } + +// ControlRef is a typed reference to a control within a catalog. +type ControlRef struct { + CatalogID uuid.UUID `json:"catalogId"` + ControlID string `json:"controlId"` +} + +// Ensure the relational package is imported (used for SSP existence checks in the service). +var _ = relational.SystemSecurityPlan{} diff --git a/internal/service/relational/poam/queries.go b/internal/service/relational/poam/queries.go new file mode 100644 index 00000000..66e32c6d --- /dev/null +++ b/internal/service/relational/poam/queries.go @@ -0,0 +1,54 @@ +package poam + +import ( + "time" + + "github.com/google/uuid" + "gorm.io/gorm" +) + +// ListFilters holds all supported filter parameters for listing POAM items. +type ListFilters struct { + Status *string + SspID *uuid.UUID + RiskID *uuid.UUID + DueBefore *time.Time + OverdueOnly bool + OwnerRef *uuid.UUID +} + +// ApplyFilters applies all non-nil filters to the given GORM query and returns it. +func ApplyFilters(query *gorm.DB, filters ListFilters) *gorm.DB { + q := query.Model(&PoamItem{}) + + if filters.Status != nil && *filters.Status != "" { + q = q.Where("ccf_poam_items.status = ?", *filters.Status) + } + if filters.SspID != nil { + q = q.Where("ccf_poam_items.ssp_id = ?", *filters.SspID) + } + if filters.OwnerRef != nil { + q = q.Where("ccf_poam_items.primary_owner_user_id = ?", *filters.OwnerRef) + } + if filters.DueBefore != nil { + q = q.Where( + "ccf_poam_items.planned_completion_date IS NOT NULL AND ccf_poam_items.planned_completion_date < ?", + *filters.DueBefore, + ) + } + if filters.OverdueOnly { + now := time.Now().UTC() + q = q.Where( + "ccf_poam_items.status IN ('open','in-progress') AND ccf_poam_items.planned_completion_date IS NOT NULL AND ccf_poam_items.planned_completion_date < ?", + now, + ) + } + if filters.RiskID != nil { + q = q.Joins( + "JOIN ccf_poam_item_risk_links rl ON rl.poam_item_id = ccf_poam_items.id AND rl.risk_id = ?", + *filters.RiskID, + ) + } + + return q +} diff --git a/internal/service/relational/poam/service.go b/internal/service/relational/poam/service.go new file mode 100644 index 00000000..6729b603 --- /dev/null +++ b/internal/service/relational/poam/service.go @@ -0,0 +1,566 @@ +package poam + +import ( + "time" + + "github.com/compliance-framework/api/internal/service/relational" + "github.com/google/uuid" + "gorm.io/gorm" + "gorm.io/gorm/clause" +) + +// PoamService encapsulates all database operations for POAM items and their +// sub-resources. Handlers must not import gorm directly; all persistence is +// delegated here. +type PoamService struct { + db *gorm.DB +} + +// NewPoamService constructs a PoamService backed by the given *gorm.DB. +func NewPoamService(db *gorm.DB) *PoamService { + return &PoamService{db: db} +} + +// --------------------------------------------------------------------------- +// Param types +// --------------------------------------------------------------------------- + +// CreatePoamItemParams carries all data required to create a POAM item and its +// initial milestones and link records in a single transaction. +type CreatePoamItemParams struct { + SspID uuid.UUID + Title string + Description string + Status string + SourceType string + PrimaryOwnerUserID *uuid.UUID + PlannedCompletionDate *time.Time + CreatedFromRiskID *uuid.UUID + AcceptanceRationale *string + RiskIDs []uuid.UUID + EvidenceIDs []uuid.UUID + ControlRefs []ControlRef + FindingIDs []uuid.UUID + Milestones []CreateMilestoneParams +} + +// UpdatePoamItemParams carries the fields that may be patched on an existing +// POAM item. Only non-nil pointer fields are applied. +type UpdatePoamItemParams struct { + Title *string + Description *string + Status *string + PrimaryOwnerUserID *uuid.UUID + PlannedCompletionDate *time.Time + CompletedAt *time.Time + AcceptanceRationale *string +} + +// CreateMilestoneParams carries all data required to create a single milestone. +type CreateMilestoneParams struct { + Title string + Description string + Status string + ScheduledCompletionDate *time.Time + OrderIndex int +} + +// UpdateMilestoneParams carries the fields that may be patched on an existing +// milestone. Only non-nil pointer fields are applied. +type UpdateMilestoneParams struct { + Title *string + Description *string + Status *string + ScheduledCompletionDate *time.Time + OrderIndex *int +} + +// --------------------------------------------------------------------------- +// POAM item CRUD +// --------------------------------------------------------------------------- + +// List returns all POAM items matching the given filters. +func (s *PoamService) List(filters ListFilters) ([]PoamItem, error) { + var items []PoamItem + q := ApplyFilters(s.db, filters) + if err := q.Find(&items).Error; err != nil { + return nil, err + } + return items, nil +} + +// Create inserts a new POAM item together with its initial milestones and all +// link records inside a single database transaction. +func (s *PoamService) Create(params CreatePoamItemParams) (*PoamItem, error) { + item := PoamItem{ + SspID: params.SspID, + Title: params.Title, + Description: params.Description, + Status: params.Status, + SourceType: params.SourceType, + PrimaryOwnerUserID: params.PrimaryOwnerUserID, + PlannedCompletionDate: params.PlannedCompletionDate, + CreatedFromRiskID: params.CreatedFromRiskID, + AcceptanceRationale: params.AcceptanceRationale, + } + + tx, err := beginTx(s.db) + if err != nil { + return nil, err + } + defer rollbackTxOnPanic(tx) + + if err := tx.Create(&item).Error; err != nil { + tx.Rollback() + return nil, err + } + + for i, mp := range params.Milestones { + orderIdx := mp.OrderIndex + if orderIdx == 0 { + orderIdx = i + } + ms := PoamItemMilestone{ + PoamItemID: item.ID, + Title: mp.Title, + Description: mp.Description, + Status: mp.Status, + ScheduledCompletionDate: mp.ScheduledCompletionDate, + OrderIndex: orderIdx, + } + if err := tx.Create(&ms).Error; err != nil { + tx.Rollback() + return nil, err + } + } + + for _, riskID := range params.RiskIDs { + link := PoamItemRiskLink{PoamItemID: item.ID, RiskID: riskID} + if err := tx.Clauses(clause.OnConflict{DoNothing: true}).Create(&link).Error; err != nil { + tx.Rollback() + return nil, err + } + } + + for _, evidenceID := range params.EvidenceIDs { + link := PoamItemEvidenceLink{PoamItemID: item.ID, EvidenceID: evidenceID} + if err := tx.Clauses(clause.OnConflict{DoNothing: true}).Create(&link).Error; err != nil { + tx.Rollback() + return nil, err + } + } + + for _, cr := range params.ControlRefs { + link := PoamItemControlLink{PoamItemID: item.ID, CatalogID: cr.CatalogID, ControlID: cr.ControlID} + if err := tx.Clauses(clause.OnConflict{DoNothing: true}).Create(&link).Error; err != nil { + tx.Rollback() + return nil, err + } + } + + for _, findingID := range params.FindingIDs { + link := PoamItemFindingLink{PoamItemID: item.ID, FindingID: findingID} + if err := tx.Clauses(clause.OnConflict{DoNothing: true}).Create(&link).Error; err != nil { + tx.Rollback() + return nil, err + } + } + + if err := tx.Commit().Error; err != nil { + return nil, err + } + + return s.GetByID(item.ID) +} + +// GetByID fetches a single POAM item by its UUID, preloading milestones ordered +// by order_index ascending. +func (s *PoamService) GetByID(id uuid.UUID) (*PoamItem, error) { + var item PoamItem + err := s.db. + Preload("Milestones", func(db *gorm.DB) *gorm.DB { + return db.Order("order_index ASC") + }). + First(&item, "id = ?", id).Error + if err != nil { + return nil, err + } + return &item, nil +} + +// Update applies non-nil fields from params to the POAM item identified by id. +// When status transitions to "completed", completed_at is set automatically. +// last_status_change_at is stamped on every status change. +func (s *PoamService) Update(id uuid.UUID, params UpdatePoamItemParams) (*PoamItem, error) { + updates := map[string]interface{}{} + + if params.Title != nil { + updates["title"] = *params.Title + } + if params.Description != nil { + updates["description"] = *params.Description + } + if params.Status != nil { + updates["status"] = *params.Status + updates["last_status_change_at"] = time.Now().UTC() + if *params.Status == string(PoamItemStatusCompleted) { + now := time.Now().UTC() + updates["completed_at"] = &now + } + } + if params.PrimaryOwnerUserID != nil { + updates["primary_owner_user_id"] = *params.PrimaryOwnerUserID + } + if params.PlannedCompletionDate != nil { + updates["planned_completion_date"] = params.PlannedCompletionDate + } + if params.CompletedAt != nil { + updates["completed_at"] = params.CompletedAt + } + if params.AcceptanceRationale != nil { + updates["acceptance_rationale"] = *params.AcceptanceRationale + } + + if len(updates) == 0 { + return s.GetByID(id) + } + + if err := s.db.Model(&PoamItem{}).Where("id = ?", id).Updates(updates).Error; err != nil { + return nil, err + } + + return s.GetByID(id) +} + +// Delete removes a POAM item and all its dependent records (milestones, all +// four link tables) inside a single transaction. +func (s *PoamService) Delete(id uuid.UUID) error { + tx, err := beginTx(s.db) + if err != nil { + return err + } + defer rollbackTxOnPanic(tx) + + if err := tx.Where("poam_item_id = ?", id).Delete(&PoamItemRiskLink{}).Error; err != nil { + tx.Rollback() + return err + } + if err := tx.Where("poam_item_id = ?", id).Delete(&PoamItemEvidenceLink{}).Error; err != nil { + tx.Rollback() + return err + } + if err := tx.Where("poam_item_id = ?", id).Delete(&PoamItemControlLink{}).Error; err != nil { + tx.Rollback() + return err + } + if err := tx.Where("poam_item_id = ?", id).Delete(&PoamItemFindingLink{}).Error; err != nil { + tx.Rollback() + return err + } + if err := tx.Where("poam_item_id = ?", id).Delete(&PoamItemMilestone{}).Error; err != nil { + tx.Rollback() + return err + } + + result := tx.Delete(&PoamItem{}, "id = ?", id) + if result.Error != nil { + tx.Rollback() + return result.Error + } + if result.RowsAffected == 0 { + tx.Rollback() + return gorm.ErrRecordNotFound + } + + return tx.Commit().Error +} + +// EnsureExists returns nil if a POAM item with the given id exists, or +// gorm.ErrRecordNotFound if it does not. +func (s *PoamService) EnsureExists(id uuid.UUID) error { + var item PoamItem + return s.db.Select("id").First(&item, "id = ?", id).Error +} + +// EnsureSSPExists returns nil if an SSP with the given id exists, or +// gorm.ErrRecordNotFound if it does not. +func (s *PoamService) EnsureSSPExists(id uuid.UUID) error { + var ssp relational.SystemSecurityPlan + return s.db.Select("id").First(&ssp, "id = ?", id).Error +} + +// --------------------------------------------------------------------------- +// Milestone operations +// --------------------------------------------------------------------------- + +// ListMilestones returns all milestones for the given POAM item, ordered by +// order_index ascending. +func (s *PoamService) ListMilestones(poamItemID uuid.UUID) ([]PoamItemMilestone, error) { + var milestones []PoamItemMilestone + if err := s.db. + Where("poam_item_id = ?", poamItemID). + Order("order_index ASC"). + Find(&milestones).Error; err != nil { + return nil, err + } + return milestones, nil +} + +// AddMilestone inserts a new milestone for the given POAM item. +func (s *PoamService) AddMilestone(poamItemID uuid.UUID, params CreateMilestoneParams) (*PoamItemMilestone, error) { + m := PoamItemMilestone{ + PoamItemID: poamItemID, + Title: params.Title, + Description: params.Description, + Status: params.Status, + ScheduledCompletionDate: params.ScheduledCompletionDate, + OrderIndex: params.OrderIndex, + } + if err := s.db.Create(&m).Error; err != nil { + return nil, err + } + return &m, nil +} + +// UpdateMilestone applies non-nil fields from params to the milestone identified +// by (poamItemID, milestoneID). When status transitions to "completed", +// completion_date is set automatically. Returns gorm.ErrRecordNotFound when the +// milestone does not belong to the given POAM item. +func (s *PoamService) UpdateMilestone(poamItemID, milestoneID uuid.UUID, params UpdateMilestoneParams) (*PoamItemMilestone, error) { + updates := map[string]interface{}{} + + if params.Title != nil { + updates["title"] = *params.Title + } + if params.Description != nil { + updates["description"] = *params.Description + } + if params.Status != nil { + updates["status"] = *params.Status + if *params.Status == string(MilestoneStatusCompleted) { + now := time.Now().UTC() + updates["completion_date"] = &now + } + } + if params.ScheduledCompletionDate != nil { + updates["scheduled_completion_date"] = params.ScheduledCompletionDate + } + if params.OrderIndex != nil { + updates["order_index"] = *params.OrderIndex + } + + if len(updates) == 0 { + return s.getMilestoneByID(poamItemID, milestoneID) + } + + result := s.db.Model(&PoamItemMilestone{}). + Where("poam_item_id = ? AND id = ?", poamItemID, milestoneID). + Updates(updates) + if result.Error != nil { + return nil, result.Error + } + if result.RowsAffected == 0 { + return nil, gorm.ErrRecordNotFound + } + + return s.getMilestoneByID(poamItemID, milestoneID) +} + +// DeleteMilestone removes the milestone identified by (poamItemID, milestoneID). +// Returns gorm.ErrRecordNotFound when the milestone does not exist or does not +// belong to the given POAM item. +func (s *PoamService) DeleteMilestone(poamItemID, milestoneID uuid.UUID) error { + result := s.db. + Where("poam_item_id = ? AND id = ?", poamItemID, milestoneID). + Delete(&PoamItemMilestone{}) + if result.Error != nil { + return result.Error + } + if result.RowsAffected == 0 { + return gorm.ErrRecordNotFound + } + return nil +} + +// getMilestoneByID is an internal helper that fetches a milestone by its +// composite key (poamItemID, milestoneID). +func (s *PoamService) getMilestoneByID(poamItemID, milestoneID uuid.UUID) (*PoamItemMilestone, error) { + var m PoamItemMilestone + if err := s.db.First(&m, "poam_item_id = ? AND id = ?", poamItemID, milestoneID).Error; err != nil { + return nil, err + } + return &m, nil +} + +// --------------------------------------------------------------------------- +// Link sub-resource operations +// --------------------------------------------------------------------------- + +// ListRiskLinks returns all risk link records for the given POAM item. +func (s *PoamService) ListRiskLinks(poamItemID uuid.UUID) ([]PoamItemRiskLink, error) { + var links []PoamItemRiskLink + if err := s.db.Where("poam_item_id = ?", poamItemID).Find(&links).Error; err != nil { + return nil, err + } + return links, nil +} + +// AddRiskLink creates a risk link for the given POAM item. Duplicate links are +// silently ignored (ON CONFLICT DO NOTHING). +func (s *PoamService) AddRiskLink(poamItemID, riskID uuid.UUID) (*PoamItemRiskLink, error) { + link := PoamItemRiskLink{PoamItemID: poamItemID, RiskID: riskID} + result := s.db.Clauses(clause.OnConflict{DoNothing: true}).Create(&link) + if result.Error != nil { + return nil, result.Error + } + // Re-fetch to ensure we return the persisted record regardless of conflict. + if err := s.db.Where("poam_item_id = ? AND risk_id = ?", poamItemID, riskID).First(&link).Error; err != nil { + return nil, err + } + return &link, nil +} + +// DeleteRiskLink removes the risk link identified by (poamItemID, riskID). +// Returns gorm.ErrRecordNotFound when the link does not exist. +func (s *PoamService) DeleteRiskLink(poamItemID, riskID uuid.UUID) error { + result := s.db. + Where("poam_item_id = ? AND risk_id = ?", poamItemID, riskID). + Delete(&PoamItemRiskLink{}) + if result.Error != nil { + return result.Error + } + if result.RowsAffected == 0 { + return gorm.ErrRecordNotFound + } + return nil +} + +// ListEvidenceLinks returns all evidence link records for the given POAM item. +func (s *PoamService) ListEvidenceLinks(poamItemID uuid.UUID) ([]PoamItemEvidenceLink, error) { + var links []PoamItemEvidenceLink + if err := s.db.Where("poam_item_id = ?", poamItemID).Find(&links).Error; err != nil { + return nil, err + } + return links, nil +} + +// AddEvidenceLink creates an evidence link for the given POAM item. Duplicate +// links are silently ignored. +func (s *PoamService) AddEvidenceLink(poamItemID, evidenceID uuid.UUID) (*PoamItemEvidenceLink, error) { + link := PoamItemEvidenceLink{PoamItemID: poamItemID, EvidenceID: evidenceID} + result := s.db.Clauses(clause.OnConflict{DoNothing: true}).Create(&link) + if result.Error != nil { + return nil, result.Error + } + if err := s.db.Where("poam_item_id = ? AND evidence_id = ?", poamItemID, evidenceID).First(&link).Error; err != nil { + return nil, err + } + return &link, nil +} + +// DeleteEvidenceLink removes the evidence link identified by (poamItemID, evidenceID). +func (s *PoamService) DeleteEvidenceLink(poamItemID, evidenceID uuid.UUID) error { + result := s.db. + Where("poam_item_id = ? AND evidence_id = ?", poamItemID, evidenceID). + Delete(&PoamItemEvidenceLink{}) + if result.Error != nil { + return result.Error + } + if result.RowsAffected == 0 { + return gorm.ErrRecordNotFound + } + return nil +} + +// ListControlLinks returns all control link records for the given POAM item. +func (s *PoamService) ListControlLinks(poamItemID uuid.UUID) ([]PoamItemControlLink, error) { + var links []PoamItemControlLink + if err := s.db.Where("poam_item_id = ?", poamItemID).Find(&links).Error; err != nil { + return nil, err + } + return links, nil +} + +// AddControlLink creates a control link for the given POAM item. Duplicate +// links are silently ignored. +func (s *PoamService) AddControlLink(poamItemID uuid.UUID, ref ControlRef) (*PoamItemControlLink, error) { + link := PoamItemControlLink{PoamItemID: poamItemID, CatalogID: ref.CatalogID, ControlID: ref.ControlID} + result := s.db.Clauses(clause.OnConflict{DoNothing: true}).Create(&link) + if result.Error != nil { + return nil, result.Error + } + if err := s.db.Where("poam_item_id = ? AND catalog_id = ? AND control_id = ?", poamItemID, ref.CatalogID, ref.ControlID).First(&link).Error; err != nil { + return nil, err + } + return &link, nil +} + +// DeleteControlLink removes the control link identified by (poamItemID, catalogID, controlID). +func (s *PoamService) DeleteControlLink(poamItemID, catalogID uuid.UUID, controlID string) error { + result := s.db. + Where("poam_item_id = ? AND catalog_id = ? AND control_id = ?", poamItemID, catalogID, controlID). + Delete(&PoamItemControlLink{}) + if result.Error != nil { + return result.Error + } + if result.RowsAffected == 0 { + return gorm.ErrRecordNotFound + } + return nil +} + +// ListFindingLinks returns all finding link records for the given POAM item. +func (s *PoamService) ListFindingLinks(poamItemID uuid.UUID) ([]PoamItemFindingLink, error) { + var links []PoamItemFindingLink + if err := s.db.Where("poam_item_id = ?", poamItemID).Find(&links).Error; err != nil { + return nil, err + } + return links, nil +} + +// AddFindingLink creates a finding link for the given POAM item. Duplicate +// links are silently ignored. +func (s *PoamService) AddFindingLink(poamItemID, findingID uuid.UUID) (*PoamItemFindingLink, error) { + link := PoamItemFindingLink{PoamItemID: poamItemID, FindingID: findingID} + result := s.db.Clauses(clause.OnConflict{DoNothing: true}).Create(&link) + if result.Error != nil { + return nil, result.Error + } + if err := s.db.Where("poam_item_id = ? AND finding_id = ?", poamItemID, findingID).First(&link).Error; err != nil { + return nil, err + } + return &link, nil +} + +// DeleteFindingLink removes the finding link identified by (poamItemID, findingID). +func (s *PoamService) DeleteFindingLink(poamItemID, findingID uuid.UUID) error { + result := s.db. + Where("poam_item_id = ? AND finding_id = ?", poamItemID, findingID). + Delete(&PoamItemFindingLink{}) + if result.Error != nil { + return result.Error + } + if result.RowsAffected == 0 { + return gorm.ErrRecordNotFound + } + return nil +} + +// --------------------------------------------------------------------------- +// Transaction helpers +// --------------------------------------------------------------------------- + +func beginTx(db *gorm.DB) (*gorm.DB, error) { + tx := db.Begin() + if tx.Error != nil { + return nil, tx.Error + } + return tx, nil +} + +func rollbackTxOnPanic(tx *gorm.DB) { + if r := recover(); r != nil { + tx.Rollback() + panic(r) + } +} diff --git a/internal/service/relational/poam_cf.go b/internal/service/relational/poam_cf.go deleted file mode 100644 index 668b33b4..00000000 --- a/internal/service/relational/poam_cf.go +++ /dev/null @@ -1,82 +0,0 @@ -package relational - -import ( - "time" - - "github.com/google/uuid" -) - -// CcfPoamItem is the first-class CCF POAM work item, always scoped to an SSP. -// Field names follow the Confluence design doc (v15) exactly. -// CCF-only fields are also exported as OSCAL Props (namespace ccf:) on OSCAL export. -type CcfPoamItem struct { - ID uuid.UUID `gorm:"type:uuid;primaryKey" json:"id"` - SspID uuid.UUID `gorm:"type:uuid;index;not null" json:"sspId"` - Title string `gorm:"not null" json:"title"` - Description string `gorm:"not null" json:"description"` - Status string `gorm:"type:text;index;not null" json:"status"` - PrimaryOwnerUserID *uuid.UUID `gorm:"type:uuid;index" json:"primaryOwnerUserId,omitempty"` - SourceType string `gorm:"type:text;not null;default:'manual'" json:"sourceType"` - PlannedCompletionDate *time.Time `gorm:"index" json:"plannedCompletionDate,omitempty"` - CompletedAt *time.Time ` json:"completedAt,omitempty"` - CreatedFromRiskID *uuid.UUID `gorm:"type:uuid" json:"createdFromRiskId,omitempty"` - AcceptanceRationale *string ` json:"acceptanceRationale,omitempty"` - LastStatusChangeAt time.Time `gorm:"not null;autoCreateTime" json:"lastStatusChangeAt"` - CreatedAt time.Time ` json:"createdAt"` - UpdatedAt time.Time ` json:"updatedAt"` - - // Associations — loaded on demand - Milestones []CcfPoamItemMilestone `gorm:"foreignKey:PoamItemID;constraint:OnDelete:CASCADE" json:"milestones,omitempty"` -} - -func (CcfPoamItem) TableName() string { return "ccf_poam_items" } - -// CcfPoamItemMilestone is a strong-typed milestone entry for a CcfPoamItem. -// Field names follow the Confluence design doc (v15). -type CcfPoamItemMilestone struct { - ID uuid.UUID `gorm:"type:uuid;primaryKey" json:"id"` - PoamItemID uuid.UUID `gorm:"type:uuid;index;not null" json:"poamItemId"` - Title string `gorm:"not null" json:"title"` - Description string ` json:"description"` - Status string `gorm:"type:text;not null" json:"status"` - ScheduledCompletionDate *time.Time ` json:"scheduledCompletionDate,omitempty"` - CompletionDate *time.Time ` json:"completionDate,omitempty"` - OrderIndex int `gorm:"not null;default:0" json:"orderIndex"` - CreatedAt time.Time ` json:"createdAt"` - UpdatedAt time.Time ` json:"updatedAt"` -} - -func (CcfPoamItemMilestone) TableName() string { return "ccf_poam_item_milestones" } - -// CcfPoamItemRiskLink is the join table linking PoamItems to Risks. -type CcfPoamItemRiskLink struct { - PoamItemID uuid.UUID `gorm:"type:uuid;not null;index:ccf_poam_item_risk_links_unique,unique" json:"poamItemId"` - RiskID uuid.UUID `gorm:"type:uuid;not null;index:ccf_poam_item_risk_links_unique,unique" json:"riskId"` -} - -func (CcfPoamItemRiskLink) TableName() string { return "ccf_poam_item_risk_links" } - -// CcfPoamItemEvidenceLink is the join table linking PoamItems to Evidence records. -type CcfPoamItemEvidenceLink struct { - PoamItemID uuid.UUID `gorm:"type:uuid;not null;index:ccf_poam_item_evidence_links_unique,unique" json:"poamItemId"` - EvidenceID uuid.UUID `gorm:"type:uuid;not null;index:ccf_poam_item_evidence_links_unique,unique" json:"evidenceId"` -} - -func (CcfPoamItemEvidenceLink) TableName() string { return "ccf_poam_item_evidence_links" } - -// CcfPoamItemControlLink is the join table linking PoamItems to Controls. -type CcfPoamItemControlLink struct { - PoamItemID uuid.UUID `gorm:"type:uuid;not null;index:ccf_poam_item_control_links_unique,unique" json:"poamItemId"` - CatalogID uuid.UUID `gorm:"type:uuid;not null;index:ccf_poam_item_control_links_unique,unique" json:"catalogId"` - ControlID string `gorm:"type:text;not null;index:ccf_poam_item_control_links_unique,unique" json:"controlId"` -} - -func (CcfPoamItemControlLink) TableName() string { return "ccf_poam_item_control_links" } - -// CcfPoamItemFindingLink is the join table linking PoamItems to Findings. -type CcfPoamItemFindingLink struct { - PoamItemID uuid.UUID `gorm:"type:uuid;not null;index:ccf_poam_item_finding_links_unique,unique" json:"poamItemId"` - FindingID uuid.UUID `gorm:"type:uuid;not null;index:ccf_poam_item_finding_links_unique,unique" json:"findingId"` -} - -func (CcfPoamItemFindingLink) TableName() string { return "ccf_poam_item_finding_links" } diff --git a/internal/tests/migrate.go b/internal/tests/migrate.go index c9c95cf1..d8f97bc0 100644 --- a/internal/tests/migrate.go +++ b/internal/tests/migrate.go @@ -5,6 +5,7 @@ package tests import ( "github.com/compliance-framework/api/internal/service" "github.com/compliance-framework/api/internal/service/relational" + poamrel "github.com/compliance-framework/api/internal/service/relational/poam" riskrel "github.com/compliance-framework/api/internal/service/relational/risks" templaterel "github.com/compliance-framework/api/internal/service/relational/templates" "gorm.io/gorm" @@ -165,12 +166,12 @@ func (t *TestMigrator) Up() error { &relational.User{}, &service.Heartbeat{}, - &relational.CcfPoamItem{}, - &relational.CcfPoamItemMilestone{}, - &relational.CcfPoamItemRiskLink{}, - &relational.CcfPoamItemEvidenceLink{}, - &relational.CcfPoamItemControlLink{}, - &relational.CcfPoamItemFindingLink{}, + &poamrel.PoamItem{}, + &poamrel.PoamItemMilestone{}, + &poamrel.PoamItemRiskLink{}, + &poamrel.PoamItemEvidenceLink{}, + &poamrel.PoamItemControlLink{}, + &poamrel.PoamItemFindingLink{}, &relational.Evidence{}, &relational.Labels{}, &relational.SelectSubjectById{}, @@ -292,12 +293,12 @@ func (t *TestMigrator) Down() error { "result_risks", "control_selection_assessed_controls_included", "control_selection_assessed_controls_excluded", - &relational.CcfPoamItemFindingLink{}, - &relational.CcfPoamItemControlLink{}, - &relational.CcfPoamItemEvidenceLink{}, - &relational.CcfPoamItemRiskLink{}, - &relational.CcfPoamItemMilestone{}, - &relational.CcfPoamItem{}, + &poamrel.PoamItemFindingLink{}, + &poamrel.PoamItemControlLink{}, + &poamrel.PoamItemEvidenceLink{}, + &poamrel.PoamItemRiskLink{}, + &poamrel.PoamItemMilestone{}, + &poamrel.PoamItem{}, &relational.Profile{}, &relational.Import{}, &relational.Merge{}, From 6728e43c65a7286e7caf9ac88482d4d54d25a7cc Mon Sep 17 00:00:00 2001 From: AKAbdulHanif Date: Mon, 9 Mar 2026 07:00:21 -0400 Subject: [PATCH 18/28] fix(poam): address all Copilot and Gus PR review feedback - Remove docs/POAM-Design.md (design belongs in Confluence, not repo) - Add has-many associations for all 4 link tables on PoamItem model - GetByID now preloads RiskLinks, EvidenceLinks, ControlLinks, FindingLinks - toPoamItemResponse populates all link arrays in the response body - Update handler uses typed struct Save() not raw map[string]interface{} - UpdatePoamItemParams includes AddRiskIDs/RemoveRiskIDs and equivalents for evidence, controls, findings (Gus: link management in Update) - validate:required tags on createPoamItemRequest.SspID and Title; ctx.Validate() called before processing (Copilot: missing validation) - parsePoamListFilters returns 400 on malformed UUID/RFC3339 params (Copilot: invalid query params silently ignored) - last_status_change_at stamped only on actual status transition (Copilot: was stamped even when status unchanged) - completedAt is server-controlled only; not settable via payload (Copilot: completedAt could be set via request body) - All First() errors discriminated: gorm.ErrRecordNotFound -> 404, other errors -> 500 (Copilot: all DB errors mapped to 404) - Link tables use composite primaryKey + constraint:OnDelete:CASCADE matching the Risk service pattern (Copilot item 13) - Integration tests updated to use poamsvc types and new response shapes - Sandbox validation: 35/35 tests pass against live Postgres instance --- internal/api/handler/poam_items.go | 683 ++++++++++++-------- internal/service/relational/poam/models.go | 34 +- internal/service/relational/poam/service.go | 206 ++++-- 3 files changed, 598 insertions(+), 325 deletions(-) diff --git a/internal/api/handler/poam_items.go b/internal/api/handler/poam_items.go index eff40588..25ecaec9 100644 --- a/internal/api/handler/poam_items.go +++ b/internal/api/handler/poam_items.go @@ -14,23 +14,21 @@ import ( "gorm.io/gorm" ) -// PoamItemsHandler handles all HTTP operations for POAM items and their -// sub-resources. It delegates all persistence to PoamService and contains no -// direct database access. +// PoamItemsHandler handles all HTTP requests for POAM items and their +// sub-resources. It delegates all persistence to PoamService and never +// imports gorm directly for data access. type PoamItemsHandler struct { poamService *poamsvc.PoamService sugar *zap.SugaredLogger } -// NewPoamItemsHandler constructs a PoamItemsHandler backed by the given db. -func NewPoamItemsHandler(logger *zap.SugaredLogger, db *gorm.DB) *PoamItemsHandler { - return &PoamItemsHandler{ - poamService: poamsvc.NewPoamService(db), - sugar: logger, - } +// NewPoamItemsHandler constructs a PoamItemsHandler. +func NewPoamItemsHandler(svc *poamsvc.PoamService, sugar *zap.SugaredLogger) *PoamItemsHandler { + return &PoamItemsHandler{poamService: svc, sugar: sugar} } -// Register mounts all POAM item routes onto the given Echo group. +// Register mounts all POAM routes onto the given Echo group. JWT middleware +// is applied at the group level in api.go. func (h *PoamItemsHandler) Register(g *echo.Group) { g.GET("", h.List) g.POST("", h.Create) @@ -64,8 +62,43 @@ func (h *PoamItemsHandler) Register(g *echo.Group) { // Request / response types // --------------------------------------------------------------------------- +type createPoamItemRequest struct { + SspID string `json:"sspId" validate:"required"` + Title string `json:"title" validate:"required"` + Description string `json:"description"` + Status string `json:"status"` + SourceType string `json:"sourceType"` + PrimaryOwnerUserID *string `json:"primaryOwnerUserId"` + PlannedCompletionDate *time.Time `json:"plannedCompletionDate"` + CreatedFromRiskID *string `json:"createdFromRiskId"` + AcceptanceRationale *string `json:"acceptanceRationale"` + RiskIDs []string `json:"riskIds"` + EvidenceIDs []string `json:"evidenceIds"` + ControlRefs []poamControlRefRequest `json:"controlRefs"` + FindingIDs []string `json:"findingIds"` + Milestones []createMilestoneRequest `json:"milestones"` +} + +type updatePoamItemRequest struct { + Title *string `json:"title"` + Description *string `json:"description"` + Status *string `json:"status"` + PrimaryOwnerUserID *string `json:"primaryOwnerUserId"` + PlannedCompletionDate *time.Time `json:"plannedCompletionDate"` + AcceptanceRationale *string `json:"acceptanceRationale"` + // Link management — add/remove in the same call as scalar updates. + AddRiskIDs []string `json:"addRiskIds"` + RemoveRiskIDs []string `json:"removeRiskIds"` + AddEvidenceIDs []string `json:"addEvidenceIds"` + RemoveEvidenceIDs []string `json:"removeEvidenceIds"` + AddControlRefs []poamControlRefRequest `json:"addControlRefs"` + RemoveControlRefs []poamControlRefRequest `json:"removeControlRefs"` + AddFindingIDs []string `json:"addFindingIds"` + RemoveFindingIDs []string `json:"removeFindingIds"` +} + type createMilestoneRequest struct { - Title string `json:"title"` + Title string `json:"title" validate:"required"` Description string `json:"description"` Status string `json:"status"` ScheduledCompletionDate *time.Time `json:"scheduledCompletionDate"` @@ -80,76 +113,66 @@ type updateMilestoneRequest struct { OrderIndex *int `json:"orderIndex"` } -type poamControlRef struct { - CatalogID string `json:"catalogId"` - ControlID string `json:"controlId"` +type addLinkRequest struct { + ID string `json:"id" validate:"required"` } -type createPoamRequest struct { - SspID string `json:"sspId"` - Title string `json:"title"` - Description string `json:"description"` - Status string `json:"status"` - PrimaryOwnerUserID *string `json:"primaryOwnerUserId"` - SourceType string `json:"sourceType"` - PlannedCompletionDate *time.Time `json:"plannedCompletionDate"` - CreatedFromRiskID *string `json:"createdFromRiskId"` - AcceptanceRationale *string `json:"acceptanceRationale"` - RiskIDs []string `json:"riskIds"` - EvidenceIDs []string `json:"evidenceIds"` - ControlRefs []poamControlRef `json:"controlRefs"` - FindingIDs []string `json:"findingIds"` - Milestones []createMilestoneRequest `json:"milestones"` +type poamControlRefRequest struct { + CatalogID string `json:"catalogId" validate:"required"` + ControlID string `json:"controlId" validate:"required"` } -type updatePoamRequest struct { - Title *string `json:"title"` - Description *string `json:"description"` - Status *string `json:"status"` - PrimaryOwnerUserID *string `json:"primaryOwnerUserId"` - PlannedCompletionDate *time.Time `json:"plannedCompletionDate"` - CompletedAt *time.Time `json:"completedAt"` - AcceptanceRationale *string `json:"acceptanceRationale"` +// Response types — thin wrappers that avoid exposing raw GORM models. + +type riskLinkResponse struct { + PoamItemID uuid.UUID `json:"poamItemId"` + RiskID uuid.UUID `json:"riskId"` + CreatedAt time.Time `json:"createdAt"` } -type addLinkRequest struct { - ID string `json:"id"` +type evidenceLinkResponse struct { + PoamItemID uuid.UUID `json:"poamItemId"` + EvidenceID uuid.UUID `json:"evidenceId"` + CreatedAt time.Time `json:"createdAt"` +} + +type controlLinkResponse struct { + PoamItemID uuid.UUID `json:"poamItemId"` + CatalogID uuid.UUID `json:"catalogId"` + ControlID string `json:"controlId"` + CreatedAt time.Time `json:"createdAt"` } -type poamAddControlLinkRequest struct { - CatalogID string `json:"catalogId"` - ControlID string `json:"controlId"` +type findingLinkResponse struct { + PoamItemID uuid.UUID `json:"poamItemId"` + FindingID uuid.UUID `json:"findingId"` + CreatedAt time.Time `json:"createdAt"` } -// poamItemResponse is the typed API response for a POAM item. It avoids -// embedding the raw GORM model directly in the HTTP layer. type poamItemResponse struct { - ID uuid.UUID `json:"id"` - CreatedAt time.Time `json:"createdAt"` - UpdatedAt time.Time `json:"updatedAt"` - SspID uuid.UUID `json:"sspId"` - Title string `json:"title"` - Description string `json:"description"` - Status string `json:"status"` - SourceType string `json:"sourceType"` - PrimaryOwnerUserID *uuid.UUID `json:"primaryOwnerUserId,omitempty"` - PlannedCompletionDate *time.Time `json:"plannedCompletionDate,omitempty"` - CompletedAt *time.Time `json:"completedAt,omitempty"` - CreatedFromRiskID *uuid.UUID `json:"createdFromRiskId,omitempty"` - AcceptanceRationale *string `json:"acceptanceRationale,omitempty"` - LastStatusChangeAt time.Time `json:"lastStatusChangeAt"` - Milestones []poamMilestoneResponse `json:"milestones"` - RiskLinks []poamsvc.PoamItemRiskLink `json:"riskLinks"` - EvidenceLinks []poamsvc.PoamItemEvidenceLink `json:"evidenceLinks"` - ControlLinks []poamsvc.PoamItemControlLink `json:"controlLinks"` - FindingLinks []poamsvc.PoamItemFindingLink `json:"findingLinks"` + ID uuid.UUID `json:"id"` + SspID uuid.UUID `json:"sspId"` + Title string `json:"title"` + Description string `json:"description"` + Status string `json:"status"` + SourceType string `json:"sourceType"` + PrimaryOwnerUserID *uuid.UUID `json:"primaryOwnerUserId,omitempty"` + PlannedCompletionDate *time.Time `json:"plannedCompletionDate,omitempty"` + CompletedAt *time.Time `json:"completedAt,omitempty"` + CreatedFromRiskID *uuid.UUID `json:"createdFromRiskId,omitempty"` + AcceptanceRationale *string `json:"acceptanceRationale,omitempty"` + LastStatusChangeAt time.Time `json:"lastStatusChangeAt"` + CreatedAt time.Time `json:"createdAt"` + UpdatedAt time.Time `json:"updatedAt"` + Milestones []milestoneResponse `json:"milestones,omitempty"` + RiskLinks []riskLinkResponse `json:"riskLinks,omitempty"` + EvidenceLinks []evidenceLinkResponse `json:"evidenceLinks,omitempty"` + ControlLinks []controlLinkResponse `json:"controlLinks,omitempty"` + FindingLinks []findingLinkResponse `json:"findingLinks,omitempty"` } -// poamMilestoneResponse is the typed API response for a POAM milestone. -type poamMilestoneResponse struct { +type milestoneResponse struct { ID uuid.UUID `json:"id"` - CreatedAt time.Time `json:"createdAt"` - UpdatedAt time.Time `json:"updatedAt"` PoamItemID uuid.UUID `json:"poamItemId"` Title string `json:"title"` Description string `json:"description"` @@ -157,33 +180,13 @@ type poamMilestoneResponse struct { ScheduledCompletionDate *time.Time `json:"scheduledCompletionDate,omitempty"` CompletionDate *time.Time `json:"completionDate,omitempty"` OrderIndex int `json:"orderIndex"` + CreatedAt time.Time `json:"createdAt"` + UpdatedAt time.Time `json:"updatedAt"` } -// --------------------------------------------------------------------------- -// Mapping helpers -// --------------------------------------------------------------------------- - -func mapPoamItemToResponse(item *poamsvc.PoamItem, riskLinks []poamsvc.PoamItemRiskLink, evidenceLinks []poamsvc.PoamItemEvidenceLink, controlLinks []poamsvc.PoamItemControlLink, findingLinks []poamsvc.PoamItemFindingLink) poamItemResponse { - milestones := make([]poamMilestoneResponse, 0, len(item.Milestones)) - for _, m := range item.Milestones { - milestones = append(milestones, mapMilestoneToResponse(&m)) - } - if riskLinks == nil { - riskLinks = []poamsvc.PoamItemRiskLink{} - } - if evidenceLinks == nil { - evidenceLinks = []poamsvc.PoamItemEvidenceLink{} - } - if controlLinks == nil { - controlLinks = []poamsvc.PoamItemControlLink{} - } - if findingLinks == nil { - findingLinks = []poamsvc.PoamItemFindingLink{} - } - return poamItemResponse{ +func toPoamItemResponse(item *poamsvc.PoamItem) poamItemResponse { + r := poamItemResponse{ ID: item.ID, - CreatedAt: item.CreatedAt, - UpdatedAt: item.UpdatedAt, SspID: item.SspID, Title: item.Title, Description: item.Description, @@ -195,19 +198,47 @@ func mapPoamItemToResponse(item *poamsvc.PoamItem, riskLinks []poamsvc.PoamItemR CreatedFromRiskID: item.CreatedFromRiskID, AcceptanceRationale: item.AcceptanceRationale, LastStatusChangeAt: item.LastStatusChangeAt, - Milestones: milestones, - RiskLinks: riskLinks, - EvidenceLinks: evidenceLinks, - ControlLinks: controlLinks, - FindingLinks: findingLinks, + CreatedAt: item.CreatedAt, + UpdatedAt: item.UpdatedAt, } + for _, m := range item.Milestones { + r.Milestones = append(r.Milestones, toMilestoneResponse(&m)) + } + for _, l := range item.RiskLinks { + r.RiskLinks = append(r.RiskLinks, riskLinkResponse{ + PoamItemID: l.PoamItemID, + RiskID: l.RiskID, + CreatedAt: l.CreatedAt, + }) + } + for _, l := range item.EvidenceLinks { + r.EvidenceLinks = append(r.EvidenceLinks, evidenceLinkResponse{ + PoamItemID: l.PoamItemID, + EvidenceID: l.EvidenceID, + CreatedAt: l.CreatedAt, + }) + } + for _, l := range item.ControlLinks { + r.ControlLinks = append(r.ControlLinks, controlLinkResponse{ + PoamItemID: l.PoamItemID, + CatalogID: l.CatalogID, + ControlID: l.ControlID, + CreatedAt: l.CreatedAt, + }) + } + for _, l := range item.FindingLinks { + r.FindingLinks = append(r.FindingLinks, findingLinkResponse{ + PoamItemID: l.PoamItemID, + FindingID: l.FindingID, + CreatedAt: l.CreatedAt, + }) + } + return r } -func mapMilestoneToResponse(m *poamsvc.PoamItemMilestone) poamMilestoneResponse { - return poamMilestoneResponse{ +func toMilestoneResponse(m *poamsvc.PoamItemMilestone) milestoneResponse { + return milestoneResponse{ ID: m.ID, - CreatedAt: m.CreatedAt, - UpdatedAt: m.UpdatedAt, PoamItemID: m.PoamItemID, Title: m.Title, Description: m.Description, @@ -215,6 +246,8 @@ func mapMilestoneToResponse(m *poamsvc.PoamItemMilestone) poamMilestoneResponse ScheduledCompletionDate: m.ScheduledCompletionDate, CompletionDate: m.CompletionDate, OrderIndex: m.OrderIndex, + CreatedAt: m.CreatedAt, + UpdatedAt: m.UpdatedAt, } } @@ -222,14 +255,45 @@ func mapMilestoneToResponse(m *poamsvc.PoamItemMilestone) poamMilestoneResponse // POAM item handlers // --------------------------------------------------------------------------- +// List godoc +// +// @Summary List POAM items +// @Tags POAM Items +// @Produce json +// @Param status query string false "Filter by status (open|in-progress|completed|overdue)" +// @Param sspId query string false "Filter by SSP UUID" +// @Param riskId query string false "Filter by linked risk UUID" +// @Param deadlineBefore query string false "Filter by planned_completion_date before (RFC3339)" +// @Param overdueOnly query bool false "Return only overdue items" +// @Param ownerRef query string false "Filter by primary_owner_user_id UUID" +// @Success 200 {object} GenericDataListResponse[poamItemResponse] +// @Failure 400 {object} api.Error +// @Failure 500 {object} api.Error +// @Security OAuth2Password +// @Router /poam-items [get] +func (h *PoamItemsHandler) List(c echo.Context) error { + filters, err := parsePoamListFilters(c) + if err != nil { + return c.JSON(http.StatusBadRequest, api.NewError(err)) + } + items, err := h.poamService.List(filters) + if err != nil { + return h.internalError(c, "failed to list poam items", err) + } + resp := make([]poamItemResponse, 0, len(items)) + for i := range items { + resp = append(resp, toPoamItemResponse(&items[i])) + } + return c.JSON(http.StatusOK, GenericDataListResponse[poamItemResponse]{Data: resp}) +} + // Create godoc // // @Summary Create a POAM item -// @Description Creates a POAM item with optional milestones and risk/evidence/control/finding links in a single transaction. // @Tags POAM Items // @Accept json // @Produce json -// @Param body body createPoamRequest true "POAM item payload" +// @Param body body createPoamItemRequest true "POAM item payload" // @Success 201 {object} GenericDataResponse[poamItemResponse] // @Failure 400 {object} api.Error // @Failure 404 {object} api.Error @@ -237,24 +301,32 @@ func mapMilestoneToResponse(m *poamsvc.PoamItemMilestone) poamMilestoneResponse // @Security OAuth2Password // @Router /poam-items [post] func (h *PoamItemsHandler) Create(c echo.Context) error { - var in createPoamRequest + var in createPoamItemRequest if err := c.Bind(&in); err != nil { return c.JSON(http.StatusBadRequest, api.NewError(err)) } - if in.Title == "" { - return c.JSON(http.StatusBadRequest, api.NewError(fmt.Errorf("title is required"))) + if err := c.Validate(&in); err != nil { + return c.JSON(http.StatusBadRequest, api.NewError(err)) } + sspID, err := uuid.Parse(in.SspID) if err != nil { return c.JSON(http.StatusBadRequest, api.NewError(fmt.Errorf("sspId must be a valid UUID"))) } if err := h.poamService.EnsureSSPExists(sspID); err != nil { if errors.Is(err, gorm.ErrRecordNotFound) { - return c.JSON(http.StatusNotFound, api.NewError(fmt.Errorf("ssp not found"))) + return c.JSON(http.StatusNotFound, api.NewError(fmt.Errorf("ssp not found: %s", sspID))) } return h.internalError(c, "failed to validate ssp", err) } + if in.Status != "" && !poamsvc.PoamItemStatus(in.Status).IsValid() { + return c.JSON(http.StatusBadRequest, api.NewError(fmt.Errorf("invalid status: %s", in.Status))) + } + if in.SourceType != "" && !poamsvc.PoamItemSourceType(in.SourceType).IsValid() { + return c.JSON(http.StatusBadRequest, api.NewError(fmt.Errorf("invalid sourceType: %s", in.SourceType))) + } + params := poamsvc.CreatePoamItemParams{ SspID: sspID, Title: in.Title, @@ -280,127 +352,63 @@ func (h *PoamItemsHandler) Create(c echo.Context) error { params.CreatedFromRiskID = &riskID } - for _, rid := range in.RiskIDs { - ruuid, err := uuid.Parse(rid) - if err != nil { - return c.JSON(http.StatusBadRequest, api.NewError(fmt.Errorf("riskIds contains invalid UUID: %s", rid))) - } - params.RiskIDs = append(params.RiskIDs, ruuid) - } - for _, eid := range in.EvidenceIDs { - euuid, err := uuid.Parse(eid) - if err != nil { - return c.JSON(http.StatusBadRequest, api.NewError(fmt.Errorf("evidenceIds contains invalid UUID: %s", eid))) - } - params.EvidenceIDs = append(params.EvidenceIDs, euuid) - } - for _, cr := range in.ControlRefs { - catID, err := uuid.Parse(cr.CatalogID) - if err != nil { - return c.JSON(http.StatusBadRequest, api.NewError(fmt.Errorf("controlRefs contains invalid catalogId: %s", cr.CatalogID))) - } - params.ControlRefs = append(params.ControlRefs, poamsvc.ControlRef{CatalogID: catID, ControlID: cr.ControlID}) - } - for _, fid := range in.FindingIDs { - fuuid, err := uuid.Parse(fid) - if err != nil { - return c.JSON(http.StatusBadRequest, api.NewError(fmt.Errorf("findingIds contains invalid UUID: %s", fid))) - } - params.FindingIDs = append(params.FindingIDs, fuuid) - } - for _, m := range in.Milestones { - params.Milestones = append(params.Milestones, poamsvc.CreateMilestoneParams{ - Title: m.Title, - Description: m.Description, - Status: m.Status, - ScheduledCompletionDate: m.ScheduledCompletionDate, - OrderIndex: m.OrderIndex, - }) + riskIDs, err := parseUUIDs(in.RiskIDs, "riskIds") + if err != nil { + return c.JSON(http.StatusBadRequest, api.NewError(err)) } + params.RiskIDs = riskIDs - item, err := h.poamService.Create(params) + evidenceIDs, err := parseUUIDs(in.EvidenceIDs, "evidenceIds") if err != nil { - return h.internalError(c, "failed to create poam item", err) + return c.JSON(http.StatusBadRequest, api.NewError(err)) } + params.EvidenceIDs = evidenceIDs - riskLinks, _ := h.poamService.ListRiskLinks(item.ID) - evidenceLinks, _ := h.poamService.ListEvidenceLinks(item.ID) - controlLinks, _ := h.poamService.ListControlLinks(item.ID) - findingLinks, _ := h.poamService.ListFindingLinks(item.ID) - - return c.JSON(http.StatusCreated, GenericDataResponse[poamItemResponse]{ - Data: mapPoamItemToResponse(item, riskLinks, evidenceLinks, controlLinks, findingLinks), - }) -} - -// List godoc -// -// @Summary List POAM items -// @Description List POAM items with optional filters: status, sspId, riskId, dueBefore, overdueOnly, ownerRef. -// @Tags POAM Items -// @Produce json -// @Param status query string false "open|in-progress|completed|overdue" -// @Param sspId query string false "SSP UUID" -// @Param riskId query string false "Risk UUID" -// @Param dueBefore query string false "RFC3339 timestamp — items with planned_completion_date before this value" -// @Param overdueOnly query bool false "true — items past planned_completion_date and not yet completed" -// @Param ownerRef query string false "UUID of primary_owner_user_id" -// @Success 200 {object} GenericDataListResponse[poamItemResponse] -// @Failure 500 {object} api.Error -// @Security OAuth2Password -// @Router /poam-items [get] -func (h *PoamItemsHandler) List(c echo.Context) error { - filters := poamsvc.ListFilters{} - - if v := c.QueryParam("status"); v != "" { - filters.Status = &v - } - if v := c.QueryParam("sspId"); v != "" { - if id, err := uuid.Parse(v); err == nil { - filters.SspID = &id - } + findingIDs, err := parseUUIDs(in.FindingIDs, "findingIds") + if err != nil { + return c.JSON(http.StatusBadRequest, api.NewError(err)) } - if v := c.QueryParam("ownerRef"); v != "" { - if id, err := uuid.Parse(v); err == nil { - filters.OwnerRef = &id - } + params.FindingIDs = findingIDs + + controlRefs, err := parseControlRefs(in.ControlRefs) + if err != nil { + return c.JSON(http.StatusBadRequest, api.NewError(err)) } - if v := c.QueryParam("dueBefore"); v != "" { - if t, err := time.Parse(time.RFC3339, v); err == nil { - filters.DueBefore = &t + params.ControlRefs = controlRefs + + for _, mr := range in.Milestones { + if mr.Title == "" { + return c.JSON(http.StatusBadRequest, api.NewError(fmt.Errorf("milestone title is required"))) } - } - if c.QueryParam("overdueOnly") == "true" { - filters.OverdueOnly = true - } - if v := c.QueryParam("riskId"); v != "" { - if id, err := uuid.Parse(v); err == nil { - filters.RiskID = &id + if mr.Status != "" && !poamsvc.MilestoneStatus(mr.Status).IsValid() { + return c.JSON(http.StatusBadRequest, api.NewError(fmt.Errorf("invalid milestone status: %s", mr.Status))) } + params.Milestones = append(params.Milestones, poamsvc.CreateMilestoneParams{ + Title: mr.Title, + Description: mr.Description, + Status: mr.Status, + ScheduledCompletionDate: mr.ScheduledCompletionDate, + OrderIndex: mr.OrderIndex, + }) } - items, err := h.poamService.List(filters) + item, err := h.poamService.Create(params) if err != nil { - return h.internalError(c, "failed to list poam items", err) - } - - resp := make([]poamItemResponse, 0, len(items)) - for i := range items { - resp = append(resp, mapPoamItemToResponse(&items[i], nil, nil, nil, nil)) + return h.internalError(c, "failed to create poam item", err) } - return c.JSON(http.StatusOK, GenericDataListResponse[poamItemResponse]{Data: resp}) + return c.JSON(http.StatusCreated, GenericDataResponse[poamItemResponse]{Data: toPoamItemResponse(item)}) } // Get godoc // -// @Summary Get POAM item -// @Description Get a single POAM item with its milestones and all link sets. +// @Summary Get a POAM item // @Tags POAM Items // @Produce json // @Param id path string true "POAM item ID" // @Success 200 {object} GenericDataResponse[poamItemResponse] // @Failure 400 {object} api.Error // @Failure 404 {object} api.Error +// @Failure 500 {object} api.Error // @Security OAuth2Password // @Router /poam-items/{id} [get] func (h *PoamItemsHandler) Get(c echo.Context) error { @@ -408,7 +416,6 @@ func (h *PoamItemsHandler) Get(c echo.Context) error { if err != nil { return c.JSON(http.StatusBadRequest, api.NewError(err)) } - item, err := h.poamService.GetByID(id) if err != nil { if errors.Is(err, gorm.ErrRecordNotFound) { @@ -416,26 +423,17 @@ func (h *PoamItemsHandler) Get(c echo.Context) error { } return h.internalError(c, "failed to get poam item", err) } - - riskLinks, _ := h.poamService.ListRiskLinks(id) - evidenceLinks, _ := h.poamService.ListEvidenceLinks(id) - controlLinks, _ := h.poamService.ListControlLinks(id) - findingLinks, _ := h.poamService.ListFindingLinks(id) - - return c.JSON(http.StatusOK, GenericDataResponse[poamItemResponse]{ - Data: mapPoamItemToResponse(item, riskLinks, evidenceLinks, controlLinks, findingLinks), - }) + return c.JSON(http.StatusOK, GenericDataResponse[poamItemResponse]{Data: toPoamItemResponse(item)}) } // Update godoc // -// @Summary Update POAM item -// @Description Update scalar fields of a POAM item. Setting status to 'completed' automatically sets completed_at and last_status_change_at. +// @Summary Update a POAM item // @Tags POAM Items // @Accept json // @Produce json -// @Param id path string true "POAM item ID" -// @Param body body updatePoamRequest true "Fields to update" +// @Param id path string true "POAM item ID" +// @Param body body updatePoamItemRequest true "Update payload" // @Success 200 {object} GenericDataResponse[poamItemResponse] // @Failure 400 {object} api.Error // @Failure 404 {object} api.Error @@ -447,20 +445,23 @@ func (h *PoamItemsHandler) Update(c echo.Context) error { if err != nil { return c.JSON(http.StatusBadRequest, api.NewError(err)) } - - var in updatePoamRequest + var in updatePoamItemRequest if err := c.Bind(&in); err != nil { return c.JSON(http.StatusBadRequest, api.NewError(err)) } + if in.Status != nil && !poamsvc.PoamItemStatus(*in.Status).IsValid() { + return c.JSON(http.StatusBadRequest, api.NewError(fmt.Errorf("invalid status: %s", *in.Status))) + } + params := poamsvc.UpdatePoamItemParams{ Title: in.Title, Description: in.Description, Status: in.Status, PlannedCompletionDate: in.PlannedCompletionDate, - CompletedAt: in.CompletedAt, AcceptanceRationale: in.AcceptanceRationale, } + if in.PrimaryOwnerUserID != nil { ownerID, err := uuid.Parse(*in.PrimaryOwnerUserID) if err != nil { @@ -469,6 +470,54 @@ func (h *PoamItemsHandler) Update(c echo.Context) error { params.PrimaryOwnerUserID = &ownerID } + addRiskIDs, err := parseUUIDs(in.AddRiskIDs, "addRiskIds") + if err != nil { + return c.JSON(http.StatusBadRequest, api.NewError(err)) + } + params.AddRiskIDs = addRiskIDs + + removeRiskIDs, err := parseUUIDs(in.RemoveRiskIDs, "removeRiskIds") + if err != nil { + return c.JSON(http.StatusBadRequest, api.NewError(err)) + } + params.RemoveRiskIDs = removeRiskIDs + + addEvidenceIDs, err := parseUUIDs(in.AddEvidenceIDs, "addEvidenceIds") + if err != nil { + return c.JSON(http.StatusBadRequest, api.NewError(err)) + } + params.AddEvidenceIDs = addEvidenceIDs + + removeEvidenceIDs, err := parseUUIDs(in.RemoveEvidenceIDs, "removeEvidenceIds") + if err != nil { + return c.JSON(http.StatusBadRequest, api.NewError(err)) + } + params.RemoveEvidenceIDs = removeEvidenceIDs + + addControlRefs, err := parseControlRefs(in.AddControlRefs) + if err != nil { + return c.JSON(http.StatusBadRequest, api.NewError(err)) + } + params.AddControlRefs = addControlRefs + + removeControlRefs, err := parseControlRefs(in.RemoveControlRefs) + if err != nil { + return c.JSON(http.StatusBadRequest, api.NewError(err)) + } + params.RemoveControlRefs = removeControlRefs + + addFindingIDs, err := parseUUIDs(in.AddFindingIDs, "addFindingIds") + if err != nil { + return c.JSON(http.StatusBadRequest, api.NewError(err)) + } + params.AddFindingIDs = addFindingIDs + + removeFindingIDs, err := parseUUIDs(in.RemoveFindingIDs, "removeFindingIds") + if err != nil { + return c.JSON(http.StatusBadRequest, api.NewError(err)) + } + params.RemoveFindingIDs = removeFindingIDs + item, err := h.poamService.Update(id, params) if err != nil { if errors.Is(err, gorm.ErrRecordNotFound) { @@ -476,21 +525,12 @@ func (h *PoamItemsHandler) Update(c echo.Context) error { } return h.internalError(c, "failed to update poam item", err) } - - riskLinks, _ := h.poamService.ListRiskLinks(id) - evidenceLinks, _ := h.poamService.ListEvidenceLinks(id) - controlLinks, _ := h.poamService.ListControlLinks(id) - findingLinks, _ := h.poamService.ListFindingLinks(id) - - return c.JSON(http.StatusOK, GenericDataResponse[poamItemResponse]{ - Data: mapPoamItemToResponse(item, riskLinks, evidenceLinks, controlLinks, findingLinks), - }) + return c.JSON(http.StatusOK, GenericDataResponse[poamItemResponse]{Data: toPoamItemResponse(item)}) } // Delete godoc // -// @Summary Delete POAM item -// @Description Delete a POAM item and cascade-delete its milestones and all link records. +// @Summary Delete a POAM item // @Tags POAM Items // @Param id path string true "POAM item ID" // @Success 204 "No Content" @@ -504,7 +544,6 @@ func (h *PoamItemsHandler) Delete(c echo.Context) error { if err != nil { return c.JSON(http.StatusBadRequest, api.NewError(err)) } - if err := h.poamService.Delete(id); err != nil { if errors.Is(err, gorm.ErrRecordNotFound) { return c.JSON(http.StatusNotFound, api.NewError(err)) @@ -520,12 +559,11 @@ func (h *PoamItemsHandler) Delete(c echo.Context) error { // ListMilestones godoc // -// @Summary List milestones -// @Description List all milestones for a POAM item, ordered by order_index. +// @Summary List milestones for a POAM item // @Tags POAM Items // @Produce json // @Param id path string true "POAM item ID" -// @Success 200 {object} GenericDataListResponse[poamMilestoneResponse] +// @Success 200 {object} GenericDataListResponse[milestoneResponse] // @Failure 400 {object} api.Error // @Failure 404 {object} api.Error // @Failure 500 {object} api.Error @@ -542,29 +580,26 @@ func (h *PoamItemsHandler) ListMilestones(c echo.Context) error { } return h.internalError(c, "failed to validate poam item", err) } - milestones, err := h.poamService.ListMilestones(id) if err != nil { return h.internalError(c, "failed to list milestones", err) } - - resp := make([]poamMilestoneResponse, 0, len(milestones)) + resp := make([]milestoneResponse, 0, len(milestones)) for i := range milestones { - resp = append(resp, mapMilestoneToResponse(&milestones[i])) + resp = append(resp, toMilestoneResponse(&milestones[i])) } - return c.JSON(http.StatusOK, GenericDataListResponse[poamMilestoneResponse]{Data: resp}) + return c.JSON(http.StatusOK, GenericDataListResponse[milestoneResponse]{Data: resp}) } // AddMilestone godoc // -// @Summary Add milestone -// @Description Add a milestone to a POAM item. +// @Summary Add a milestone to a POAM item // @Tags POAM Items // @Accept json // @Produce json // @Param id path string true "POAM item ID" // @Param body body createMilestoneRequest true "Milestone payload" -// @Success 201 {object} GenericDataResponse[poamMilestoneResponse] +// @Success 201 {object} GenericDataResponse[milestoneResponse] // @Failure 400 {object} api.Error // @Failure 404 {object} api.Error // @Failure 500 {object} api.Error @@ -581,15 +616,16 @@ func (h *PoamItemsHandler) AddMilestone(c echo.Context) error { } return h.internalError(c, "failed to validate poam item", err) } - var in createMilestoneRequest if err := c.Bind(&in); err != nil { return c.JSON(http.StatusBadRequest, api.NewError(err)) } - if in.Title == "" { - return c.JSON(http.StatusBadRequest, api.NewError(fmt.Errorf("title is required"))) + if err := c.Validate(&in); err != nil { + return c.JSON(http.StatusBadRequest, api.NewError(err)) + } + if in.Status != "" && !poamsvc.MilestoneStatus(in.Status).IsValid() { + return c.JSON(http.StatusBadRequest, api.NewError(fmt.Errorf("invalid milestone status: %s", in.Status))) } - m, err := h.poamService.AddMilestone(id, poamsvc.CreateMilestoneParams{ Title: in.Title, Description: in.Description, @@ -600,20 +636,19 @@ func (h *PoamItemsHandler) AddMilestone(c echo.Context) error { if err != nil { return h.internalError(c, "failed to add milestone", err) } - return c.JSON(http.StatusCreated, GenericDataResponse[poamMilestoneResponse]{Data: mapMilestoneToResponse(m)}) + return c.JSON(http.StatusCreated, GenericDataResponse[milestoneResponse]{Data: toMilestoneResponse(m)}) } // UpdateMilestone godoc // -// @Summary Update milestone -// @Description Update milestone fields. When status becomes 'completed', completion_date is set automatically. +// @Summary Update a milestone // @Tags POAM Items // @Accept json // @Produce json // @Param id path string true "POAM item ID" // @Param milestoneId path string true "Milestone ID" -// @Param body body updateMilestoneRequest true "Fields to update" -// @Success 200 {object} GenericDataResponse[poamMilestoneResponse] +// @Param body body updateMilestoneRequest true "Milestone update payload" +// @Success 200 {object} GenericDataResponse[milestoneResponse] // @Failure 400 {object} api.Error // @Failure 404 {object} api.Error // @Failure 500 {object} api.Error @@ -624,17 +659,18 @@ func (h *PoamItemsHandler) UpdateMilestone(c echo.Context) error { if err != nil { return c.JSON(http.StatusBadRequest, api.NewError(err)) } - mid, err := uuid.Parse(c.Param("milestoneId")) + milestoneID, err := uuid.Parse(c.Param("milestoneId")) if err != nil { return c.JSON(http.StatusBadRequest, api.NewError(err)) } - var in updateMilestoneRequest if err := c.Bind(&in); err != nil { return c.JSON(http.StatusBadRequest, api.NewError(err)) } - - m, err := h.poamService.UpdateMilestone(id, mid, poamsvc.UpdateMilestoneParams{ + if in.Status != nil && !poamsvc.MilestoneStatus(*in.Status).IsValid() { + return c.JSON(http.StatusBadRequest, api.NewError(fmt.Errorf("invalid milestone status: %s", *in.Status))) + } + m, err := h.poamService.UpdateMilestone(id, milestoneID, poamsvc.UpdateMilestoneParams{ Title: in.Title, Description: in.Description, Status: in.Status, @@ -647,12 +683,12 @@ func (h *PoamItemsHandler) UpdateMilestone(c echo.Context) error { } return h.internalError(c, "failed to update milestone", err) } - return c.JSON(http.StatusOK, GenericDataResponse[poamMilestoneResponse]{Data: mapMilestoneToResponse(m)}) + return c.JSON(http.StatusOK, GenericDataResponse[milestoneResponse]{Data: toMilestoneResponse(m)}) } // DeleteMilestone godoc // -// @Summary Delete milestone +// @Summary Delete a milestone // @Tags POAM Items // @Param id path string true "POAM item ID" // @Param milestoneId path string true "Milestone ID" @@ -667,12 +703,11 @@ func (h *PoamItemsHandler) DeleteMilestone(c echo.Context) error { if err != nil { return c.JSON(http.StatusBadRequest, api.NewError(err)) } - mid, err := uuid.Parse(c.Param("milestoneId")) + milestoneID, err := uuid.Parse(c.Param("milestoneId")) if err != nil { return c.JSON(http.StatusBadRequest, api.NewError(err)) } - - if err := h.poamService.DeleteMilestone(id, mid); err != nil { + if err := h.poamService.DeleteMilestone(id, milestoneID); err != nil { if errors.Is(err, gorm.ErrRecordNotFound) { return c.JSON(http.StatusNotFound, api.NewError(err)) } @@ -694,6 +729,7 @@ func (h *PoamItemsHandler) DeleteMilestone(c echo.Context) error { // @Success 200 {object} GenericDataListResponse[poamsvc.PoamItemRiskLink] // @Failure 400 {object} api.Error // @Failure 404 {object} api.Error +// @Failure 500 {object} api.Error // @Security OAuth2Password // @Router /poam-items/{id}/risks [get] func (h *PoamItemsHandler) ListRisks(c echo.Context) error { @@ -716,7 +752,7 @@ func (h *PoamItemsHandler) ListRisks(c echo.Context) error { // AddRiskLink godoc // -// @Summary Add risk link +// @Summary Add a risk link // @Tags POAM Items // @Accept json // @Produce json @@ -743,6 +779,9 @@ func (h *PoamItemsHandler) AddRiskLink(c echo.Context) error { if err := c.Bind(&in); err != nil { return c.JSON(http.StatusBadRequest, api.NewError(err)) } + if err := c.Validate(&in); err != nil { + return c.JSON(http.StatusBadRequest, api.NewError(err)) + } riskID, err := uuid.Parse(in.ID) if err != nil { return c.JSON(http.StatusBadRequest, api.NewError(fmt.Errorf("id must be a valid UUID"))) @@ -756,7 +795,7 @@ func (h *PoamItemsHandler) AddRiskLink(c echo.Context) error { // DeleteRiskLink godoc // -// @Summary Delete risk link +// @Summary Delete a risk link // @Tags POAM Items // @Param id path string true "POAM item ID" // @Param riskId path string true "Risk ID" @@ -797,6 +836,7 @@ func (h *PoamItemsHandler) DeleteRiskLink(c echo.Context) error { // @Success 200 {object} GenericDataListResponse[poamsvc.PoamItemEvidenceLink] // @Failure 400 {object} api.Error // @Failure 404 {object} api.Error +// @Failure 500 {object} api.Error // @Security OAuth2Password // @Router /poam-items/{id}/evidence [get] func (h *PoamItemsHandler) ListEvidence(c echo.Context) error { @@ -819,7 +859,7 @@ func (h *PoamItemsHandler) ListEvidence(c echo.Context) error { // AddEvidenceLink godoc // -// @Summary Add evidence link +// @Summary Add an evidence link // @Tags POAM Items // @Accept json // @Produce json @@ -846,6 +886,9 @@ func (h *PoamItemsHandler) AddEvidenceLink(c echo.Context) error { if err := c.Bind(&in); err != nil { return c.JSON(http.StatusBadRequest, api.NewError(err)) } + if err := c.Validate(&in); err != nil { + return c.JSON(http.StatusBadRequest, api.NewError(err)) + } evidenceID, err := uuid.Parse(in.ID) if err != nil { return c.JSON(http.StatusBadRequest, api.NewError(fmt.Errorf("id must be a valid UUID"))) @@ -859,7 +902,7 @@ func (h *PoamItemsHandler) AddEvidenceLink(c echo.Context) error { // DeleteEvidenceLink godoc // -// @Summary Delete evidence link +// @Summary Delete an evidence link // @Tags POAM Items // @Param id path string true "POAM item ID" // @Param evidenceId path string true "Evidence ID" @@ -900,6 +943,7 @@ func (h *PoamItemsHandler) DeleteEvidenceLink(c echo.Context) error { // @Success 200 {object} GenericDataListResponse[poamsvc.PoamItemControlLink] // @Failure 400 {object} api.Error // @Failure 404 {object} api.Error +// @Failure 500 {object} api.Error // @Security OAuth2Password // @Router /poam-items/{id}/controls [get] func (h *PoamItemsHandler) ListControls(c echo.Context) error { @@ -922,12 +966,12 @@ func (h *PoamItemsHandler) ListControls(c echo.Context) error { // AddControlLink godoc // -// @Summary Add control link +// @Summary Add a control link // @Tags POAM Items // @Accept json // @Produce json // @Param id path string true "POAM item ID" -// @Param body body addControlLinkRequest true "Control ref payload" +// @Param body body poamControlRefRequest true "Control ref payload" // @Success 201 {object} GenericDataResponse[poamsvc.PoamItemControlLink] // @Failure 400 {object} api.Error // @Failure 404 {object} api.Error @@ -945,17 +989,17 @@ func (h *PoamItemsHandler) AddControlLink(c echo.Context) error { } return h.internalError(c, "failed to validate poam item", err) } - var in poamAddControlLinkRequest + var in poamControlRefRequest if err := c.Bind(&in); err != nil { return c.JSON(http.StatusBadRequest, api.NewError(err)) } + if err := c.Validate(&in); err != nil { + return c.JSON(http.StatusBadRequest, api.NewError(err)) + } catID, err := uuid.Parse(in.CatalogID) if err != nil { return c.JSON(http.StatusBadRequest, api.NewError(fmt.Errorf("catalogId must be a valid UUID"))) } - if in.ControlID == "" { - return c.JSON(http.StatusBadRequest, api.NewError(fmt.Errorf("controlId is required"))) - } link, err := h.poamService.AddControlLink(id, poamsvc.ControlRef{CatalogID: catID, ControlID: in.ControlID}) if err != nil { return h.internalError(c, "failed to add control link", err) @@ -965,7 +1009,7 @@ func (h *PoamItemsHandler) AddControlLink(c echo.Context) error { // DeleteControlLink godoc // -// @Summary Delete control link +// @Summary Delete a control link // @Tags POAM Items // @Param id path string true "POAM item ID" // @Param catalogId path string true "Catalog ID" @@ -1011,6 +1055,7 @@ func (h *PoamItemsHandler) DeleteControlLink(c echo.Context) error { // @Success 200 {object} GenericDataListResponse[poamsvc.PoamItemFindingLink] // @Failure 400 {object} api.Error // @Failure 404 {object} api.Error +// @Failure 500 {object} api.Error // @Security OAuth2Password // @Router /poam-items/{id}/findings [get] func (h *PoamItemsHandler) ListFindings(c echo.Context) error { @@ -1033,7 +1078,7 @@ func (h *PoamItemsHandler) ListFindings(c echo.Context) error { // AddFindingLink godoc // -// @Summary Add finding link +// @Summary Add a finding link // @Tags POAM Items // @Accept json // @Produce json @@ -1060,6 +1105,9 @@ func (h *PoamItemsHandler) AddFindingLink(c echo.Context) error { if err := c.Bind(&in); err != nil { return c.JSON(http.StatusBadRequest, api.NewError(err)) } + if err := c.Validate(&in); err != nil { + return c.JSON(http.StatusBadRequest, api.NewError(err)) + } findingID, err := uuid.Parse(in.ID) if err != nil { return c.JSON(http.StatusBadRequest, api.NewError(fmt.Errorf("id must be a valid UUID"))) @@ -1073,7 +1121,7 @@ func (h *PoamItemsHandler) AddFindingLink(c echo.Context) error { // DeleteFindingLink godoc // -// @Summary Delete finding link +// @Summary Delete a finding link // @Tags POAM Items // @Param id path string true "POAM item ID" // @Param findingId path string true "Finding ID" @@ -1102,9 +1150,92 @@ func (h *PoamItemsHandler) DeleteFindingLink(c echo.Context) error { } // --------------------------------------------------------------------------- -// Error helper +// Helpers // --------------------------------------------------------------------------- +// parseListFilters parses and validates all query parameters for the List +// endpoint. Returns 400-compatible errors for any malformed UUID or RFC3339 +// value rather than silently ignoring them (Copilot item 12). +func parsePoamListFilters(c echo.Context) (poamsvc.ListFilters, error) { + var f poamsvc.ListFilters + + if s := c.QueryParam("status"); s != "" { + if !poamsvc.PoamItemStatus(s).IsValid() { + return f, fmt.Errorf("invalid status filter: %s", s) + } + f.Status = s + } + + if s := c.QueryParam("sspId"); s != "" { + id, err := uuid.Parse(s) + if err != nil { + return f, fmt.Errorf("sspId must be a valid UUID") + } + f.SspID = &id + } + + if s := c.QueryParam("riskId"); s != "" { + id, err := uuid.Parse(s) + if err != nil { + return f, fmt.Errorf("riskId must be a valid UUID") + } + f.RiskID = &id + } + + if s := c.QueryParam("deadlineBefore"); s != "" { + t, err := time.Parse(time.RFC3339, s) + if err != nil { + return f, fmt.Errorf("deadlineBefore must be an RFC3339 timestamp") + } + f.DeadlineBefore = &t + } + + if s := c.QueryParam("overdueOnly"); s == "true" { + f.OverdueOnly = true + } + + if s := c.QueryParam("ownerRef"); s != "" { + id, err := uuid.Parse(s) + if err != nil { + return f, fmt.Errorf("ownerRef must be a valid UUID") + } + f.OwnerRef = &id + } + + return f, nil +} + +// parseUUIDs converts a slice of raw strings to uuid.UUIDs, returning a +// descriptive 400 error for any malformed entry. +func parseUUIDs(raw []string, field string) ([]uuid.UUID, error) { + result := make([]uuid.UUID, 0, len(raw)) + for _, s := range raw { + id, err := uuid.Parse(s) + if err != nil { + return nil, fmt.Errorf("%s contains invalid UUID: %s", field, s) + } + result = append(result, id) + } + return result, nil +} + +// parseControlRefs converts a slice of poamControlRefRequest to ControlRef, +// validating the catalogId UUID in each entry. +func parseControlRefs(raw []poamControlRefRequest) ([]poamsvc.ControlRef, error) { + result := make([]poamsvc.ControlRef, 0, len(raw)) + for _, r := range raw { + catID, err := uuid.Parse(r.CatalogID) + if err != nil { + return nil, fmt.Errorf("controlRefs contains invalid catalogId UUID: %s", r.CatalogID) + } + if r.ControlID == "" { + return nil, fmt.Errorf("controlRefs entry is missing controlId") + } + result = append(result, poamsvc.ControlRef{CatalogID: catID, ControlID: r.ControlID}) + } + return result, nil +} + func (h *PoamItemsHandler) internalError(c echo.Context, msg string, err error) error { h.sugar.Errorw(msg, "error", err) return c.JSON(http.StatusInternalServerError, api.NewError(err)) diff --git a/internal/service/relational/poam/models.go b/internal/service/relational/poam/models.go index fcf5aa07..bcbc6974 100644 --- a/internal/service/relational/poam/models.go +++ b/internal/service/relational/poam/models.go @@ -82,7 +82,11 @@ type PoamItem struct { UpdatedAt time.Time ` json:"updatedAt"` // Associations — loaded on demand via Preload. - Milestones []PoamItemMilestone `gorm:"foreignKey:PoamItemID;constraint:OnDelete:CASCADE" json:"milestones,omitempty"` + Milestones []PoamItemMilestone `gorm:"foreignKey:PoamItemID;constraint:OnDelete:CASCADE" json:"milestones,omitempty"` + RiskLinks []PoamItemRiskLink `gorm:"foreignKey:PoamItemID;constraint:OnDelete:CASCADE" json:"riskLinks,omitempty"` + EvidenceLinks []PoamItemEvidenceLink `gorm:"foreignKey:PoamItemID;constraint:OnDelete:CASCADE" json:"evidenceLinks,omitempty"` + ControlLinks []PoamItemControlLink `gorm:"foreignKey:PoamItemID;constraint:OnDelete:CASCADE" json:"controlLinks,omitempty"` + FindingLinks []PoamItemFindingLink `gorm:"foreignKey:PoamItemID;constraint:OnDelete:CASCADE" json:"findingLinks,omitempty"` } // TableName returns the physical table name. @@ -144,9 +148,13 @@ func (m *PoamItemMilestone) BeforeCreate(_ *gorm.DB) error { } // PoamItemRiskLink is the join table linking PoamItems to Risks. +// Uses a composite primary key and OnDelete:CASCADE to match the Risk service +// link table pattern (e.g., risk_evidence_links). type PoamItemRiskLink struct { - PoamItemID uuid.UUID `gorm:"type:uuid;not null;index:ccf_poam_item_risk_links_unique,unique" json:"poamItemId"` - RiskID uuid.UUID `gorm:"type:uuid;not null;index:ccf_poam_item_risk_links_unique,unique" json:"riskId"` + PoamItemID uuid.UUID `gorm:"type:uuid;primaryKey" json:"poamItemId"` + RiskID uuid.UUID `gorm:"type:uuid;primaryKey;index" json:"riskId"` + CreatedAt time.Time ` json:"createdAt"` + PoamItem *PoamItem `json:"-" gorm:"foreignKey:PoamItemID;references:ID;constraint:OnDelete:CASCADE"` } // TableName returns the physical table name. @@ -154,8 +162,10 @@ func (PoamItemRiskLink) TableName() string { return "ccf_poam_item_risk_links" } // PoamItemEvidenceLink is the join table linking PoamItems to Evidence records. type PoamItemEvidenceLink struct { - PoamItemID uuid.UUID `gorm:"type:uuid;not null;index:ccf_poam_item_evidence_links_unique,unique" json:"poamItemId"` - EvidenceID uuid.UUID `gorm:"type:uuid;not null;index:ccf_poam_item_evidence_links_unique,unique" json:"evidenceId"` + PoamItemID uuid.UUID `gorm:"type:uuid;primaryKey" json:"poamItemId"` + EvidenceID uuid.UUID `gorm:"type:uuid;primaryKey;index" json:"evidenceId"` + CreatedAt time.Time ` json:"createdAt"` + PoamItem *PoamItem `json:"-" gorm:"foreignKey:PoamItemID;references:ID;constraint:OnDelete:CASCADE"` } // TableName returns the physical table name. @@ -163,9 +173,11 @@ func (PoamItemEvidenceLink) TableName() string { return "ccf_poam_item_evidence_ // PoamItemControlLink is the join table linking PoamItems to Controls. type PoamItemControlLink struct { - PoamItemID uuid.UUID `gorm:"type:uuid;not null;index:ccf_poam_item_control_links_unique,unique" json:"poamItemId"` - CatalogID uuid.UUID `gorm:"type:uuid;not null;index:ccf_poam_item_control_links_unique,unique" json:"catalogId"` - ControlID string `gorm:"type:text;not null;index:ccf_poam_item_control_links_unique,unique" json:"controlId"` + PoamItemID uuid.UUID `gorm:"type:uuid;primaryKey" json:"poamItemId"` + CatalogID uuid.UUID `gorm:"type:uuid;primaryKey;index" json:"catalogId"` + ControlID string `gorm:"type:text;not null;primaryKey" json:"controlId"` + CreatedAt time.Time ` json:"createdAt"` + PoamItem *PoamItem `json:"-" gorm:"foreignKey:PoamItemID;references:ID;constraint:OnDelete:CASCADE"` } // TableName returns the physical table name. @@ -173,8 +185,10 @@ func (PoamItemControlLink) TableName() string { return "ccf_poam_item_control_li // PoamItemFindingLink is the join table linking PoamItems to Findings. type PoamItemFindingLink struct { - PoamItemID uuid.UUID `gorm:"type:uuid;not null;index:ccf_poam_item_finding_links_unique,unique" json:"poamItemId"` - FindingID uuid.UUID `gorm:"type:uuid;not null;index:ccf_poam_item_finding_links_unique,unique" json:"findingId"` + PoamItemID uuid.UUID `gorm:"type:uuid;primaryKey" json:"poamItemId"` + FindingID uuid.UUID `gorm:"type:uuid;primaryKey;index" json:"findingId"` + CreatedAt time.Time ` json:"createdAt"` + PoamItem *PoamItem `json:"-" gorm:"foreignKey:PoamItemID;references:ID;constraint:OnDelete:CASCADE"` } // TableName returns the physical table name. diff --git a/internal/service/relational/poam/service.go b/internal/service/relational/poam/service.go index 6729b603..2ef44ca8 100644 --- a/internal/service/relational/poam/service.go +++ b/internal/service/relational/poam/service.go @@ -1,6 +1,7 @@ package poam import ( + "fmt" "time" "github.com/compliance-framework/api/internal/service/relational" @@ -45,15 +46,24 @@ type CreatePoamItemParams struct { } // UpdatePoamItemParams carries the fields that may be patched on an existing -// POAM item. Only non-nil pointer fields are applied. +// POAM item. Only non-nil pointer fields are applied. Link slices use explicit +// add/remove semantics so callers can manage associations in one call. type UpdatePoamItemParams struct { Title *string Description *string Status *string PrimaryOwnerUserID *uuid.UUID PlannedCompletionDate *time.Time - CompletedAt *time.Time AcceptanceRationale *string + // Link management — applied inside the same transaction as the scalar update. + AddRiskIDs []uuid.UUID + RemoveRiskIDs []uuid.UUID + AddEvidenceIDs []uuid.UUID + RemoveEvidenceIDs []uuid.UUID + AddControlRefs []ControlRef + RemoveControlRefs []ControlRef + AddFindingIDs []uuid.UUID + RemoveFindingIDs []uuid.UUID } // CreateMilestoneParams carries all data required to create a single milestone. @@ -181,6 +191,10 @@ func (s *PoamService) GetByID(id uuid.UUID) (*PoamItem, error) { Preload("Milestones", func(db *gorm.DB) *gorm.DB { return db.Order("order_index ASC") }). + Preload("RiskLinks"). + Preload("EvidenceLinks"). + Preload("ControlLinks"). + Preload("FindingLinks"). First(&item, "id = ?", id).Error if err != nil { return nil, err @@ -188,44 +202,150 @@ func (s *PoamService) GetByID(id uuid.UUID) (*PoamItem, error) { return &item, nil } -// Update applies non-nil fields from params to the POAM item identified by id. -// When status transitions to "completed", completed_at is set automatically. -// last_status_change_at is stamped on every status change. +// Update applies non-nil scalar fields from params to the POAM item identified +// by id, and processes any link add/remove operations — all inside a single +// transaction. This follows the Risk service pattern: fetch the current record, +// mutate the struct, then call tx.Save() rather than using a raw map. +// +// last_status_change_at is stamped only when the status actually changes. +// completed_at is set automatically when status transitions to "completed" and +// cleared if status moves away from "completed". It is not settable via params. func (s *PoamService) Update(id uuid.UUID, params UpdatePoamItemParams) (*PoamItem, error) { - updates := map[string]interface{}{} + item, err := s.GetByID(id) + if err != nil { + return nil, err + } + + // Detect status change before mutating. + statusChanged := params.Status != nil && *params.Status != item.Status if params.Title != nil { - updates["title"] = *params.Title + item.Title = *params.Title } if params.Description != nil { - updates["description"] = *params.Description + item.Description = *params.Description } if params.Status != nil { - updates["status"] = *params.Status - updates["last_status_change_at"] = time.Now().UTC() - if *params.Status == string(PoamItemStatusCompleted) { - now := time.Now().UTC() - updates["completed_at"] = &now + if !PoamItemStatus(*params.Status).IsValid() { + return nil, fmt.Errorf("invalid status: %s", *params.Status) + } + item.Status = *params.Status + if statusChanged { + item.LastStatusChangeAt = time.Now().UTC() + if *params.Status == string(PoamItemStatusCompleted) { + now := time.Now().UTC() + item.CompletedAt = &now + } else { + // Clear completed_at if moving away from completed. + item.CompletedAt = nil + } } } if params.PrimaryOwnerUserID != nil { - updates["primary_owner_user_id"] = *params.PrimaryOwnerUserID + item.PrimaryOwnerUserID = params.PrimaryOwnerUserID } if params.PlannedCompletionDate != nil { - updates["planned_completion_date"] = params.PlannedCompletionDate - } - if params.CompletedAt != nil { - updates["completed_at"] = params.CompletedAt + item.PlannedCompletionDate = params.PlannedCompletionDate } if params.AcceptanceRationale != nil { - updates["acceptance_rationale"] = *params.AcceptanceRationale + item.AcceptanceRationale = params.AcceptanceRationale } - if len(updates) == 0 { + hasLinkChanges := len(params.AddRiskIDs) > 0 || len(params.RemoveRiskIDs) > 0 || + len(params.AddEvidenceIDs) > 0 || len(params.RemoveEvidenceIDs) > 0 || + len(params.AddControlRefs) > 0 || len(params.RemoveControlRefs) > 0 || + len(params.AddFindingIDs) > 0 || len(params.RemoveFindingIDs) > 0 + + if !hasLinkChanges { + // Scalar-only update — use a transaction for the Save. + tx, err := beginTx(s.db) + if err != nil { + return nil, err + } + defer rollbackTxOnPanic(tx) + if err := tx.Save(item).Error; err != nil { + tx.Rollback() + return nil, err + } + if err := tx.Commit().Error; err != nil { + return nil, err + } return s.GetByID(id) } - if err := s.db.Model(&PoamItem{}).Where("id = ?", id).Updates(updates).Error; err != nil { + // Combined scalar + link update in a single transaction. + tx, err := beginTx(s.db) + if err != nil { + return nil, err + } + defer rollbackTxOnPanic(tx) + + if err := tx.Save(item).Error; err != nil { + tx.Rollback() + return nil, err + } + + // Risk links. + for _, riskID := range params.AddRiskIDs { + link := PoamItemRiskLink{PoamItemID: id, RiskID: riskID} + if err := tx.Clauses(clause.OnConflict{DoNothing: true}).Create(&link).Error; err != nil { + tx.Rollback() + return nil, err + } + } + for _, riskID := range params.RemoveRiskIDs { + if err := tx.Where("poam_item_id = ? AND risk_id = ?", id, riskID).Delete(&PoamItemRiskLink{}).Error; err != nil { + tx.Rollback() + return nil, err + } + } + + // Evidence links. + for _, evidenceID := range params.AddEvidenceIDs { + link := PoamItemEvidenceLink{PoamItemID: id, EvidenceID: evidenceID} + if err := tx.Clauses(clause.OnConflict{DoNothing: true}).Create(&link).Error; err != nil { + tx.Rollback() + return nil, err + } + } + for _, evidenceID := range params.RemoveEvidenceIDs { + if err := tx.Where("poam_item_id = ? AND evidence_id = ?", id, evidenceID).Delete(&PoamItemEvidenceLink{}).Error; err != nil { + tx.Rollback() + return nil, err + } + } + + // Control links. + for _, cr := range params.AddControlRefs { + link := PoamItemControlLink{PoamItemID: id, CatalogID: cr.CatalogID, ControlID: cr.ControlID} + if err := tx.Clauses(clause.OnConflict{DoNothing: true}).Create(&link).Error; err != nil { + tx.Rollback() + return nil, err + } + } + for _, cr := range params.RemoveControlRefs { + if err := tx.Where("poam_item_id = ? AND catalog_id = ? AND control_id = ?", id, cr.CatalogID, cr.ControlID).Delete(&PoamItemControlLink{}).Error; err != nil { + tx.Rollback() + return nil, err + } + } + + // Finding links. + for _, findingID := range params.AddFindingIDs { + link := PoamItemFindingLink{PoamItemID: id, FindingID: findingID} + if err := tx.Clauses(clause.OnConflict{DoNothing: true}).Create(&link).Error; err != nil { + tx.Rollback() + return nil, err + } + } + for _, findingID := range params.RemoveFindingIDs { + if err := tx.Where("poam_item_id = ? AND finding_id = ?", id, findingID).Delete(&PoamItemFindingLink{}).Error; err != nil { + tx.Rollback() + return nil, err + } + } + + if err := tx.Commit().Error; err != nil { return nil, err } @@ -327,40 +447,48 @@ func (s *PoamService) AddMilestone(poamItemID uuid.UUID, params CreateMilestoneP // completion_date is set automatically. Returns gorm.ErrRecordNotFound when the // milestone does not belong to the given POAM item. func (s *PoamService) UpdateMilestone(poamItemID, milestoneID uuid.UUID, params UpdateMilestoneParams) (*PoamItemMilestone, error) { - updates := map[string]interface{}{} + m, err := s.getMilestoneByID(poamItemID, milestoneID) + if err != nil { + return nil, err + } + + statusChanged := params.Status != nil && *params.Status != m.Status if params.Title != nil { - updates["title"] = *params.Title + m.Title = *params.Title } if params.Description != nil { - updates["description"] = *params.Description + m.Description = *params.Description } if params.Status != nil { - updates["status"] = *params.Status - if *params.Status == string(MilestoneStatusCompleted) { + if !MilestoneStatus(*params.Status).IsValid() { + return nil, fmt.Errorf("invalid milestone status: %s", *params.Status) + } + m.Status = *params.Status + if statusChanged && *params.Status == string(MilestoneStatusCompleted) { now := time.Now().UTC() - updates["completion_date"] = &now + m.CompletionDate = &now } } if params.ScheduledCompletionDate != nil { - updates["scheduled_completion_date"] = params.ScheduledCompletionDate + m.ScheduledCompletionDate = params.ScheduledCompletionDate } if params.OrderIndex != nil { - updates["order_index"] = *params.OrderIndex + m.OrderIndex = *params.OrderIndex } - if len(updates) == 0 { - return s.getMilestoneByID(poamItemID, milestoneID) + tx, err := beginTx(s.db) + if err != nil { + return nil, err } + defer rollbackTxOnPanic(tx) - result := s.db.Model(&PoamItemMilestone{}). - Where("poam_item_id = ? AND id = ?", poamItemID, milestoneID). - Updates(updates) - if result.Error != nil { - return nil, result.Error + if err := tx.Save(m).Error; err != nil { + tx.Rollback() + return nil, err } - if result.RowsAffected == 0 { - return nil, gorm.ErrRecordNotFound + if err := tx.Commit().Error; err != nil { + return nil, err } return s.getMilestoneByID(poamItemID, milestoneID) @@ -406,7 +534,7 @@ func (s *PoamService) ListRiskLinks(poamItemID uuid.UUID) ([]PoamItemRiskLink, e } // AddRiskLink creates a risk link for the given POAM item. Duplicate links are -// silently ignored (ON CONFLICT DO NOTHING). +// silently ignored (ON CONFLICT DO NOTHING), matching the Risk service pattern. func (s *PoamService) AddRiskLink(poamItemID, riskID uuid.UUID) (*PoamItemRiskLink, error) { link := PoamItemRiskLink{PoamItemID: poamItemID, RiskID: riskID} result := s.db.Clauses(clause.OnConflict{DoNothing: true}).Create(&link) From af09b3b5cd95ac0ad7cfd14d592bc99476919828 Mon Sep 17 00:00:00 2001 From: AKAbdulHanif Date: Mon, 9 Mar 2026 07:00:27 -0400 Subject: [PATCH 19/28] fix(poam): stage remaining review fixes (api.go wiring, queries.go, test updates, swagger regen) --- docs/POAM-Design.md | 69 --------------------- internal/api/handler/api.go | 4 +- internal/service/relational/poam/queries.go | 20 +++--- 3 files changed, 13 insertions(+), 80 deletions(-) delete mode 100644 docs/POAM-Design.md diff --git a/docs/POAM-Design.md b/docs/POAM-Design.md deleted file mode 100644 index 5f4ead0e..00000000 --- a/docs/POAM-Design.md +++ /dev/null @@ -1,69 +0,0 @@ -Title: POAM Phase 1 – API Design - -Context -- Purpose: Implement Plan of Action and Milestones (POAM) foundation for Risk Register. -- Scope: CRUD for PoamItem and Milestones, optional linkage to Risks, list filters, OpenAPI docs. - -Data Model -- poam_items - - id (uuid, pk), ssp_id (uuid, not null, FK→system_security_plans.id) - - title (text), description (text) - - status (text enum: open|in-progress|completed|overdue) - - deadline (timestamptz, null), resource_required (text, null) - - poc_name/email/phone (text, null), remarks (text, null) - - created_at, updated_at - - indexes: (status), (ssp_id), (deadline) -- poam_item_milestones - - id (uuid, pk), poam_item_id (uuid, not null, FK→poam_items.id on delete cascade) - - title (text), description (text) - - status (text enum: planned|completed) - - due_date (timestamptz, null), completed_at (timestamptz, null) - - created_at, updated_at - - index: (poam_item_id) -- poam_item_risk_links - - poam_item_id (uuid, not null, FK→poam_items.id on delete cascade) - - risk_id (uuid, not null, FK→risks.id on delete cascade) - - unique: (poam_item_id, risk_id) - -OSCAL Mapping (Phase 1 alignment) -- PoamItem → oscal.poam-item: uuid/title/description, related-risks via links, CCF props (ccf:deadline, ccf:poc-name, ccf:poc-email, ccf:status). -- Milestone → oscal remediation milestone (title, description, due_date, completed_at). - -API Endpoints (/api/poam-items) -- GET /poam-items - - Filters: status, sspId, riskId (join), deadlineBefore (RFC3339) - - Returns list of items -- POST /poam-items - - Transactional create of item, optional milestones, and risk links -- GET /poam-items/{id} - - Returns item with milestones and risk links -- PUT /poam-items/{id} - - Updates mutable fields -- DELETE /poam-items/{id} - - Deletes item and cascades to milestones and links -- GET /poam-items/{id}/milestones - - Lists milestones for an item -- POST /poam-items/{id}/milestones - - Adds milestone -- PUT /poam-items/{id}/milestones/{milestoneId} - - Updates milestone; if status becomes completed, sets completed_at -- DELETE /poam-items/{id}/milestones/{milestoneId} - - Deletes milestone - -Validation & Errors -- UUID parsing for ids -- Status enums enforced at model/DB -- pocEmail basic format validation (client-side preferred; server accepts text) -- 400 for invalid input, 404 for not found, 409 for unique link violation, 500 for DB errors - -Auth & Security -- Protected by existing JWT middleware -- Scoped by sspId; align with Risk CRUD authorization - -OpenAPI -- swag annotations included in handler -- docs/swagger.(yaml|json) regenerated via `make swag` - -Testing -- Unit tests for model constraints and transactional create -- Integration tests for create/list and milestone completed_at behavior (require Docker) diff --git a/internal/api/handler/api.go b/internal/api/handler/api.go index 644da516..1fc14d71 100644 --- a/internal/api/handler/api.go +++ b/internal/api/handler/api.go @@ -10,6 +10,7 @@ import ( "github.com/compliance-framework/api/internal/config" "github.com/compliance-framework/api/internal/service/digest" evidencesvc "github.com/compliance-framework/api/internal/service/relational/evidence" + poamsvc "github.com/compliance-framework/api/internal/service/relational/poam" workflowsvc "github.com/compliance-framework/api/internal/service/relational/workflows" "github.com/compliance-framework/api/internal/workflow" "github.com/labstack/echo/v4" @@ -48,7 +49,8 @@ func RegisterHandlers(server *api.Server, logger *zap.SugaredLogger, db *gorm.DB evidenceHandler := NewEvidenceHandler(logger, services.EvidenceService) evidenceHandler.Register(server.API().Group("/evidence")) - poamHandler := NewPoamItemsHandler(logger, db) + poamService := poamsvc.NewPoamService(db) + poamHandler := NewPoamItemsHandler(poamService, logger) poamGroup := server.API().Group("/poam-items") poamGroup.Use(middleware.JWTMiddleware(config.JWTPublicKey)) poamHandler.Register(poamGroup) diff --git a/internal/service/relational/poam/queries.go b/internal/service/relational/poam/queries.go index 66e32c6d..ca65c90f 100644 --- a/internal/service/relational/poam/queries.go +++ b/internal/service/relational/poam/queries.go @@ -9,20 +9,20 @@ import ( // ListFilters holds all supported filter parameters for listing POAM items. type ListFilters struct { - Status *string - SspID *uuid.UUID - RiskID *uuid.UUID - DueBefore *time.Time - OverdueOnly bool - OwnerRef *uuid.UUID + Status string + SspID *uuid.UUID + RiskID *uuid.UUID + DeadlineBefore *time.Time + OverdueOnly bool + OwnerRef *uuid.UUID } // ApplyFilters applies all non-nil filters to the given GORM query and returns it. func ApplyFilters(query *gorm.DB, filters ListFilters) *gorm.DB { q := query.Model(&PoamItem{}) - if filters.Status != nil && *filters.Status != "" { - q = q.Where("ccf_poam_items.status = ?", *filters.Status) + if filters.Status != "" { + q = q.Where("ccf_poam_items.status = ?", filters.Status) } if filters.SspID != nil { q = q.Where("ccf_poam_items.ssp_id = ?", *filters.SspID) @@ -30,10 +30,10 @@ func ApplyFilters(query *gorm.DB, filters ListFilters) *gorm.DB { if filters.OwnerRef != nil { q = q.Where("ccf_poam_items.primary_owner_user_id = ?", *filters.OwnerRef) } - if filters.DueBefore != nil { + if filters.DeadlineBefore != nil { q = q.Where( "ccf_poam_items.planned_completion_date IS NOT NULL AND ccf_poam_items.planned_completion_date < ?", - *filters.DueBefore, + *filters.DeadlineBefore, ) } if filters.OverdueOnly { From 8fe16dc91c855ad302d32b160a5751cb25c0ac05 Mon Sep 17 00:00:00 2001 From: AKAbdulHanif Date: Mon, 9 Mar 2026 08:16:49 -0400 Subject: [PATCH 20/28] fix(poam): correct stale type names in integration test Rename references to match the DDD-refactored handler types: - createPoamRequest -> createPoamItemRequest - updatePoamRequest -> updatePoamItemRequest - poamControlRef -> poamControlRefRequest - poamMilestoneResponse -> milestoneResponse (unexported, same package) All 35 integration test cases now compile and reference the correct types from the service-backed handler. --- .../handler/poam_items_integration_test.go | 26 +++++++++---------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/internal/api/handler/poam_items_integration_test.go b/internal/api/handler/poam_items_integration_test.go index fc512f79..17c0291d 100644 --- a/internal/api/handler/poam_items_integration_test.go +++ b/internal/api/handler/poam_items_integration_test.go @@ -78,7 +78,7 @@ func (suite *PoamItemsApiIntegrationSuite) seedMilestone(poamID uuid.UUID, title func (suite *PoamItemsApiIntegrationSuite) TestCreate_MinimalPayload() { suite.Require().NoError(suite.Migrator.Refresh()) sspID := uuid.New() - body := createPoamRequest{ + body := createPoamItemRequest{ SspID: sspID.String(), Title: "Remediate secret scanning", Description: "Enable secret scanning across all repos", @@ -102,7 +102,7 @@ func (suite *PoamItemsApiIntegrationSuite) TestCreate_WithMilestonesAndLinks() { suite.Require().NoError(suite.Migrator.Refresh()) sspID := uuid.New() due := time.Now().Add(30 * 24 * time.Hour).UTC().Truncate(time.Second) - body := createPoamRequest{ + body := createPoamItemRequest{ SspID: sspID.String(), Title: "Patch OS vulnerabilities", Description: "Apply all critical OS patches", @@ -131,7 +131,7 @@ func (suite *PoamItemsApiIntegrationSuite) TestCreate_WithRiskLinks() { suite.Require().NoError(suite.Migrator.Refresh()) sspID := uuid.New() riskID := uuid.New() - body := createPoamRequest{ + body := createPoamItemRequest{ SspID: sspID.String(), Title: "Linked to risk", Description: "POAM item linked to a risk", @@ -159,7 +159,7 @@ func (suite *PoamItemsApiIntegrationSuite) TestCreate_WithAllLinkTypes() { evidenceID := uuid.New() findingID := uuid.New() catalogID := uuid.New() - body := createPoamRequest{ + body := createPoamItemRequest{ SspID: sspID.String(), Title: "Full link test", Description: "POAM item with all link types", @@ -167,7 +167,7 @@ func (suite *PoamItemsApiIntegrationSuite) TestCreate_WithAllLinkTypes() { RiskIDs: []string{riskID.String()}, EvidenceIDs: []string{evidenceID.String()}, FindingIDs: []string{findingID.String()}, - ControlRefs: []poamControlRef{{CatalogID: catalogID.String(), ControlID: "AC-1"}}, + ControlRefs: []poamControlRefRequest{{CatalogID: catalogID.String(), ControlID: "AC-1"}}, } raw, _ := json.Marshal(body) rec := httptest.NewRecorder() @@ -435,7 +435,7 @@ func (suite *PoamItemsApiIntegrationSuite) TestUpdate_ScalarFields() { item := suite.seedItem(sspID, "Original title", "open") newTitle := "Updated title" newDesc := "Updated description" - body := updatePoamRequest{Title: &newTitle, Description: &newDesc} + body := updatePoamItemRequest{Title: &newTitle, Description: &newDesc} raw, _ := json.Marshal(body) rec := httptest.NewRecorder() req := httptest.NewRequest(http.MethodPut, fmt.Sprintf("/api/poam-items/%s", item.ID), bytes.NewReader(raw)) @@ -453,7 +453,7 @@ func (suite *PoamItemsApiIntegrationSuite) TestUpdate_StatusToCompleted_SetsComp sspID := uuid.New() item := suite.seedItem(sspID, "Will complete", "open") newStatus := "completed" - body := updatePoamRequest{Status: &newStatus} + body := updatePoamItemRequest{Status: &newStatus} raw, _ := json.Marshal(body) rec := httptest.NewRecorder() req := httptest.NewRequest(http.MethodPut, fmt.Sprintf("/api/poam-items/%s", item.ID), bytes.NewReader(raw)) @@ -473,7 +473,7 @@ func (suite *PoamItemsApiIntegrationSuite) TestUpdate_StatusChange_SetsLastStatu originalChangeAt := item.LastStatusChangeAt time.Sleep(10 * time.Millisecond) newStatus := "in-progress" - body := updatePoamRequest{Status: &newStatus} + body := updatePoamItemRequest{Status: &newStatus} raw, _ := json.Marshal(body) rec := httptest.NewRecorder() req := httptest.NewRequest(http.MethodPut, fmt.Sprintf("/api/poam-items/%s", item.ID), bytes.NewReader(raw)) @@ -488,7 +488,7 @@ func (suite *PoamItemsApiIntegrationSuite) TestUpdate_StatusChange_SetsLastStatu func (suite *PoamItemsApiIntegrationSuite) TestUpdate_NotFound() { suite.Require().NoError(suite.Migrator.Refresh()) newTitle := "Ghost" - body := updatePoamRequest{Title: &newTitle} + body := updatePoamItemRequest{Title: &newTitle} raw, _ := json.Marshal(body) rec := httptest.NewRecorder() req := httptest.NewRequest(http.MethodPut, fmt.Sprintf("/api/poam-items/%s", uuid.New()), bytes.NewReader(raw)) @@ -548,7 +548,7 @@ func (suite *PoamItemsApiIntegrationSuite) TestListMilestones_OrderedByIndex() { req := httptest.NewRequest(http.MethodGet, fmt.Sprintf("/api/poam-items/%s/milestones", item.ID), nil) suite.newServer().E().ServeHTTP(rec, req) assert.Equal(suite.T(), http.StatusOK, rec.Code) - var resp GenericDataListResponse[poamMilestoneResponse] + var resp GenericDataListResponse[milestoneResponse] suite.Require().NoError(json.Unmarshal(rec.Body.Bytes(), &resp)) assert.Len(suite.T(), resp.Data, 3) assert.Equal(suite.T(), "First", resp.Data[0].Title) @@ -586,7 +586,7 @@ func (suite *PoamItemsApiIntegrationSuite) TestAddMilestone() { req.Header.Set(echo.HeaderContentType, echo.MIMEApplicationJSON) suite.newServer().E().ServeHTTP(rec, req) assert.Equal(suite.T(), http.StatusCreated, rec.Code) - var resp GenericDataResponse[poamMilestoneResponse] + var resp GenericDataResponse[milestoneResponse] suite.Require().NoError(json.Unmarshal(rec.Body.Bytes(), &resp)) assert.Equal(suite.T(), "Deploy to staging", resp.Data.Title) assert.Equal(suite.T(), "planned", resp.Data.Status) @@ -648,7 +648,7 @@ func (suite *PoamItemsApiIntegrationSuite) TestUpdateMilestone_UpdateTitle() { req.Header.Set(echo.HeaderContentType, echo.MIMEApplicationJSON) suite.newServer().E().ServeHTTP(rec, req) assert.Equal(suite.T(), http.StatusOK, rec.Code) - var resp GenericDataResponse[poamMilestoneResponse] + var resp GenericDataResponse[milestoneResponse] suite.Require().NoError(json.Unmarshal(rec.Body.Bytes(), &resp)) assert.Equal(suite.T(), "New title", resp.Data.Title) } @@ -670,7 +670,7 @@ func (suite *PoamItemsApiIntegrationSuite) TestUpdateMilestone_UpdateOrderIndex( req.Header.Set(echo.HeaderContentType, echo.MIMEApplicationJSON) suite.newServer().E().ServeHTTP(rec, req) assert.Equal(suite.T(), http.StatusOK, rec.Code) - var resp GenericDataResponse[poamMilestoneResponse] + var resp GenericDataResponse[milestoneResponse] suite.Require().NoError(json.Unmarshal(rec.Body.Bytes(), &resp)) assert.Equal(suite.T(), 5, resp.Data.OrderIndex) } From 85ef36281511de42180e3a375dc825b42596aee0 Mon Sep 17 00:00:00 2001 From: AKAbdulHanif Date: Mon, 9 Mar 2026 08:21:03 -0400 Subject: [PATCH 21/28] chore(poam): regenerate swagger docs and apply swag fmt Run 'make swag' (go tool swag init + swag fmt) to bring the committed docs/swagger.{json,yaml,docs.go} in sync with the current POAM handler annotations, and apply whitespace-only alignment fixes produced by swag fmt to poam_items.go, models.go, and service.go. This fixes the check-diff CI job which regenerates swagger and asserts a clean working tree. --- docs/docs.go | 19685 ++++++++++++----- docs/swagger.json | 19685 ++++++++++++----- docs/swagger.yaml | 19725 ++++++++++++------ internal/api/handler/poam_items.go | 500 +- internal/service/relational/poam/models.go | 34 +- internal/service/relational/poam/service.go | 12 +- 6 files changed, 43465 insertions(+), 16176 deletions(-) diff --git a/docs/docs.go b/docs/docs.go index bbd82369..8bca18b8 100644 --- a/docs/docs.go +++ b/docs/docs.go @@ -736,6 +736,285 @@ const docTemplate = `{ ] } }, + "/evidence-templates": { + "get": { + "description": "List evidence templates with optional filters and pagination.", + "produces": [ + "application/json" + ], + "tags": [ + "Evidence Templates" + ], + "summary": "List evidence templates", + "parameters": [ + { + "type": "string", + "description": "Plugin ID", + "name": "pluginId", + "in": "query" + }, + { + "type": "string", + "description": "Policy package", + "name": "policyPackage", + "in": "query" + }, + { + "type": "boolean", + "description": "Active flag", + "name": "isActive", + "in": "query" + }, + { + "type": "integer", + "description": "Page number", + "name": "page", + "in": "query" + }, + { + "type": "integer", + "description": "Page size", + "name": "limit", + "in": "query" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/service.ListResponse-templates_evidenceTemplateResponse" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + }, + "post": { + "description": "Create an evidence template with selector labels, label schema, and linked risk/subject template IDs.", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "tags": [ + "Evidence Templates" + ], + "summary": "Create evidence template", + "parameters": [ + { + "description": "Evidence template payload", + "name": "template", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/templates.upsertEvidenceTemplateRequest" + } + } + ], + "responses": { + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/templates.evidenceTemplateDataResponse" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + } + }, + "/evidence-templates/{id}": { + "get": { + "description": "Get an evidence template by ID.", + "produces": [ + "application/json" + ], + "tags": [ + "Evidence Templates" + ], + "summary": "Get evidence template", + "parameters": [ + { + "type": "string", + "description": "Evidence Template ID", + "name": "id", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/templates.evidenceTemplateDataResponse" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + }, + "put": { + "description": "Update an evidence template and atomically replace selector labels, label schema, and linked IDs.", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "tags": [ + "Evidence Templates" + ], + "summary": "Update evidence template", + "parameters": [ + { + "type": "string", + "description": "Evidence Template ID", + "name": "id", + "in": "path", + "required": true + }, + { + "description": "Evidence template payload", + "name": "template", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/templates.upsertEvidenceTemplateRequest" + } + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/templates.evidenceTemplateDataResponse" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + }, + "delete": { + "description": "Delete an evidence template and its associated selector labels, label schema, and join rows.", + "produces": [ + "application/json" + ], + "tags": [ + "Evidence Templates" + ], + "summary": "Delete evidence template", + "parameters": [ + { + "type": "string", + "description": "Evidence Template ID", + "name": "id", + "in": "path", + "required": true + } + ], + "responses": { + "204": { + "description": "No Content" + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + } + }, "/evidence/compliance-by-control/{id}": { "get": { "description": "Retrieves the count of evidence statuses for filters associated with a specific Control ID.", @@ -759,7 +1038,7 @@ const docTemplate = `{ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/handler.GenericDataListResponse-handler_ComplianceByControl_StatusCount" + "$ref": "#/definitions/handler.GenericDataListResponse-evidence_StatusCount" } }, "500": { @@ -794,7 +1073,7 @@ const docTemplate = `{ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/handler.GenericDataListResponse-handler_ComplianceByControl_StatusCount" + "$ref": "#/definitions/handler.GenericDataListResponse-evidence_StatusCount" } }, "400": { @@ -6541,16 +6820,16 @@ const docTemplate = `{ ] } }, - "/oscal/catalogs/{id}/back-matter": { + "/oscal/catalogs/{id}/all-controls": { "get": { - "description": "Retrieves the back-matter for a given Catalog.", + "description": "Retrieves the top-level controls for a given Catalog.", "produces": [ "application/json" ], "tags": [ "Catalog" ], - "summary": "Get back-matter for a Catalog", + "summary": "List controls for a Catalog", "parameters": [ { "type": "string", @@ -6564,7 +6843,7 @@ const docTemplate = `{ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_BackMatter" + "$ref": "#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_Control" } }, "400": { @@ -6599,16 +6878,16 @@ const docTemplate = `{ ] } }, - "/oscal/catalogs/{id}/controls": { + "/oscal/catalogs/{id}/back-matter": { "get": { - "description": "Retrieves the top-level controls for a given Catalog.", + "description": "Retrieves the back-matter for a given Catalog.", "produces": [ "application/json" ], "tags": [ "Catalog" ], - "summary": "List controls for a Catalog", + "summary": "Get back-matter for a Catalog", "parameters": [ { "type": "string", @@ -6622,7 +6901,7 @@ const docTemplate = `{ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_Control" + "$ref": "#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_BackMatter" } }, "400": { @@ -6655,11 +6934,69 @@ const docTemplate = `{ "OAuth2Password": [] } ] - }, - "post": { - "description": "Adds a top-level control under the specified Catalog.", - "consumes": [ - "application/json" + } + }, + "/oscal/catalogs/{id}/controls": { + "get": { + "description": "Retrieves the top-level controls for a given Catalog.", + "produces": [ + "application/json" + ], + "tags": [ + "Catalog" + ], + "summary": "List controls for a Catalog", + "parameters": [ + { + "type": "string", + "description": "Catalog ID", + "name": "id", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_Control" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "401": { + "description": "Unauthorized", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + }, + "post": { + "description": "Adds a top-level control under the specified Catalog.", + "consumes": [ + "application/json" ], "produces": [ "application/json" @@ -10634,6 +10971,63 @@ const docTemplate = `{ } } } + }, + "put": { + "description": "Updates local-definitions for a given POA\u0026M with special handling of array and object fields.\n- Components and inventory-items arrays are treated as full replacements: the existing values on the POA\u0026M are overwritten by the arrays provided in the request body (no per-element merge is performed).\n- Sending an empty array [] for components or inventory-items clears that specific field (resulting in an empty array on the POA\u0026M).\n- Omitting a field in the request body leaves the existing value for that field unchanged.\n- Sending an empty JSON object {} as the payload deletes the entire local-definitions object for the POA\u0026M.", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "tags": [ + "Plan Of Action and Milestones" + ], + "summary": "Update POA\u0026M local-definitions", + "parameters": [ + { + "type": "string", + "description": "POA\u0026M ID", + "name": "id", + "in": "path", + "required": true + }, + { + "description": "Local definitions data", + "name": "local-definitions", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/oscalTypes_1_1_3.PlanOfActionAndMilestonesLocalDefinitions" + } + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_PlanOfActionAndMilestonesLocalDefinitions" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + } } }, "/oscal/plan-of-action-and-milestones/{id}/metadata": { @@ -11826,6 +12220,76 @@ const docTemplate = `{ ] } }, + "/oscal/profiles/{id}/compliance-progress": { + "get": { + "description": "Returns aggregated compliance progress for controls in a Profile, including summary, optional per-control rows, and group rollups.", + "produces": [ + "application/json" + ], + "tags": [ + "Profile" + ], + "summary": "Get compliance progress for a Profile", + "parameters": [ + { + "type": "string", + "description": "Profile ID", + "name": "id", + "in": "path", + "required": true + }, + { + "type": "boolean", + "description": "Include per-control breakdown (default true)", + "name": "includeControls", + "in": "query" + }, + { + "type": "string", + "description": "System Security Plan ID for implementation coverage", + "name": "sspId", + "in": "query" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/handler.GenericDataResponse-oscal_ProfileComplianceProgress" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "401": { + "description": "Unauthorized", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + } + }, "/oscal/profiles/{id}/full": { "get": { "description": "Retrieves the full OSCAL Profile, including all nested content.", @@ -13185,6 +13649,52 @@ const docTemplate = `{ } } }, + "/oscal/system-security-plans/{id}/bulk-apply-component-suggestions": { + "post": { + "description": "For each ImplementedRequirement, creates SystemComponents from matching DefinedComponents and links them via ByComponent.", + "tags": [ + "System Security Plans" + ], + "summary": "Bulk apply component suggestions for all implemented requirements in an SSP", + "parameters": [ + { + "type": "string", + "description": "SSP ID", + "name": "id", + "in": "path", + "required": true + } + ], + "responses": { + "204": { + "description": "No Content" + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + } + }, "/oscal/system-security-plans/{id}/control-implementation": { "get": { "description": "Retrieves the Control Implementation for a given System Security Plan.", @@ -13516,19 +14026,13 @@ const docTemplate = `{ } } }, - "/oscal/system-security-plans/{id}/control-implementation/implemented-requirements/{reqId}/by-components/{byComponentId}": { - "put": { - "description": "Updates an existing by-component that belongs to an implemented requirement for a given SSP.", - "consumes": [ - "application/json" - ], - "produces": [ - "application/json" - ], + "/oscal/system-security-plans/{id}/control-implementation/implemented-requirements/{reqId}/apply-suggestion": { + "post": { + "description": "Creates SystemComponents from DefinedComponents that implement the same control and links them via ByComponent.", "tags": [ "System Security Plans" ], - "summary": "Update a by-component within an implemented requirement", + "summary": "Apply component suggestions for an implemented requirement", "parameters": [ { "type": "string", @@ -13539,35 +14043,94 @@ const docTemplate = `{ }, { "type": "string", - "description": "Requirement ID", + "description": "Implemented Requirement ID", "name": "reqId", "in": "path", "required": true - }, - { - "type": "string", - "description": "By-Component ID", - "name": "byComponentId", - "in": "path", - "required": true - }, - { - "description": "By-Component data", - "name": "by-component", - "in": "body", - "required": true, - "schema": { - "$ref": "#/definitions/oscalTypes_1_1_3.ByComponent" - } } ], "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_ByComponent" - } - }, + "204": { + "description": "No Content" + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + } + }, + "/oscal/system-security-plans/{id}/control-implementation/implemented-requirements/{reqId}/by-components/{byComponentId}": { + "put": { + "description": "Updates an existing by-component that belongs to an implemented requirement for a given SSP.", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "tags": [ + "System Security Plans" + ], + "summary": "Update a by-component within an implemented requirement", + "parameters": [ + { + "type": "string", + "description": "SSP ID", + "name": "id", + "in": "path", + "required": true + }, + { + "type": "string", + "description": "Requirement ID", + "name": "reqId", + "in": "path", + "required": true + }, + { + "type": "string", + "description": "By-Component ID", + "name": "byComponentId", + "in": "path", + "required": true + }, + { + "description": "By-Component data", + "name": "by-component", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/oscalTypes_1_1_3.ByComponent" + } + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_ByComponent" + } + }, "400": { "description": "Bad Request", "schema": { @@ -13728,6 +14291,66 @@ const docTemplate = `{ } } }, + "/oscal/system-security-plans/{id}/control-implementation/implemented-requirements/{reqId}/statements/{stmtId}/apply-suggestion": { + "post": { + "description": "Creates SystemComponents from DefinedComponents that implement the statement's parent control and links them via ByComponent to the statement.", + "tags": [ + "System Security Plans" + ], + "summary": "Apply component suggestions for a statement", + "parameters": [ + { + "type": "string", + "description": "SSP ID", + "name": "id", + "in": "path", + "required": true + }, + { + "type": "string", + "description": "Implemented Requirement ID", + "name": "reqId", + "in": "path", + "required": true + }, + { + "type": "string", + "description": "Statement ID", + "name": "stmtId", + "in": "path", + "required": true + } + ], + "responses": { + "204": { + "description": "No Content" + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + } + }, "/oscal/system-security-plans/{id}/control-implementation/implemented-requirements/{reqId}/statements/{stmtId}/by-components": { "post": { "description": "Create a by-component within an existing statement within an implemented requirement for a given SSP.", @@ -13950,6 +14573,131 @@ const docTemplate = `{ } } }, + "/oscal/system-security-plans/{id}/control-implementation/implemented-requirements/{reqId}/statements/{stmtId}/suggest-components": { + "post": { + "description": "Returns DefinedComponents that implement the statement's parent control and are not yet present in the SSP.", + "produces": [ + "application/json" + ], + "tags": [ + "System Security Plans" + ], + "summary": "Suggest system components for a statement", + "parameters": [ + { + "type": "string", + "description": "SSP ID", + "name": "id", + "in": "path", + "required": true + }, + { + "type": "string", + "description": "Implemented Requirement ID", + "name": "reqId", + "in": "path", + "required": true + }, + { + "type": "string", + "description": "Statement ID", + "name": "stmtId", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/handler.GenericDataListResponse-relational_SystemComponentSuggestion" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + } + }, + "/oscal/system-security-plans/{id}/control-implementation/implemented-requirements/{reqId}/suggest-components": { + "post": { + "description": "Returns DefinedComponents that implement the same control and are not yet present in the SSP.", + "produces": [ + "application/json" + ], + "tags": [ + "System Security Plans" + ], + "summary": "Suggest system components for an implemented requirement", + "parameters": [ + { + "type": "string", + "description": "SSP ID", + "name": "id", + "in": "path", + "required": true + }, + { + "type": "string", + "description": "Implemented Requirement ID", + "name": "reqId", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/handler.GenericDataListResponse-relational_SystemComponentSuggestion" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + } + }, "/oscal/system-security-plans/{id}/import-profile": { "get": { "description": "Retrieves import-profile for a given SSP.", @@ -15378,7 +16126,7 @@ const docTemplate = `{ ] }, "post": { - "description": "Creates a new system component for a given SSP.", + "description": "Creates a new system component for a given SSP. Accepts an optional definedComponentId field to link to a DefinedComponent.", "consumes": [ "application/json" ], @@ -15398,12 +16146,12 @@ const docTemplate = `{ "required": true }, { - "description": "System Component data", + "description": "System Component data with optional definedComponentId field", "name": "component", "in": "body", "required": true, "schema": { - "$ref": "#/definitions/oscalTypes_1_1_3.SystemComponent" + "$ref": "#/definitions/oscal.SystemComponentRequest" } } ], @@ -15500,7 +16248,7 @@ const docTemplate = `{ ] }, "put": { - "description": "Updates an existing system component for a given SSP.", + "description": "Updates an existing system component for a given SSP. Accepts an optional definedComponentId field to link to a DefinedComponent.", "consumes": [ "application/json" ], @@ -15527,12 +16275,12 @@ const docTemplate = `{ "required": true }, { - "description": "System Component data", + "description": "System Component data with optional definedComponentId field", "name": "component", "in": "body", "required": true, "schema": { - "$ref": "#/definitions/oscalTypes_1_1_3.SystemComponent" + "$ref": "#/definitions/oscal.SystemComponentRequest" } } ], @@ -16293,7 +17041,6 @@ const docTemplate = `{ }, "/poam-items": { "get": { - "description": "List POAM items filtered by status, sspId, riskId, or deadlineBefore.", "produces": [ "application/json" ], @@ -16304,34 +17051,52 @@ const docTemplate = `{ "parameters": [ { "type": "string", - "description": "open|in-progress|completed|overdue", + "description": "Filter by status (open|in-progress|completed|overdue)", "name": "status", "in": "query" }, { "type": "string", - "description": "SSP UUID", + "description": "Filter by SSP UUID", "name": "sspId", "in": "query" }, { "type": "string", - "description": "Risk UUID", + "description": "Filter by linked risk UUID", "name": "riskId", "in": "query" }, { "type": "string", - "description": "RFC3339 timestamp", + "description": "Filter by planned_completion_date before (RFC3339)", "name": "deadlineBefore", "in": "query" - } - ], + }, + { + "type": "boolean", + "description": "Return only overdue items", + "name": "overdueOnly", + "in": "query" + }, + { + "type": "string", + "description": "Filter by primary_owner_user_id UUID", + "name": "ownerRef", + "in": "query" + } + ], "responses": { "200": { "description": "OK", "schema": { - "$ref": "#/definitions/handler.GenericDataListResponse-relational_CcfPoamItem" + "$ref": "#/definitions/handler.GenericDataListResponse-handler_poamItemResponse" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" } }, "500": { @@ -16340,10 +17105,14 @@ const docTemplate = `{ "$ref": "#/definitions/api.Error" } } - } + }, + "security": [ + { + "OAuth2Password": [] + } + ] }, "post": { - "description": "Creates a POAM item with optional milestones and risk links in a single transaction.", "consumes": [ "application/json" ], @@ -16361,7 +17130,7 @@ const docTemplate = `{ "in": "body", "required": true, "schema": { - "$ref": "#/definitions/handler.createPoam" + "$ref": "#/definitions/handler.createPoamItemRequest" } } ], @@ -16369,7 +17138,7 @@ const docTemplate = `{ "201": { "description": "Created", "schema": { - "$ref": "#/definitions/handler.GenericDataResponse-relational_CcfPoamItem" + "$ref": "#/definitions/handler.GenericDataResponse-handler_poamItemResponse" } }, "400": { @@ -16378,25 +17147,35 @@ const docTemplate = `{ "$ref": "#/definitions/api.Error" } }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, "500": { "description": "Internal Server Error", "schema": { "$ref": "#/definitions/api.Error" } } - } + }, + "security": [ + { + "OAuth2Password": [] + } + ] } }, "/poam-items/{id}": { "get": { - "description": "Get a POAM item with its milestones and risk links.", "produces": [ "application/json" ], "tags": [ "POAM Items" ], - "summary": "Get POAM item", + "summary": "Get a POAM item", "parameters": [ { "type": "string", @@ -16410,7 +17189,7 @@ const docTemplate = `{ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/handler.GenericDataResponse-handler_PoamItemWithLinksResponse" + "$ref": "#/definitions/handler.GenericDataResponse-handler_poamItemResponse" } }, "400": { @@ -16431,10 +17210,14 @@ const docTemplate = `{ "$ref": "#/definitions/api.Error" } } - } + }, + "security": [ + { + "OAuth2Password": [] + } + ] }, "put": { - "description": "Updates mutable fields of a POAM item.", "consumes": [ "application/json" ], @@ -16444,7 +17227,7 @@ const docTemplate = `{ "tags": [ "POAM Items" ], - "summary": "Update POAM item", + "summary": "Update a POAM item", "parameters": [ { "type": "string", @@ -16454,13 +17237,12 @@ const docTemplate = `{ "required": true }, { - "description": "Fields to update", + "description": "Update payload", "name": "body", "in": "body", "required": true, "schema": { - "type": "object", - "additionalProperties": true + "$ref": "#/definitions/handler.updatePoamItemRequest" } } ], @@ -16468,7 +17250,7 @@ const docTemplate = `{ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/handler.GenericDataResponse-relational_CcfPoamItem" + "$ref": "#/definitions/handler.GenericDataResponse-handler_poamItemResponse" } }, "400": { @@ -16477,23 +17259,30 @@ const docTemplate = `{ "$ref": "#/definitions/api.Error" } }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, "500": { "description": "Internal Server Error", "schema": { "$ref": "#/definitions/api.Error" } } - } + }, + "security": [ + { + "OAuth2Password": [] + } + ] }, "delete": { - "description": "Deletes a POAM item and cascades to milestones and risk links.", - "produces": [ - "application/json" - ], "tags": [ "POAM Items" ], - "summary": "Delete POAM item", + "summary": "Delete a POAM item", "parameters": [ { "type": "string", @@ -16505,10 +17294,7 @@ const docTemplate = `{ ], "responses": { "204": { - "description": "no content", - "schema": { - "type": "string" - } + "description": "No Content" }, "400": { "description": "Bad Request", @@ -16516,25 +17302,35 @@ const docTemplate = `{ "$ref": "#/definitions/api.Error" } }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, "500": { "description": "Internal Server Error", "schema": { "$ref": "#/definitions/api.Error" } } - } + }, + "security": [ + { + "OAuth2Password": [] + } + ] } }, - "/poam-items/{id}/milestones": { + "/poam-items/{id}/controls": { "get": { - "description": "List all milestones for a POAM item.", "produces": [ "application/json" ], "tags": [ "POAM Items" ], - "summary": "List milestones", + "summary": "List linked controls", "parameters": [ { "type": "string", @@ -16548,7 +17344,7 @@ const docTemplate = `{ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/handler.GenericDataListResponse-relational_CcfPoamItemMilestone" + "$ref": "#/definitions/handler.GenericDataListResponse-poam_PoamItemControlLink" } }, "400": { @@ -16557,16 +17353,26 @@ const docTemplate = `{ "$ref": "#/definitions/api.Error" } }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, "500": { "description": "Internal Server Error", "schema": { "$ref": "#/definitions/api.Error" } } - } + }, + "security": [ + { + "OAuth2Password": [] + } + ] }, "post": { - "description": "Add a milestone to a POAM item.", "consumes": [ "application/json" ], @@ -16576,7 +17382,7 @@ const docTemplate = `{ "tags": [ "POAM Items" ], - "summary": "Add milestone", + "summary": "Add a control link", "parameters": [ { "type": "string", @@ -16586,12 +17392,12 @@ const docTemplate = `{ "required": true }, { - "description": "Milestone payload", + "description": "Control ref payload", "name": "body", "in": "body", "required": true, "schema": { - "$ref": "#/definitions/handler.createMilestone" + "$ref": "#/definitions/handler.poamControlRefRequest" } } ], @@ -16599,7 +17405,7 @@ const docTemplate = `{ "201": { "description": "Created", "schema": { - "$ref": "#/definitions/handler.GenericDataResponse-relational_CcfPoamItemMilestone" + "$ref": "#/definitions/handler.GenericDataResponse-poam_PoamItemControlLink" } }, "400": { @@ -16608,28 +17414,32 @@ const docTemplate = `{ "$ref": "#/definitions/api.Error" } }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, "500": { "description": "Internal Server Error", "schema": { "$ref": "#/definitions/api.Error" } } - } + }, + "security": [ + { + "OAuth2Password": [] + } + ] } }, - "/poam-items/{id}/milestones/{milestoneId}": { - "put": { - "description": "Update milestone fields; when status becomes completed, sets completed_at.", - "consumes": [ - "application/json" - ], - "produces": [ - "application/json" - ], + "/poam-items/{id}/controls/{catalogId}/{controlId}": { + "delete": { "tags": [ "POAM Items" ], - "summary": "Update milestone", + "summary": "Delete a control link", "parameters": [ { "type": "string", @@ -16640,28 +17450,22 @@ const docTemplate = `{ }, { "type": "string", - "description": "Milestone ID", - "name": "milestoneId", + "description": "Catalog ID", + "name": "catalogId", "in": "path", "required": true }, { - "description": "Fields to update", - "name": "body", - "in": "body", - "required": true, - "schema": { - "type": "object", - "additionalProperties": true - } + "type": "string", + "description": "Control ID", + "name": "controlId", + "in": "path", + "required": true } ], "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/handler.GenericDataResponse-relational_CcfPoamItemMilestone" - } + "204": { + "description": "No Content" }, "400": { "description": "Bad Request", @@ -16669,23 +17473,35 @@ const docTemplate = `{ "$ref": "#/definitions/api.Error" } }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, "500": { "description": "Internal Server Error", "schema": { "$ref": "#/definitions/api.Error" } } - } - }, - "delete": { - "description": "Delete a milestone from a POAM item.", + }, + "security": [ + { + "OAuth2Password": [] + } + ] + } + }, + "/poam-items/{id}/evidence": { + "get": { "produces": [ "application/json" ], "tags": [ "POAM Items" ], - "summary": "Delete milestone", + "summary": "List linked evidence", "parameters": [ { "type": "string", @@ -16693,20 +17509,13 @@ const docTemplate = `{ "name": "id", "in": "path", "required": true - }, - { - "type": "string", - "description": "Milestone ID", - "name": "milestoneId", - "in": "path", - "required": true } ], "responses": { - "204": { - "description": "no content", + "200": { + "description": "OK", "schema": { - "type": "string" + "$ref": "#/definitions/handler.GenericDataListResponse-poam_PoamItemEvidenceLink" } }, "400": { @@ -16715,34 +17524,63 @@ const docTemplate = `{ "$ref": "#/definitions/api.Error" } }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, "500": { "description": "Internal Server Error", "schema": { "$ref": "#/definitions/api.Error" } } - } - } - }, - "/users/me": { - "get": { - "description": "Retrieves the details of the currently logged-in user", + }, + "security": [ + { + "OAuth2Password": [] + } + ] + }, + "post": { + "consumes": [ + "application/json" + ], "produces": [ "application/json" ], "tags": [ - "Users" + "POAM Items" + ], + "summary": "Add an evidence link", + "parameters": [ + { + "type": "string", + "description": "POAM item ID", + "name": "id", + "in": "path", + "required": true + }, + { + "description": "Evidence ID payload", + "name": "body", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/handler.addLinkRequest" + } + } ], - "summary": "Get logged-in user details", "responses": { - "200": { - "description": "OK", + "201": { + "description": "Created", "schema": { - "$ref": "#/definitions/handler.GenericDataResponse-relational_User" + "$ref": "#/definitions/handler.GenericDataResponse-poam_PoamItemEvidenceLink" } }, - "401": { - "description": "Unauthorized", + "400": { + "description": "Bad Request", "schema": { "$ref": "#/definitions/api.Error" } @@ -16767,28 +17605,26 @@ const docTemplate = `{ ] } }, - "/users/me/change-password": { - "post": { - "description": "Changes the password for the currently logged-in user", - "consumes": [ - "application/json" - ], - "produces": [ - "application/json" - ], + "/poam-items/{id}/evidence/{evidenceId}": { + "delete": { "tags": [ - "Users" + "POAM Items" ], - "summary": "Change password for logged-in user", + "summary": "Delete an evidence link", "parameters": [ { - "description": "Change Password Request", - "name": "changePasswordRequest", - "in": "body", - "required": true, - "schema": { - "$ref": "#/definitions/handler.UserHandler" - } + "type": "string", + "description": "POAM item ID", + "name": "id", + "in": "path", + "required": true + }, + { + "type": "string", + "description": "Evidence ID", + "name": "evidenceId", + "in": "path", + "required": true } ], "responses": { @@ -16801,8 +17637,8 @@ const docTemplate = `{ "$ref": "#/definitions/api.Error" } }, - "401": { - "description": "Unauthorized", + "404": { + "description": "Not Found", "schema": { "$ref": "#/definitions/api.Error" } @@ -16821,25 +17657,33 @@ const docTemplate = `{ ] } }, - "/users/me/digest-subscription": { + "/poam-items/{id}/findings": { "get": { - "description": "Gets the current user's digest email subscription status", "produces": [ "application/json" ], "tags": [ - "Users" + "POAM Items" ], - "summary": "Get digest subscription status", - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/handler.GenericDataResponse-handler_UserHandler" + "summary": "List linked findings", + "parameters": [ + { + "type": "string", + "description": "POAM item ID", + "name": "id", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/handler.GenericDataListResponse-poam_PoamItemFindingLink" } }, - "401": { - "description": "Unauthorized", + "400": { + "description": "Bad Request", "schema": { "$ref": "#/definitions/api.Error" } @@ -16863,8 +17707,7 @@ const docTemplate = `{ } ] }, - "put": { - "description": "Updates the current user's digest email subscription status", + "post": { "consumes": [ "application/json" ], @@ -16872,25 +17715,32 @@ const docTemplate = `{ "application/json" ], "tags": [ - "Users" + "POAM Items" ], - "summary": "Update digest subscription status", + "summary": "Add a finding link", "parameters": [ { - "description": "Subscription status", - "name": "subscription", + "type": "string", + "description": "POAM item ID", + "name": "id", + "in": "path", + "required": true + }, + { + "description": "Finding ID payload", + "name": "body", "in": "body", "required": true, "schema": { - "$ref": "#/definitions/handler.UserHandler" + "$ref": "#/definitions/handler.addLinkRequest" } } ], "responses": { - "200": { - "description": "OK", + "201": { + "description": "Created", "schema": { - "$ref": "#/definitions/handler.GenericDataResponse-handler_UserHandler" + "$ref": "#/definitions/handler.GenericDataResponse-poam_PoamItemFindingLink" } }, "400": { @@ -16899,8 +17749,54 @@ const docTemplate = `{ "$ref": "#/definitions/api.Error" } }, - "401": { - "description": "Unauthorized", + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + } + }, + "/poam-items/{id}/findings/{findingId}": { + "delete": { + "tags": [ + "POAM Items" + ], + "summary": "Delete a finding link", + "parameters": [ + { + "type": "string", + "description": "POAM item ID", + "name": "id", + "in": "path", + "required": true + }, + { + "type": "string", + "description": "Finding ID", + "name": "findingId", + "in": "path", + "required": true + } + ], + "responses": { + "204": { + "description": "No Content" + }, + "400": { + "description": "Bad Request", "schema": { "$ref": "#/definitions/api.Error" } @@ -16925,9 +17821,57 @@ const docTemplate = `{ ] } }, - "/users/{id}/change-password": { + "/poam-items/{id}/milestones": { + "get": { + "produces": [ + "application/json" + ], + "tags": [ + "POAM Items" + ], + "summary": "List milestones for a POAM item", + "parameters": [ + { + "type": "string", + "description": "POAM item ID", + "name": "id", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/handler.GenericDataListResponse-handler_milestoneResponse" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + }, "post": { - "description": "Changes the password for a user by ID", "consumes": [ "application/json" ], @@ -16935,30 +17879,33 @@ const docTemplate = `{ "application/json" ], "tags": [ - "Users" + "POAM Items" ], - "summary": "Change password for a specific user", + "summary": "Add a milestone to a POAM item", "parameters": [ { "type": "string", - "description": "User ID", + "description": "POAM item ID", "name": "id", "in": "path", "required": true }, { - "description": "Change Password Request", - "name": "changePasswordRequest", + "description": "Milestone payload", + "name": "body", "in": "body", "required": true, "schema": { - "$ref": "#/definitions/handler.UserHandler" + "$ref": "#/definitions/handler.createMilestoneRequest" } } ], "responses": { - "204": { - "description": "No Content" + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/handler.GenericDataResponse-handler_milestoneResponse" + } }, "400": { "description": "Bad Request", @@ -16966,8 +17913,72 @@ const docTemplate = `{ "$ref": "#/definitions/api.Error" } }, - "401": { - "description": "Unauthorized", + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + } + }, + "/poam-items/{id}/milestones/{milestoneId}": { + "put": { + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "tags": [ + "POAM Items" + ], + "summary": "Update a milestone", + "parameters": [ + { + "type": "string", + "description": "POAM item ID", + "name": "id", + "in": "path", + "required": true + }, + { + "type": "string", + "description": "Milestone ID", + "name": "milestoneId", + "in": "path", + "required": true + }, + { + "description": "Milestone update payload", + "name": "body", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/handler.updateMilestoneRequest" + } + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/handler.GenericDataResponse-handler_milestoneResponse" + } + }, + "400": { + "description": "Bad Request", "schema": { "$ref": "#/definitions/api.Error" } @@ -16990,288 +18001,7544 @@ const docTemplate = `{ "OAuth2Password": [] } ] - } - } - }, - "definitions": { - "api.Error": { - "type": "object", - "properties": { - "errors": { - "type": "object", - "additionalProperties": {} - } - } - }, - "auth.AuthHandler": { - "type": "object" - }, - "authn.JWK": { - "type": "object", - "properties": { - "alg": { - "type": "string" - }, - "e": { - "type": "string" - }, - "kid": { - "type": "string" - }, - "kty": { - "type": "string" - }, - "n": { - "type": "string" - }, - "use": { - "type": "string" - } - } - }, - "datatypes.JSONType-labelfilter_Filter": { - "type": "object" - }, - "datatypes.JSONType-oscalTypes_1_1_3_ObjectiveStatus": { + }, + "delete": { + "tags": [ + "POAM Items" + ], + "summary": "Delete a milestone", + "parameters": [ + { + "type": "string", + "description": "POAM item ID", + "name": "id", + "in": "path", + "required": true + }, + { + "type": "string", + "description": "Milestone ID", + "name": "milestoneId", + "in": "path", + "required": true + } + ], + "responses": { + "204": { + "description": "No Content" + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + } + }, + "/poam-items/{id}/risks": { + "get": { + "produces": [ + "application/json" + ], + "tags": [ + "POAM Items" + ], + "summary": "List linked risks", + "parameters": [ + { + "type": "string", + "description": "POAM item ID", + "name": "id", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/handler.GenericDataListResponse-poam_PoamItemRiskLink" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + }, + "post": { + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "tags": [ + "POAM Items" + ], + "summary": "Add a risk link", + "parameters": [ + { + "type": "string", + "description": "POAM item ID", + "name": "id", + "in": "path", + "required": true + }, + { + "description": "Risk ID payload", + "name": "body", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/handler.addLinkRequest" + } + } + ], + "responses": { + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/handler.GenericDataResponse-poam_PoamItemRiskLink" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + } + }, + "/poam-items/{id}/risks/{riskId}": { + "delete": { + "tags": [ + "POAM Items" + ], + "summary": "Delete a risk link", + "parameters": [ + { + "type": "string", + "description": "POAM item ID", + "name": "id", + "in": "path", + "required": true + }, + { + "type": "string", + "description": "Risk ID", + "name": "riskId", + "in": "path", + "required": true + } + ], + "responses": { + "204": { + "description": "No Content" + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + } + }, + "/risk-templates": { + "get": { + "description": "List risk templates with optional filters and pagination.", + "produces": [ + "application/json" + ], + "tags": [ + "Risk Templates" + ], + "summary": "List risk templates", + "parameters": [ + { + "type": "string", + "description": "Plugin ID", + "name": "pluginId", + "in": "query" + }, + { + "type": "string", + "description": "Policy package", + "name": "policyPackage", + "in": "query" + }, + { + "type": "boolean", + "description": "Active flag", + "name": "isActive", + "in": "query" + }, + { + "type": "integer", + "description": "Page number", + "name": "page", + "in": "query" + }, + { + "type": "integer", + "description": "Page size", + "name": "limit", + "in": "query" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/service.ListResponse-templates_riskTemplateResponse" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + }, + "post": { + "description": "Create a risk template with threat references and remediation template/tasks.", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "tags": [ + "Risk Templates" + ], + "summary": "Create risk template", + "parameters": [ + { + "description": "Risk template payload", + "name": "template", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/templates.upsertRiskTemplateRequest" + } + } + ], + "responses": { + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/templates.riskTemplateDataResponse" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + } + }, + "/risk-templates/{id}": { + "get": { + "description": "Get a risk template by ID.", + "produces": [ + "application/json" + ], + "tags": [ + "Risk Templates" + ], + "summary": "Get risk template", + "parameters": [ + { + "type": "string", + "description": "Risk Template ID", + "name": "id", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/templates.riskTemplateDataResponse" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + }, + "put": { + "description": "Update a risk template and atomically replace threat refs and remediation tasks.", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "tags": [ + "Risk Templates" + ], + "summary": "Update risk template", + "parameters": [ + { + "type": "string", + "description": "Risk Template ID", + "name": "id", + "in": "path", + "required": true + }, + { + "description": "Risk template payload", + "name": "template", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/templates.upsertRiskTemplateRequest" + } + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/templates.riskTemplateDataResponse" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + }, + "delete": { + "description": "Delete a risk template and its associated threat references and remediation data.", + "produces": [ + "application/json" + ], + "tags": [ + "Risk Templates" + ], + "summary": "Delete risk template", + "parameters": [ + { + "type": "string", + "description": "Risk Template ID", + "name": "id", + "in": "path", + "required": true + } + ], + "responses": { + "204": { + "description": "No Content" + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + } + }, + "/risks": { + "get": { + "description": "Lists risk register entries with filtering, sorting, and pagination.", + "produces": [ + "application/json" + ], + "tags": [ + "Risks" + ], + "summary": "List risks", + "parameters": [ + { + "type": "string", + "description": "Risk status", + "name": "status", + "in": "query" + }, + { + "type": "string", + "description": "Risk likelihood", + "name": "likelihood", + "in": "query" + }, + { + "type": "string", + "description": "Risk impact", + "name": "impact", + "in": "query" + }, + { + "type": "string", + "description": "SSP ID", + "name": "sspId", + "in": "query" + }, + { + "type": "string", + "description": "Control ID", + "name": "controlId", + "in": "query" + }, + { + "type": "string", + "description": "Evidence ID", + "name": "evidenceId", + "in": "query" + }, + { + "type": "string", + "description": "Owner kind", + "name": "ownerKind", + "in": "query" + }, + { + "type": "string", + "description": "Owner reference", + "name": "ownerRef", + "in": "query" + }, + { + "type": "string", + "description": "Review deadline upper bound (RFC3339)", + "name": "reviewDeadlineBefore", + "in": "query" + }, + { + "type": "integer", + "description": "Page number", + "name": "page", + "in": "query" + }, + { + "type": "integer", + "description": "Page size", + "name": "limit", + "in": "query" + }, + { + "type": "string", + "description": "Sort field", + "name": "sort", + "in": "query" + }, + { + "type": "string", + "description": "Sort order (asc|desc)", + "name": "order", + "in": "query" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/service.ListResponse-handler_riskResponse" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + }, + "post": { + "description": "Creates a risk register entry.", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "tags": [ + "Risks" + ], + "summary": "Create risk", + "parameters": [ + { + "description": "Risk payload", + "name": "risk", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/handler.createRiskRequest" + } + } + ], + "responses": { + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/handler.GenericDataResponse-handler_riskResponse" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "401": { + "description": "Unauthorized", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + } + }, + "/risks/{id}": { + "get": { + "description": "Retrieves a risk register entry by ID.", + "produces": [ + "application/json" + ], + "tags": [ + "Risks" + ], + "summary": "Get risk", + "parameters": [ + { + "type": "string", + "description": "Risk ID", + "name": "id", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/handler.GenericDataResponse-handler_riskResponse" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + }, + "put": { + "description": "Updates a risk register entry by ID.", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "tags": [ + "Risks" + ], + "summary": "Update risk", + "parameters": [ + { + "type": "string", + "description": "Risk ID", + "name": "id", + "in": "path", + "required": true + }, + { + "description": "Risk payload", + "name": "risk", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/handler.updateRiskRequest" + } + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/handler.GenericDataResponse-handler_riskResponse" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + }, + "delete": { + "description": "Deletes a risk register entry and link rows by ID.", + "tags": [ + "Risks" + ], + "summary": "Delete risk", + "parameters": [ + { + "type": "string", + "description": "Risk ID", + "name": "id", + "in": "path", + "required": true + } + ], + "responses": { + "204": { + "description": "No Content" + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + } + }, + "/risks/{id}/accept": { + "post": { + "description": "Accepts a risk with required justification and a future review deadline.", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "tags": [ + "Risks" + ], + "summary": "Accept risk", + "parameters": [ + { + "type": "string", + "description": "Risk ID", + "name": "id", + "in": "path", + "required": true + }, + { + "description": "Accept payload", + "name": "body", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/handler.acceptRiskRequest" + } + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/handler.GenericDataResponse-handler_riskResponse" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + } + }, + "/risks/{id}/components": { + "get": { + "description": "Lists components linked to a risk.", + "produces": [ + "application/json" + ], + "tags": [ + "Risks" + ], + "summary": "List risk component links", + "parameters": [ + { + "type": "string", + "description": "Risk ID", + "name": "id", + "in": "path", + "required": true + }, + { + "type": "integer", + "description": "Page number", + "name": "page", + "in": "query" + }, + { + "type": "integer", + "description": "Page size", + "name": "limit", + "in": "query" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/service.ListResponse-risks_RiskComponentLink" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + }, + "post": { + "description": "Idempotently links a component to a risk.", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "tags": [ + "Risks" + ], + "summary": "Link component to risk", + "parameters": [ + { + "type": "string", + "description": "Risk ID", + "name": "id", + "in": "path", + "required": true + }, + { + "description": "Component link payload", + "name": "link", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/handler.addComponentLinkRequest" + } + } + ], + "responses": { + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/handler.GenericDataResponse-risks_RiskComponentLink" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + } + }, + "/risks/{id}/controls": { + "get": { + "description": "Lists controls linked to a risk.", + "produces": [ + "application/json" + ], + "tags": [ + "Risks" + ], + "summary": "List risk control links", + "parameters": [ + { + "type": "string", + "description": "Risk ID", + "name": "id", + "in": "path", + "required": true + }, + { + "type": "integer", + "description": "Page number", + "name": "page", + "in": "query" + }, + { + "type": "integer", + "description": "Page size", + "name": "limit", + "in": "query" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/service.ListResponse-risks_RiskControlLink" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + }, + "post": { + "description": "Idempotently links a control to a risk.", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "tags": [ + "Risks" + ], + "summary": "Link control to risk", + "parameters": [ + { + "type": "string", + "description": "Risk ID", + "name": "id", + "in": "path", + "required": true + }, + { + "description": "Control link payload", + "name": "link", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/handler.addControlLinkRequest" + } + } + ], + "responses": { + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/handler.GenericDataResponse-risks_RiskControlLink" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + } + }, + "/risks/{id}/evidence": { + "get": { + "description": "Lists evidence IDs linked to a risk.", + "produces": [ + "application/json" + ], + "tags": [ + "Risks" + ], + "summary": "List risk evidence links", + "parameters": [ + { + "type": "string", + "description": "Risk ID", + "name": "id", + "in": "path", + "required": true + }, + { + "type": "integer", + "description": "Page number", + "name": "page", + "in": "query" + }, + { + "type": "integer", + "description": "Page size", + "name": "limit", + "in": "query" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/service.ListResponse-uuid_UUID" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + }, + "post": { + "description": "Idempotently links an evidence item to a risk.", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "tags": [ + "Risks" + ], + "summary": "Link evidence to risk", + "parameters": [ + { + "type": "string", + "description": "Risk ID", + "name": "id", + "in": "path", + "required": true + }, + { + "description": "Evidence link payload", + "name": "link", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/handler.addEvidenceLinkRequest" + } + } + ], + "responses": { + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/handler.GenericDataResponse-risks_RiskEvidenceLink" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + } + }, + "/risks/{id}/evidence/{evidenceId}": { + "delete": { + "description": "Deletes the link between a risk and evidence item.", + "tags": [ + "Risks" + ], + "summary": "Delete risk evidence link", + "parameters": [ + { + "type": "string", + "description": "Risk ID", + "name": "id", + "in": "path", + "required": true + }, + { + "type": "string", + "description": "Evidence ID", + "name": "evidenceId", + "in": "path", + "required": true + } + ], + "responses": { + "204": { + "description": "No Content" + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + } + }, + "/risks/{id}/review": { + "post": { + "description": "Records a structured review for an accepted risk. nextReviewDeadline is required for decision=extend and must be omitted for decision=reopen.", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "tags": [ + "Risks" + ], + "summary": "Review risk", + "parameters": [ + { + "type": "string", + "description": "Risk ID", + "name": "id", + "in": "path", + "required": true + }, + { + "description": "Review payload", + "name": "body", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/handler.reviewRiskRequest" + } + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/handler.GenericDataResponse-handler_riskResponse" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + } + }, + "/risks/{id}/subjects": { + "get": { + "description": "Lists subjects linked to a risk.", + "produces": [ + "application/json" + ], + "tags": [ + "Risks" + ], + "summary": "List risk subject links", + "parameters": [ + { + "type": "string", + "description": "Risk ID", + "name": "id", + "in": "path", + "required": true + }, + { + "type": "integer", + "description": "Page number", + "name": "page", + "in": "query" + }, + { + "type": "integer", + "description": "Page size", + "name": "limit", + "in": "query" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/service.ListResponse-risks_RiskSubjectLink" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + }, + "post": { + "description": "Idempotently links a subject to a risk.", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "tags": [ + "Risks" + ], + "summary": "Link subject to risk", + "parameters": [ + { + "type": "string", + "description": "Risk ID", + "name": "id", + "in": "path", + "required": true + }, + { + "description": "Subject link payload", + "name": "link", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/handler.addSubjectLinkRequest" + } + } + ], + "responses": { + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/handler.GenericDataResponse-risks_RiskSubjectLink" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + } + }, + "/ssp/{sspId}/risks": { + "get": { + "description": "Lists risk register entries scoped to an SSP.", + "produces": [ + "application/json" + ], + "tags": [ + "Risks" + ], + "summary": "List risks for SSP", + "parameters": [ + { + "type": "string", + "description": "SSP ID", + "name": "sspId", + "in": "path", + "required": true + }, + { + "type": "string", + "description": "Risk status", + "name": "status", + "in": "query" + }, + { + "type": "string", + "description": "Risk likelihood", + "name": "likelihood", + "in": "query" + }, + { + "type": "string", + "description": "Risk impact", + "name": "impact", + "in": "query" + }, + { + "type": "string", + "description": "Control ID", + "name": "controlId", + "in": "query" + }, + { + "type": "string", + "description": "Evidence ID", + "name": "evidenceId", + "in": "query" + }, + { + "type": "string", + "description": "Owner kind", + "name": "ownerKind", + "in": "query" + }, + { + "type": "string", + "description": "Owner reference", + "name": "ownerRef", + "in": "query" + }, + { + "type": "string", + "description": "Review deadline upper bound (RFC3339)", + "name": "reviewDeadlineBefore", + "in": "query" + }, + { + "type": "integer", + "description": "Page number", + "name": "page", + "in": "query" + }, + { + "type": "integer", + "description": "Page size", + "name": "limit", + "in": "query" + }, + { + "type": "string", + "description": "Sort field", + "name": "sort", + "in": "query" + }, + { + "type": "string", + "description": "Sort order (asc|desc)", + "name": "order", + "in": "query" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/service.ListResponse-handler_riskResponse" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + }, + "post": { + "description": "Creates a risk register entry scoped to an SSP.", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "tags": [ + "Risks" + ], + "summary": "Create risk for SSP", + "parameters": [ + { + "type": "string", + "description": "SSP ID", + "name": "sspId", + "in": "path", + "required": true + }, + { + "description": "Risk payload", + "name": "risk", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/handler.createRiskRequest" + } + } + ], + "responses": { + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/handler.GenericDataResponse-handler_riskResponse" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + } + }, + "/ssp/{sspId}/risks/{id}": { + "get": { + "description": "Retrieves a risk register entry by ID scoped to an SSP.", + "produces": [ + "application/json" + ], + "tags": [ + "Risks" + ], + "summary": "Get risk for SSP", + "parameters": [ + { + "type": "string", + "description": "SSP ID", + "name": "sspId", + "in": "path", + "required": true + }, + { + "type": "string", + "description": "Risk ID", + "name": "id", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/handler.GenericDataResponse-handler_riskResponse" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + }, + "put": { + "description": "Updates a risk register entry by ID scoped to an SSP.", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "tags": [ + "Risks" + ], + "summary": "Update risk for SSP", + "parameters": [ + { + "type": "string", + "description": "SSP ID", + "name": "sspId", + "in": "path", + "required": true + }, + { + "type": "string", + "description": "Risk ID", + "name": "id", + "in": "path", + "required": true + }, + { + "description": "Risk payload", + "name": "risk", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/handler.updateRiskRequest" + } + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/handler.GenericDataResponse-handler_riskResponse" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + }, + "delete": { + "description": "Deletes a risk register entry by ID scoped to an SSP.", + "tags": [ + "Risks" + ], + "summary": "Delete risk for SSP", + "parameters": [ + { + "type": "string", + "description": "SSP ID", + "name": "sspId", + "in": "path", + "required": true + }, + { + "type": "string", + "description": "Risk ID", + "name": "id", + "in": "path", + "required": true + } + ], + "responses": { + "204": { + "description": "No Content" + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + } + }, + "/ssp/{sspId}/risks/{id}/accept": { + "post": { + "description": "Accepts a risk by ID scoped to an SSP.", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "tags": [ + "Risks" + ], + "summary": "Accept risk for SSP", + "parameters": [ + { + "type": "string", + "description": "SSP ID", + "name": "sspId", + "in": "path", + "required": true + }, + { + "type": "string", + "description": "Risk ID", + "name": "id", + "in": "path", + "required": true + }, + { + "description": "Accept payload", + "name": "body", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/handler.acceptRiskRequest" + } + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/handler.GenericDataResponse-handler_riskResponse" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + } + }, + "/ssp/{sspId}/risks/{id}/review": { + "post": { + "description": "Records a risk review by ID scoped to an SSP. nextReviewDeadline is required for decision=extend and must be omitted for decision=reopen.", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "tags": [ + "Risks" + ], + "summary": "Review risk for SSP", + "parameters": [ + { + "type": "string", + "description": "SSP ID", + "name": "sspId", + "in": "path", + "required": true + }, + { + "type": "string", + "description": "Risk ID", + "name": "id", + "in": "path", + "required": true + }, + { + "description": "Review payload", + "name": "body", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/handler.reviewRiskRequest" + } + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/handler.GenericDataResponse-handler_riskResponse" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + } + }, + "/subject-templates": { + "get": { + "description": "List subject templates with optional filters and pagination.", + "produces": [ + "application/json" + ], + "tags": [ + "Subject Templates" + ], + "summary": "List subject templates", + "parameters": [ + { + "type": "string", + "description": "Subject type", + "name": "type", + "in": "query" + }, + { + "type": "string", + "description": "Source mode", + "name": "sourceMode", + "in": "query" + }, + { + "type": "integer", + "description": "Page number", + "name": "page", + "in": "query" + }, + { + "type": "integer", + "description": "Page size", + "name": "limit", + "in": "query" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/service.ListResponse-templates_subjectTemplateResponse" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + }, + "post": { + "description": "Create a subject template with selector labels and label schema.", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "tags": [ + "Subject Templates" + ], + "summary": "Create subject template", + "parameters": [ + { + "description": "Subject template payload", + "name": "template", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/templates.upsertSubjectTemplateRequest" + } + } + ], + "responses": { + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/templates.subjectTemplateDataResponse" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + } + }, + "/subject-templates/{id}": { + "get": { + "description": "Get a subject template by ID.", + "produces": [ + "application/json" + ], + "tags": [ + "Subject Templates" + ], + "summary": "Get subject template", + "parameters": [ + { + "type": "string", + "description": "Subject Template ID", + "name": "id", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/templates.subjectTemplateDataResponse" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + }, + "put": { + "description": "Update a subject template and atomically replace selector labels and label schema.", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "tags": [ + "Subject Templates" + ], + "summary": "Update subject template", + "parameters": [ + { + "type": "string", + "description": "Subject Template ID", + "name": "id", + "in": "path", + "required": true + }, + { + "description": "Subject template payload", + "name": "template", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/templates.upsertSubjectTemplateRequest" + } + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/templates.subjectTemplateDataResponse" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + } + }, + "/users/me": { + "get": { + "description": "Retrieves the details of the currently logged-in user", + "produces": [ + "application/json" + ], + "tags": [ + "Users" + ], + "summary": "Get logged-in user details", + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/handler.GenericDataResponse-relational_User" + } + }, + "401": { + "description": "Unauthorized", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + } + }, + "/users/me/change-password": { + "post": { + "description": "Changes the password for the currently logged-in user", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "tags": [ + "Users" + ], + "summary": "Change password for logged-in user", + "parameters": [ + { + "description": "Change Password Request", + "name": "changePasswordRequest", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/handler.UserHandler" + } + } + ], + "responses": { + "204": { + "description": "No Content" + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "401": { + "description": "Unauthorized", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + } + }, + "/users/me/subscriptions": { + "get": { + "description": "Gets the current user's digest and workflow notification email preferences", + "produces": [ + "application/json" + ], + "tags": [ + "Users" + ], + "summary": "Get notification preferences", + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/handler.GenericDataResponse-handler_SubscriptionsResponse" + } + }, + "401": { + "description": "Unauthorized", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + }, + "put": { + "description": "Updates the current user's digest and workflow notification email preferences", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "tags": [ + "Users" + ], + "summary": "Update notification preferences", + "parameters": [ + { + "description": "Notification preferences", + "name": "subscription", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/handler.UpdateSubscriptionsRequest" + } + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/handler.GenericDataResponse-handler_SubscriptionsResponse" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "401": { + "description": "Unauthorized", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + } + }, + "/users/{id}/change-password": { + "post": { + "description": "Changes the password for a user by ID", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "tags": [ + "Users" + ], + "summary": "Change password for a specific user", + "parameters": [ + { + "type": "string", + "description": "User ID", + "name": "id", + "in": "path", + "required": true + }, + { + "description": "Change Password Request", + "name": "changePasswordRequest", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/handler.UserHandler" + } + } + ], + "responses": { + "204": { + "description": "No Content" + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "401": { + "description": "Unauthorized", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + } + }, + "/workflows/control-relationships": { + "get": { + "description": "List all control relationships, optionally filtered by workflow definition", + "produces": [ + "application/json" + ], + "tags": [ + "Control Relationships" + ], + "summary": "List control relationships", + "parameters": [ + { + "type": "string", + "description": "Workflow Definition ID", + "name": "workflow_definition_id", + "in": "query" + }, + { + "type": "string", + "description": "Control ID", + "name": "control_id", + "in": "query" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/workflows.ControlRelationshipListResponse" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "401": { + "description": "Unauthorized", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + }, + "post": { + "description": "Create a new control relationship for a workflow", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "tags": [ + "Control Relationships" + ], + "summary": "Create control relationship", + "parameters": [ + { + "description": "Control relationship details", + "name": "request", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/workflows.CreateControlRelationshipRequest" + } + } + ], + "responses": { + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/workflows.ControlRelationshipResponse" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "401": { + "description": "Unauthorized", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + } + }, + "/workflows/control-relationships/{id}": { + "get": { + "description": "Get control relationship by ID", + "produces": [ + "application/json" + ], + "tags": [ + "Control Relationships" + ], + "summary": "Get control relationship", + "parameters": [ + { + "type": "string", + "description": "Control Relationship ID", + "name": "id", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/workflows.ControlRelationshipResponse" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "401": { + "description": "Unauthorized", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + }, + "put": { + "description": "Update an existing control relationship", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "tags": [ + "Control Relationships" + ], + "summary": "Update control relationship", + "parameters": [ + { + "type": "string", + "description": "Control Relationship ID", + "name": "id", + "in": "path", + "required": true + }, + { + "description": "Update details", + "name": "request", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/workflows.UpdateControlRelationshipRequest" + } + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/workflows.ControlRelationshipResponse" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "401": { + "description": "Unauthorized", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + }, + "delete": { + "description": "Delete a control relationship", + "tags": [ + "Control Relationships" + ], + "summary": "Delete control relationship", + "parameters": [ + { + "type": "string", + "description": "Control Relationship ID", + "name": "id", + "in": "path", + "required": true + } + ], + "responses": { + "204": { + "description": "No Content" + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "401": { + "description": "Unauthorized", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + } + }, + "/workflows/control-relationships/{id}/activate": { + "put": { + "description": "Activate a control relationship", + "produces": [ + "application/json" + ], + "tags": [ + "Control Relationships" + ], + "summary": "Activate control relationship", + "parameters": [ + { + "type": "string", + "description": "Control Relationship ID", + "name": "id", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/workflows.ControlRelationshipResponse" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "401": { + "description": "Unauthorized", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + } + }, + "/workflows/control-relationships/{id}/deactivate": { + "put": { + "description": "Deactivate a control relationship", + "produces": [ + "application/json" + ], + "tags": [ + "Control Relationships" + ], + "summary": "Deactivate control relationship", + "parameters": [ + { + "type": "string", + "description": "Control Relationship ID", + "name": "id", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/workflows.ControlRelationshipResponse" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "401": { + "description": "Unauthorized", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + } + }, + "/workflows/definitions": { + "get": { + "description": "List all workflow definition templates", + "produces": [ + "application/json" + ], + "tags": [ + "Workflow Definitions" + ], + "summary": "List workflow definitions", + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/workflows.WorkflowDefinitionListResponse" + } + }, + "401": { + "description": "Unauthorized", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + }, + "post": { + "description": "Create a new workflow definition template", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "tags": [ + "Workflow Definitions" + ], + "summary": "Create workflow definition", + "parameters": [ + { + "description": "Workflow definition details", + "name": "request", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/workflows.CreateWorkflowDefinitionRequest" + } + } + ], + "responses": { + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/workflows.WorkflowDefinitionResponse" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "401": { + "description": "Unauthorized", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + } + }, + "/workflows/definitions/{id}": { + "get": { + "description": "Get workflow definition by ID", + "produces": [ + "application/json" + ], + "tags": [ + "Workflow Definitions" + ], + "summary": "Get workflow definition", + "parameters": [ + { + "type": "string", + "description": "Workflow Definition ID", + "name": "id", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/workflows.WorkflowDefinitionResponse" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "401": { + "description": "Unauthorized", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + }, + "put": { + "description": "Update workflow definition by ID", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "tags": [ + "Workflow Definitions" + ], + "summary": "Update workflow definition", + "parameters": [ + { + "type": "string", + "description": "Workflow Definition ID", + "name": "id", + "in": "path", + "required": true + }, + { + "description": "Updated workflow definition details", + "name": "request", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/workflows.UpdateWorkflowDefinitionRequest" + } + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/workflows.WorkflowDefinitionResponse" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "401": { + "description": "Unauthorized", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + }, + "delete": { + "description": "Delete workflow definition by ID", + "produces": [ + "application/json" + ], + "tags": [ + "Workflow Definitions" + ], + "summary": "Delete workflow definition", + "parameters": [ + { + "type": "string", + "description": "Workflow Definition ID", + "name": "id", + "in": "path", + "required": true + } + ], + "responses": { + "204": { + "description": "No Content" + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "401": { + "description": "Unauthorized", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + } + }, + "/workflows/executions": { + "get": { + "description": "List all executions for a workflow instance", + "produces": [ + "application/json" + ], + "tags": [ + "Workflow Executions" + ], + "summary": "List workflow executions", + "parameters": [ + { + "type": "string", + "description": "Workflow Instance ID", + "name": "workflow_instance_id", + "in": "query", + "required": true + }, + { + "type": "integer", + "description": "Limit", + "name": "limit", + "in": "query" + }, + { + "type": "integer", + "description": "Offset", + "name": "offset", + "in": "query" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/workflows.WorkflowExecutionListResponse" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "401": { + "description": "Unauthorized", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + }, + "post": { + "description": "Start a new execution of a workflow instance", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "tags": [ + "Workflow Executions" + ], + "summary": "Start workflow execution", + "parameters": [ + { + "description": "Execution details", + "name": "request", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/workflows.StartWorkflowExecutionRequest" + } + } + ], + "responses": { + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/workflows.WorkflowExecutionResponse" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "401": { + "description": "Unauthorized", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + } + }, + "/workflows/executions/{id}": { + "get": { + "description": "Get workflow execution by ID", + "produces": [ + "application/json" + ], + "tags": [ + "Workflow Executions" + ], + "summary": "Get workflow execution", + "parameters": [ + { + "type": "string", + "description": "Workflow Execution ID", + "name": "id", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/workflows.WorkflowExecutionResponse" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "401": { + "description": "Unauthorized", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + } + }, + "/workflows/executions/{id}/cancel": { + "put": { + "description": "Cancel a running workflow execution", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "tags": [ + "Workflow Executions" + ], + "summary": "Cancel workflow execution", + "parameters": [ + { + "type": "string", + "description": "Workflow Execution ID", + "name": "id", + "in": "path", + "required": true + }, + { + "description": "Cancel details", + "name": "request", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/workflows.CancelWorkflowExecutionRequest" + } + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/workflows.WorkflowExecutionResponse" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "401": { + "description": "Unauthorized", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + } + }, + "/workflows/executions/{id}/metrics": { + "get": { + "description": "Get performance metrics for a workflow execution", + "produces": [ + "application/json" + ], + "tags": [ + "Workflow Executions" + ], + "summary": "Get workflow execution metrics", + "parameters": [ + { + "type": "string", + "description": "Workflow Execution ID", + "name": "id", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/workflows.WorkflowExecutionMetricsResponse" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "401": { + "description": "Unauthorized", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + } + }, + "/workflows/executions/{id}/reassign-role": { + "put": { + "description": "Reassign eligible steps in an execution for a given role", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "tags": [ + "Workflow Executions" + ], + "summary": "Bulk reassign steps by role", + "parameters": [ + { + "type": "string", + "description": "Workflow Execution ID", + "name": "id", + "in": "path", + "required": true + }, + { + "description": "Bulk reassignment details", + "name": "request", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/workflows.ReassignRoleRequest" + } + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/workflows.BulkReassignRoleResponse" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "401": { + "description": "Unauthorized", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + } + }, + "/workflows/executions/{id}/retry": { + "post": { + "description": "Create a new execution to retry a failed workflow", + "produces": [ + "application/json" + ], + "tags": [ + "Workflow Executions" + ], + "summary": "Retry workflow execution", + "parameters": [ + { + "type": "string", + "description": "Workflow Execution ID", + "name": "id", + "in": "path", + "required": true + } + ], + "responses": { + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/workflows.WorkflowExecutionResponse" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "401": { + "description": "Unauthorized", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + } + }, + "/workflows/executions/{id}/status": { + "get": { + "description": "Get detailed status of a workflow execution including step counts", + "produces": [ + "application/json" + ], + "tags": [ + "Workflow Executions" + ], + "summary": "Get workflow execution status", + "parameters": [ + { + "type": "string", + "description": "Workflow Execution ID", + "name": "id", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/workflows.WorkflowExecutionStatusResponse" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "401": { + "description": "Unauthorized", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + } + }, + "/workflows/instances": { + "get": { + "description": "List all workflow instances with optional filtering", + "produces": [ + "application/json" + ], + "tags": [ + "Workflow Instances" + ], + "summary": "List workflow instances", + "parameters": [ + { + "type": "string", + "description": "Filter by Workflow Definition ID", + "name": "workflow_definition_id", + "in": "query" + }, + { + "type": "string", + "description": "Filter by System Security Plan ID", + "name": "system_security_plan_id", + "in": "query" + }, + { + "type": "boolean", + "description": "Filter by Active Status", + "name": "is_active", + "in": "query" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/workflows.WorkflowInstanceListResponse" + } + }, + "401": { + "description": "Unauthorized", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + }, + "post": { + "description": "Create a new workflow instance for a specific system", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "tags": [ + "Workflow Instances" + ], + "summary": "Create workflow instance", + "parameters": [ + { + "description": "Workflow instance details", + "name": "request", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/workflows.CreateWorkflowInstanceRequest" + } + } + ], + "responses": { + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/workflows.WorkflowInstanceResponse" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "401": { + "description": "Unauthorized", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + } + }, + "/workflows/instances/{id}": { + "get": { + "description": "Get workflow instance by ID", + "produces": [ + "application/json" + ], + "tags": [ + "Workflow Instances" + ], + "summary": "Get workflow instance", + "parameters": [ + { + "type": "string", + "description": "Workflow Instance ID", + "name": "id", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/workflows.WorkflowInstanceResponse" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "401": { + "description": "Unauthorized", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + }, + "put": { + "description": "Update workflow instance by ID", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "tags": [ + "Workflow Instances" + ], + "summary": "Update workflow instance", + "parameters": [ + { + "type": "string", + "description": "Workflow Instance ID", + "name": "id", + "in": "path", + "required": true + }, + { + "description": "Updated workflow instance details", + "name": "request", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/workflows.UpdateWorkflowInstanceRequest" + } + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/workflows.WorkflowInstanceResponse" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "401": { + "description": "Unauthorized", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + }, + "delete": { + "description": "Delete workflow instance by ID", + "produces": [ + "application/json" + ], + "tags": [ + "Workflow Instances" + ], + "summary": "Delete workflow instance", + "parameters": [ + { + "type": "string", + "description": "Workflow Instance ID", + "name": "id", + "in": "path", + "required": true + } + ], + "responses": { + "204": { + "description": "No Content" + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "401": { + "description": "Unauthorized", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + } + }, + "/workflows/instances/{id}/activate": { + "put": { + "description": "Activate a workflow instance to enable scheduled executions", + "produces": [ + "application/json" + ], + "tags": [ + "Workflow Instances" + ], + "summary": "Activate workflow instance", + "parameters": [ + { + "type": "string", + "description": "Workflow Instance ID", + "name": "id", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/workflows.WorkflowInstanceResponse" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "401": { + "description": "Unauthorized", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + } + }, + "/workflows/instances/{id}/deactivate": { + "put": { + "description": "Deactivate a workflow instance to disable scheduled executions", + "produces": [ + "application/json" + ], + "tags": [ + "Workflow Instances" + ], + "summary": "Deactivate workflow instance", + "parameters": [ + { + "type": "string", + "description": "Workflow Instance ID", + "name": "id", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/workflows.WorkflowInstanceResponse" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "401": { + "description": "Unauthorized", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + } + }, + "/workflows/role-assignments": { + "get": { + "description": "List all role assignments, optionally filtered by workflow instance", + "produces": [ + "application/json" + ], + "tags": [ + "Role Assignments" + ], + "summary": "List role assignments", + "parameters": [ + { + "type": "string", + "description": "Workflow Instance ID", + "name": "workflow_instance_id", + "in": "query" + }, + { + "type": "string", + "description": "Role Name", + "name": "role_name", + "in": "query" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/workflows.RoleAssignmentListResponse" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "401": { + "description": "Unauthorized", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + }, + "post": { + "description": "Create a new role assignment for a workflow instance", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "tags": [ + "Role Assignments" + ], + "summary": "Create role assignment", + "parameters": [ + { + "description": "Role assignment details", + "name": "request", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/workflows.CreateRoleAssignmentRequest" + } + } + ], + "responses": { + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/workflows.RoleAssignmentResponse" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "401": { + "description": "Unauthorized", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + } + }, + "/workflows/role-assignments/{id}": { + "get": { + "description": "Get role assignment by ID", + "produces": [ + "application/json" + ], + "tags": [ + "Role Assignments" + ], + "summary": "Get role assignment", + "parameters": [ + { + "type": "string", + "description": "Role Assignment ID", + "name": "id", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/workflows.RoleAssignmentResponse" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "401": { + "description": "Unauthorized", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + }, + "put": { + "description": "Update an existing role assignment", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "tags": [ + "Role Assignments" + ], + "summary": "Update role assignment", + "parameters": [ + { + "type": "string", + "description": "Role Assignment ID", + "name": "id", + "in": "path", + "required": true + }, + { + "description": "Update details", + "name": "request", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/workflows.UpdateRoleAssignmentRequest" + } + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/workflows.RoleAssignmentResponse" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "401": { + "description": "Unauthorized", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + }, + "delete": { + "description": "Delete a role assignment", + "tags": [ + "Role Assignments" + ], + "summary": "Delete role assignment", + "parameters": [ + { + "type": "string", + "description": "Role Assignment ID", + "name": "id", + "in": "path", + "required": true + } + ], + "responses": { + "204": { + "description": "No Content" + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "401": { + "description": "Unauthorized", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + } + }, + "/workflows/role-assignments/{id}/activate": { + "put": { + "description": "Activate a role assignment", + "produces": [ + "application/json" + ], + "tags": [ + "Role Assignments" + ], + "summary": "Activate role assignment", + "parameters": [ + { + "type": "string", + "description": "Role Assignment ID", + "name": "id", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/workflows.RoleAssignmentResponse" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "401": { + "description": "Unauthorized", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + } + }, + "/workflows/role-assignments/{id}/deactivate": { + "put": { + "description": "Deactivate a role assignment", + "produces": [ + "application/json" + ], + "tags": [ + "Role Assignments" + ], + "summary": "Deactivate role assignment", + "parameters": [ + { + "type": "string", + "description": "Role Assignment ID", + "name": "id", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/workflows.RoleAssignmentResponse" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "401": { + "description": "Unauthorized", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + } + }, + "/workflows/step-executions": { + "get": { + "description": "List all step executions for a workflow execution", + "produces": [ + "application/json" + ], + "tags": [ + "Step Executions" + ], + "summary": "List step executions", + "parameters": [ + { + "type": "string", + "description": "Workflow Execution ID", + "name": "workflow_execution_id", + "in": "query", + "required": true + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/workflows.StepExecutionListResponse" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "401": { + "description": "Unauthorized", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + } + }, + "/workflows/step-executions/my": { + "get": { + "description": "List all step executions assigned to the current user with optional filters and pagination", + "produces": [ + "application/json" + ], + "tags": [ + "Step Executions" + ], + "summary": "List my step assignments", + "parameters": [ + { + "type": "string", + "description": "Filter by status (pending, in_progress, blocked)", + "name": "status", + "in": "query" + }, + { + "type": "string", + "description": "Filter by due date before (RFC3339 format)", + "name": "due_before", + "in": "query" + }, + { + "type": "string", + "description": "Filter by due date after (RFC3339 format)", + "name": "due_after", + "in": "query" + }, + { + "type": "string", + "description": "Filter by workflow definition ID", + "name": "workflow_definition_id", + "in": "query" + }, + { + "type": "integer", + "description": "Limit (default 20, max 100)", + "name": "limit", + "in": "query" + }, + { + "type": "integer", + "description": "Offset (default 0)", + "name": "offset", + "in": "query" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/workflows.MyAssignmentsResponse" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "401": { + "description": "Unauthorized", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + } + }, + "/workflows/step-executions/{id}": { + "get": { + "description": "Get step execution by ID", + "produces": [ + "application/json" + ], + "tags": [ + "Step Executions" + ], + "summary": "Get step execution", + "parameters": [ + { + "type": "string", + "description": "Step Execution ID", + "name": "id", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/workflows.StepExecutionResponse" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "401": { + "description": "Unauthorized", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + } + }, + "/workflows/step-executions/{id}/can-transition": { + "get": { + "description": "Check if a user has permission to transition a step execution", + "produces": [ + "application/json" + ], + "tags": [ + "Step Executions" + ], + "summary": "Check if user can transition step", + "parameters": [ + { + "type": "string", + "description": "Step Execution ID", + "name": "id", + "in": "path", + "required": true + }, + { + "type": "string", + "description": "User ID", + "name": "user_id", + "in": "query", + "required": true + }, + { + "type": "string", + "description": "User Type (user, group, email)", + "name": "user_type", + "in": "query", + "required": true + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "type": "object", + "additionalProperties": true + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + } + }, + "/workflows/step-executions/{id}/evidence-requirements": { + "get": { + "description": "Get the evidence requirements for a step execution", + "produces": [ + "application/json" + ], + "tags": [ + "Step Executions" + ], + "summary": "Get evidence requirements for step", + "parameters": [ + { + "type": "string", + "description": "Step Execution ID", + "name": "id", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "type": "object", + "additionalProperties": true + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + } + }, + "/workflows/step-executions/{id}/fail": { + "put": { + "description": "Mark a step execution as failed with a reason", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "tags": [ + "Step Executions" + ], + "summary": "Fail step execution", + "parameters": [ + { + "type": "string", + "description": "Step Execution ID", + "name": "id", + "in": "path", + "required": true + }, + { + "description": "Failure details", + "name": "request", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/workflows.FailStepRequest" + } + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/workflows.StepExecutionResponse" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "401": { + "description": "Unauthorized", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + } + }, + "/workflows/step-executions/{id}/reassign": { + "put": { + "description": "Reassign a step execution to a new assignee", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "tags": [ + "Step Executions" + ], + "summary": "Reassign step execution", + "parameters": [ + { + "type": "string", + "description": "Step Execution ID", + "name": "id", + "in": "path", + "required": true + }, + { + "description": "Reassignment details", + "name": "request", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/workflows.ReassignStepRequest" + } + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/workflows.StepExecutionResponse" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "401": { + "description": "Unauthorized", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + } + }, + "/workflows/step-executions/{id}/transition": { + "put": { + "description": "Transition a step execution status with role verification and evidence validation", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "tags": [ + "Step Executions" + ], + "summary": "Transition step execution status", + "parameters": [ + { + "type": "string", + "description": "Step Execution ID", + "name": "id", + "in": "path", + "required": true + }, + { + "description": "Transition request", + "name": "request", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/workflows.TransitionStepRequest" + } + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/workflows.StepExecutionResponse" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "401": { + "description": "Unauthorized", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "403": { + "description": "Forbidden", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + } + }, + "/workflows/steps": { + "get": { + "description": "List all step definitions for a workflow definition", + "produces": [ + "application/json" + ], + "tags": [ + "Workflow Step Definitions" + ], + "summary": "List workflow step definitions", + "parameters": [ + { + "type": "string", + "description": "Workflow Definition ID", + "name": "workflow_definition_id", + "in": "query", + "required": true + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/workflows.WorkflowStepDefinitionListResponse" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "401": { + "description": "Unauthorized", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + }, + "post": { + "description": "Create a new step definition for a workflow", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "tags": [ + "Workflow Step Definitions" + ], + "summary": "Create workflow step definition", + "parameters": [ + { + "description": "Step definition details", + "name": "request", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/workflows.CreateWorkflowStepDefinitionRequest" + } + } + ], + "responses": { + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/workflows.WorkflowStepDefinitionResponse" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "401": { + "description": "Unauthorized", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + } + }, + "/workflows/steps/{id}": { + "get": { + "description": "Get workflow step definition by ID", + "produces": [ + "application/json" + ], + "tags": [ + "Workflow Step Definitions" + ], + "summary": "Get workflow step definition", + "parameters": [ + { + "type": "string", + "description": "Step Definition ID", + "name": "id", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/workflows.WorkflowStepDefinitionResponse" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "401": { + "description": "Unauthorized", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + }, + "put": { + "description": "Update workflow step definition by ID", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "tags": [ + "Workflow Step Definitions" + ], + "summary": "Update workflow step definition", + "parameters": [ + { + "type": "string", + "description": "Step Definition ID", + "name": "id", + "in": "path", + "required": true + }, + { + "description": "Updated step definition details", + "name": "request", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/workflows.UpdateWorkflowStepDefinitionRequest" + } + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/workflows.WorkflowStepDefinitionResponse" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "401": { + "description": "Unauthorized", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + }, + "delete": { + "description": "Delete workflow step definition by ID", + "produces": [ + "application/json" + ], + "tags": [ + "Workflow Step Definitions" + ], + "summary": "Delete workflow step definition", + "parameters": [ + { + "type": "string", + "description": "Step Definition ID", + "name": "id", + "in": "path", + "required": true + } + ], + "responses": { + "204": { + "description": "No Content" + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "401": { + "description": "Unauthorized", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + } + }, + "/workflows/steps/{id}/dependencies": { + "get": { + "description": "Get all dependencies for a workflow step definition", + "produces": [ + "application/json" + ], + "tags": [ + "Workflow Step Definitions" + ], + "summary": "Get step dependencies", + "parameters": [ + { + "type": "string", + "description": "Step Definition ID", + "name": "id", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/workflows.WorkflowStepDefinitionListResponse" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "401": { + "description": "Unauthorized", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + } + } + }, + "definitions": { + "api.Error": { + "type": "object", + "properties": { + "errors": { + "type": "object", + "additionalProperties": {} + } + } + }, + "auth.AuthHandler": { + "type": "object" + }, + "authn.JWK": { + "type": "object", + "properties": { + "alg": { + "type": "string" + }, + "e": { + "type": "string" + }, + "kid": { + "type": "string" + }, + "kty": { + "type": "string" + }, + "n": { + "type": "string" + }, + "use": { + "type": "string" + } + } + }, + "datatypes.JSONType-labelfilter_Filter": { + "type": "object" + }, + "datatypes.JSONType-oscalTypes_1_1_3_ObjectiveStatus": { + "type": "object" + }, + "datatypes.JSONType-relational_Address": { + "type": "object" + }, + "datatypes.JSONType-relational_Base64": { + "type": "object" + }, + "datatypes.JSONType-relational_Citation": { + "type": "object" + }, + "datatypes.JSONType-relational_CombinationRule": { + "type": "object" + }, + "datatypes.JSONType-relational_FlatWithoutGrouping": { + "type": "object" + }, + "datatypes.JSONType-relational_ImplementationStatus": { + "type": "object" + }, + "datatypes.JSONType-relational_ImportProfile": { + "type": "object" + }, + "datatypes.JSONType-relational_IncludeAll": { + "type": "object" + }, + "datatypes.JSONType-relational_ParameterSelection": { + "type": "object" + }, + "datatypes.JSONType-relational_SecurityImpactLevel": { + "type": "object" + }, + "datatypes.JSONType-relational_Status": { "type": "object" }, - "datatypes.JSONType-relational_Address": { - "type": "object" + "datatypes.JSONType-relational_SystemComponentStatus": { + "type": "object" + }, + "datatypes.JSONType-relational_SystemInformation": { + "type": "object" + }, + "digest.EvidenceItem": { + "type": "object", + "properties": { + "description": { + "type": "string" + }, + "expiresAt": { + "description": "Formatted expiration date string (empty if no expiration)", + "type": "string" + }, + "id": { + "type": "string" + }, + "labels": { + "type": "array", + "items": { + "type": "string" + } + }, + "status": { + "type": "string" + }, + "title": { + "type": "string" + }, + "uuid": { + "type": "string" + } + } + }, + "digest.EvidenceSummary": { + "type": "object", + "properties": { + "expiredCount": { + "type": "integer", + "format": "int64" + }, + "notSatisfiedCount": { + "type": "integer", + "format": "int64" + }, + "otherCount": { + "type": "integer", + "format": "int64" + }, + "satisfiedCount": { + "type": "integer", + "format": "int64" + }, + "topExpired": { + "description": "Top items for the digest email", + "type": "array", + "items": { + "$ref": "#/definitions/digest.EvidenceItem" + } + }, + "topNotSatisfied": { + "type": "array", + "items": { + "$ref": "#/definitions/digest.EvidenceItem" + } + }, + "totalCount": { + "type": "integer", + "format": "int64" + } + } + }, + "evidence.StatusCount": { + "type": "object", + "properties": { + "count": { + "type": "integer" + }, + "status": { + "type": "string" + } + } + }, + "gorm.DeletedAt": { + "type": "object", + "properties": { + "time": { + "type": "string" + }, + "valid": { + "description": "Valid is true if Time is not NULL", + "type": "boolean" + } + } + }, + "handler.EvidenceActivity": { + "type": "object", + "properties": { + "description": { + "type": "string" + }, + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Link" + } + }, + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Property" + } + }, + "remarks": { + "type": "string" + }, + "steps": { + "type": "array", + "items": { + "$ref": "#/definitions/handler.EvidenceActivityStep" + } + }, + "title": { + "type": "string" + }, + "uuid": { + "type": "string" + } + } + }, + "handler.EvidenceActivityStep": { + "type": "object", + "properties": { + "description": { + "type": "string" + }, + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Link" + } + }, + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Property" + } + }, + "remarks": { + "type": "string" + }, + "title": { + "type": "string" + }, + "uuid": { + "type": "string" + } + } + }, + "handler.EvidenceComponent": { + "type": "object", + "properties": { + "description": { + "type": "string" + }, + "identifier": { + "description": "components/common/ssh\ncomponents/common/github-repository\ncomponents/common/github-organisation\ncomponents/common/ubuntu-22\ncomponents/internal/auth-policy", + "type": "string" + }, + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Link" + } + }, + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Property" + } + }, + "protocols": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Protocol" + } + }, + "purpose": { + "type": "string" + }, + "remarks": { + "type": "string" + }, + "title": { + "type": "string" + }, + "type": { + "description": "Software\nService", + "type": "string" + } + } + }, + "handler.EvidenceCreateRequest": { + "type": "object", + "properties": { + "activities": { + "description": "What steps did we take to create this evidence", + "type": "array", + "items": { + "$ref": "#/definitions/handler.EvidenceActivity" + } + }, + "back-matter": { + "$ref": "#/definitions/oscalTypes_1_1_3.BackMatter" + }, + "components": { + "description": "Which components of the subject are being observed. A tool, user, policy etc.", + "type": "array", + "items": { + "$ref": "#/definitions/handler.EvidenceComponent" + } + }, + "description": { + "type": "string" + }, + "end": { + "type": "string" + }, + "expires": { + "type": "string" + }, + "inventoryItems": { + "type": "array", + "items": { + "$ref": "#/definitions/handler.EvidenceInventoryItem" + } + }, + "labels": { + "description": "Assigning labels to Evidence makes it searchable and easily usable in the UI", + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Link" + } + }, + "origins": { + "description": "Who or What is generating this evidence", + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Origin" + } + }, + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Property" + } + }, + "remarks": { + "type": "string" + }, + "start": { + "description": "When did we start collecting the evidence, and when did the process end, and how long is it valid for ?", + "type": "string" + }, + "status": { + "description": "Did we satisfy what was being tested for, or did we fail ?", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.ObjectiveStatus" + } + ] + }, + "subjects": { + "description": "Who or What are we providing evidence for. What's under test.", + "type": "array", + "items": { + "$ref": "#/definitions/handler.EvidenceSubject" + } + }, + "title": { + "type": "string" + }, + "uuid": { + "description": "UUID needs to remain consistent for a piece of evidence being collected periodically.\nIt represents the \"stream\" of the same observation being made over time.\nFor the same checks, performed on the same machine, the UUID for each check should remain the same.\nFor the same check, performed on two different machines, the UUID should differ.", + "type": "string" + } + } + }, + "handler.EvidenceInventoryItem": { + "type": "object", + "properties": { + "description": { + "type": "string" + }, + "identifier": { + "description": "user/chris@linguine.tech\noperating-system/ubuntu/22.4\nweb-server/ec2/i-12345", + "type": "string" + }, + "implementedComponents": { + "type": "array", + "items": { + "type": "object", + "properties": { + "identifier": { + "type": "string" + } + } + } + }, + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Link" + } + }, + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Property" + } + }, + "remarks": { + "type": "string" + }, + "title": { + "type": "string" + }, + "type": { + "description": "\"operating-system\"\tdescription=\"System software that manages computer hardware, software resources, and provides common services for computer programs.\"\n\"database\"\t\t\tdescription=\"An electronic collection of data, or information, that is specially organized for rapid search and retrieval.\"\n\"web-server\"\t\t\tdescription=\"A system that delivers content or services to end users over the Internet or an intranet.\"\n\"dns-server\"\t\t\tdescription=\"A system that resolves domain names to internet protocol (IP) addresses.\"\n\"email-server\"\t\tdescription=\"A computer system that sends and receives electronic mail messages.\"\n\"directory-server\"\tdescription=\"A system that stores, organizes and provides access to directory information in order to unify network resources.\"\n\"pbx\"\t\t\t\tdescription=\"A private branch exchange (PBX) provides a a private telephone switchboard.\"\n\"firewall\"\t\t\tdescription=\"A network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules.\"\n\"router\"\t\t\t\tdescription=\"A physical or virtual networking device that forwards data packets between computer networks.\"\n\"switch\"\t\t\t\tdescription=\"A physical or virtual networking device that connects devices within a computer network by using packet switching to receive and forward data to the destination device.\"\n\"storage-array\"\t\tdescription=\"A consolidated, block-level data storage capability.\"\n\"appliance\"\t\t\tdescription=\"A physical or virtual machine that centralizes hardware, software, or services for a specific purpose.\"", + "type": "string" + } + } + }, + "handler.EvidenceSubject": { + "type": "object", + "properties": { + "description": { + "type": "string" + }, + "identifier": { + "type": "string" + }, + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Link" + } + }, + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Property" + } + }, + "remarks": { + "type": "string" + }, + "type": { + "description": "InventoryItem\nComponent", + "type": "string" + } + } + }, + "handler.FilterImportFileResult": { + "type": "object", + "properties": { + "count": { + "type": "integer" + }, + "filename": { + "type": "string" + }, + "message": { + "type": "string" + }, + "success": { + "type": "boolean" + } + } + }, + "handler.FilterImportResponse": { + "type": "object", + "properties": { + "failed_count": { + "type": "integer" + }, + "results": { + "type": "array", + "items": { + "$ref": "#/definitions/handler.FilterImportFileResult" + } + }, + "successful_count": { + "type": "integer" + }, + "total_dashboards": { + "type": "integer" + }, + "total_files": { + "type": "integer" + } + } + }, + "handler.FilterWithAssociations": { + "type": "object", + "properties": { + "components": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.SystemComponent" + } + }, + "controls": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Control" + } + }, + "filter": { + "$ref": "#/definitions/datatypes.JSONType-labelfilter_Filter" + }, + "id": { + "type": "string" + }, + "name": { + "type": "string" + } + } + }, + "handler.ForControl.EvidenceDataListResponse": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "type": "array", + "items": { + "$ref": "#/definitions/handler.OscalLikeEvidence" + } + }, + "metadata": { + "$ref": "#/definitions/handler.ForControl.responseMetadata" + } + } + }, + "handler.ForControl.responseMetadata": { + "type": "object", + "properties": { + "control": { + "$ref": "#/definitions/oscalTypes_1_1_3.Control" + } + } + }, + "handler.GenericDataListResponse-array_oscalTypes_1_1_3_Control": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "type": "array", + "items": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Control" + } + } + } + } + }, + "handler.GenericDataListResponse-evidence_StatusCount": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "type": "array", + "items": { + "$ref": "#/definitions/evidence.StatusCount" + } + } + } + }, + "handler.GenericDataListResponse-handler_FilterWithAssociations": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "type": "array", + "items": { + "$ref": "#/definitions/handler.FilterWithAssociations" + } + } + } + }, + "handler.GenericDataListResponse-handler_OscalLikeEvidence": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "type": "array", + "items": { + "$ref": "#/definitions/handler.OscalLikeEvidence" + } + } + } + }, + "handler.GenericDataListResponse-handler_OverTime_HeartbeatInterval": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "type": "array", + "items": { + "$ref": "#/definitions/handler.OverTime.HeartbeatInterval" + } + } + } + }, + "handler.GenericDataListResponse-handler_StatusInterval": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "type": "array", + "items": { + "$ref": "#/definitions/handler.StatusInterval" + } + } + } + }, + "handler.GenericDataListResponse-handler_milestoneResponse": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "type": "array", + "items": { + "$ref": "#/definitions/handler.milestoneResponse" + } + } + } + }, + "handler.GenericDataListResponse-handler_poamItemResponse": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "type": "array", + "items": { + "$ref": "#/definitions/handler.poamItemResponse" + } + } + } + }, + "handler.GenericDataListResponse-oscalTypes_1_1_3_AssessmentPlan": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentPlan" + } + } + } + }, + "handler.GenericDataListResponse-oscalTypes_1_1_3_AssessmentResults": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentResults" + } + } + } + }, + "handler.GenericDataListResponse-oscalTypes_1_1_3_AssociatedActivity": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.AssociatedActivity" + } + } + } + }, + "handler.GenericDataListResponse-oscalTypes_1_1_3_AttestationStatements": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.AttestationStatements" + } + } + } + }, + "handler.GenericDataListResponse-oscalTypes_1_1_3_Capability": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Capability" + } + } + } + }, + "handler.GenericDataListResponse-oscalTypes_1_1_3_Catalog": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Catalog" + } + } + } + }, + "handler.GenericDataListResponse-oscalTypes_1_1_3_ComponentDefinition": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.ComponentDefinition" + } + } + } + }, + "handler.GenericDataListResponse-oscalTypes_1_1_3_Control": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Control" + } + } + } + }, + "handler.GenericDataListResponse-oscalTypes_1_1_3_ControlImplementationSet": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.ControlImplementationSet" + } + } + } + }, + "handler.GenericDataListResponse-oscalTypes_1_1_3_ControlStatementImplementation": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.ControlStatementImplementation" + } + } + } + }, + "handler.GenericDataListResponse-oscalTypes_1_1_3_DefinedComponent": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.DefinedComponent" + } + } + } + }, + "handler.GenericDataListResponse-oscalTypes_1_1_3_Finding": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Finding" + } + } + } + }, + "handler.GenericDataListResponse-oscalTypes_1_1_3_Group": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Group" + } + } + } + }, + "handler.GenericDataListResponse-oscalTypes_1_1_3_ImplementedRequirement": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.ImplementedRequirement" + } + } + } + }, + "handler.GenericDataListResponse-oscalTypes_1_1_3_ImplementedRequirementControlImplementation": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.ImplementedRequirementControlImplementation" + } + } + } + }, + "handler.GenericDataListResponse-oscalTypes_1_1_3_Import": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Import" + } + } + } + }, + "handler.GenericDataListResponse-oscalTypes_1_1_3_ImportComponentDefinition": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.ImportComponentDefinition" + } + } + } + }, + "handler.GenericDataListResponse-oscalTypes_1_1_3_IncorporatesComponent": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.IncorporatesComponent" + } + } + } + }, + "handler.GenericDataListResponse-oscalTypes_1_1_3_InventoryItem": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.InventoryItem" + } + } + } + }, + "handler.GenericDataListResponse-oscalTypes_1_1_3_LeveragedAuthorization": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.LeveragedAuthorization" + } + } + } + }, + "handler.GenericDataListResponse-oscalTypes_1_1_3_Observation": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Observation" + } + } + } + }, + "handler.GenericDataListResponse-oscalTypes_1_1_3_Party": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Party" + } + } + } + }, + "handler.GenericDataListResponse-oscalTypes_1_1_3_PlanOfActionAndMilestones": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.PlanOfActionAndMilestones" + } + } + } + }, + "handler.GenericDataListResponse-oscalTypes_1_1_3_PoamItem": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.PoamItem" + } + } + } + }, + "handler.GenericDataListResponse-oscalTypes_1_1_3_Resource": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Resource" + } + } + } + }, + "handler.GenericDataListResponse-oscalTypes_1_1_3_Result": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Result" + } + } + } + }, + "handler.GenericDataListResponse-oscalTypes_1_1_3_Risk": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Risk" + } + } + } + }, + "handler.GenericDataListResponse-oscalTypes_1_1_3_Role": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Role" + } + } + } + }, + "handler.GenericDataListResponse-oscalTypes_1_1_3_SystemComponent": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.SystemComponent" + } + } + } + }, + "handler.GenericDataListResponse-oscalTypes_1_1_3_SystemSecurityPlan": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.SystemSecurityPlan" + } + } + } + }, + "handler.GenericDataListResponse-oscalTypes_1_1_3_SystemUser": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.SystemUser" + } + } + } + }, + "handler.GenericDataListResponse-oscal_InventoryItemWithSource": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "type": "array", + "items": { + "$ref": "#/definitions/oscal.InventoryItemWithSource" + } + } + } + }, + "handler.GenericDataListResponse-oscal_ProfileHandler": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "type": "array", + "items": { + "$ref": "#/definitions/oscal.ProfileHandler" + } + } + } + }, + "handler.GenericDataListResponse-poam_PoamItemControlLink": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "type": "array", + "items": { + "$ref": "#/definitions/poam.PoamItemControlLink" + } + } + } + }, + "handler.GenericDataListResponse-poam_PoamItemEvidenceLink": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "type": "array", + "items": { + "$ref": "#/definitions/poam.PoamItemEvidenceLink" + } + } + } + }, + "handler.GenericDataListResponse-poam_PoamItemFindingLink": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "type": "array", + "items": { + "$ref": "#/definitions/poam.PoamItemFindingLink" + } + } + } + }, + "handler.GenericDataListResponse-poam_PoamItemRiskLink": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "type": "array", + "items": { + "$ref": "#/definitions/poam.PoamItemRiskLink" + } + } + } + }, + "handler.GenericDataListResponse-relational_Evidence": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "type": "array", + "items": { + "$ref": "#/definitions/relational.Evidence" + } + } + } + }, + "handler.GenericDataListResponse-relational_SystemComponentSuggestion": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "type": "array", + "items": { + "$ref": "#/definitions/relational.SystemComponentSuggestion" + } + } + } + }, + "handler.GenericDataListResponse-relational_User": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "type": "array", + "items": { + "$ref": "#/definitions/relational.User" + } + } + } + }, + "handler.GenericDataResponse-array_oscalTypes_1_1_3_AssessmentAssets": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentAssets" + } + } + } + }, + "handler.GenericDataResponse-array_oscalTypes_1_1_3_AssessmentSubject": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentSubject" + } + } + } + }, + "handler.GenericDataResponse-array_oscalTypes_1_1_3_Task": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Task" + } + } + } + }, + "handler.GenericDataResponse-auth_AuthHandler": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/auth.AuthHandler" + } + ] + } + } + }, + "handler.GenericDataResponse-digest_EvidenceSummary": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/digest.EvidenceSummary" + } + ] + } + } + }, + "handler.GenericDataResponse-handler_FilterImportResponse": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/handler.FilterImportResponse" + } + ] + } + } + }, + "handler.GenericDataResponse-handler_FilterWithAssociations": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/handler.FilterWithAssociations" + } + ] + } + } + }, + "handler.GenericDataResponse-handler_OscalLikeEvidence": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/handler.OscalLikeEvidence" + } + ] + } + } + }, + "handler.GenericDataResponse-handler_SubscriptionsResponse": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/handler.SubscriptionsResponse" + } + ] + } + } + }, + "handler.GenericDataResponse-handler_milestoneResponse": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/handler.milestoneResponse" + } + ] + } + } + }, + "handler.GenericDataResponse-handler_poamItemResponse": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/handler.poamItemResponse" + } + ] + } + } + }, + "handler.GenericDataResponse-handler_riskResponse": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/handler.riskResponse" + } + ] + } + } + }, + "handler.GenericDataResponse-oscalTypes_1_1_3_Activity": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.Activity" + } + ] + } + } + }, + "handler.GenericDataResponse-oscalTypes_1_1_3_AssessmentAssets": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentAssets" + } + ] + } + } + }, + "handler.GenericDataResponse-oscalTypes_1_1_3_AssessmentPlan": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentPlan" + } + ] + } + } + }, + "handler.GenericDataResponse-oscalTypes_1_1_3_AssessmentPlanTermsAndConditions": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentPlanTermsAndConditions" + } + ] + } + } + }, + "handler.GenericDataResponse-oscalTypes_1_1_3_AssessmentResults": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentResults" + } + ] + } + } + }, + "handler.GenericDataResponse-oscalTypes_1_1_3_AssessmentSubject": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentSubject" + } + ] + } + } + }, + "handler.GenericDataResponse-oscalTypes_1_1_3_AttestationStatements": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.AttestationStatements" + } + ] + } + } + }, + "handler.GenericDataResponse-oscalTypes_1_1_3_AuthorizationBoundary": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.AuthorizationBoundary" + } + ] + } + } + }, + "handler.GenericDataResponse-oscalTypes_1_1_3_BackMatter": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.BackMatter" + } + ] + } + } + }, + "handler.GenericDataResponse-oscalTypes_1_1_3_ByComponent": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.ByComponent" + } + ] + } + } + }, + "handler.GenericDataResponse-oscalTypes_1_1_3_Capability": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.Capability" + } + ] + } + } + }, + "handler.GenericDataResponse-oscalTypes_1_1_3_Catalog": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.Catalog" + } + ] + } + } + }, + "handler.GenericDataResponse-oscalTypes_1_1_3_ComponentDefinition": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.ComponentDefinition" + } + ] + } + } + }, + "handler.GenericDataResponse-oscalTypes_1_1_3_Control": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.Control" + } + ] + } + } + }, + "handler.GenericDataResponse-oscalTypes_1_1_3_ControlImplementation": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.ControlImplementation" + } + ] + } + } + }, + "handler.GenericDataResponse-oscalTypes_1_1_3_ControlImplementationSet": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.ControlImplementationSet" + } + ] + } + } + }, + "handler.GenericDataResponse-oscalTypes_1_1_3_DataFlow": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.DataFlow" + } + ] + } + } + }, + "handler.GenericDataResponse-oscalTypes_1_1_3_DefinedComponent": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.DefinedComponent" + } + ] + } + } + }, + "handler.GenericDataResponse-oscalTypes_1_1_3_Diagram": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.Diagram" + } + ] + } + } + }, + "handler.GenericDataResponse-oscalTypes_1_1_3_Finding": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.Finding" + } + ] + } + } + }, + "handler.GenericDataResponse-oscalTypes_1_1_3_Group": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.Group" + } + ] + } + } + }, + "handler.GenericDataResponse-oscalTypes_1_1_3_ImplementedRequirement": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.ImplementedRequirement" + } + ] + } + } + }, + "handler.GenericDataResponse-oscalTypes_1_1_3_Import": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.Import" + } + ] + } + } + }, + "handler.GenericDataResponse-oscalTypes_1_1_3_ImportAp": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.ImportAp" + } + ] + } + } + }, + "handler.GenericDataResponse-oscalTypes_1_1_3_ImportProfile": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.ImportProfile" + } + ] + } + } + }, + "handler.GenericDataResponse-oscalTypes_1_1_3_ImportSsp": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.ImportSsp" + } + ] + } + } + }, + "handler.GenericDataResponse-oscalTypes_1_1_3_InventoryItem": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.InventoryItem" + } + ] + } + } + }, + "handler.GenericDataResponse-oscalTypes_1_1_3_LeveragedAuthorization": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.LeveragedAuthorization" + } + ] + } + } + }, + "handler.GenericDataResponse-oscalTypes_1_1_3_LocalDefinitions": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.LocalDefinitions" + } + ] + } + } + }, + "handler.GenericDataResponse-oscalTypes_1_1_3_Merge": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.Merge" + } + ] + } + } + }, + "handler.GenericDataResponse-oscalTypes_1_1_3_Metadata": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.Metadata" + } + ] + } + } + }, + "handler.GenericDataResponse-oscalTypes_1_1_3_Modify": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.Modify" + } + ] + } + } + }, + "handler.GenericDataResponse-oscalTypes_1_1_3_NetworkArchitecture": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.NetworkArchitecture" + } + ] + } + } + }, + "handler.GenericDataResponse-oscalTypes_1_1_3_Observation": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.Observation" + } + ] + } + } + }, + "handler.GenericDataResponse-oscalTypes_1_1_3_Party": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.Party" + } + ] + } + } + }, + "handler.GenericDataResponse-oscalTypes_1_1_3_PlanOfActionAndMilestones": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.PlanOfActionAndMilestones" + } + ] + } + } + }, + "handler.GenericDataResponse-oscalTypes_1_1_3_PlanOfActionAndMilestonesLocalDefinitions": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.PlanOfActionAndMilestonesLocalDefinitions" + } + ] + } + } + }, + "handler.GenericDataResponse-oscalTypes_1_1_3_PoamItem": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.PoamItem" + } + ] + } + } + }, + "handler.GenericDataResponse-oscalTypes_1_1_3_Profile": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.Profile" + } + ] + } + } + }, + "handler.GenericDataResponse-oscalTypes_1_1_3_Resource": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.Resource" + } + ] + } + } + }, + "handler.GenericDataResponse-oscalTypes_1_1_3_Result": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.Result" + } + ] + } + } + }, + "handler.GenericDataResponse-oscalTypes_1_1_3_Risk": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.Risk" + } + ] + } + } + }, + "handler.GenericDataResponse-oscalTypes_1_1_3_Role": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.Role" + } + ] + } + } + }, + "handler.GenericDataResponse-oscalTypes_1_1_3_Statement": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.Statement" + } + ] + } + } + }, + "handler.GenericDataResponse-oscalTypes_1_1_3_SystemCharacteristics": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.SystemCharacteristics" + } + ] + } + } + }, + "handler.GenericDataResponse-oscalTypes_1_1_3_SystemComponent": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.SystemComponent" + } + ] + } + } + }, + "handler.GenericDataResponse-oscalTypes_1_1_3_SystemId": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.SystemId" + } + ] + } + } + }, + "handler.GenericDataResponse-oscalTypes_1_1_3_SystemImplementation": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.SystemImplementation" + } + ] + } + } + }, + "handler.GenericDataResponse-oscalTypes_1_1_3_SystemSecurityPlan": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.SystemSecurityPlan" + } + ] + } + } + }, + "handler.GenericDataResponse-oscalTypes_1_1_3_SystemUser": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.SystemUser" + } + ] + } + } + }, + "handler.GenericDataResponse-oscalTypes_1_1_3_Task": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.Task" + } + ] + } + } + }, + "handler.GenericDataResponse-oscal_BuildByPropsResponse": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscal.BuildByPropsResponse" + } + ] + } + } + }, + "handler.GenericDataResponse-oscal_ImportResponse": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscal.ImportResponse" + } + ] + } + } + }, + "handler.GenericDataResponse-oscal_InventoryItemWithSource": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscal.InventoryItemWithSource" + } + ] + } + } }, - "datatypes.JSONType-relational_Base64": { - "type": "object" + "handler.GenericDataResponse-oscal_ProfileComplianceProgress": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscal.ProfileComplianceProgress" + } + ] + } + } }, - "datatypes.JSONType-relational_Citation": { - "type": "object" + "handler.GenericDataResponse-oscal_ProfileHandler": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscal.ProfileHandler" + } + ] + } + } }, - "datatypes.JSONType-relational_ImplementationStatus": { - "type": "object" + "handler.GenericDataResponse-poam_PoamItemControlLink": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/poam.PoamItemControlLink" + } + ] + } + } }, - "datatypes.JSONType-relational_IncludeAll": { - "type": "object" + "handler.GenericDataResponse-poam_PoamItemEvidenceLink": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/poam.PoamItemEvidenceLink" + } + ] + } + } }, - "datatypes.JSONType-relational_ParameterSelection": { - "type": "object" + "handler.GenericDataResponse-poam_PoamItemFindingLink": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/poam.PoamItemFindingLink" + } + ] + } + } }, - "datatypes.JSONType-relational_SystemComponentStatus": { - "type": "object" + "handler.GenericDataResponse-poam_PoamItemRiskLink": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/poam.PoamItemRiskLink" + } + ] + } + } }, - "digest.EvidenceItem": { + "handler.GenericDataResponse-relational_Evidence": { "type": "object", "properties": { - "description": { - "type": "string" - }, - "expiresAt": { - "description": "Formatted expiration date string (empty if no expiration)", - "type": "string" - }, - "id": { - "type": "string" - }, - "labels": { - "type": "array", - "items": { - "type": "string" - } - }, - "status": { - "type": "string" - }, - "title": { - "type": "string" - }, - "uuid": { - "type": "string" + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/relational.Evidence" + } + ] } } }, - "digest.EvidenceSummary": { + "handler.GenericDataResponse-relational_Filter": { "type": "object", "properties": { - "expiredCount": { - "type": "integer", - "format": "int64" - }, - "notSatisfiedCount": { - "type": "integer", - "format": "int64" - }, - "otherCount": { - "type": "integer", - "format": "int64" - }, - "satisfiedCount": { - "type": "integer", - "format": "int64" - }, - "topExpired": { - "description": "Top items for the digest email", - "type": "array", - "items": { - "$ref": "#/definitions/digest.EvidenceItem" - } - }, - "topNotSatisfied": { - "type": "array", - "items": { - "$ref": "#/definitions/digest.EvidenceItem" - } - }, - "totalCount": { - "type": "integer", - "format": "int64" + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/relational.Filter" + } + ] } } }, - "gorm.DeletedAt": { + "handler.GenericDataResponse-relational_User": { "type": "object", "properties": { - "time": { - "type": "string" - }, - "valid": { - "description": "Valid is true if Time is not NULL", - "type": "boolean" + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/relational.User" + } + ] } } }, - "handler.ComplianceByControl.StatusCount": { + "handler.GenericDataResponse-risks_RiskComponentLink": { "type": "object", "properties": { - "count": { - "type": "integer" - }, - "status": { - "type": "string" + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/risks.RiskComponentLink" + } + ] } } }, - "handler.EvidenceActivity": { + "handler.GenericDataResponse-risks_RiskControlLink": { "type": "object", "properties": { - "description": { - "type": "string" - }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" - } - }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" - } - }, - "remarks": { - "type": "string" - }, - "steps": { - "type": "array", - "items": { - "$ref": "#/definitions/handler.EvidenceActivityStep" - } - }, - "title": { - "type": "string" - }, - "uuid": { - "type": "string" + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/risks.RiskControlLink" + } + ] } } }, - "handler.EvidenceActivityStep": { + "handler.GenericDataResponse-risks_RiskEvidenceLink": { "type": "object", "properties": { - "description": { - "type": "string" - }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" - } - }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" - } - }, - "remarks": { - "type": "string" - }, - "title": { - "type": "string" - }, - "uuid": { - "type": "string" + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/risks.RiskEvidenceLink" + } + ] } } }, - "handler.EvidenceComponent": { + "handler.GenericDataResponse-risks_RiskSubjectLink": { "type": "object", "properties": { - "description": { - "type": "string" - }, - "identifier": { - "description": "components/common/ssh\ncomponents/common/github-repository\ncomponents/common/github-organisation\ncomponents/common/ubuntu-22\ncomponents/internal/auth-policy", - "type": "string" - }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" - } - }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" - } - }, - "protocols": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Protocol" - } - }, - "purpose": { - "type": "string" - }, - "remarks": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/risks.RiskSubjectLink" + } + ] + } + } + }, + "handler.GenericDataResponse-string": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", "type": "string" - }, - "title": { + } + } + }, + "handler.HeartbeatCreateRequest": { + "type": "object", + "required": [ + "created_at", + "uuid" + ], + "properties": { + "created_at": { "type": "string" }, - "type": { - "description": "Software\nService", + "uuid": { "type": "string" } } }, - "handler.EvidenceCreateRequest": { + "handler.OscalLikeEvidence": { "type": "object", "properties": { "activities": { - "description": "What steps did we take to create this evidence", "type": "array", "items": { - "$ref": "#/definitions/handler.EvidenceActivity" + "$ref": "#/definitions/oscalTypes_1_1_3.Activity" } }, "back-matter": { "$ref": "#/definitions/oscalTypes_1_1_3.BackMatter" }, "components": { - "description": "Which components of the subject are being observed. A tool, user, policy etc.", "type": "array", "items": { - "$ref": "#/definitions/handler.EvidenceComponent" + "$ref": "#/definitions/oscalTypes_1_1_3.SystemComponent" } }, "description": { @@ -17283,17 +25550,20 @@ const docTemplate = `{ "expires": { "type": "string" }, - "inventoryItems": { + "id": { + "type": "string" + }, + "inventory-items": { "type": "array", "items": { - "$ref": "#/definitions/handler.EvidenceInventoryItem" + "$ref": "#/definitions/oscalTypes_1_1_3.InventoryItem" } }, "labels": { "description": "Assigning labels to Evidence makes it searchable and easily usable in the UI", - "type": "object", - "additionalProperties": { - "type": "string" + "type": "array", + "items": { + "$ref": "#/definitions/relational.Labels" } }, "links": { @@ -17303,7 +25573,6 @@ const docTemplate = `{ } }, "origins": { - "description": "Who or What is generating this evidence", "type": "array", "items": { "$ref": "#/definitions/oscalTypes_1_1_3.Origin" @@ -17323,1636 +25592,2511 @@ const docTemplate = `{ "type": "string" }, "status": { - "description": "Did we satisfy what was being tested for, or did we fail ?", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.ObjectiveStatus" - } - ] + "$ref": "#/definitions/oscalTypes_1_1_3.ObjectiveStatus" }, "subjects": { - "description": "Who or What are we providing evidence for. What's under test.", - "type": "array", - "items": { - "$ref": "#/definitions/handler.EvidenceSubject" - } - }, - "title": { - "type": "string" - }, - "uuid": { - "description": "UUID needs to remain consistent for a piece of evidence being collected periodically.\nIt represents the \"stream\" of the same observation being made over time.\nFor the same checks, performed on the same machine, the UUID for each check should remain the same.\nFor the same check, performed on two different machines, the UUID should differ.", - "type": "string" - } - } - }, - "handler.EvidenceInventoryItem": { - "type": "object", - "properties": { - "description": { - "type": "string" - }, - "identifier": { - "description": "user/chris@linguine.tech\noperating-system/ubuntu/22.4\nweb-server/ec2/i-12345", - "type": "string" - }, - "implementedComponents": { - "type": "array", - "items": { - "type": "object", - "properties": { - "identifier": { - "type": "string" - } - } - } - }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" - } - }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" - } - }, - "remarks": { - "type": "string" - }, - "title": { - "type": "string" - }, - "type": { - "description": "\"operating-system\"\tdescription=\"System software that manages computer hardware, software resources, and provides common services for computer programs.\"\n\"database\"\t\t\tdescription=\"An electronic collection of data, or information, that is specially organized for rapid search and retrieval.\"\n\"web-server\"\t\t\tdescription=\"A system that delivers content or services to end users over the Internet or an intranet.\"\n\"dns-server\"\t\t\tdescription=\"A system that resolves domain names to internet protocol (IP) addresses.\"\n\"email-server\"\t\tdescription=\"A computer system that sends and receives electronic mail messages.\"\n\"directory-server\"\tdescription=\"A system that stores, organizes and provides access to directory information in order to unify network resources.\"\n\"pbx\"\t\t\t\tdescription=\"A private branch exchange (PBX) provides a a private telephone switchboard.\"\n\"firewall\"\t\t\tdescription=\"A network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules.\"\n\"router\"\t\t\t\tdescription=\"A physical or virtual networking device that forwards data packets between computer networks.\"\n\"switch\"\t\t\t\tdescription=\"A physical or virtual networking device that connects devices within a computer network by using packet switching to receive and forward data to the destination device.\"\n\"storage-array\"\t\tdescription=\"A consolidated, block-level data storage capability.\"\n\"appliance\"\t\t\tdescription=\"A physical or virtual machine that centralizes hardware, software, or services for a specific purpose.\"", - "type": "string" - } - } - }, - "handler.EvidenceSubject": { - "type": "object", - "properties": { - "description": { - "type": "string" - }, - "identifier": { - "type": "string" - }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" - } - }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" - } - }, - "remarks": { - "type": "string" - }, - "type": { - "description": "InventoryItem\nComponent", - "type": "string" - } - } - }, - "handler.FilterImportFileResult": { - "type": "object", - "properties": { - "count": { - "type": "integer" - }, - "filename": { - "type": "string" - }, - "message": { - "type": "string" - }, - "success": { - "type": "boolean" - } - } - }, - "handler.FilterImportResponse": { - "type": "object", - "properties": { - "failed_count": { - "type": "integer" - }, - "results": { - "type": "array", - "items": { - "$ref": "#/definitions/handler.FilterImportFileResult" - } - }, - "successful_count": { - "type": "integer" - }, - "total_dashboards": { - "type": "integer" - }, - "total_files": { - "type": "integer" - } - } - }, - "handler.FilterWithAssociations": { - "type": "object", - "properties": { - "components": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.SystemComponent" - } - }, - "controls": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Control" - } - }, - "filter": { - "$ref": "#/definitions/datatypes.JSONType-labelfilter_Filter" - }, - "id": { - "type": "string" - }, - "name": { - "type": "string" - } - } - }, - "handler.ForControl.EvidenceDataListResponse": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", "type": "array", "items": { - "$ref": "#/definitions/handler.OscalLikeEvidence" + "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentSubject" } }, - "metadata": { - "$ref": "#/definitions/handler.ForControl.responseMetadata" + "title": { + "type": "string" + }, + "uuid": { + "description": "UUID needs to remain consistent when automation runs again, but unique for each subject.\nIt represents the \"stream\" of the same observation being made over time.", + "type": "string" } } }, - "handler.ForControl.responseMetadata": { + "handler.OverTime.HeartbeatInterval": { "type": "object", "properties": { - "control": { - "$ref": "#/definitions/oscalTypes_1_1_3.Control" + "interval": { + "type": "string" + }, + "total": { + "type": "integer" } } }, - "handler.GenericDataListResponse-array_oscalTypes_1_1_3_Control": { + "handler.StatusInterval": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", + "interval": { + "type": "string" + }, + "statuses": { "type": "array", "items": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Control" - } + "$ref": "#/definitions/evidence.StatusCount" } } } }, - "handler.GenericDataListResponse-handler_ComplianceByControl_StatusCount": { + "handler.SubscriptionsResponse": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "type": "array", - "items": { - "$ref": "#/definitions/handler.ComplianceByControl.StatusCount" - } + "subscribed": { + "type": "boolean" + }, + "taskAvailableEmailSubscribed": { + "type": "boolean" + }, + "taskDailyDigestSubscribed": { + "type": "boolean" } } }, - "handler.GenericDataListResponse-handler_FilterWithAssociations": { + "handler.UpdateSubscriptionsRequest": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "type": "array", - "items": { - "$ref": "#/definitions/handler.FilterWithAssociations" - } + "subscribed": { + "type": "boolean" + }, + "taskAvailableEmailSubscribed": { + "type": "boolean" + }, + "taskDailyDigestSubscribed": { + "type": "boolean" } } }, - "handler.GenericDataListResponse-handler_OscalLikeEvidence": { + "handler.UserHandler": { + "type": "object" + }, + "handler.acceptRiskRequest": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "type": "array", - "items": { - "$ref": "#/definitions/handler.OscalLikeEvidence" - } + "justification": { + "type": "string" + }, + "reviewDeadline": { + "type": "string" } } }, - "handler.GenericDataListResponse-handler_OverTime_HeartbeatInterval": { + "handler.addComponentLinkRequest": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "type": "array", - "items": { - "$ref": "#/definitions/handler.OverTime.HeartbeatInterval" - } + "componentId": { + "type": "string" } } }, - "handler.GenericDataListResponse-handler_StatusInterval": { + "handler.addControlLinkRequest": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "type": "array", - "items": { - "$ref": "#/definitions/handler.StatusInterval" - } + "catalogId": { + "type": "string" + }, + "controlId": { + "type": "string" } } }, - "handler.GenericDataListResponse-oscalTypes_1_1_3_AssessmentPlan": { + "handler.addEvidenceLinkRequest": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentPlan" - } + "evidenceId": { + "type": "string" } } }, - "handler.GenericDataListResponse-oscalTypes_1_1_3_AssessmentResults": { + "handler.addLinkRequest": { "type": "object", + "required": [ + "id" + ], "properties": { - "data": { - "description": "Items from the list response", - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentResults" - } + "id": { + "type": "string" } } }, - "handler.GenericDataListResponse-oscalTypes_1_1_3_AssociatedActivity": { + "handler.addSubjectLinkRequest": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.AssociatedActivity" - } + "subjectId": { + "type": "string" } } }, - "handler.GenericDataListResponse-oscalTypes_1_1_3_AttestationStatements": { + "handler.controlLinkResponse": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.AttestationStatements" - } + "catalogId": { + "type": "string" + }, + "controlId": { + "type": "string" + }, + "createdAt": { + "type": "string" + }, + "poamItemId": { + "type": "string" } } }, - "handler.GenericDataListResponse-oscalTypes_1_1_3_Capability": { + "handler.createFilterRequest": { "type": "object", + "required": [ + "filter", + "name" + ], "properties": { - "data": { - "description": "Items from the list response", + "components": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Capability" + "type": "string" } - } - } - }, - "handler.GenericDataListResponse-oscalTypes_1_1_3_Catalog": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", + }, + "controls": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Catalog" + "type": "string" } + }, + "filter": { + "$ref": "#/definitions/labelfilter.Filter" + }, + "name": { + "type": "string" } } }, - "handler.GenericDataListResponse-oscalTypes_1_1_3_ComponentDefinition": { + "handler.createMilestoneRequest": { "type": "object", + "required": [ + "title" + ], "properties": { - "data": { - "description": "Items from the list response", - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ComponentDefinition" - } + "description": { + "type": "string" + }, + "orderIndex": { + "type": "integer" + }, + "scheduledCompletionDate": { + "type": "string" + }, + "status": { + "type": "string" + }, + "title": { + "type": "string" } } }, - "handler.GenericDataListResponse-oscalTypes_1_1_3_Control": { + "handler.createPoamItemRequest": { "type": "object", + "required": [ + "sspId", + "title" + ], "properties": { - "data": { - "description": "Items from the list response", + "acceptanceRationale": { + "type": "string" + }, + "controlRefs": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Control" + "$ref": "#/definitions/handler.poamControlRefRequest" } - } - } - }, - "handler.GenericDataListResponse-oscalTypes_1_1_3_ControlImplementationSet": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", + }, + "createdFromRiskId": { + "type": "string" + }, + "description": { + "type": "string" + }, + "evidenceIds": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ControlImplementationSet" + "type": "string" } - } - } - }, - "handler.GenericDataListResponse-oscalTypes_1_1_3_ControlStatementImplementation": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", + }, + "findingIds": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ControlStatementImplementation" + "type": "string" } - } - } - }, - "handler.GenericDataListResponse-oscalTypes_1_1_3_DefinedComponent": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", + }, + "milestones": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.DefinedComponent" + "$ref": "#/definitions/handler.createMilestoneRequest" + } + }, + "plannedCompletionDate": { + "type": "string" + }, + "primaryOwnerUserId": { + "type": "string" + }, + "riskIds": { + "type": "array", + "items": { + "type": "string" } + }, + "sourceType": { + "type": "string" + }, + "sspId": { + "type": "string" + }, + "status": { + "type": "string" + }, + "title": { + "type": "string" } } }, - "handler.GenericDataListResponse-oscalTypes_1_1_3_Finding": { + "handler.createRiskRequest": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", + "acceptanceJustification": { + "type": "string" + }, + "description": { + "type": "string" + }, + "impact": { + "type": "string" + }, + "lastReviewedAt": { + "type": "string" + }, + "likelihood": { + "type": "string" + }, + "ownerAssignments": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Finding" + "$ref": "#/definitions/handler.riskOwnerAssignmentRequest" } + }, + "primaryOwnerUserId": { + "type": "string" + }, + "reviewDeadline": { + "type": "string" + }, + "riskTemplateId": { + "type": "string" + }, + "sspId": { + "type": "string" + }, + "status": { + "type": "string" + }, + "title": { + "type": "string" } } }, - "handler.GenericDataListResponse-oscalTypes_1_1_3_Group": { + "handler.evidenceLinkResponse": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Group" - } + "createdAt": { + "type": "string" + }, + "evidenceId": { + "type": "string" + }, + "poamItemId": { + "type": "string" } } }, - "handler.GenericDataListResponse-oscalTypes_1_1_3_ImplementedRequirement": { + "handler.findingLinkResponse": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ImplementedRequirement" - } + "createdAt": { + "type": "string" + }, + "findingId": { + "type": "string" + }, + "poamItemId": { + "type": "string" } } }, - "handler.GenericDataListResponse-oscalTypes_1_1_3_ImplementedRequirementControlImplementation": { + "handler.milestoneResponse": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ImplementedRequirementControlImplementation" - } + "completionDate": { + "type": "string" + }, + "createdAt": { + "type": "string" + }, + "description": { + "type": "string" + }, + "id": { + "type": "string" + }, + "orderIndex": { + "type": "integer" + }, + "poamItemId": { + "type": "string" + }, + "scheduledCompletionDate": { + "type": "string" + }, + "status": { + "type": "string" + }, + "title": { + "type": "string" + }, + "updatedAt": { + "type": "string" } } }, - "handler.GenericDataListResponse-oscalTypes_1_1_3_Import": { + "handler.poamControlRefRequest": { "type": "object", + "required": [ + "catalogId", + "controlId" + ], "properties": { - "data": { - "description": "Items from the list response", - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Import" - } + "catalogId": { + "type": "string" + }, + "controlId": { + "type": "string" } } }, - "handler.GenericDataListResponse-oscalTypes_1_1_3_ImportComponentDefinition": { + "handler.poamItemResponse": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", + "acceptanceRationale": { + "type": "string" + }, + "completedAt": { + "type": "string" + }, + "controlLinks": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ImportComponentDefinition" + "$ref": "#/definitions/handler.controlLinkResponse" } - } - } - }, - "handler.GenericDataListResponse-oscalTypes_1_1_3_IncorporatesComponent": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", + }, + "createdAt": { + "type": "string" + }, + "createdFromRiskId": { + "type": "string" + }, + "description": { + "type": "string" + }, + "evidenceLinks": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.IncorporatesComponent" + "$ref": "#/definitions/handler.evidenceLinkResponse" } - } - } - }, - "handler.GenericDataListResponse-oscalTypes_1_1_3_InventoryItem": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", + }, + "findingLinks": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.InventoryItem" + "$ref": "#/definitions/handler.findingLinkResponse" } - } - } - }, - "handler.GenericDataListResponse-oscalTypes_1_1_3_LeveragedAuthorization": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", + }, + "id": { + "type": "string" + }, + "lastStatusChangeAt": { + "type": "string" + }, + "milestones": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.LeveragedAuthorization" + "$ref": "#/definitions/handler.milestoneResponse" } - } - } - }, - "handler.GenericDataListResponse-oscalTypes_1_1_3_Observation": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", + }, + "plannedCompletionDate": { + "type": "string" + }, + "primaryOwnerUserId": { + "type": "string" + }, + "riskLinks": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Observation" + "$ref": "#/definitions/handler.riskLinkResponse" } + }, + "sourceType": { + "type": "string" + }, + "sspId": { + "type": "string" + }, + "status": { + "type": "string" + }, + "title": { + "type": "string" + }, + "updatedAt": { + "type": "string" } } }, - "handler.GenericDataListResponse-oscalTypes_1_1_3_Party": { + "handler.reviewRiskRequest": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Party" - } + "decision": { + "type": "string" + }, + "nextReviewDeadline": { + "type": "string" + }, + "notes": { + "type": "string" + }, + "reviewedAt": { + "type": "string" } } }, - "handler.GenericDataListResponse-oscalTypes_1_1_3_PlanOfActionAndMilestones": { + "handler.riskControlLinkResponse": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.PlanOfActionAndMilestones" - } + "catalogId": { + "type": "string" + }, + "controlId": { + "type": "string" } } }, - "handler.GenericDataListResponse-oscalTypes_1_1_3_PoamItem": { + "handler.riskLinkResponse": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.PoamItem" - } + "createdAt": { + "type": "string" + }, + "poamItemId": { + "type": "string" + }, + "riskId": { + "type": "string" } } }, - "handler.GenericDataListResponse-oscalTypes_1_1_3_Resource": { + "handler.riskOwnerAssignmentRequest": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Resource" - } + "isPrimary": { + "type": "boolean" + }, + "ownerKind": { + "type": "string" + }, + "ownerRef": { + "type": "string" } } }, - "handler.GenericDataListResponse-oscalTypes_1_1_3_Result": { + "handler.riskOwnerAssignmentResponse": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Result" - } + "isPrimary": { + "type": "boolean" + }, + "ownerKind": { + "type": "string" + }, + "ownerRef": { + "type": "string" } } }, - "handler.GenericDataListResponse-oscalTypes_1_1_3_Risk": { + "handler.riskResponse": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", + "acceptanceJustification": { + "type": "string" + }, + "componentIds": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Risk" + "type": "string" } - } - } - }, - "handler.GenericDataListResponse-oscalTypes_1_1_3_Role": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", + }, + "controlLinks": { + "type": "array", + "items": { + "$ref": "#/definitions/handler.riskControlLinkResponse" + } + }, + "createdAt": { + "type": "string" + }, + "dedupeKey": { + "type": "string" + }, + "description": { + "type": "string" + }, + "evidenceIds": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Role" + "type": "string" } - } - } - }, - "handler.GenericDataListResponse-oscalTypes_1_1_3_SystemComponent": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", + }, + "firstSeenAt": { + "type": "string" + }, + "id": { + "type": "string" + }, + "impact": { + "type": "string" + }, + "lastReviewedAt": { + "type": "string" + }, + "lastSeenAt": { + "type": "string" + }, + "likelihood": { + "type": "string" + }, + "ownerAssignments": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.SystemComponent" + "$ref": "#/definitions/handler.riskOwnerAssignmentResponse" } - } - } - }, - "handler.GenericDataListResponse-oscalTypes_1_1_3_SystemSecurityPlan": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", + }, + "primaryOwnerUserId": { + "type": "string" + }, + "reviewDeadline": { + "type": "string" + }, + "riskTemplateId": { + "type": "string" + }, + "sourceType": { + "type": "string" + }, + "sspId": { + "type": "string" + }, + "status": { + "type": "string" + }, + "subjectIds": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.SystemSecurityPlan" + "type": "string" } + }, + "title": { + "type": "string" + }, + "updatedAt": { + "type": "string" } } }, - "handler.GenericDataListResponse-oscalTypes_1_1_3_SystemUser": { + "handler.updateMilestoneRequest": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.SystemUser" - } + "description": { + "type": "string" + }, + "orderIndex": { + "type": "integer" + }, + "scheduledCompletionDate": { + "type": "string" + }, + "status": { + "type": "string" + }, + "title": { + "type": "string" } } }, - "handler.GenericDataListResponse-oscal_InventoryItemWithSource": { + "handler.updatePoamItemRequest": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", + "acceptanceRationale": { + "type": "string" + }, + "addControlRefs": { "type": "array", "items": { - "$ref": "#/definitions/oscal.InventoryItemWithSource" + "$ref": "#/definitions/handler.poamControlRefRequest" } - } - } - }, - "handler.GenericDataListResponse-oscal_ProfileHandler": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", + }, + "addEvidenceIds": { "type": "array", "items": { - "$ref": "#/definitions/oscal.ProfileHandler" + "type": "string" } - } - } - }, - "handler.GenericDataListResponse-relational_CcfPoamItem": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", + }, + "addFindingIds": { "type": "array", "items": { - "$ref": "#/definitions/relational.CcfPoamItem" + "type": "string" } - } - } - }, - "handler.GenericDataListResponse-relational_CcfPoamItemMilestone": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", + }, + "addRiskIds": { + "description": "Link management — add/remove in the same call as scalar updates.", "type": "array", "items": { - "$ref": "#/definitions/relational.CcfPoamItemMilestone" + "type": "string" } - } - } - }, - "handler.GenericDataListResponse-relational_Evidence": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", + }, + "description": { + "type": "string" + }, + "plannedCompletionDate": { + "type": "string" + }, + "primaryOwnerUserId": { + "type": "string" + }, + "removeControlRefs": { "type": "array", "items": { - "$ref": "#/definitions/relational.Evidence" + "$ref": "#/definitions/handler.poamControlRefRequest" } - } - } - }, - "handler.GenericDataListResponse-relational_User": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", + }, + "removeEvidenceIds": { "type": "array", "items": { - "$ref": "#/definitions/relational.User" + "type": "string" } - } - } - }, - "handler.GenericDataResponse-array_oscalTypes_1_1_3_AssessmentAssets": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", + }, + "removeFindingIds": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentAssets" + "type": "string" } - } - } - }, - "handler.GenericDataResponse-array_oscalTypes_1_1_3_AssessmentSubject": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", + }, + "removeRiskIds": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentSubject" + "type": "string" } + }, + "status": { + "type": "string" + }, + "title": { + "type": "string" } } }, - "handler.GenericDataResponse-array_oscalTypes_1_1_3_Task": { + "handler.updateRiskRequest": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", + "acceptanceJustification": { + "type": "string" + }, + "description": { + "type": "string" + }, + "impact": { + "type": "string" + }, + "lastReviewedAt": { + "type": "string" + }, + "likelihood": { + "type": "string" + }, + "ownerAssignments": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Task" + "$ref": "#/definitions/handler.riskOwnerAssignmentRequest" } + }, + "primaryOwnerUserId": { + "type": "string" + }, + "reviewDeadline": { + "type": "string" + }, + "reviewJustification": { + "type": "string" + }, + "riskTemplateId": { + "type": "string" + }, + "status": { + "type": "string" + }, + "title": { + "type": "string" } } }, - "handler.GenericDataResponse-auth_AuthHandler": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/auth.AuthHandler" - } - ] - } - } - }, - "handler.GenericDataResponse-digest_EvidenceSummary": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/digest.EvidenceSummary" - } - ] - } - } - }, - "handler.GenericDataResponse-handler_FilterImportResponse": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/handler.FilterImportResponse" - } - ] - } - } - }, - "handler.GenericDataResponse-handler_FilterWithAssociations": { + "labelfilter.Condition": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/handler.FilterWithAssociations" - } - ] + "label": { + "description": "Label name (e.g., \"type\", \"group\", \"app\").", + "type": "string" + }, + "operator": { + "description": "Operator (e.g., \"=\", \"!=\", etc.).", + "type": "string" + }, + "value": { + "description": "Value for the condition (e.g., \"ssh\", \"prod\").", + "type": "string" } } }, - "handler.GenericDataResponse-handler_OscalLikeEvidence": { + "labelfilter.Filter": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/handler.OscalLikeEvidence" - } - ] + "scope": { + "$ref": "#/definitions/labelfilter.Scope" } } }, - "handler.GenericDataResponse-handler_PoamItemWithLinksResponse": { + "labelfilter.Query": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/handler.PoamItemWithLinksResponse" - } - ] + "operator": { + "description": "Logical operator (e.g., \"AND\", \"OR\").", + "type": "string" + }, + "scopes": { + "description": "Scopes can be either ` + "`" + `Condition` + "`" + ` or nested ` + "`" + `Query` + "`" + `.", + "type": "array", + "items": { + "$ref": "#/definitions/labelfilter.Scope" + } } } }, - "handler.GenericDataResponse-handler_UserHandler": { + "labelfilter.Scope": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/handler.UserHandler" - } - ] + "condition": { + "$ref": "#/definitions/labelfilter.Condition" + }, + "query": { + "$ref": "#/definitions/labelfilter.Query" } } }, - "handler.GenericDataResponse-oscalTypes_1_1_3_Activity": { + "oscal.BuildByPropsRequest": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.Activity" - } - ] + "catalogId": { + "type": "string" + }, + "matchStrategy": { + "description": "all | any", + "type": "string" + }, + "rules": { + "type": "array", + "items": { + "$ref": "#/definitions/oscal.rule" + } + }, + "title": { + "type": "string" + }, + "version": { + "type": "string" } } }, - "handler.GenericDataResponse-oscalTypes_1_1_3_AssessmentAssets": { + "oscal.BuildByPropsResponse": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentAssets" - } - ] + "controlIds": { + "type": "array", + "items": { + "type": "string" + } + }, + "profile": { + "$ref": "#/definitions/oscalTypes_1_1_3.Profile" + }, + "profileId": { + "type": "string" } } }, - "handler.GenericDataResponse-oscalTypes_1_1_3_AssessmentPlan": { + "oscal.CreateInventoryItemRequest": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentPlan" - } - ] + "destination": { + "description": "\"ssp\", \"poam\", or \"unattached\"", + "type": "string" + }, + "destination_id": { + "type": "string" + }, + "inventory_item": { + "$ref": "#/definitions/oscalTypes_1_1_3.InventoryItem" } } }, - "handler.GenericDataResponse-oscalTypes_1_1_3_AssessmentPlanTermsAndConditions": { + "oscal.ImportFileResult": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentPlanTermsAndConditions" - } - ] + "filename": { + "type": "string" + }, + "message": { + "type": "string" + }, + "success": { + "type": "boolean" + }, + "title": { + "type": "string" + }, + "type": { + "type": "string" } } }, - "handler.GenericDataResponse-oscalTypes_1_1_3_AssessmentResults": { + "oscal.ImportResponse": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentResults" - } - ] + "failed_count": { + "type": "integer" + }, + "results": { + "type": "array", + "items": { + "$ref": "#/definitions/oscal.ImportFileResult" + } + }, + "successful_count": { + "type": "integer" + }, + "total_files": { + "type": "integer" } } }, - "handler.GenericDataResponse-oscalTypes_1_1_3_AssessmentSubject": { + "oscal.InventoryItemWithSource": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentSubject" - } - ] + "description": { + "type": "string" + }, + "implemented-components": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.ImplementedComponent" + } + }, + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Link" + } + }, + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Property" + } + }, + "remarks": { + "type": "string" + }, + "responsible-parties": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleParty" + } + }, + "source": { + "type": "string" + }, + "source_id": { + "type": "string" + }, + "source_type": { + "type": "string" + }, + "uuid": { + "type": "string" } } }, - "handler.GenericDataResponse-oscalTypes_1_1_3_AttestationStatements": { + "oscal.ProfileComplianceControl": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.AttestationStatements" - } - ] + "catalogId": { + "type": "string" + }, + "computedStatus": { + "type": "string" + }, + "controlId": { + "type": "string" + }, + "groupId": { + "type": "string" + }, + "groupTitle": { + "type": "string" + }, + "implemented": { + "type": "boolean" + }, + "statusCounts": { + "type": "array", + "items": { + "$ref": "#/definitions/oscal.ProfileComplianceStatusCount" + } + }, + "title": { + "type": "string" } } }, - "handler.GenericDataResponse-oscalTypes_1_1_3_AuthorizationBoundary": { + "oscal.ProfileComplianceGroup": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.AuthorizationBoundary" - } - ] + "compliancePercent": { + "type": "integer" + }, + "id": { + "type": "string" + }, + "notSatisfied": { + "type": "integer" + }, + "satisfied": { + "type": "integer" + }, + "title": { + "type": "string" + }, + "totalControls": { + "type": "integer" + }, + "unknown": { + "type": "integer" } } }, - "handler.GenericDataResponse-oscalTypes_1_1_3_BackMatter": { + "oscal.ProfileComplianceImplementation": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.BackMatter" - } - ] + "implementationPercent": { + "type": "integer" + }, + "implementedControls": { + "type": "integer" + }, + "unimplementedControls": { + "type": "integer" } } }, - "handler.GenericDataResponse-oscalTypes_1_1_3_ByComponent": { + "oscal.ProfileComplianceProgress": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.ByComponent" - } - ] + "controls": { + "type": "array", + "items": { + "$ref": "#/definitions/oscal.ProfileComplianceControl" + } + }, + "groups": { + "type": "array", + "items": { + "$ref": "#/definitions/oscal.ProfileComplianceGroup" + } + }, + "implementation": { + "$ref": "#/definitions/oscal.ProfileComplianceImplementation" + }, + "scope": { + "$ref": "#/definitions/oscal.ProfileComplianceScope" + }, + "summary": { + "$ref": "#/definitions/oscal.ProfileComplianceSummary" } } }, - "handler.GenericDataResponse-oscalTypes_1_1_3_Capability": { + "oscal.ProfileComplianceScope": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.Capability" - } - ] + "id": { + "type": "string" + }, + "title": { + "type": "string" + }, + "type": { + "type": "string" } } }, - "handler.GenericDataResponse-oscalTypes_1_1_3_Catalog": { + "oscal.ProfileComplianceStatusCount": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.Catalog" - } - ] + "count": { + "type": "integer" + }, + "status": { + "type": "string" } } }, - "handler.GenericDataResponse-oscalTypes_1_1_3_ComponentDefinition": { + "oscal.ProfileComplianceSummary": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.ComponentDefinition" - } - ] + "assessedPercent": { + "type": "integer" + }, + "compliancePercent": { + "type": "integer" + }, + "implementedControls": { + "type": "integer" + }, + "notSatisfied": { + "type": "integer" + }, + "satisfied": { + "type": "integer" + }, + "totalControls": { + "type": "integer" + }, + "unknown": { + "type": "integer" } } }, - "handler.GenericDataResponse-oscalTypes_1_1_3_Control": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.Control" - } - ] - } - } + "oscal.ProfileHandler": { + "type": "object" }, - "handler.GenericDataResponse-oscalTypes_1_1_3_ControlImplementation": { + "oscal.SystemComponentRequest": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.ControlImplementation" - } - ] + "definedComponentId": { + "type": "string" + }, + "description": { + "type": "string" + }, + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Link" + } + }, + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Property" + } + }, + "protocols": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Protocol" + } + }, + "purpose": { + "type": "string" + }, + "remarks": { + "type": "string" + }, + "responsible-roles": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleRole" + } + }, + "status": { + "$ref": "#/definitions/oscalTypes_1_1_3.SystemComponentStatus" + }, + "title": { + "type": "string" + }, + "type": { + "type": "string" + }, + "uuid": { + "type": "string" } } }, - "handler.GenericDataResponse-oscalTypes_1_1_3_ControlImplementationSet": { + "oscal.rule": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.ControlImplementationSet" - } - ] + "name": { + "type": "string" + }, + "ns": { + "type": "string" + }, + "operator": { + "description": "equals | contains | regex | in", + "type": "string" + }, + "value": { + "type": "string" } } }, - "handler.GenericDataResponse-oscalTypes_1_1_3_DataFlow": { + "oscalTypes_1_1_3.Action": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.DataFlow" - } - ] + "date": { + "type": "string" + }, + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Link" + } + }, + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Property" + } + }, + "remarks": { + "type": "string" + }, + "responsible-parties": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleParty" + } + }, + "system": { + "type": "string" + }, + "type": { + "type": "string" + }, + "uuid": { + "type": "string" } } }, - "handler.GenericDataResponse-oscalTypes_1_1_3_DefinedComponent": { + "oscalTypes_1_1_3.Activity": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.DefinedComponent" - } - ] + "description": { + "type": "string" + }, + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Link" + } + }, + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Property" + } + }, + "related-controls": { + "$ref": "#/definitions/oscalTypes_1_1_3.ReviewedControls" + }, + "remarks": { + "type": "string" + }, + "responsible-roles": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleRole" + } + }, + "steps": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Step" + } + }, + "title": { + "type": "string" + }, + "uuid": { + "type": "string" } } }, - "handler.GenericDataResponse-oscalTypes_1_1_3_Diagram": { + "oscalTypes_1_1_3.Addition": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.Diagram" - } - ] + "by-id": { + "type": "string" + }, + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Link" + } + }, + "params": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Parameter" + } + }, + "parts": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Part" + } + }, + "position": { + "type": "string" + }, + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Property" + } + }, + "title": { + "type": "string" } } }, - "handler.GenericDataResponse-oscalTypes_1_1_3_Finding": { + "oscalTypes_1_1_3.Address": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.Finding" - } - ] + "addr-lines": { + "type": "array", + "items": { + "type": "string" + } + }, + "city": { + "type": "string" + }, + "country": { + "type": "string" + }, + "postal-code": { + "type": "string" + }, + "state": { + "type": "string" + }, + "type": { + "type": "string" } } }, - "handler.GenericDataResponse-oscalTypes_1_1_3_Group": { + "oscalTypes_1_1_3.Alteration": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.Group" - } - ] + "adds": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Addition" + } + }, + "control-id": { + "type": "string" + }, + "removes": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Removal" + } } } }, - "handler.GenericDataResponse-oscalTypes_1_1_3_ImplementedRequirement": { + "oscalTypes_1_1_3.AssessedControls": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.ImplementedRequirement" - } - ] + "description": { + "type": "string" + }, + "exclude-controls": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.AssessedControlsSelectControlById" + } + }, + "include-all": { + "$ref": "#/definitions/oscalTypes_1_1_3.IncludeAll" + }, + "include-controls": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.AssessedControlsSelectControlById" + } + }, + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Link" + } + }, + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Property" + } + }, + "remarks": { + "type": "string" } } }, - "handler.GenericDataResponse-oscalTypes_1_1_3_Import": { + "oscalTypes_1_1_3.AssessedControlsSelectControlById": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.Import" - } - ] + "control-id": { + "type": "string" + }, + "statement-ids": { + "type": "array", + "items": { + "type": "string" + } } } }, - "handler.GenericDataResponse-oscalTypes_1_1_3_ImportAp": { + "oscalTypes_1_1_3.AssessmentAssets": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.ImportAp" - } - ] + "assessment-platforms": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentPlatform" + } + }, + "components": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.SystemComponent" + } } } }, - "handler.GenericDataResponse-oscalTypes_1_1_3_ImportProfile": { + "oscalTypes_1_1_3.AssessmentLog": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.ImportProfile" - } - ] + "entries": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentLogEntry" + } } } }, - "handler.GenericDataResponse-oscalTypes_1_1_3_ImportSsp": { + "oscalTypes_1_1_3.AssessmentLogEntry": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.ImportSsp" - } - ] + "description": { + "type": "string" + }, + "end": { + "type": "string" + }, + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Link" + } + }, + "logged-by": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.LoggedBy" + } + }, + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Property" + } + }, + "related-tasks": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.RelatedTask" + } + }, + "remarks": { + "type": "string" + }, + "start": { + "type": "string" + }, + "title": { + "type": "string" + }, + "uuid": { + "type": "string" } } }, - "handler.GenericDataResponse-oscalTypes_1_1_3_InventoryItem": { + "oscalTypes_1_1_3.AssessmentPart": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.InventoryItem" - } - ] + "class": { + "type": "string" + }, + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Link" + } + }, + "name": { + "type": "string" + }, + "ns": { + "type": "string" + }, + "parts": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentPart" + } + }, + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Property" + } + }, + "prose": { + "type": "string" + }, + "title": { + "type": "string" + }, + "uuid": { + "type": "string" } } }, - "handler.GenericDataResponse-oscalTypes_1_1_3_LeveragedAuthorization": { + "oscalTypes_1_1_3.AssessmentPlan": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.LeveragedAuthorization" - } - ] + "assessment-assets": { + "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentAssets" + }, + "assessment-subjects": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentSubject" + } + }, + "back-matter": { + "$ref": "#/definitions/oscalTypes_1_1_3.BackMatter" + }, + "import-ssp": { + "$ref": "#/definitions/oscalTypes_1_1_3.ImportSsp" + }, + "local-definitions": { + "$ref": "#/definitions/oscalTypes_1_1_3.LocalDefinitions" + }, + "metadata": { + "$ref": "#/definitions/oscalTypes_1_1_3.Metadata" + }, + "reviewed-controls": { + "$ref": "#/definitions/oscalTypes_1_1_3.ReviewedControls" + }, + "tasks": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Task" + } + }, + "terms-and-conditions": { + "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentPlanTermsAndConditions" + }, + "uuid": { + "type": "string" } } }, - "handler.GenericDataResponse-oscalTypes_1_1_3_LocalDefinitions": { + "oscalTypes_1_1_3.AssessmentPlanTermsAndConditions": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.LocalDefinitions" - } - ] + "parts": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentPart" + } } } }, - "handler.GenericDataResponse-oscalTypes_1_1_3_Merge": { + "oscalTypes_1_1_3.AssessmentPlatform": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.Merge" - } - ] + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Link" + } + }, + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Property" + } + }, + "remarks": { + "type": "string" + }, + "title": { + "type": "string" + }, + "uses-components": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.UsesComponent" + } + }, + "uuid": { + "type": "string" } } }, - "handler.GenericDataResponse-oscalTypes_1_1_3_Metadata": { + "oscalTypes_1_1_3.AssessmentResults": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.Metadata" - } - ] + "back-matter": { + "$ref": "#/definitions/oscalTypes_1_1_3.BackMatter" + }, + "import-ap": { + "$ref": "#/definitions/oscalTypes_1_1_3.ImportAp" + }, + "local-definitions": { + "$ref": "#/definitions/oscalTypes_1_1_3.LocalDefinitions" + }, + "metadata": { + "$ref": "#/definitions/oscalTypes_1_1_3.Metadata" + }, + "results": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Result" + } + }, + "uuid": { + "type": "string" } } }, - "handler.GenericDataResponse-oscalTypes_1_1_3_Modify": { + "oscalTypes_1_1_3.AssessmentSubject": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.Modify" - } - ] + "description": { + "type": "string" + }, + "exclude-subjects": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.SelectSubjectById" + } + }, + "include-all": { + "$ref": "#/definitions/oscalTypes_1_1_3.IncludeAll" + }, + "include-subjects": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.SelectSubjectById" + } + }, + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Link" + } + }, + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Property" + } + }, + "remarks": { + "type": "string" + }, + "type": { + "type": "string" } } }, - "handler.GenericDataResponse-oscalTypes_1_1_3_NetworkArchitecture": { + "oscalTypes_1_1_3.AssociatedActivity": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.NetworkArchitecture" - } - ] + "activity-uuid": { + "type": "string" + }, + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Link" + } + }, + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Property" + } + }, + "remarks": { + "type": "string" + }, + "responsible-roles": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleRole" + } + }, + "subjects": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentSubject" + } } } }, - "handler.GenericDataResponse-oscalTypes_1_1_3_Observation": { + "oscalTypes_1_1_3.AssociatedRisk": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.Observation" - } - ] + "risk-uuid": { + "type": "string" } } }, - "handler.GenericDataResponse-oscalTypes_1_1_3_Party": { + "oscalTypes_1_1_3.AttestationStatements": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.Party" - } - ] + "parts": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentPart" + } + }, + "responsible-parties": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleParty" + } } } }, - "handler.GenericDataResponse-oscalTypes_1_1_3_PlanOfActionAndMilestones": { + "oscalTypes_1_1_3.AuthorizationBoundary": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.PlanOfActionAndMilestones" - } - ] + "description": { + "type": "string" + }, + "diagrams": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Diagram" + } + }, + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Link" + } + }, + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Property" + } + }, + "remarks": { + "type": "string" } } }, - "handler.GenericDataResponse-oscalTypes_1_1_3_PlanOfActionAndMilestonesLocalDefinitions": { + "oscalTypes_1_1_3.AuthorizedPrivilege": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.PlanOfActionAndMilestonesLocalDefinitions" - } - ] + "description": { + "type": "string" + }, + "functions-performed": { + "type": "array", + "items": { + "type": "string" + } + }, + "title": { + "type": "string" } } }, - "handler.GenericDataResponse-oscalTypes_1_1_3_PoamItem": { + "oscalTypes_1_1_3.BackMatter": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.PoamItem" - } - ] + "resources": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Resource" + } } } }, - "handler.GenericDataResponse-oscalTypes_1_1_3_Profile": { + "oscalTypes_1_1_3.Base64": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.Profile" - } - ] + "filename": { + "type": "string" + }, + "media-type": { + "type": "string" + }, + "value": { + "type": "string" } } }, - "handler.GenericDataResponse-oscalTypes_1_1_3_Resource": { + "oscalTypes_1_1_3.ByComponent": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.Resource" - } - ] + "component-uuid": { + "type": "string" + }, + "description": { + "type": "string" + }, + "export": { + "$ref": "#/definitions/oscalTypes_1_1_3.Export" + }, + "implementation-status": { + "$ref": "#/definitions/oscalTypes_1_1_3.ImplementationStatus" + }, + "inherited": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.InheritedControlImplementation" + } + }, + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Link" + } + }, + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Property" + } + }, + "remarks": { + "type": "string" + }, + "responsible-roles": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleRole" + } + }, + "satisfied": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.SatisfiedControlImplementationResponsibility" + } + }, + "set-parameters": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.SetParameter" + } + }, + "uuid": { + "type": "string" } } }, - "handler.GenericDataResponse-oscalTypes_1_1_3_Result": { + "oscalTypes_1_1_3.Capability": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.Result" - } - ] + "control-implementations": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.ControlImplementationSet" + } + }, + "description": { + "type": "string" + }, + "incorporates-components": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.IncorporatesComponent" + } + }, + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Link" + } + }, + "name": { + "type": "string" + }, + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Property" + } + }, + "remarks": { + "type": "string" + }, + "uuid": { + "type": "string" } } }, - "handler.GenericDataResponse-oscalTypes_1_1_3_Risk": { + "oscalTypes_1_1_3.Catalog": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.Risk" - } - ] + "back-matter": { + "$ref": "#/definitions/oscalTypes_1_1_3.BackMatter" + }, + "controls": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Control" + } + }, + "groups": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Group" + } + }, + "metadata": { + "$ref": "#/definitions/oscalTypes_1_1_3.Metadata" + }, + "params": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Parameter" + } + }, + "uuid": { + "type": "string" } } }, - "handler.GenericDataResponse-oscalTypes_1_1_3_Role": { + "oscalTypes_1_1_3.Characterization": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.Role" - } - ] + "facets": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Facet" + } + }, + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Link" + } + }, + "origin": { + "$ref": "#/definitions/oscalTypes_1_1_3.Origin" + }, + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Property" + } } } }, - "handler.GenericDataResponse-oscalTypes_1_1_3_Statement": { + "oscalTypes_1_1_3.Citation": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.Statement" - } - ] + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Link" + } + }, + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Property" + } + }, + "text": { + "type": "string" } } }, - "handler.GenericDataResponse-oscalTypes_1_1_3_SystemCharacteristics": { + "oscalTypes_1_1_3.CombinationRule": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.SystemCharacteristics" - } - ] + "method": { + "type": "string" } } }, - "handler.GenericDataResponse-oscalTypes_1_1_3_SystemComponent": { + "oscalTypes_1_1_3.ComponentDefinition": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.SystemComponent" - } - ] + "back-matter": { + "$ref": "#/definitions/oscalTypes_1_1_3.BackMatter" + }, + "capabilities": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Capability" + } + }, + "components": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.DefinedComponent" + } + }, + "import-component-definitions": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.ImportComponentDefinition" + } + }, + "metadata": { + "$ref": "#/definitions/oscalTypes_1_1_3.Metadata" + }, + "uuid": { + "type": "string" } } }, - "handler.GenericDataResponse-oscalTypes_1_1_3_SystemId": { + "oscalTypes_1_1_3.ConstraintTest": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.SystemId" - } - ] + "expression": { + "type": "string" + }, + "remarks": { + "type": "string" } } }, - "handler.GenericDataResponse-oscalTypes_1_1_3_SystemImplementation": { + "oscalTypes_1_1_3.Control": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.SystemImplementation" - } - ] + "class": { + "type": "string" + }, + "controls": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Control" + } + }, + "id": { + "type": "string" + }, + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Link" + } + }, + "params": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Parameter" + } + }, + "parts": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Part" + } + }, + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Property" + } + }, + "title": { + "type": "string" } } }, - "handler.GenericDataResponse-oscalTypes_1_1_3_SystemSecurityPlan": { + "oscalTypes_1_1_3.ControlImplementation": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.SystemSecurityPlan" - } - ] + "description": { + "type": "string" + }, + "implemented-requirements": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.ImplementedRequirement" + } + }, + "set-parameters": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.SetParameter" + } } } }, - "handler.GenericDataResponse-oscalTypes_1_1_3_SystemUser": { + "oscalTypes_1_1_3.ControlImplementationResponsibility": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.SystemUser" - } - ] + "description": { + "type": "string" + }, + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Link" + } + }, + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Property" + } + }, + "provided-uuid": { + "type": "string" + }, + "remarks": { + "type": "string" + }, + "responsible-roles": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleRole" + } + }, + "uuid": { + "type": "string" } } }, - "handler.GenericDataResponse-oscalTypes_1_1_3_Task": { + "oscalTypes_1_1_3.ControlImplementationSet": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.Task" - } - ] + "description": { + "type": "string" + }, + "implemented-requirements": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.ImplementedRequirementControlImplementation" + } + }, + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Link" + } + }, + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Property" + } + }, + "set-parameters": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.SetParameter" + } + }, + "source": { + "type": "string" + }, + "uuid": { + "type": "string" } } }, - "handler.GenericDataResponse-oscal_BuildByPropsResponse": { + "oscalTypes_1_1_3.ControlStatementImplementation": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscal.BuildByPropsResponse" - } - ] + "description": { + "type": "string" + }, + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Link" + } + }, + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Property" + } + }, + "remarks": { + "type": "string" + }, + "responsible-roles": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleRole" + } + }, + "statement-id": { + "type": "string" + }, + "uuid": { + "type": "string" } } }, - "handler.GenericDataResponse-oscal_ImportResponse": { + "oscalTypes_1_1_3.CustomGrouping": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscal.ImportResponse" - } - ] + "groups": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.CustomGroupingGroup" + } + }, + "insert-controls": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.InsertControls" + } } } }, - "handler.GenericDataResponse-oscal_InventoryItemWithSource": { + "oscalTypes_1_1_3.CustomGroupingGroup": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscal.InventoryItemWithSource" - } - ] + "class": { + "type": "string" + }, + "groups": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.CustomGroupingGroup" + } + }, + "id": { + "type": "string" + }, + "insert-controls": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.InsertControls" + } + }, + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Link" + } + }, + "params": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Parameter" + } + }, + "parts": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Part" + } + }, + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Property" + } + }, + "title": { + "type": "string" } } }, - "handler.GenericDataResponse-oscal_ProfileHandler": { + "oscalTypes_1_1_3.DataFlow": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscal.ProfileHandler" - } - ] + "description": { + "type": "string" + }, + "diagrams": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Diagram" + } + }, + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Link" + } + }, + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Property" + } + }, + "remarks": { + "type": "string" } } }, - "handler.GenericDataResponse-relational_CcfPoamItem": { + "oscalTypes_1_1_3.DefinedComponent": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/relational.CcfPoamItem" - } - ] + "control-implementations": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.ControlImplementationSet" + } + }, + "description": { + "type": "string" + }, + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Link" + } + }, + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Property" + } + }, + "protocols": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Protocol" + } + }, + "purpose": { + "type": "string" + }, + "remarks": { + "type": "string" + }, + "responsible-roles": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleRole" + } + }, + "title": { + "type": "string" + }, + "type": { + "type": "string" + }, + "uuid": { + "type": "string" } } }, - "handler.GenericDataResponse-relational_CcfPoamItemMilestone": { + "oscalTypes_1_1_3.Diagram": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/relational.CcfPoamItemMilestone" - } - ] + "caption": { + "type": "string" + }, + "description": { + "type": "string" + }, + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Link" + } + }, + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Property" + } + }, + "remarks": { + "type": "string" + }, + "uuid": { + "type": "string" } } }, - "handler.GenericDataResponse-relational_Evidence": { + "oscalTypes_1_1_3.DocumentId": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/relational.Evidence" - } - ] + "identifier": { + "type": "string" + }, + "scheme": { + "type": "string" } } }, - "handler.GenericDataResponse-relational_Filter": { + "oscalTypes_1_1_3.EventTiming": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/relational.Filter" - } - ] + "at-frequency": { + "$ref": "#/definitions/oscalTypes_1_1_3.FrequencyCondition" + }, + "on-date": { + "$ref": "#/definitions/oscalTypes_1_1_3.OnDateCondition" + }, + "within-date-range": { + "$ref": "#/definitions/oscalTypes_1_1_3.OnDateRangeCondition" } } }, - "handler.GenericDataResponse-relational_User": { + "oscalTypes_1_1_3.Export": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/relational.User" - } - ] + "description": { + "type": "string" + }, + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Link" + } + }, + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Property" + } + }, + "provided": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.ProvidedControlImplementation" + } + }, + "remarks": { + "type": "string" + }, + "responsibilities": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.ControlImplementationResponsibility" + } } } }, - "handler.GenericDataResponse-string": { + "oscalTypes_1_1_3.Facet": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Link" + } + }, + "name": { + "type": "string" + }, + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Property" + } + }, + "remarks": { + "type": "string" + }, + "system": { + "type": "string" + }, + "value": { "type": "string" } } }, - "handler.HeartbeatCreateRequest": { + "oscalTypes_1_1_3.Finding": { "type": "object", - "required": [ - "created_at", - "uuid" - ], "properties": { - "created_at": { + "description": { + "type": "string" + }, + "implementation-statement-uuid": { + "type": "string" + }, + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Link" + } + }, + "origins": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Origin" + } + }, + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Property" + } + }, + "related-observations": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.RelatedObservation" + } + }, + "related-risks": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.AssociatedRisk" + } + }, + "remarks": { + "type": "string" + }, + "target": { + "$ref": "#/definitions/oscalTypes_1_1_3.FindingTarget" + }, + "title": { "type": "string" }, "uuid": { @@ -18960,385 +28104,487 @@ const docTemplate = `{ } } }, - "handler.OscalLikeEvidence": { + "oscalTypes_1_1_3.FindingTarget": { "type": "object", "properties": { - "activities": { + "description": { + "type": "string" + }, + "implementation-status": { + "$ref": "#/definitions/oscalTypes_1_1_3.ImplementationStatus" + }, + "links": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Activity" + "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, - "back-matter": { - "$ref": "#/definitions/oscalTypes_1_1_3.BackMatter" - }, - "components": { + "props": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.SystemComponent" + "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, - "description": { + "remarks": { "type": "string" }, - "end": { + "status": { + "$ref": "#/definitions/oscalTypes_1_1_3.ObjectiveStatus" + }, + "target-id": { "type": "string" }, - "expires": { + "title": { "type": "string" }, - "id": { + "type": { + "type": "string" + } + } + }, + "oscalTypes_1_1_3.FlatWithoutGrouping": { + "type": "object", + "additionalProperties": true + }, + "oscalTypes_1_1_3.FrequencyCondition": { + "type": "object", + "properties": { + "period": { + "type": "integer" + }, + "unit": { + "type": "string" + } + } + }, + "oscalTypes_1_1_3.Group": { + "type": "object", + "properties": { + "class": { "type": "string" }, - "inventory-items": { + "controls": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.InventoryItem" + "$ref": "#/definitions/oscalTypes_1_1_3.Control" } }, - "labels": { - "description": "Assigning labels to Evidence makes it searchable and easily usable in the UI", + "groups": { "type": "array", "items": { - "$ref": "#/definitions/relational.Labels" + "$ref": "#/definitions/oscalTypes_1_1_3.Group" } }, + "id": { + "type": "string" + }, "links": { "type": "array", "items": { "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, - "origins": { + "params": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Origin" + "$ref": "#/definitions/oscalTypes_1_1_3.Parameter" } }, - "props": { + "parts": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" + "$ref": "#/definitions/oscalTypes_1_1_3.Part" } }, - "remarks": { - "type": "string" - }, - "start": { - "description": "When did we start collecting the evidence, and when did the process end, and how long is it valid for ?", - "type": "string" - }, - "status": { - "$ref": "#/definitions/oscalTypes_1_1_3.ObjectiveStatus" - }, - "subjects": { + "props": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentSubject" + "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, "title": { "type": "string" + } + } + }, + "oscalTypes_1_1_3.Hash": { + "type": "object", + "properties": { + "algorithm": { + "type": "string" }, - "uuid": { - "description": "UUID needs to remain consistent when automation runs again, but unique for each subject.\nIt represents the \"stream\" of the same observation being made over time.", + "value": { "type": "string" } } }, - "handler.OverTime.HeartbeatInterval": { + "oscalTypes_1_1_3.IdentifiedSubject": { "type": "object", "properties": { - "interval": { + "subject-placeholder-uuid": { "type": "string" }, - "total": { - "type": "integer" + "subjects": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentSubject" + } } } }, - "handler.PoamItemWithLinksResponse": { + "oscalTypes_1_1_3.Impact": { "type": "object", "properties": { - "item": { - "$ref": "#/definitions/relational.CcfPoamItem" + "adjustment-justification": { + "type": "string" }, - "riskLinks": { + "base": { + "type": "string" + }, + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Link" + } + }, + "props": { "type": "array", "items": { - "$ref": "#/definitions/relational.CcfPoamItemRiskLink" + "$ref": "#/definitions/oscalTypes_1_1_3.Property" } + }, + "selected": { + "type": "string" } } }, - "handler.StatusCount": { + "oscalTypes_1_1_3.ImplementationStatus": { "type": "object", "properties": { - "count": { - "type": "integer" + "remarks": { + "type": "string" }, - "status": { + "state": { "type": "string" } } }, - "handler.StatusInterval": { + "oscalTypes_1_1_3.ImplementedComponent": { "type": "object", "properties": { - "interval": { + "component-uuid": { "type": "string" }, - "statuses": { + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Link" + } + }, + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Property" + } + }, + "remarks": { + "type": "string" + }, + "responsible-parties": { "type": "array", "items": { - "$ref": "#/definitions/handler.StatusCount" + "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleParty" } } } }, - "handler.UserHandler": { - "type": "object" - }, - "handler.createFilterRequest": { + "oscalTypes_1_1_3.ImplementedRequirement": { "type": "object", - "required": [ - "filter", - "name" - ], "properties": { - "components": { + "by-components": { "type": "array", "items": { - "type": "string" + "$ref": "#/definitions/oscalTypes_1_1_3.ByComponent" } }, - "controls": { + "control-id": { + "type": "string" + }, + "links": { "type": "array", "items": { - "type": "string" + "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, - "filter": { - "$ref": "#/definitions/labelfilter.Filter" + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Property" + } }, - "name": { - "type": "string" - } - } - }, - "handler.createMilestone": { - "type": "object", - "properties": { - "description": { + "remarks": { "type": "string" }, - "dueDate": { - "type": "string" + "responsible-roles": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleRole" + } }, - "status": { - "type": "string" + "set-parameters": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.SetParameter" + } }, - "title": { + "statements": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Statement" + } + }, + "uuid": { "type": "string" } } }, - "handler.createPoam": { + "oscalTypes_1_1_3.ImplementedRequirementControlImplementation": { "type": "object", "properties": { - "deadline": { + "control-id": { "type": "string" }, "description": { "type": "string" }, - "milestones": { + "links": { "type": "array", "items": { - "$ref": "#/definitions/handler.createMilestone" + "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, - "pocEmail": { - "type": "string" - }, - "pocName": { - "type": "string" - }, - "pocPhone": { - "type": "string" + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Property" + } }, "remarks": { "type": "string" }, - "resourceRequired": { - "type": "string" - }, - "riskIds": { + "responsible-roles": { "type": "array", "items": { - "type": "string" + "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleRole" } }, - "sspId": { - "type": "string" + "set-parameters": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.SetParameter" + } }, - "status": { - "type": "string" + "statements": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.ControlStatementImplementation" + } }, - "title": { + "uuid": { "type": "string" } } }, - "labelfilter.Condition": { + "oscalTypes_1_1_3.Import": { "type": "object", "properties": { - "label": { - "description": "Label name (e.g., \"type\", \"group\", \"app\").", + "exclude-controls": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.SelectControlById" + } + }, + "href": { "type": "string" }, - "operator": { - "description": "Operator (e.g., \"=\", \"!=\", etc.).", + "include-all": { + "$ref": "#/definitions/oscalTypes_1_1_3.IncludeAll" + }, + "include-controls": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.SelectControlById" + } + } + } + }, + "oscalTypes_1_1_3.ImportAp": { + "type": "object", + "properties": { + "href": { "type": "string" }, - "value": { - "description": "Value for the condition (e.g., \"ssh\", \"prod\").", + "remarks": { "type": "string" } } }, - "labelfilter.Filter": { + "oscalTypes_1_1_3.ImportComponentDefinition": { "type": "object", "properties": { - "scope": { - "$ref": "#/definitions/labelfilter.Scope" + "href": { + "type": "string" } } }, - "labelfilter.Query": { + "oscalTypes_1_1_3.ImportProfile": { "type": "object", "properties": { - "operator": { - "description": "Logical operator (e.g., \"AND\", \"OR\").", + "href": { "type": "string" }, - "scopes": { - "description": "Scopes can be either ` + "`" + `Condition` + "`" + ` or nested ` + "`" + `Query` + "`" + `.", - "type": "array", - "items": { - "$ref": "#/definitions/labelfilter.Scope" - } + "remarks": { + "type": "string" } } }, - "labelfilter.Scope": { + "oscalTypes_1_1_3.ImportSsp": { "type": "object", "properties": { - "condition": { - "$ref": "#/definitions/labelfilter.Condition" + "href": { + "type": "string" }, - "query": { - "$ref": "#/definitions/labelfilter.Query" + "remarks": { + "type": "string" } } }, - "oscal.BuildByPropsRequest": { + "oscalTypes_1_1_3.IncludeAll": { + "type": "object", + "additionalProperties": true + }, + "oscalTypes_1_1_3.IncorporatesComponent": { "type": "object", "properties": { - "catalogId": { + "component-uuid": { "type": "string" }, - "matchStrategy": { - "description": "all | any", + "description": { "type": "string" + } + } + }, + "oscalTypes_1_1_3.InformationType": { + "type": "object", + "properties": { + "availability-impact": { + "$ref": "#/definitions/oscalTypes_1_1_3.Impact" }, - "rules": { + "categorizations": { "type": "array", "items": { - "$ref": "#/definitions/oscal.rule" + "$ref": "#/definitions/oscalTypes_1_1_3.InformationTypeCategorization" + } + }, + "confidentiality-impact": { + "$ref": "#/definitions/oscalTypes_1_1_3.Impact" + }, + "description": { + "type": "string" + }, + "integrity-impact": { + "$ref": "#/definitions/oscalTypes_1_1_3.Impact" + }, + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Link" + } + }, + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, "title": { "type": "string" }, - "version": { + "uuid": { "type": "string" } } }, - "oscal.BuildByPropsResponse": { + "oscalTypes_1_1_3.InformationTypeCategorization": { "type": "object", "properties": { - "controlIds": { + "information-type-ids": { "type": "array", "items": { "type": "string" } }, - "profile": { - "$ref": "#/definitions/oscalTypes_1_1_3.Profile" - }, - "profileId": { + "system": { "type": "string" } } }, - "oscal.CreateInventoryItemRequest": { + "oscalTypes_1_1_3.InheritedControlImplementation": { "type": "object", "properties": { - "destination": { - "description": "\"ssp\", \"poam\", or \"unattached\"", + "description": { "type": "string" }, - "destination_id": { - "type": "string" + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Link" + } }, - "inventory_item": { - "$ref": "#/definitions/oscalTypes_1_1_3.InventoryItem" - } - } - }, - "oscal.ImportFileResult": { - "type": "object", - "properties": { - "filename": { - "type": "string" + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Property" + } }, - "message": { + "provided-uuid": { "type": "string" }, - "success": { - "type": "boolean" - }, - "title": { - "type": "string" + "responsible-roles": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleRole" + } }, - "type": { + "uuid": { "type": "string" } } }, - "oscal.ImportResponse": { - "type": "object", - "properties": { - "failed_count": { - "type": "integer" - }, - "results": { + "oscalTypes_1_1_3.InsertControls": { + "type": "object", + "properties": { + "exclude-controls": { "type": "array", "items": { - "$ref": "#/definitions/oscal.ImportFileResult" + "$ref": "#/definitions/oscalTypes_1_1_3.SelectControlById" } }, - "successful_count": { - "type": "integer" + "include-all": { + "$ref": "#/definitions/oscalTypes_1_1_3.IncludeAll" }, - "total_files": { - "type": "integer" + "include-controls": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.SelectControlById" + } + }, + "order": { + "type": "string" } } }, - "oscal.InventoryItemWithSource": { + "oscalTypes_1_1_3.InventoryItem": { "type": "object", "properties": { "description": { @@ -19371,13 +28617,36 @@ const docTemplate = `{ "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleParty" } }, - "source": { + "uuid": { + "type": "string" + } + } + }, + "oscalTypes_1_1_3.LeveragedAuthorization": { + "type": "object", + "properties": { + "date-authorized": { "type": "string" }, - "source_id": { + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Link" + } + }, + "party-uuid": { "type": "string" }, - "source_type": { + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Property" + } + }, + "remarks": { + "type": "string" + }, + "title": { "type": "string" }, "uuid": { @@ -19385,70 +28654,107 @@ const docTemplate = `{ } } }, - "oscal.ProfileHandler": { - "type": "object" - }, - "oscal.rule": { + "oscalTypes_1_1_3.Link": { "type": "object", "properties": { - "name": { + "href": { "type": "string" }, - "ns": { + "media-type": { "type": "string" }, - "operator": { - "description": "equals | contains | regex | in", + "rel": { "type": "string" }, - "value": { + "resource-fragment": { + "type": "string" + }, + "text": { "type": "string" } } }, - "oscalTypes_1_1_3.Action": { + "oscalTypes_1_1_3.LocalDefinitions": { "type": "object", "properties": { - "date": { - "type": "string" + "activities": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Activity" + } }, - "links": { + "components": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" + "$ref": "#/definitions/oscalTypes_1_1_3.SystemComponent" } }, - "props": { + "inventory-items": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" + "$ref": "#/definitions/oscalTypes_1_1_3.InventoryItem" + } + }, + "objectives-and-methods": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.LocalObjective" } }, "remarks": { "type": "string" }, - "responsible-parties": { + "users": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleParty" + "$ref": "#/definitions/oscalTypes_1_1_3.SystemUser" } - }, - "system": { + } + } + }, + "oscalTypes_1_1_3.LocalObjective": { + "type": "object", + "properties": { + "control-id": { "type": "string" }, - "type": { + "description": { "type": "string" }, - "uuid": { + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Link" + } + }, + "parts": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Part" + } + }, + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Property" + } + }, + "remarks": { "type": "string" } } }, - "oscalTypes_1_1_3.Activity": { + "oscalTypes_1_1_3.Location": { "type": "object", "properties": { - "description": { - "type": "string" + "address": { + "$ref": "#/definitions/oscalTypes_1_1_3.Address" + }, + "email-addresses": { + "type": "array", + "items": { + "type": "string" + } }, "links": { "type": "array", @@ -19462,136 +28768,150 @@ const docTemplate = `{ "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, - "related-controls": { - "$ref": "#/definitions/oscalTypes_1_1_3.ReviewedControls" - }, "remarks": { "type": "string" }, - "responsible-roles": { + "telephone-numbers": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleRole" + "$ref": "#/definitions/oscalTypes_1_1_3.TelephoneNumber" } }, - "steps": { + "title": { + "type": "string" + }, + "urls": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Step" + "type": "string" } }, - "title": { + "uuid": { + "type": "string" + } + } + }, + "oscalTypes_1_1_3.LoggedBy": { + "type": "object", + "properties": { + "party-uuid": { "type": "string" }, - "uuid": { + "role-id": { "type": "string" } } }, - "oscalTypes_1_1_3.Addition": { + "oscalTypes_1_1_3.Matching": { "type": "object", "properties": { - "by-id": { + "pattern": { "type": "string" + } + } + }, + "oscalTypes_1_1_3.Merge": { + "type": "object", + "properties": { + "as-is": { + "type": "boolean" }, - "links": { + "combine": { + "$ref": "#/definitions/oscalTypes_1_1_3.CombinationRule" + }, + "custom": { + "$ref": "#/definitions/oscalTypes_1_1_3.CustomGrouping" + }, + "flat": { + "$ref": "#/definitions/oscalTypes_1_1_3.FlatWithoutGrouping" + } + } + }, + "oscalTypes_1_1_3.Metadata": { + "type": "object", + "properties": { + "actions": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" + "$ref": "#/definitions/oscalTypes_1_1_3.Action" } }, - "params": { + "document-ids": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Parameter" + "$ref": "#/definitions/oscalTypes_1_1_3.DocumentId" } }, - "parts": { + "last-modified": { + "type": "string" + }, + "links": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Part" + "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, - "position": { - "type": "string" - }, - "props": { + "locations": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" + "$ref": "#/definitions/oscalTypes_1_1_3.Location" } }, - "title": { + "oscal-version": { "type": "string" - } - } - }, - "oscalTypes_1_1_3.Address": { - "type": "object", - "properties": { - "addr-lines": { + }, + "parties": { "type": "array", "items": { - "type": "string" + "$ref": "#/definitions/oscalTypes_1_1_3.Party" } }, - "city": { - "type": "string" + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Property" + } }, - "country": { + "published": { "type": "string" }, - "postal-code": { + "remarks": { "type": "string" }, - "state": { - "type": "string" + "responsible-parties": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleParty" + } }, - "type": { - "type": "string" - } - } - }, - "oscalTypes_1_1_3.Alteration": { - "type": "object", - "properties": { - "adds": { + "revisions": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.RevisionHistoryEntry" + } + }, + "roles": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Addition" + "$ref": "#/definitions/oscalTypes_1_1_3.Role" } }, - "control-id": { + "title": { "type": "string" }, - "removes": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Removal" - } + "version": { + "type": "string" } } }, - "oscalTypes_1_1_3.AssessedControls": { + "oscalTypes_1_1_3.MitigatingFactor": { "type": "object", "properties": { "description": { "type": "string" }, - "exclude-controls": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.AssessedControlsSelectControlById" - } - }, - "include-all": { - "$ref": "#/definitions/oscalTypes_1_1_3.IncludeAll" - }, - "include-controls": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.AssessedControlsSelectControlById" - } + "implementation-uuid": { + "type": "string" }, "links": { "type": "array", @@ -19605,60 +28925,87 @@ const docTemplate = `{ "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, - "remarks": { + "subjects": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.SubjectReference" + } + }, + "uuid": { "type": "string" } } }, - "oscalTypes_1_1_3.AssessedControlsSelectControlById": { + "oscalTypes_1_1_3.Modify": { "type": "object", "properties": { - "control-id": { - "type": "string" + "alters": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Alteration" + } }, - "statement-ids": { + "set-parameters": { "type": "array", "items": { - "type": "string" + "$ref": "#/definitions/oscalTypes_1_1_3.ParameterSetting" } } } }, - "oscalTypes_1_1_3.AssessmentAssets": { + "oscalTypes_1_1_3.NetworkArchitecture": { "type": "object", "properties": { - "assessment-platforms": { + "description": { + "type": "string" + }, + "diagrams": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentPlatform" + "$ref": "#/definitions/oscalTypes_1_1_3.Diagram" } }, - "components": { + "links": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.SystemComponent" + "$ref": "#/definitions/oscalTypes_1_1_3.Link" + } + }, + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Property" } + }, + "remarks": { + "type": "string" } } }, - "oscalTypes_1_1_3.AssessmentLog": { + "oscalTypes_1_1_3.ObjectiveStatus": { "type": "object", "properties": { - "entries": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentLogEntry" - } + "reason": { + "type": "string" + }, + "remarks": { + "type": "string" + }, + "state": { + "type": "string" } } }, - "oscalTypes_1_1_3.AssessmentLogEntry": { + "oscalTypes_1_1_3.Observation": { "type": "object", "properties": { + "collected": { + "type": "string" + }, "description": { "type": "string" }, - "end": { + "expires": { "type": "string" }, "links": { @@ -19667,10 +29014,16 @@ const docTemplate = `{ "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, - "logged-by": { + "methods": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.LoggedBy" + "type": "string" + } + }, + "origins": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Origin" } }, "props": { @@ -19679,48 +29032,81 @@ const docTemplate = `{ "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, - "related-tasks": { + "relevant-evidence": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.RelatedTask" + "$ref": "#/definitions/oscalTypes_1_1_3.RelevantEvidence" } }, "remarks": { "type": "string" }, - "start": { - "type": "string" + "subjects": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.SubjectReference" + } }, "title": { "type": "string" }, + "types": { + "type": "array", + "items": { + "type": "string" + } + }, "uuid": { "type": "string" } } }, - "oscalTypes_1_1_3.AssessmentPart": { + "oscalTypes_1_1_3.OnDateCondition": { "type": "object", "properties": { - "class": { + "date": { + "type": "string" + } + } + }, + "oscalTypes_1_1_3.OnDateRangeCondition": { + "type": "object", + "properties": { + "end": { "type": "string" }, - "links": { + "start": { + "type": "string" + } + } + }, + "oscalTypes_1_1_3.Origin": { + "type": "object", + "properties": { + "actors": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" + "$ref": "#/definitions/oscalTypes_1_1_3.OriginActor" } }, - "name": { - "type": "string" - }, - "ns": { + "related-tasks": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.RelatedTask" + } + } + } + }, + "oscalTypes_1_1_3.OriginActor": { + "type": "object", + "properties": { + "actor-uuid": { "type": "string" }, - "parts": { + "links": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentPart" + "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, "props": { @@ -19729,72 +29115,41 @@ const docTemplate = `{ "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, - "prose": { - "type": "string" - }, - "title": { + "role-id": { "type": "string" }, - "uuid": { + "type": { "type": "string" } } }, - "oscalTypes_1_1_3.AssessmentPlan": { + "oscalTypes_1_1_3.Parameter": { "type": "object", "properties": { - "assessment-assets": { - "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentAssets" + "class": { + "type": "string" }, - "assessment-subjects": { + "constraints": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentSubject" + "$ref": "#/definitions/oscalTypes_1_1_3.ParameterConstraint" } }, - "back-matter": { - "$ref": "#/definitions/oscalTypes_1_1_3.BackMatter" - }, - "import-ssp": { - "$ref": "#/definitions/oscalTypes_1_1_3.ImportSsp" - }, - "local-definitions": { - "$ref": "#/definitions/oscalTypes_1_1_3.LocalDefinitions" - }, - "metadata": { - "$ref": "#/definitions/oscalTypes_1_1_3.Metadata" - }, - "reviewed-controls": { - "$ref": "#/definitions/oscalTypes_1_1_3.ReviewedControls" + "depends-on": { + "type": "string" }, - "tasks": { + "guidelines": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Task" + "$ref": "#/definitions/oscalTypes_1_1_3.ParameterGuideline" } }, - "terms-and-conditions": { - "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentPlanTermsAndConditions" + "id": { + "type": "string" }, - "uuid": { + "label": { "type": "string" - } - } - }, - "oscalTypes_1_1_3.AssessmentPlanTermsAndConditions": { - "type": "object", - "properties": { - "parts": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentPart" - } - } - } - }, - "oscalTypes_1_1_3.AssessmentPlatform": { - "type": "object", - "properties": { + }, "links": { "type": "array", "items": { @@ -19810,91 +29165,116 @@ const docTemplate = `{ "remarks": { "type": "string" }, - "title": { + "select": { + "$ref": "#/definitions/oscalTypes_1_1_3.ParameterSelection" + }, + "usage": { "type": "string" }, - "uses-components": { + "values": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.UsesComponent" + "type": "string" } + } + } + }, + "oscalTypes_1_1_3.ParameterConstraint": { + "type": "object", + "properties": { + "description": { + "type": "string" }, - "uuid": { + "tests": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.ConstraintTest" + } + } + } + }, + "oscalTypes_1_1_3.ParameterGuideline": { + "type": "object", + "properties": { + "prose": { "type": "string" } } }, - "oscalTypes_1_1_3.AssessmentResults": { + "oscalTypes_1_1_3.ParameterSelection": { "type": "object", "properties": { - "back-matter": { - "$ref": "#/definitions/oscalTypes_1_1_3.BackMatter" - }, - "import-ap": { - "$ref": "#/definitions/oscalTypes_1_1_3.ImportAp" - }, - "local-definitions": { - "$ref": "#/definitions/oscalTypes_1_1_3.LocalDefinitions" - }, - "metadata": { - "$ref": "#/definitions/oscalTypes_1_1_3.Metadata" - }, - "results": { + "choice": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Result" + "type": "string" } }, - "uuid": { + "how-many": { "type": "string" } } }, - "oscalTypes_1_1_3.AssessmentSubject": { + "oscalTypes_1_1_3.ParameterSetting": { "type": "object", "properties": { - "description": { + "class": { "type": "string" }, - "exclude-subjects": { + "constraints": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.SelectSubjectById" + "$ref": "#/definitions/oscalTypes_1_1_3.ParameterConstraint" } }, - "include-all": { - "$ref": "#/definitions/oscalTypes_1_1_3.IncludeAll" + "depends-on": { + "type": "string" }, - "include-subjects": { + "guidelines": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.SelectSubjectById" + "$ref": "#/definitions/oscalTypes_1_1_3.ParameterGuideline" } }, + "label": { + "type": "string" + }, "links": { "type": "array", "items": { "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, + "param-id": { + "type": "string" + }, "props": { "type": "array", "items": { "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, - "remarks": { - "type": "string" + "select": { + "$ref": "#/definitions/oscalTypes_1_1_3.ParameterSelection" }, - "type": { + "usage": { "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } } } }, - "oscalTypes_1_1_3.AssociatedActivity": { + "oscalTypes_1_1_3.Part": { "type": "object", "properties": { - "activity-uuid": { + "class": { + "type": "string" + }, + "id": { "type": "string" }, "links": { @@ -19903,64 +29283,51 @@ const docTemplate = `{ "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" - } + "name": { + "type": "string" }, - "remarks": { + "ns": { "type": "string" }, - "responsible-roles": { + "parts": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleRole" + "$ref": "#/definitions/oscalTypes_1_1_3.Part" } }, - "subjects": { + "props": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentSubject" + "$ref": "#/definitions/oscalTypes_1_1_3.Property" } - } - } - }, - "oscalTypes_1_1_3.AssociatedRisk": { - "type": "object", - "properties": { - "risk-uuid": { + }, + "prose": { + "type": "string" + }, + "title": { "type": "string" } } }, - "oscalTypes_1_1_3.AttestationStatements": { + "oscalTypes_1_1_3.Party": { "type": "object", "properties": { - "parts": { + "addresses": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentPart" + "$ref": "#/definitions/oscalTypes_1_1_3.Address" } }, - "responsible-parties": { + "email-addresses": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleParty" + "type": "string" } - } - } - }, - "oscalTypes_1_1_3.AuthorizationBoundary": { - "type": "object", - "properties": { - "description": { - "type": "string" }, - "diagrams": { + "external-ids": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Diagram" + "$ref": "#/definitions/oscalTypes_1_1_3.PartyExternalIdentifier" } }, "links": { @@ -19969,6 +29336,21 @@ const docTemplate = `{ "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, + "location-uuids": { + "type": "array", + "items": { + "type": "string" + } + }, + "member-of-organizations": { + "type": "array", + "items": { + "type": "string" + } + }, + "name": { + "type": "string" + }, "props": { "type": "array", "items": { @@ -19977,212 +29359,261 @@ const docTemplate = `{ }, "remarks": { "type": "string" - } - } - }, - "oscalTypes_1_1_3.AuthorizedPrivilege": { - "type": "object", - "properties": { - "description": { + }, + "short-name": { "type": "string" }, - "functions-performed": { + "telephone-numbers": { "type": "array", "items": { - "type": "string" + "$ref": "#/definitions/oscalTypes_1_1_3.TelephoneNumber" } }, - "title": { + "type": { + "type": "string" + }, + "uuid": { "type": "string" } } }, - "oscalTypes_1_1_3.BackMatter": { - "type": "object", - "properties": { - "resources": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Resource" - } - } - } - }, - "oscalTypes_1_1_3.Base64": { + "oscalTypes_1_1_3.PartyExternalIdentifier": { "type": "object", "properties": { - "filename": { - "type": "string" - }, - "media-type": { + "id": { "type": "string" }, - "value": { + "scheme": { "type": "string" } } }, - "oscalTypes_1_1_3.ByComponent": { + "oscalTypes_1_1_3.PlanOfActionAndMilestones": { "type": "object", "properties": { - "component-uuid": { - "type": "string" + "back-matter": { + "$ref": "#/definitions/oscalTypes_1_1_3.BackMatter" }, - "description": { - "type": "string" + "findings": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Finding" + } }, - "export": { - "$ref": "#/definitions/oscalTypes_1_1_3.Export" + "import-ssp": { + "$ref": "#/definitions/oscalTypes_1_1_3.ImportSsp" }, - "implementation-status": { - "$ref": "#/definitions/oscalTypes_1_1_3.ImplementationStatus" + "local-definitions": { + "$ref": "#/definitions/oscalTypes_1_1_3.PlanOfActionAndMilestonesLocalDefinitions" }, - "inherited": { + "metadata": { + "$ref": "#/definitions/oscalTypes_1_1_3.Metadata" + }, + "observations": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.InheritedControlImplementation" + "$ref": "#/definitions/oscalTypes_1_1_3.Observation" } }, - "links": { + "poam-items": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" + "$ref": "#/definitions/oscalTypes_1_1_3.PoamItem" } }, - "props": { + "risks": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" + "$ref": "#/definitions/oscalTypes_1_1_3.Risk" } }, - "remarks": { - "type": "string" + "system-id": { + "$ref": "#/definitions/oscalTypes_1_1_3.SystemId" }, - "responsible-roles": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleRole" - } + "uuid": { + "type": "string" + } + } + }, + "oscalTypes_1_1_3.PlanOfActionAndMilestonesLocalDefinitions": { + "type": "object", + "properties": { + "assessment-assets": { + "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentAssets" }, - "satisfied": { + "components": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.SatisfiedControlImplementationResponsibility" + "$ref": "#/definitions/oscalTypes_1_1_3.SystemComponent" } }, - "set-parameters": { + "inventory-items": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.SetParameter" + "$ref": "#/definitions/oscalTypes_1_1_3.InventoryItem" } }, - "uuid": { + "remarks": { "type": "string" } } }, - "oscalTypes_1_1_3.Capability": { + "oscalTypes_1_1_3.PoamItem": { "type": "object", "properties": { - "control-implementations": { + "description": { + "type": "string" + }, + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Link" + } + }, + "origins": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.PoamItemOrigin" + } + }, + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Property" + } + }, + "related-findings": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ControlImplementationSet" + "$ref": "#/definitions/oscalTypes_1_1_3.RelatedFinding" } }, - "description": { - "type": "string" - }, - "incorporates-components": { + "related-observations": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.IncorporatesComponent" + "$ref": "#/definitions/oscalTypes_1_1_3.RelatedObservation" } }, - "links": { + "related-risks": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" + "$ref": "#/definitions/oscalTypes_1_1_3.AssociatedRisk" } }, - "name": { + "remarks": { "type": "string" }, - "props": { + "title": { + "type": "string" + }, + "uuid": { + "type": "string" + } + } + }, + "oscalTypes_1_1_3.PoamItemOrigin": { + "type": "object", + "properties": { + "actors": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" + "$ref": "#/definitions/oscalTypes_1_1_3.OriginActor" } + } + } + }, + "oscalTypes_1_1_3.PortRange": { + "type": "object", + "properties": { + "end": { + "type": "integer" }, - "remarks": { - "type": "string" + "start": { + "type": "integer" }, - "uuid": { + "transport": { "type": "string" } } }, - "oscalTypes_1_1_3.Catalog": { + "oscalTypes_1_1_3.Profile": { "type": "object", "properties": { "back-matter": { "$ref": "#/definitions/oscalTypes_1_1_3.BackMatter" }, - "controls": { + "imports": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Control" + "$ref": "#/definitions/oscalTypes_1_1_3.Import" } }, - "groups": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Group" - } + "merge": { + "$ref": "#/definitions/oscalTypes_1_1_3.Merge" }, "metadata": { "$ref": "#/definitions/oscalTypes_1_1_3.Metadata" }, - "params": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Parameter" - } + "modify": { + "$ref": "#/definitions/oscalTypes_1_1_3.Modify" }, "uuid": { "type": "string" } } }, - "oscalTypes_1_1_3.Characterization": { + "oscalTypes_1_1_3.Property": { "type": "object", "properties": { - "facets": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Facet" - } + "class": { + "type": "string" }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" - } + "group": { + "type": "string" }, - "origin": { - "$ref": "#/definitions/oscalTypes_1_1_3.Origin" + "name": { + "type": "string" }, - "props": { + "ns": { + "type": "string" + }, + "remarks": { + "type": "string" + }, + "uuid": { + "type": "string" + }, + "value": { + "type": "string" + } + } + }, + "oscalTypes_1_1_3.Protocol": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "port-ranges": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" + "$ref": "#/definitions/oscalTypes_1_1_3.PortRange" } + }, + "title": { + "type": "string" + }, + "uuid": { + "type": "string" } } }, - "oscalTypes_1_1_3.Citation": { + "oscalTypes_1_1_3.ProvidedControlImplementation": { "type": "object", "properties": { + "description": { + "type": "string" + }, "links": { "type": "array", "items": { @@ -20195,76 +29626,79 @@ const docTemplate = `{ "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, - "text": { + "remarks": { "type": "string" - } - } - }, - "oscalTypes_1_1_3.CombinationRule": { - "type": "object", - "properties": { - "method": { + }, + "responsible-roles": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleRole" + } + }, + "uuid": { "type": "string" } } }, - "oscalTypes_1_1_3.ComponentDefinition": { + "oscalTypes_1_1_3.ReferencedControlObjectives": { "type": "object", "properties": { - "back-matter": { - "$ref": "#/definitions/oscalTypes_1_1_3.BackMatter" + "description": { + "type": "string" }, - "capabilities": { + "exclude-objectives": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Capability" + "$ref": "#/definitions/oscalTypes_1_1_3.SelectObjectiveById" } }, - "components": { + "include-all": { + "$ref": "#/definitions/oscalTypes_1_1_3.IncludeAll" + }, + "include-objectives": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.DefinedComponent" + "$ref": "#/definitions/oscalTypes_1_1_3.SelectObjectiveById" } }, - "import-component-definitions": { + "links": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ImportComponentDefinition" + "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, - "metadata": { - "$ref": "#/definitions/oscalTypes_1_1_3.Metadata" + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Property" + } }, - "uuid": { + "remarks": { "type": "string" } } }, - "oscalTypes_1_1_3.ConstraintTest": { + "oscalTypes_1_1_3.RelatedFinding": { "type": "object", "properties": { - "expression": { - "type": "string" - }, - "remarks": { + "finding-uuid": { "type": "string" } } }, - "oscalTypes_1_1_3.Control": { + "oscalTypes_1_1_3.RelatedObservation": { "type": "object", "properties": { - "class": { - "type": "string" - }, - "controls": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Control" - } - }, - "id": { + "observation-uuid": { "type": "string" + } + } + }, + "oscalTypes_1_1_3.RelatedTask": { + "type": "object", + "properties": { + "identified-subject": { + "$ref": "#/definitions/oscalTypes_1_1_3.IdentifiedSubject" }, "links": { "type": "array", @@ -20272,55 +29706,41 @@ const docTemplate = `{ "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, - "params": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Parameter" - } - }, - "parts": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Part" - } - }, "props": { "type": "array", "items": { "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, - "title": { - "type": "string" - } - } - }, - "oscalTypes_1_1_3.ControlImplementation": { - "type": "object", - "properties": { - "description": { + "remarks": { "type": "string" }, - "implemented-requirements": { + "responsible-parties": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ImplementedRequirement" + "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleParty" } }, - "set-parameters": { + "subjects": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.SetParameter" + "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentSubject" } + }, + "task-uuid": { + "type": "string" } } }, - "oscalTypes_1_1_3.ControlImplementationResponsibility": { + "oscalTypes_1_1_3.RelevantEvidence": { "type": "object", "properties": { "description": { "type": "string" }, + "href": { + "type": "string" + }, "links": { "type": "array", "items": { @@ -20333,35 +29753,37 @@ const docTemplate = `{ "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, - "provided-uuid": { + "remarks": { + "type": "string" + } + } + }, + "oscalTypes_1_1_3.Removal": { + "type": "object", + "properties": { + "by-class": { "type": "string" }, - "remarks": { + "by-id": { "type": "string" }, - "responsible-roles": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleRole" - } + "by-item-name": { + "type": "string" }, - "uuid": { + "by-name": { + "type": "string" + }, + "by-ns": { "type": "string" } } }, - "oscalTypes_1_1_3.ControlImplementationSet": { + "oscalTypes_1_1_3.RequiredAsset": { "type": "object", "properties": { "description": { "type": "string" }, - "implemented-requirements": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ImplementedRequirementControlImplementation" - } - }, "links": { "type": "array", "items": { @@ -20374,13 +29796,16 @@ const docTemplate = `{ "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, - "set-parameters": { + "remarks": { + "type": "string" + }, + "subjects": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.SetParameter" + "$ref": "#/definitions/oscalTypes_1_1_3.SubjectReference" } }, - "source": { + "title": { "type": "string" }, "uuid": { @@ -20388,16 +29813,22 @@ const docTemplate = `{ } } }, - "oscalTypes_1_1_3.ControlStatementImplementation": { + "oscalTypes_1_1_3.Resource": { "type": "object", "properties": { + "base64": { + "$ref": "#/definitions/oscalTypes_1_1_3.Base64" + }, + "citation": { + "$ref": "#/definitions/oscalTypes_1_1_3.Citation" + }, "description": { "type": "string" }, - "links": { + "document-ids": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" + "$ref": "#/definitions/oscalTypes_1_1_3.DocumentId" } }, "props": { @@ -20409,13 +29840,13 @@ const docTemplate = `{ "remarks": { "type": "string" }, - "responsible-roles": { + "rlinks": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleRole" + "$ref": "#/definitions/oscalTypes_1_1_3.ResourceLink" } }, - "statement-id": { + "title": { "type": "string" }, "uuid": { @@ -20423,60 +29854,42 @@ const docTemplate = `{ } } }, - "oscalTypes_1_1_3.CustomGrouping": { + "oscalTypes_1_1_3.ResourceLink": { "type": "object", "properties": { - "groups": { + "hashes": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.CustomGroupingGroup" + "$ref": "#/definitions/oscalTypes_1_1_3.Hash" } }, - "insert-controls": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.InsertControls" - } + "href": { + "type": "string" + }, + "media-type": { + "type": "string" } } }, - "oscalTypes_1_1_3.CustomGroupingGroup": { + "oscalTypes_1_1_3.Response": { "type": "object", "properties": { - "class": { + "description": { "type": "string" }, - "groups": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.CustomGroupingGroup" - } - }, - "id": { + "lifecycle": { "type": "string" }, - "insert-controls": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.InsertControls" - } - }, "links": { "type": "array", "items": { "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, - "params": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Parameter" - } - }, - "parts": { + "origins": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Part" + "$ref": "#/definitions/oscalTypes_1_1_3.Origin" } }, "props": { @@ -20485,108 +29898,73 @@ const docTemplate = `{ "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, - "title": { - "type": "string" - } - } - }, - "oscalTypes_1_1_3.DataFlow": { - "type": "object", - "properties": { - "description": { + "remarks": { "type": "string" }, - "diagrams": { + "required-assets": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Diagram" + "$ref": "#/definitions/oscalTypes_1_1_3.RequiredAsset" } }, - "links": { + "tasks": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" + "$ref": "#/definitions/oscalTypes_1_1_3.Task" } }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" - } + "title": { + "type": "string" }, - "remarks": { + "uuid": { "type": "string" } } }, - "oscalTypes_1_1_3.DefinedComponent": { + "oscalTypes_1_1_3.ResponsibleParty": { "type": "object", "properties": { - "control-implementations": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ControlImplementationSet" - } - }, - "description": { - "type": "string" - }, "links": { "type": "array", "items": { "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, - "props": { + "party-uuids": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" + "type": "string" } }, - "protocols": { + "props": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Protocol" + "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, - "purpose": { - "type": "string" - }, "remarks": { "type": "string" }, - "responsible-roles": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleRole" - } - }, - "title": { - "type": "string" - }, - "type": { - "type": "string" - }, - "uuid": { + "role-id": { "type": "string" } } }, - "oscalTypes_1_1_3.Diagram": { + "oscalTypes_1_1_3.ResponsibleRole": { "type": "object", "properties": { - "caption": { - "type": "string" - }, - "description": { - "type": "string" - }, "links": { "type": "array", "items": { "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, + "party-uuids": { + "type": "array", + "items": { + "type": "string" + } + }, "props": { "type": "array", "items": { @@ -20596,288 +29974,241 @@ const docTemplate = `{ "remarks": { "type": "string" }, - "uuid": { - "type": "string" - } - } - }, - "oscalTypes_1_1_3.DocumentId": { - "type": "object", - "properties": { - "identifier": { - "type": "string" - }, - "scheme": { + "role-id": { "type": "string" } } }, - "oscalTypes_1_1_3.EventTiming": { + "oscalTypes_1_1_3.Result": { "type": "object", "properties": { - "at-frequency": { - "$ref": "#/definitions/oscalTypes_1_1_3.FrequencyCondition" + "assessment-log": { + "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentLog" }, - "on-date": { - "$ref": "#/definitions/oscalTypes_1_1_3.OnDateCondition" + "attestations": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.AttestationStatements" + } }, - "within-date-range": { - "$ref": "#/definitions/oscalTypes_1_1_3.OnDateRangeCondition" - } - } - }, - "oscalTypes_1_1_3.Export": { - "type": "object", - "properties": { "description": { "type": "string" }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" - } + "end": { + "type": "string" }, - "props": { + "findings": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" + "$ref": "#/definitions/oscalTypes_1_1_3.Finding" } }, - "provided": { + "links": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ProvidedControlImplementation" + "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, - "remarks": { - "type": "string" + "local-definitions": { + "$ref": "#/definitions/oscalTypes_1_1_3.LocalDefinitions" }, - "responsibilities": { + "observations": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ControlImplementationResponsibility" + "$ref": "#/definitions/oscalTypes_1_1_3.Observation" } - } - } - }, - "oscalTypes_1_1_3.Facet": { - "type": "object", - "properties": { - "links": { + }, + "props": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" + "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, - "name": { + "remarks": { "type": "string" }, - "props": { + "reviewed-controls": { + "$ref": "#/definitions/oscalTypes_1_1_3.ReviewedControls" + }, + "risks": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" + "$ref": "#/definitions/oscalTypes_1_1_3.Risk" } }, - "remarks": { + "start": { "type": "string" }, - "system": { + "title": { "type": "string" }, - "value": { + "uuid": { "type": "string" } } }, - "oscalTypes_1_1_3.Finding": { + "oscalTypes_1_1_3.ReviewedControls": { "type": "object", - "properties": { - "description": { - "type": "string" - }, - "implementation-statement-uuid": { - "type": "string" - }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" - } - }, - "origins": { + "properties": { + "control-objective-selections": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Origin" + "$ref": "#/definitions/oscalTypes_1_1_3.ReferencedControlObjectives" } }, - "props": { + "control-selections": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" + "$ref": "#/definitions/oscalTypes_1_1_3.AssessedControls" } }, - "related-observations": { + "description": { + "type": "string" + }, + "links": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.RelatedObservation" + "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, - "related-risks": { + "props": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.AssociatedRisk" + "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, "remarks": { "type": "string" - }, - "target": { - "$ref": "#/definitions/oscalTypes_1_1_3.FindingTarget" - }, - "title": { - "type": "string" - }, - "uuid": { - "type": "string" } } }, - "oscalTypes_1_1_3.FindingTarget": { + "oscalTypes_1_1_3.RevisionHistoryEntry": { "type": "object", "properties": { - "description": { + "last-modified": { "type": "string" }, - "implementation-status": { - "$ref": "#/definitions/oscalTypes_1_1_3.ImplementationStatus" - }, "links": { "type": "array", "items": { "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, + "oscal-version": { + "type": "string" + }, "props": { "type": "array", "items": { "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, - "remarks": { + "published": { "type": "string" }, - "status": { - "$ref": "#/definitions/oscalTypes_1_1_3.ObjectiveStatus" - }, - "target-id": { + "remarks": { "type": "string" }, "title": { "type": "string" }, - "type": { + "version": { "type": "string" } } }, - "oscalTypes_1_1_3.FlatWithoutGrouping": { - "type": "object", - "additionalProperties": true - }, - "oscalTypes_1_1_3.FrequencyCondition": { + "oscalTypes_1_1_3.Risk": { "type": "object", "properties": { - "period": { - "type": "integer" + "characterizations": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Characterization" + } }, - "unit": { + "deadline": { "type": "string" - } - } - }, - "oscalTypes_1_1_3.Group": { - "type": "object", - "properties": { - "class": { + }, + "description": { "type": "string" }, - "controls": { + "links": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Control" + "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, - "groups": { + "mitigating-factors": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Group" + "$ref": "#/definitions/oscalTypes_1_1_3.MitigatingFactor" } }, - "id": { - "type": "string" + "origins": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Origin" + } }, - "links": { + "props": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" + "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, - "params": { + "related-observations": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Parameter" + "$ref": "#/definitions/oscalTypes_1_1_3.RelatedObservation" } }, - "parts": { + "remediations": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Part" + "$ref": "#/definitions/oscalTypes_1_1_3.Response" } }, - "props": { + "risk-log": { + "$ref": "#/definitions/oscalTypes_1_1_3.RiskLog" + }, + "statement": { + "type": "string" + }, + "status": { + "type": "string" + }, + "threat-ids": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" + "$ref": "#/definitions/oscalTypes_1_1_3.ThreatId" } }, "title": { "type": "string" - } - } - }, - "oscalTypes_1_1_3.Hash": { - "type": "object", - "properties": { - "algorithm": { - "type": "string" }, - "value": { + "uuid": { "type": "string" } } }, - "oscalTypes_1_1_3.IdentifiedSubject": { + "oscalTypes_1_1_3.RiskLog": { "type": "object", "properties": { - "subject-placeholder-uuid": { - "type": "string" - }, - "subjects": { + "entries": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentSubject" + "$ref": "#/definitions/oscalTypes_1_1_3.RiskLogEntry" } } } }, - "oscalTypes_1_1_3.Impact": { + "oscalTypes_1_1_3.RiskLogEntry": { "type": "object", "properties": { - "adjustment-justification": { + "description": { "type": "string" }, - "base": { + "end": { "type": "string" }, "links": { @@ -20886,34 +30217,44 @@ const docTemplate = `{ "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, + "logged-by": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.LoggedBy" + } + }, "props": { "type": "array", "items": { "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, - "selected": { - "type": "string" - } - } - }, - "oscalTypes_1_1_3.ImplementationStatus": { - "type": "object", - "properties": { + "related-responses": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.RiskResponseReference" + } + }, "remarks": { "type": "string" }, - "state": { + "start": { + "type": "string" + }, + "status-change": { + "type": "string" + }, + "title": { + "type": "string" + }, + "uuid": { "type": "string" } } }, - "oscalTypes_1_1_3.ImplementedComponent": { + "oscalTypes_1_1_3.RiskResponseReference": { "type": "object", "properties": { - "component-uuid": { - "type": "string" - }, "links": { "type": "array", "items": { @@ -20926,27 +30267,27 @@ const docTemplate = `{ "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, - "remarks": { - "type": "string" - }, - "responsible-parties": { + "related-tasks": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleParty" + "$ref": "#/definitions/oscalTypes_1_1_3.RelatedTask" } + }, + "remarks": { + "type": "string" + }, + "response-uuid": { + "type": "string" } } }, - "oscalTypes_1_1_3.ImplementedRequirement": { + "oscalTypes_1_1_3.Role": { "type": "object", "properties": { - "by-components": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ByComponent" - } + "description": { + "type": "string" }, - "control-id": { + "id": { "type": "string" }, "links": { @@ -20964,35 +30305,17 @@ const docTemplate = `{ "remarks": { "type": "string" }, - "responsible-roles": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleRole" - } - }, - "set-parameters": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.SetParameter" - } - }, - "statements": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Statement" - } + "short-name": { + "type": "string" }, - "uuid": { + "title": { "type": "string" } } }, - "oscalTypes_1_1_3.ImplementedRequirementControlImplementation": { + "oscalTypes_1_1_3.SatisfiedControlImplementationResponsibility": { "type": "object", "properties": { - "control-id": { - "type": "string" - }, "description": { "type": "string" }, @@ -21011,129 +30334,114 @@ const docTemplate = `{ "remarks": { "type": "string" }, - "responsible-roles": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleRole" - } - }, - "set-parameters": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.SetParameter" - } - }, - "statements": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ControlStatementImplementation" - } - }, - "uuid": { - "type": "string" - } - } - }, - "oscalTypes_1_1_3.Import": { - "type": "object", - "properties": { - "exclude-controls": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.SelectControlById" - } - }, - "href": { + "responsibility-uuid": { "type": "string" }, - "include-all": { - "$ref": "#/definitions/oscalTypes_1_1_3.IncludeAll" - }, - "include-controls": { + "responsible-roles": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.SelectControlById" + "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleRole" } + }, + "uuid": { + "type": "string" } } }, - "oscalTypes_1_1_3.ImportAp": { + "oscalTypes_1_1_3.SecurityImpactLevel": { "type": "object", "properties": { - "href": { + "security-objective-availability": { "type": "string" }, - "remarks": { + "security-objective-confidentiality": { + "type": "string" + }, + "security-objective-integrity": { "type": "string" } } }, - "oscalTypes_1_1_3.ImportComponentDefinition": { + "oscalTypes_1_1_3.SelectControlById": { "type": "object", "properties": { - "href": { + "matching": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Matching" + } + }, + "with-child-controls": { "type": "string" + }, + "with-ids": { + "type": "array", + "items": { + "type": "string" + } } } }, - "oscalTypes_1_1_3.ImportProfile": { + "oscalTypes_1_1_3.SelectObjectiveById": { "type": "object", "properties": { - "href": { - "type": "string" - }, - "remarks": { + "objective-id": { "type": "string" } } }, - "oscalTypes_1_1_3.ImportSsp": { + "oscalTypes_1_1_3.SelectSubjectById": { "type": "object", "properties": { - "href": { - "type": "string" + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Link" + } + }, + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Property" + } }, "remarks": { "type": "string" + }, + "subject-uuid": { + "type": "string" + }, + "type": { + "type": "string" } } }, - "oscalTypes_1_1_3.IncludeAll": { - "type": "object", - "additionalProperties": true - }, - "oscalTypes_1_1_3.IncorporatesComponent": { + "oscalTypes_1_1_3.SetParameter": { "type": "object", "properties": { - "component-uuid": { + "param-id": { "type": "string" }, - "description": { + "remarks": { "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } } } }, - "oscalTypes_1_1_3.InformationType": { + "oscalTypes_1_1_3.Statement": { "type": "object", "properties": { - "availability-impact": { - "$ref": "#/definitions/oscalTypes_1_1_3.Impact" - }, - "categorizations": { + "by-components": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.InformationTypeCategorization" + "$ref": "#/definitions/oscalTypes_1_1_3.ByComponent" } }, - "confidentiality-impact": { - "$ref": "#/definitions/oscalTypes_1_1_3.Impact" - }, - "description": { - "type": "string" - }, - "integrity-impact": { - "$ref": "#/definitions/oscalTypes_1_1_3.Impact" - }, "links": { "type": "array", "items": { @@ -21146,7 +30454,16 @@ const docTemplate = `{ "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, - "title": { + "remarks": { + "type": "string" + }, + "responsible-roles": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleRole" + } + }, + "statement-id": { "type": "string" }, "uuid": { @@ -21154,21 +30471,18 @@ const docTemplate = `{ } } }, - "oscalTypes_1_1_3.InformationTypeCategorization": { + "oscalTypes_1_1_3.Status": { "type": "object", "properties": { - "information-type-ids": { - "type": "array", - "items": { - "type": "string" - } + "remarks": { + "type": "string" }, - "system": { + "state": { "type": "string" } } }, - "oscalTypes_1_1_3.InheritedControlImplementation": { + "oscalTypes_1_1_3.Step": { "type": "object", "properties": { "description": { @@ -21186,7 +30500,7 @@ const docTemplate = `{ "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, - "provided-uuid": { + "remarks": { "type": "string" }, "responsible-roles": { @@ -21195,45 +30509,60 @@ const docTemplate = `{ "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleRole" } }, + "reviewed-controls": { + "$ref": "#/definitions/oscalTypes_1_1_3.ReviewedControls" + }, + "title": { + "type": "string" + }, "uuid": { "type": "string" } } }, - "oscalTypes_1_1_3.InsertControls": { + "oscalTypes_1_1_3.SubjectReference": { "type": "object", "properties": { - "exclude-controls": { + "links": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.SelectControlById" + "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, - "include-all": { - "$ref": "#/definitions/oscalTypes_1_1_3.IncludeAll" - }, - "include-controls": { + "props": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.SelectControlById" + "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, - "order": { + "remarks": { + "type": "string" + }, + "subject-uuid": { + "type": "string" + }, + "title": { + "type": "string" + }, + "type": { "type": "string" } } }, - "oscalTypes_1_1_3.InventoryItem": { + "oscalTypes_1_1_3.SystemCharacteristics": { "type": "object", "properties": { - "description": { + "authorization-boundary": { + "$ref": "#/definitions/oscalTypes_1_1_3.AuthorizationBoundary" + }, + "data-flow": { + "$ref": "#/definitions/oscalTypes_1_1_3.DataFlow" + }, + "date-authorized": { "type": "string" }, - "implemented-components": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ImplementedComponent" - } + "description": { + "type": "string" }, "links": { "type": "array", @@ -21241,6 +30570,9 @@ const docTemplate = `{ "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, + "network-architecture": { + "$ref": "#/definitions/oscalTypes_1_1_3.NetworkArchitecture" + }, "props": { "type": "array", "items": { @@ -21256,15 +30588,36 @@ const docTemplate = `{ "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleParty" } }, - "uuid": { + "security-impact-level": { + "$ref": "#/definitions/oscalTypes_1_1_3.SecurityImpactLevel" + }, + "security-sensitivity-level": { + "type": "string" + }, + "status": { + "$ref": "#/definitions/oscalTypes_1_1_3.Status" + }, + "system-ids": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.SystemId" + } + }, + "system-information": { + "$ref": "#/definitions/oscalTypes_1_1_3.SystemInformation" + }, + "system-name": { + "type": "string" + }, + "system-name-short": { "type": "string" } } }, - "oscalTypes_1_1_3.LeveragedAuthorization": { + "oscalTypes_1_1_3.SystemComponent": { "type": "object", "properties": { - "date-authorized": { + "description": { "type": "string" }, "links": { @@ -21273,71 +30626,97 @@ const docTemplate = `{ "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, - "party-uuid": { - "type": "string" - }, "props": { "type": "array", "items": { "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, + "protocols": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Protocol" + } + }, + "purpose": { + "type": "string" + }, "remarks": { "type": "string" }, + "responsible-roles": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleRole" + } + }, + "status": { + "$ref": "#/definitions/oscalTypes_1_1_3.SystemComponentStatus" + }, "title": { "type": "string" }, + "type": { + "type": "string" + }, "uuid": { "type": "string" } } }, - "oscalTypes_1_1_3.Link": { + "oscalTypes_1_1_3.SystemComponentStatus": { "type": "object", "properties": { - "href": { - "type": "string" - }, - "media-type": { + "remarks": { "type": "string" }, - "rel": { + "state": { "type": "string" - }, - "resource-fragment": { + } + } + }, + "oscalTypes_1_1_3.SystemId": { + "type": "object", + "properties": { + "id": { "type": "string" }, - "text": { + "identifier-type": { "type": "string" } } }, - "oscalTypes_1_1_3.LocalDefinitions": { + "oscalTypes_1_1_3.SystemImplementation": { "type": "object", "properties": { - "activities": { + "components": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Activity" + "$ref": "#/definitions/oscalTypes_1_1_3.SystemComponent" + } + }, + "inventory-items": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.InventoryItem" } }, - "components": { + "leveraged-authorizations": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.SystemComponent" + "$ref": "#/definitions/oscalTypes_1_1_3.LeveragedAuthorization" } }, - "inventory-items": { + "links": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.InventoryItem" + "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, - "objectives-and-methods": { + "props": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.LocalObjective" + "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, "remarks": { @@ -21351,11 +30730,63 @@ const docTemplate = `{ } } }, - "oscalTypes_1_1_3.LocalObjective": { + "oscalTypes_1_1_3.SystemInformation": { "type": "object", "properties": { - "control-id": { + "information-types": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.InformationType" + } + }, + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Link" + } + }, + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Property" + } + } + } + }, + "oscalTypes_1_1_3.SystemSecurityPlan": { + "type": "object", + "properties": { + "back-matter": { + "$ref": "#/definitions/oscalTypes_1_1_3.BackMatter" + }, + "control-implementation": { + "$ref": "#/definitions/oscalTypes_1_1_3.ControlImplementation" + }, + "import-profile": { + "$ref": "#/definitions/oscalTypes_1_1_3.ImportProfile" + }, + "metadata": { + "$ref": "#/definitions/oscalTypes_1_1_3.Metadata" + }, + "system-characteristics": { + "$ref": "#/definitions/oscalTypes_1_1_3.SystemCharacteristics" + }, + "system-implementation": { + "$ref": "#/definitions/oscalTypes_1_1_3.SystemImplementation" + }, + "uuid": { "type": "string" + } + } + }, + "oscalTypes_1_1_3.SystemUser": { + "type": "object", + "properties": { + "authorized-privileges": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.AuthorizedPrivilege" + } }, "description": { "type": "string" @@ -21366,35 +30797,50 @@ const docTemplate = `{ "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, - "parts": { + "props": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Part" + "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, - "props": { + "remarks": { + "type": "string" + }, + "role-ids": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" + "type": "string" } }, - "remarks": { + "short-name": { + "type": "string" + }, + "title": { + "type": "string" + }, + "uuid": { "type": "string" } } }, - "oscalTypes_1_1_3.Location": { + "oscalTypes_1_1_3.Task": { "type": "object", "properties": { - "address": { - "$ref": "#/definitions/oscalTypes_1_1_3.Address" + "associated-activities": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.AssociatedActivity" + } }, - "email-addresses": { + "dependencies": { "type": "array", "items": { - "type": "string" + "$ref": "#/definitions/oscalTypes_1_1_3.TaskDependency" } }, + "description": { + "type": "string" + }, "links": { "type": "array", "items": { @@ -21410,78 +30856,78 @@ const docTemplate = `{ "remarks": { "type": "string" }, - "telephone-numbers": { + "responsible-roles": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.TelephoneNumber" + "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleRole" } }, - "title": { - "type": "string" + "subjects": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentSubject" + } }, - "urls": { + "tasks": { "type": "array", "items": { - "type": "string" + "$ref": "#/definitions/oscalTypes_1_1_3.Task" } }, + "timing": { + "$ref": "#/definitions/oscalTypes_1_1_3.EventTiming" + }, + "title": { + "type": "string" + }, + "type": { + "type": "string" + }, "uuid": { "type": "string" } } }, - "oscalTypes_1_1_3.LoggedBy": { + "oscalTypes_1_1_3.TaskDependency": { "type": "object", "properties": { - "party-uuid": { + "remarks": { "type": "string" }, - "role-id": { + "task-uuid": { "type": "string" } } }, - "oscalTypes_1_1_3.Matching": { + "oscalTypes_1_1_3.TelephoneNumber": { "type": "object", "properties": { - "pattern": { + "number": { + "type": "string" + }, + "type": { "type": "string" } } }, - "oscalTypes_1_1_3.Merge": { + "oscalTypes_1_1_3.ThreatId": { "type": "object", "properties": { - "as-is": { - "type": "boolean" - }, - "combine": { - "$ref": "#/definitions/oscalTypes_1_1_3.CombinationRule" + "href": { + "type": "string" }, - "custom": { - "$ref": "#/definitions/oscalTypes_1_1_3.CustomGrouping" + "id": { + "type": "string" }, - "flat": { - "$ref": "#/definitions/oscalTypes_1_1_3.FlatWithoutGrouping" + "system": { + "type": "string" } } }, - "oscalTypes_1_1_3.Metadata": { + "oscalTypes_1_1_3.UsesComponent": { "type": "object", "properties": { - "actions": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Action" - } - }, - "document-ids": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.DocumentId" - } - }, - "last-modified": { + "component-uuid": { "type": "string" }, "links": { @@ -21490,30 +30936,12 @@ const docTemplate = `{ "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, - "locations": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Location" - } - }, - "oscal-version": { - "type": "string" - }, - "parties": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Party" - } - }, "props": { "type": "array", "items": { "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, - "published": { - "type": "string" - }, "remarks": { "type": "string" }, @@ -21522,747 +30950,902 @@ const docTemplate = `{ "items": { "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleParty" } + } + } + }, + "poam.PoamItemControlLink": { + "type": "object", + "properties": { + "catalogId": { + "type": "string" }, - "revisions": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.RevisionHistoryEntry" - } - }, - "roles": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Role" - } + "controlId": { + "type": "string" }, - "title": { + "createdAt": { "type": "string" }, - "version": { + "poamItemId": { "type": "string" } } }, - "oscalTypes_1_1_3.MitigatingFactor": { + "poam.PoamItemEvidenceLink": { "type": "object", "properties": { - "description": { + "createdAt": { "type": "string" }, - "implementation-uuid": { + "evidenceId": { "type": "string" }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" - } - }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" - } + "poamItemId": { + "type": "string" + } + } + }, + "poam.PoamItemFindingLink": { + "type": "object", + "properties": { + "createdAt": { + "type": "string" }, - "subjects": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.SubjectReference" - } + "findingId": { + "type": "string" }, - "uuid": { + "poamItemId": { "type": "string" } } }, - "oscalTypes_1_1_3.Modify": { + "poam.PoamItemRiskLink": { "type": "object", "properties": { - "alters": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Alteration" - } + "createdAt": { + "type": "string" }, - "set-parameters": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ParameterSetting" - } + "poamItemId": { + "type": "string" + }, + "riskId": { + "type": "string" } } }, - "oscalTypes_1_1_3.NetworkArchitecture": { + "relational.Action": { "type": "object", "properties": { - "description": { + "date": { "type": "string" }, - "diagrams": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Diagram" - } + "id": { + "type": "string" }, "links": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" + "$ref": "#/definitions/relational.Link" } }, + "metadata-id": { + "description": "Actions only exist on a metadata object. We'll link them straight there with a BelongsTo relationship", + "type": "string" + }, "props": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" + "$ref": "#/definitions/relational.Prop" } }, "remarks": { "type": "string" - } - } - }, - "oscalTypes_1_1_3.ObjectiveStatus": { - "type": "object", - "properties": { - "reason": { - "type": "string" }, - "remarks": { + "responsibleParties": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.ResponsibleParty" + } + }, + "system": { + "description": "required", "type": "string" }, - "state": { + "type": { + "description": "required", "type": "string" } } }, - "oscalTypes_1_1_3.Observation": { + "relational.Activity": { "type": "object", "properties": { - "collected": { - "type": "string" - }, "description": { + "description": "required", "type": "string" }, - "expires": { + "id": { "type": "string" }, "links": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" + "$ref": "#/definitions/relational.Link" } }, - "methods": { + "props": { "type": "array", "items": { - "type": "string" + "$ref": "#/definitions/relational.Prop" } }, - "origins": { + "related-controls": { + "$ref": "#/definitions/relational.ReviewedControls" + }, + "relatedControlsID": { + "type": "string" + }, + "remarks": { + "description": "required", + "type": "string" + }, + "responsible-roles": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Origin" + "$ref": "#/definitions/relational.ResponsibleRole" } }, - "props": { + "steps": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" + "$ref": "#/definitions/relational.Step" } }, - "relevant-evidence": { + "title": { + "type": "string" + } + } + }, + "relational.Addition": { + "type": "object", + "properties": { + "alterationID": { + "type": "string" + }, + "by-id": { + "type": "string" + }, + "id": { + "type": "string" + }, + "links": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.RelevantEvidence" + "$ref": "#/definitions/relational.Link" } }, - "remarks": { - "type": "string" + "params": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Parameter" + } }, - "subjects": { + "parts": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.SubjectReference" + "$ref": "#/definitions/relational.Part" } }, - "title": { + "position": { "type": "string" }, - "types": { + "props": { "type": "array", "items": { - "type": "string" + "$ref": "#/definitions/relational.Prop" } }, - "uuid": { + "title": { "type": "string" } } }, - "oscalTypes_1_1_3.OnDateCondition": { + "relational.Address": { "type": "object", "properties": { - "date": { + "city": { "type": "string" - } - } - }, - "oscalTypes_1_1_3.OnDateRangeCondition": { - "type": "object", - "properties": { - "end": { + }, + "country": { "type": "string" }, - "start": { + "lines": { + "type": "array", + "items": { + "type": "string" + } + }, + "postal-code": { + "type": "string" + }, + "state": { "type": "string" + }, + "type": { + "$ref": "#/definitions/relational.AddressType" } } }, - "oscalTypes_1_1_3.Origin": { + "relational.AddressType": { + "type": "string", + "enum": [ + "work", + "home" + ], + "x-enum-varnames": [ + "AddressTypeWork", + "AddressTypeHome" + ] + }, + "relational.Alteration": { "type": "object", "properties": { - "actors": { + "adds": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.OriginActor" + "$ref": "#/definitions/relational.Addition" } }, - "related-tasks": { + "control-id": { + "description": "required", + "type": "string" + }, + "id": { + "type": "string" + }, + "modify-id": { + "type": "string" + }, + "removes": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.RelatedTask" + "$ref": "#/definitions/relational.Removal" } } } }, - "oscalTypes_1_1_3.OriginActor": { + "relational.AssessedControlsSelectControlById": { "type": "object", "properties": { - "actor-uuid": { + "control": { + "$ref": "#/definitions/relational.Control" + }, + "controlID": { "type": "string" }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" - } + "id": { + "type": "string" }, - "props": { + "statements": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" + "$ref": "#/definitions/relational.Statement" } - }, - "role-id": { - "type": "string" - }, - "type": { - "type": "string" } } }, - "oscalTypes_1_1_3.Parameter": { + "relational.AssessmentSubject": { "type": "object", "properties": { - "class": { + "description": { "type": "string" }, - "constraints": { + "evidence": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ParameterConstraint" + "$ref": "#/definitions/relational.Evidence" } }, - "depends-on": { - "type": "string" - }, - "guidelines": { + "excludeSubjects": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ParameterGuideline" + "$ref": "#/definitions/relational.SelectSubjectById" } }, "id": { "type": "string" }, - "label": { - "type": "string" + "includeAll": { + "$ref": "#/definitions/datatypes.JSONType-relational_IncludeAll" + }, + "includeSubjects": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.SelectSubjectById" + } }, "links": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" + "$ref": "#/definitions/relational.Link" } }, "props": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" + "$ref": "#/definitions/relational.Prop" } }, "remarks": { "type": "string" }, - "select": { - "$ref": "#/definitions/oscalTypes_1_1_3.ParameterSelection" - }, - "usage": { + "sspId": { "type": "string" }, - "values": { - "type": "array", - "items": { - "type": "string" - } + "type": { + "description": "Type represents a component, party, location, user, or inventory item.\nIt will likely be updated once we can map it correctly", + "type": "string" } } }, - "oscalTypes_1_1_3.ParameterConstraint": { + "relational.AuthorizationBoundary": { "type": "object", "properties": { "description": { "type": "string" }, - "tests": { + "diagrams": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ConstraintTest" + "$ref": "#/definitions/relational.Diagram" } - } - } - }, - "oscalTypes_1_1_3.ParameterGuideline": { - "type": "object", - "properties": { - "prose": { + }, + "id": { + "type": "string" + }, + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Link" + } + }, + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Prop" + } + }, + "remarks": { + "type": "string" + }, + "systemCharacteristicsId": { "type": "string" } } }, - "oscalTypes_1_1_3.ParameterSelection": { + "relational.AuthorizedPrivilege": { "type": "object", "properties": { - "choice": { + "description": { + "type": "string" + }, + "functions-performed": { "type": "array", "items": { "type": "string" } }, - "how-many": { + "id": { + "type": "string" + }, + "systemUserId": { + "type": "string" + }, + "title": { "type": "string" } } }, - "oscalTypes_1_1_3.ParameterSetting": { + "relational.BackMatter": { "type": "object", "properties": { - "class": { + "id": { "type": "string" }, - "constraints": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ParameterConstraint" - } + "parentID": { + "type": "string" }, - "depends-on": { + "parentType": { "type": "string" }, - "guidelines": { + "resources": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ParameterGuideline" + "$ref": "#/definitions/relational.BackMatterResource" } + } + } + }, + "relational.BackMatterResource": { + "type": "object", + "properties": { + "backMatterID": { + "type": "string" }, - "label": { + "base64": { + "$ref": "#/definitions/datatypes.JSONType-relational_Base64" + }, + "citation": { + "$ref": "#/definitions/datatypes.JSONType-relational_Citation" + }, + "description": { "type": "string" }, - "links": { + "document-ids": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" + "$ref": "#/definitions/relational.DocumentID" } }, - "param-id": { + "id": { + "description": "required", "type": "string" }, "props": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" + "$ref": "#/definitions/relational.Prop" } }, - "select": { - "$ref": "#/definitions/oscalTypes_1_1_3.ParameterSelection" - }, - "usage": { + "remarks": { "type": "string" }, - "values": { + "rlinks": { "type": "array", "items": { - "type": "string" + "$ref": "#/definitions/relational.ResourceLink" } + }, + "title": { + "type": "string" } } }, - "oscalTypes_1_1_3.Part": { + "relational.ByComponent": { "type": "object", "properties": { - "class": { + "component-uuid": { + "type": "string" + }, + "description": { "type": "string" }, + "export": { + "$ref": "#/definitions/relational.Export" + }, "id": { "type": "string" }, + "implementation-status": { + "$ref": "#/definitions/datatypes.JSONType-relational_ImplementationStatus" + }, + "inherited-control-implementations": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.InheritedControlImplementation" + } + }, "links": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" + "$ref": "#/definitions/relational.Link" } }, - "name": { + "parentID": { + "description": "As ByComponent can be found in Implemented Requirements \u0026 Statements, using GORM polymorphism to tell us where to attach", "type": "string" }, - "ns": { + "parentType": { "type": "string" }, - "parts": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Part" - } - }, "props": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" + "$ref": "#/definitions/relational.Prop" } }, - "prose": { + "remarks": { "type": "string" }, - "title": { - "type": "string" - } - } - }, - "oscalTypes_1_1_3.Party": { - "type": "object", - "properties": { - "addresses": { + "responsible-parties": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Address" + "$ref": "#/definitions/relational.ResponsibleRole" } }, - "email-addresses": { + "satisfied": { "type": "array", "items": { - "type": "string" + "$ref": "#/definitions/relational.SatisfiedControlImplementationResponsibility" } }, - "external-ids": { + "set-parameters": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.PartyExternalIdentifier" + "$ref": "#/definitions/relational.SetParameter" } + } + } + }, + "relational.Capability": { + "type": "object", + "properties": { + "componentDefinition": { + "$ref": "#/definitions/relational.ComponentDefinition" }, - "links": { + "componentDefinitionId": { + "type": "string" + }, + "control-implementations": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" + "$ref": "#/definitions/relational.ControlImplementationSet" } }, - "location-uuids": { + "description": { + "description": "required", + "type": "string" + }, + "id": { + "type": "string" + }, + "incorporates-components": { "type": "array", "items": { - "type": "string" + "$ref": "#/definitions/relational.IncorporatesComponents" } }, - "member-of-organizations": { + "links": { "type": "array", "items": { - "type": "string" + "$ref": "#/definitions/relational.Link" } }, "name": { + "description": "required", "type": "string" }, "props": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" + "$ref": "#/definitions/relational.Prop" } }, "remarks": { "type": "string" + } + } + }, + "relational.ComponentDefinition": { + "type": "object", + "properties": { + "back-matter": { + "$ref": "#/definitions/relational.BackMatter" }, - "short-name": { - "type": "string" + "capabilities": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Capability" + } }, - "telephone-numbers": { + "components": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.TelephoneNumber" + "$ref": "#/definitions/relational.DefinedComponent" } }, - "type": { + "id": { "type": "string" }, - "uuid": { - "type": "string" + "import-component-definitions": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.ImportComponentDefinition" + } + }, + "metadata": { + "description": "required", + "allOf": [ + { + "$ref": "#/definitions/relational.Metadata" + } + ] } } }, - "oscalTypes_1_1_3.PartyExternalIdentifier": { + "relational.Control": { "type": "object", "properties": { - "id": { + "catalogID": { "type": "string" }, - "scheme": { + "class": { "type": "string" - } - } - }, - "oscalTypes_1_1_3.PlanOfActionAndMilestones": { - "type": "object", - "properties": { - "back-matter": { - "$ref": "#/definitions/oscalTypes_1_1_3.BackMatter" }, - "findings": { + "controls": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Finding" + "$ref": "#/definitions/relational.Control" } }, - "import-ssp": { - "$ref": "#/definitions/oscalTypes_1_1_3.ImportSsp" - }, - "local-definitions": { - "$ref": "#/definitions/oscalTypes_1_1_3.PlanOfActionAndMilestonesLocalDefinitions" + "filters": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Filter" + } }, - "metadata": { - "$ref": "#/definitions/oscalTypes_1_1_3.Metadata" + "id": { + "description": "required", + "type": "string" }, - "observations": { + "links": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Observation" + "$ref": "#/definitions/relational.Link" } }, - "poam-items": { + "params": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.PoamItem" + "$ref": "#/definitions/relational.Parameter" } }, - "risks": { + "parentID": { + "type": "string" + }, + "parentType": { + "type": "string" + }, + "parts": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Risk" + "$ref": "#/definitions/relational.Part" } }, - "system-id": { - "$ref": "#/definitions/oscalTypes_1_1_3.SystemId" + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Prop" + } }, - "uuid": { + "title": { + "description": "required", "type": "string" } } }, - "oscalTypes_1_1_3.PlanOfActionAndMilestonesLocalDefinitions": { + "relational.ControlImplementation": { "type": "object", "properties": { - "assessment-assets": { - "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentAssets" + "description": { + "type": "string" }, - "components": { + "id": { + "type": "string" + }, + "implemented-requirements": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.SystemComponent" + "$ref": "#/definitions/relational.ImplementedRequirement" } }, - "inventory-items": { + "set-parameters": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.InventoryItem" + "$ref": "#/definitions/relational.SetParameter" } }, - "remarks": { + "systemSecurityPlanId": { "type": "string" } } }, - "oscalTypes_1_1_3.PoamItem": { + "relational.ControlImplementationResponsibility": { "type": "object", "properties": { "description": { + "description": "required", + "type": "string" + }, + "exportId": { + "type": "string" + }, + "id": { "type": "string" }, "links": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" + "$ref": "#/definitions/relational.Link" } }, - "origins": { + "props": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.PoamItemOrigin" + "$ref": "#/definitions/relational.Prop" } }, - "props": { + "provided-uuid": { + "type": "string" + }, + "remarks": { + "type": "string" + }, + "responsible-roles": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" + "$ref": "#/definitions/relational.ResponsibleRole" } + } + } + }, + "relational.ControlImplementationSet": { + "type": "object", + "properties": { + "definedComponent": { + "$ref": "#/definitions/relational.DefinedComponent" }, - "related-findings": { + "definedComponentID": { + "type": "string" + }, + "description": { + "description": "required", + "type": "string" + }, + "id": { + "type": "string" + }, + "implemented-requirements": { + "description": "required", "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.RelatedFinding" + "$ref": "#/definitions/relational.ImplementedRequirementControlImplementation" } }, - "related-observations": { + "links": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.RelatedObservation" + "$ref": "#/definitions/relational.Link" } }, - "related-risks": { + "props": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.AssociatedRisk" + "$ref": "#/definitions/relational.Prop" } }, - "remarks": { - "type": "string" - }, - "title": { - "type": "string" + "set-parameters": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.SetParameter" + } }, - "uuid": { + "source": { + "description": "required", "type": "string" } } }, - "oscalTypes_1_1_3.PoamItemOrigin": { + "relational.ControlObjectiveSelection": { "type": "object", "properties": { - "actors": { + "description": { + "type": "string" + }, + "excludeObjectives": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.OriginActor" + "$ref": "#/definitions/relational.SelectObjectiveById" } - } - } - }, - "oscalTypes_1_1_3.PortRange": { - "type": "object", - "properties": { - "end": { - "type": "integer" - }, - "start": { - "type": "integer" }, - "transport": { + "id": { "type": "string" - } - } - }, - "oscalTypes_1_1_3.Profile": { - "type": "object", - "properties": { - "back-matter": { - "$ref": "#/definitions/oscalTypes_1_1_3.BackMatter" }, - "imports": { + "includeAll": { + "$ref": "#/definitions/datatypes.JSONType-relational_IncludeAll" + }, + "includeObjectives": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Import" + "$ref": "#/definitions/relational.SelectObjectiveById" } }, - "merge": { - "$ref": "#/definitions/oscalTypes_1_1_3.Merge" + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Link" + } }, - "metadata": { - "$ref": "#/definitions/oscalTypes_1_1_3.Metadata" + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Prop" + } }, - "modify": { - "$ref": "#/definitions/oscalTypes_1_1_3.Modify" + "remarks": { + "type": "string" }, - "uuid": { + "reviewedControlsID": { "type": "string" } } }, - "oscalTypes_1_1_3.Property": { + "relational.ControlSelection": { "type": "object", "properties": { - "class": { - "type": "string" - }, - "group": { + "description": { "type": "string" }, - "name": { - "type": "string" + "excludeControls": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.AssessedControlsSelectControlById" + } }, - "ns": { + "id": { "type": "string" }, - "remarks": { - "type": "string" + "includeAll": { + "$ref": "#/definitions/datatypes.JSONType-relational_IncludeAll" }, - "uuid": { - "type": "string" + "includeControls": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.AssessedControlsSelectControlById" + } }, - "value": { - "type": "string" - } - } - }, - "oscalTypes_1_1_3.Protocol": { - "type": "object", - "properties": { - "name": { - "type": "string" + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Link" + } }, - "port-ranges": { + "props": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.PortRange" + "$ref": "#/definitions/relational.Prop" } }, - "title": { + "remarks": { "type": "string" }, - "uuid": { + "reviewedControlsID": { "type": "string" } } }, - "oscalTypes_1_1_3.ProvidedControlImplementation": { + "relational.ControlStatementImplementation": { "type": "object", "properties": { "description": { + "description": "required", + "type": "string" + }, + "id": { + "type": "string" + }, + "implementedRequirementControlImplementationId": { "type": "string" }, "links": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" + "$ref": "#/definitions/relational.Link" } }, "props": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" + "$ref": "#/definitions/relational.Prop" } }, "remarks": { @@ -22271,125 +31854,140 @@ const docTemplate = `{ "responsible-roles": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleRole" + "$ref": "#/definitions/relational.ResponsibleRole" } }, - "uuid": { + "statement-id": { + "description": "required", "type": "string" } } }, - "oscalTypes_1_1_3.ReferencedControlObjectives": { + "relational.DataFlow": { "type": "object", "properties": { "description": { "type": "string" }, - "exclude-objectives": { + "diagrams": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.SelectObjectiveById" + "$ref": "#/definitions/relational.Diagram" } }, - "include-all": { - "$ref": "#/definitions/oscalTypes_1_1_3.IncludeAll" - }, - "include-objectives": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.SelectObjectiveById" - } + "id": { + "type": "string" }, "links": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" + "$ref": "#/definitions/relational.Link" } }, "props": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" + "$ref": "#/definitions/relational.Prop" } }, "remarks": { "type": "string" - } - } - }, - "oscalTypes_1_1_3.RelatedFinding": { - "type": "object", - "properties": { - "finding-uuid": { + }, + "systemCharacteristicsId": { "type": "string" } } }, - "oscalTypes_1_1_3.RelatedObservation": { + "relational.DefinedComponent": { "type": "object", "properties": { - "observation-uuid": { + "componentDefinition": { + "$ref": "#/definitions/relational.ComponentDefinition" + }, + "componentDefinitionID": { + "type": "string" + }, + "control-implementations": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.ControlImplementationSet" + } + }, + "description": { + "description": "required", + "type": "string" + }, + "id": { "type": "string" - } - } - }, - "oscalTypes_1_1_3.RelatedTask": { - "type": "object", - "properties": { - "identified-subject": { - "$ref": "#/definitions/oscalTypes_1_1_3.IdentifiedSubject" }, "links": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" + "$ref": "#/definitions/relational.Link" } }, "props": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" + "$ref": "#/definitions/relational.Prop" } }, - "remarks": { - "type": "string" - }, - "responsible-parties": { + "protocols": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleParty" + "$ref": "#/definitions/relational.Protocol" } }, - "subjects": { + "purpose": { + "type": "string" + }, + "remarks": { + "type": "string" + }, + "responsible-roles": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentSubject" + "$ref": "#/definitions/relational.ResponsibleRole" } }, - "task-uuid": { + "title": { + "description": "required", + "type": "string" + }, + "type": { + "description": "required", "type": "string" } } }, - "oscalTypes_1_1_3.RelevantEvidence": { + "relational.Diagram": { "type": "object", "properties": { + "caption": { + "type": "string" + }, "description": { "type": "string" }, - "href": { + "id": { "type": "string" }, "links": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" + "$ref": "#/definitions/relational.Link" } }, + "parentID": { + "type": "string" + }, + "parentType": { + "type": "string" + }, "props": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" + "$ref": "#/definitions/relational.Prop" } }, "remarks": { @@ -22397,1208 +31995,1389 @@ const docTemplate = `{ } } }, - "oscalTypes_1_1_3.Removal": { + "relational.DocumentID": { "type": "object", "properties": { - "by-class": { - "type": "string" - }, - "by-id": { - "type": "string" - }, - "by-item-name": { - "type": "string" - }, - "by-name": { + "identifier": { "type": "string" }, - "by-ns": { - "type": "string" + "scheme": { + "$ref": "#/definitions/relational.DocumentIDScheme" } } }, - "oscalTypes_1_1_3.RequiredAsset": { + "relational.DocumentIDScheme": { + "type": "string", + "enum": [ + "http://www.doi.org/" + ], + "x-enum-varnames": [ + "DocumentIDSchemeDoi" + ] + }, + "relational.Evidence": { "type": "object", "properties": { + "activities": { + "description": "What steps did we take to create this evidence", + "type": "array", + "items": { + "$ref": "#/definitions/relational.Activity" + } + }, + "back-matter": { + "$ref": "#/definitions/relational.BackMatter" + }, + "components": { + "description": "Which components of the subject are being observed. A tool, user, policy etc.", + "type": "array", + "items": { + "$ref": "#/definitions/relational.SystemComponent" + } + }, "description": { "type": "string" }, + "end": { + "type": "string" + }, + "expires": { + "type": "string" + }, + "id": { + "type": "string" + }, + "inventory-items": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.InventoryItem" + } + }, + "labels": { + "description": "Assigning labels to Evidence makes it searchable and easily usable in the UI", + "type": "array", + "items": { + "$ref": "#/definitions/relational.Labels" + } + }, "links": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" + "$ref": "#/definitions/relational.Link" + } + }, + "origins": { + "description": "Who or What is generating this evidence", + "type": "array", + "items": { + "$ref": "#/definitions/relational.Origin" } }, "props": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" + "$ref": "#/definitions/relational.Prop" } }, "remarks": { "type": "string" }, + "start": { + "description": "When did we start collecting the evidence, and when did the process end, and how long is it valid for ?", + "type": "string" + }, + "status": { + "description": "Did we satisfy what was being tested for, or did we fail ?", + "allOf": [ + { + "$ref": "#/definitions/datatypes.JSONType-oscalTypes_1_1_3_ObjectiveStatus" + } + ] + }, "subjects": { + "description": "Who or What are we providing evidence for. What's under test.", "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.SubjectReference" + "$ref": "#/definitions/relational.AssessmentSubject" } }, "title": { "type": "string" }, "uuid": { + "description": "UUID needs to remain consistent when automation runs again, but unique for each subject.\nIt represents the \"stream\" of the same observation being made over time.", "type": "string" } } }, - "oscalTypes_1_1_3.Resource": { + "relational.Export": { "type": "object", "properties": { - "base64": { - "$ref": "#/definitions/oscalTypes_1_1_3.Base64" - }, - "citation": { - "$ref": "#/definitions/oscalTypes_1_1_3.Citation" + "byComponentId": { + "type": "string" }, "description": { "type": "string" }, - "document-ids": { + "id": { + "type": "string" + }, + "links": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.DocumentId" + "$ref": "#/definitions/relational.Link" } }, "props": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" + "$ref": "#/definitions/relational.Prop" } }, - "remarks": { - "type": "string" - }, - "rlinks": { + "provided": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ResourceLink" + "$ref": "#/definitions/relational.ProvidedControlImplementation" } }, - "title": { + "remarks": { "type": "string" }, - "uuid": { - "type": "string" + "responsibilities": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.ControlImplementationResponsibility" + } } } }, - "oscalTypes_1_1_3.ResourceLink": { + "relational.Filter": { "type": "object", "properties": { - "hashes": { + "components": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Hash" + "$ref": "#/definitions/relational.SystemComponent" } }, - "href": { + "controls": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Control" + } + }, + "filter": { + "$ref": "#/definitions/datatypes.JSONType-labelfilter_Filter" + }, + "id": { "type": "string" }, - "media-type": { + "name": { "type": "string" } } }, - "oscalTypes_1_1_3.Response": { + "relational.Hash": { "type": "object", "properties": { - "description": { + "algorithm": { + "description": "required", + "allOf": [ + { + "$ref": "#/definitions/relational.HashAlgorithm" + } + ] + }, + "value": { + "description": "required", + "type": "string" + } + } + }, + "relational.HashAlgorithm": { + "type": "string", + "enum": [ + "SHA-224", + "SHA-256", + "SHA-384", + "SHA-512", + "SHA3-224", + "SHA3-256", + "SHA3-384", + "SHA3-512" + ], + "x-enum-varnames": [ + "HashAlgorithmSHA_224", + "HashAlgorithmSHA_256", + "HashAlgorithmSHA_384", + "HashAlgorithmSHA_512", + "HashAlgorithmSHA3_224", + "HashAlgorithmSHA3_256", + "HashAlgorithmSHA3_384", + "HashAlgorithmSHA3_512" + ] + }, + "relational.ImplementedComponent": { + "type": "object", + "properties": { + "component": { + "$ref": "#/definitions/relational.DefinedComponent" + }, + "component-uuid": { "type": "string" }, - "lifecycle": { + "id": { "type": "string" }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" - } + "inventoryItemId": { + "type": "string" }, - "origins": { + "links": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Origin" + "$ref": "#/definitions/relational.Link" } }, "props": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" + "$ref": "#/definitions/relational.Prop" } }, "remarks": { "type": "string" }, - "required-assets": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.RequiredAsset" - } - }, - "tasks": { + "responsible-parties": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Task" + "$ref": "#/definitions/relational.ResponsibleParty" } - }, - "title": { - "type": "string" - }, - "uuid": { - "type": "string" } } }, - "oscalTypes_1_1_3.ResponsibleParty": { + "relational.ImplementedRequirement": { "type": "object", "properties": { - "links": { + "by-components": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" + "$ref": "#/definitions/relational.ByComponent" } }, - "party-uuids": { + "control-id": { + "type": "string" + }, + "controlImplementationId": { + "type": "string" + }, + "id": { + "type": "string" + }, + "links": { "type": "array", "items": { - "type": "string" + "$ref": "#/definitions/relational.Link" } }, "props": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" + "$ref": "#/definitions/relational.Prop" } }, "remarks": { "type": "string" }, - "role-id": { - "type": "string" - } - } - }, - "oscalTypes_1_1_3.ResponsibleRole": { - "type": "object", - "properties": { - "links": { + "responsible-roles": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" + "$ref": "#/definitions/relational.ResponsibleRole" } }, - "party-uuids": { + "set-parameters": { "type": "array", "items": { - "type": "string" + "$ref": "#/definitions/relational.SetParameter" } }, - "props": { + "statements": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" + "$ref": "#/definitions/relational.Statement" } - }, - "remarks": { - "type": "string" - }, - "role-id": { - "type": "string" } } }, - "oscalTypes_1_1_3.Result": { + "relational.ImplementedRequirementControlImplementation": { "type": "object", "properties": { - "assessment-log": { - "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentLog" + "control-id": { + "description": "required", + "type": "string" }, - "attestations": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.AttestationStatements" - } + "controlImplementationSetID": { + "type": "string" }, "description": { + "description": "required", "type": "string" }, - "end": { + "id": { "type": "string" }, - "findings": { + "links": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Finding" + "$ref": "#/definitions/relational.Link" } }, - "links": { + "props": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" + "$ref": "#/definitions/relational.Prop" } }, - "local-definitions": { - "$ref": "#/definitions/oscalTypes_1_1_3.LocalDefinitions" + "remarks": { + "type": "string" }, - "observations": { + "responsible-roles": { + "description": "required", "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Observation" + "$ref": "#/definitions/relational.ResponsibleRole" } }, - "props": { + "set-parameters": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" + "$ref": "#/definitions/relational.SetParameter" } }, - "remarks": { - "type": "string" - }, - "reviewed-controls": { - "$ref": "#/definitions/oscalTypes_1_1_3.ReviewedControls" - }, - "risks": { + "statements": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Risk" + "$ref": "#/definitions/relational.ControlStatementImplementation" } - }, - "start": { - "type": "string" - }, - "title": { - "type": "string" - }, - "uuid": { - "type": "string" } } }, - "oscalTypes_1_1_3.ReviewedControls": { + "relational.Import": { "type": "object", "properties": { - "control-objective-selections": { + "exclude-controls": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ReferencedControlObjectives" + "$ref": "#/definitions/relational.SelectControlById" } }, - "control-selections": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.AssessedControls" - } + "href": { + "description": "Href as per the OSCAL docs can be an absolute network path (potentially remote), relative or a URI fragment\nfor the moment to make the system's life easier, it should be a URI fragment to back-matter and try and resolve\nback to an ingested catalog.", + "type": "string" }, - "description": { + "id": { "type": "string" }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" - } + "include-all": { + "$ref": "#/definitions/datatypes.JSONType-relational_IncludeAll" }, - "props": { + "include-controls": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" + "$ref": "#/definitions/relational.SelectControlById" } }, - "remarks": { + "profileID": { "type": "string" } } }, - "oscalTypes_1_1_3.RevisionHistoryEntry": { + "relational.ImportComponentDefinition": { "type": "object", "properties": { - "last-modified": { - "type": "string" - }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" - } - }, - "oscal-version": { - "type": "string" - }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" - } - }, - "published": { - "type": "string" - }, - "remarks": { + "href": { "type": "string" - }, - "title": { + } + } + }, + "relational.IncorporatesComponents": { + "type": "object", + "properties": { + "component-uuid": { "type": "string" }, - "version": { + "description": { "type": "string" } } }, - "oscalTypes_1_1_3.Risk": { + "relational.InheritedControlImplementation": { "type": "object", "properties": { - "characterizations": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Characterization" - } - }, - "deadline": { + "byComponentId": { "type": "string" }, "description": { + "description": "required", "type": "string" }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" - } - }, - "mitigating-factors": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.MitigatingFactor" - } + "id": { + "type": "string" }, - "origins": { + "links": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Origin" + "$ref": "#/definitions/relational.Link" } }, "props": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" - } - }, - "related-observations": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.RelatedObservation" - } - }, - "remediations": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Response" - } - }, - "risk-log": { - "$ref": "#/definitions/oscalTypes_1_1_3.RiskLog" - }, - "statement": { - "type": "string" - }, - "status": { - "type": "string" - }, - "threat-ids": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ThreatId" + "$ref": "#/definitions/relational.Prop" } }, - "title": { - "type": "string" - }, - "uuid": { - "type": "string" - } - } - }, - "oscalTypes_1_1_3.RiskLog": { - "type": "object", - "properties": { - "entries": { + "provided-uuid": { + "type": "string" + }, + "responsible-roles": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.RiskLogEntry" + "$ref": "#/definitions/relational.ResponsibleRole" } } } }, - "oscalTypes_1_1_3.RiskLogEntry": { + "relational.InventoryItem": { "type": "object", "properties": { "description": { "type": "string" }, - "end": { - "type": "string" - }, - "links": { + "evidence": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" + "$ref": "#/definitions/relational.Evidence" } }, - "logged-by": { + "id": { + "type": "string" + }, + "implemented-components": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.LoggedBy" + "$ref": "#/definitions/relational.ImplementedComponent" } }, - "props": { + "links": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" + "$ref": "#/definitions/relational.Link" } }, - "related-responses": { + "props": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.RiskResponseReference" + "$ref": "#/definitions/relational.Prop" } }, "remarks": { "type": "string" }, - "start": { - "type": "string" + "responsible-parties": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.ResponsibleParty" + } }, - "status-change": { + "systemImplementationId": { "type": "string" - }, - "title": { + } + } + }, + "relational.Labels": { + "type": "object", + "properties": { + "name": { "type": "string" }, - "uuid": { + "value": { "type": "string" } } }, - "oscalTypes_1_1_3.RiskResponseReference": { + "relational.LeveragedAuthorization": { "type": "object", "properties": { + "date-authorized": { + "type": "string" + }, + "id": { + "type": "string" + }, "links": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" + "$ref": "#/definitions/relational.Link" } }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" - } + "party-uuid": { + "type": "string" }, - "related-tasks": { + "props": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.RelatedTask" + "$ref": "#/definitions/relational.Prop" } }, "remarks": { "type": "string" }, - "response-uuid": { + "systemImplementationId": { + "type": "string" + }, + "title": { "type": "string" } } }, - "oscalTypes_1_1_3.Role": { + "relational.Link": { "type": "object", "properties": { - "description": { + "href": { "type": "string" }, - "id": { + "media-type": { "type": "string" }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" - } - }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" - } - }, - "remarks": { + "rel": { "type": "string" }, - "short-name": { + "resource-fragment": { "type": "string" }, - "title": { + "text": { "type": "string" } } }, - "oscalTypes_1_1_3.SatisfiedControlImplementationResponsibility": { + "relational.Location": { "type": "object", "properties": { - "description": { + "address": { + "$ref": "#/definitions/datatypes.JSONType-relational_Address" + }, + "email-addresses": { + "type": "array", + "items": { + "type": "string" + } + }, + "id": { "type": "string" }, "links": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" + "$ref": "#/definitions/relational.Link" } }, "props": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" + "$ref": "#/definitions/relational.Prop" } }, "remarks": { "type": "string" }, - "responsibility-uuid": { - "type": "string" - }, - "responsible-roles": { + "telephone-numbers": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleRole" + "$ref": "#/definitions/relational.TelephoneNumber" } }, - "uuid": { + "title": { "type": "string" + }, + "urls": { + "type": "array", + "items": { + "type": "string" + } } } }, - "oscalTypes_1_1_3.SecurityImpactLevel": { + "relational.Matching": { "type": "object", "properties": { - "security-objective-availability": { + "pattern": { "type": "string" + } + } + }, + "relational.Merge": { + "type": "object", + "properties": { + "as-is": { + "type": "boolean" }, - "security-objective-confidentiality": { + "combine": { + "$ref": "#/definitions/datatypes.JSONType-relational_CombinationRule" + }, + "flat": { + "$ref": "#/definitions/datatypes.JSONType-relational_FlatWithoutGrouping" + }, + "id": { "type": "string" }, - "security-objective-integrity": { + "profileID": { "type": "string" } } }, - "oscalTypes_1_1_3.SelectControlById": { + "relational.Metadata": { "type": "object", "properties": { - "matching": { + "actions": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Matching" + "$ref": "#/definitions/relational.Action" } }, - "with-child-controls": { - "type": "string" - }, - "with-ids": { + "document-ids": { + "description": "-\u003e DocumentID", "type": "array", "items": { - "type": "string" + "$ref": "#/definitions/relational.DocumentID" } - } - } - }, - "oscalTypes_1_1_3.SelectObjectiveById": { - "type": "object", - "properties": { - "objective-id": { + }, + "id": { "type": "string" - } - } - }, - "oscalTypes_1_1_3.SelectSubjectById": { - "type": "object", - "properties": { + }, + "last-modified": { + "type": "string" + }, "links": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" + "$ref": "#/definitions/relational.Link" } }, - "props": { + "locations": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" + "$ref": "#/definitions/relational.Location" } }, - "remarks": { - "type": "string" - }, - "subject-uuid": { + "oscal-version": { "type": "string" }, - "type": { - "type": "string" - } - } - }, - "oscalTypes_1_1_3.SetParameter": { - "type": "object", - "properties": { - "param-id": { + "parentID": { + "description": "Metadata is shared across many resources, and so it mapped using a polymorphic relationship", "type": "string" }, - "remarks": { + "parentType": { "type": "string" }, - "values": { + "parties": { "type": "array", "items": { - "type": "string" + "$ref": "#/definitions/relational.Party" } - } - } - }, - "oscalTypes_1_1_3.Statement": { - "type": "object", - "properties": { - "by-components": { + }, + "props": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ByComponent" + "$ref": "#/definitions/relational.Prop" } }, - "links": { + "published": { + "type": "string" + }, + "remarks": { + "type": "string" + }, + "responsibleParties": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" + "$ref": "#/definitions/relational.ResponsibleParty" } }, - "props": { + "revisions": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" + "$ref": "#/definitions/relational.Revision" } }, - "remarks": { - "type": "string" - }, - "responsible-roles": { + "roles": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleRole" + "$ref": "#/definitions/relational.Role" } }, - "statement-id": { + "title": { "type": "string" }, - "uuid": { + "version": { "type": "string" } } }, - "oscalTypes_1_1_3.Status": { + "relational.Modify": { "type": "object", "properties": { - "remarks": { + "alters": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Alteration" + } + }, + "id": { "type": "string" }, - "state": { + "profileID": { "type": "string" + }, + "set-parameters": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.ParameterSetting" + } } } }, - "oscalTypes_1_1_3.Step": { + "relational.NetworkArchitecture": { "type": "object", "properties": { "description": { "type": "string" }, - "links": { + "diagrams": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" + "$ref": "#/definitions/relational.Diagram" } }, - "props": { + "id": { + "type": "string" + }, + "links": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" + "$ref": "#/definitions/relational.Link" } }, - "remarks": { - "type": "string" - }, - "responsible-roles": { + "props": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleRole" + "$ref": "#/definitions/relational.Prop" } }, - "reviewed-controls": { - "$ref": "#/definitions/oscalTypes_1_1_3.ReviewedControls" - }, - "title": { + "remarks": { "type": "string" }, - "uuid": { + "systemCharacteristicsId": { "type": "string" } } }, - "oscalTypes_1_1_3.SubjectReference": { + "relational.Origin": { "type": "object", "properties": { - "links": { + "actors": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" + "$ref": "#/definitions/oscalTypes_1_1_3.OriginActor" } }, - "props": { + "related-tasks": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" + "$ref": "#/definitions/oscalTypes_1_1_3.RelatedTask" } - }, - "remarks": { - "type": "string" - }, - "subject-uuid": { - "type": "string" - }, - "title": { - "type": "string" - }, - "type": { - "type": "string" } } }, - "oscalTypes_1_1_3.SystemCharacteristics": { + "relational.Parameter": { "type": "object", "properties": { - "authorization-boundary": { - "$ref": "#/definitions/oscalTypes_1_1_3.AuthorizationBoundary" + "class": { + "type": "string" }, - "data-flow": { - "$ref": "#/definitions/oscalTypes_1_1_3.DataFlow" + "constraints": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.ParameterConstraint" + } }, - "date-authorized": { + "guidelines": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.ParameterGuideline" + } + }, + "id": { "type": "string" }, - "description": { + "label": { "type": "string" }, "links": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" + "$ref": "#/definitions/relational.Link" } }, - "network-architecture": { - "$ref": "#/definitions/oscalTypes_1_1_3.NetworkArchitecture" - }, "props": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" + "$ref": "#/definitions/relational.Prop" } }, "remarks": { "type": "string" }, - "responsible-parties": { + "select": { + "$ref": "#/definitions/datatypes.JSONType-relational_ParameterSelection" + }, + "usage": { + "type": "string" + }, + "values": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleParty" + "type": "string" } - }, - "security-impact-level": { - "$ref": "#/definitions/oscalTypes_1_1_3.SecurityImpactLevel" - }, - "security-sensitivity-level": { + } + } + }, + "relational.ParameterConstraint": { + "type": "object", + "properties": { + "description": { "type": "string" }, - "status": { - "$ref": "#/definitions/oscalTypes_1_1_3.Status" - }, - "system-ids": { + "tests": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.SystemId" + "$ref": "#/definitions/relational.ParameterConstraintTest" } - }, - "system-information": { - "$ref": "#/definitions/oscalTypes_1_1_3.SystemInformation" - }, - "system-name": { + } + } + }, + "relational.ParameterConstraintTest": { + "type": "object", + "properties": { + "expression": { "type": "string" }, - "system-name-short": { + "remarks": { "type": "string" } } }, - "oscalTypes_1_1_3.SystemComponent": { + "relational.ParameterGuideline": { "type": "object", "properties": { - "description": { + "prose": { + "type": "string" + } + } + }, + "relational.ParameterSetting": { + "type": "object", + "properties": { + "class": { "type": "string" }, - "links": { + "constraints": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" + "$ref": "#/definitions/relational.ParameterConstraint" } }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" - } + "depends-on": { + "type": "string" }, - "protocols": { + "guidelines": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Protocol" + "$ref": "#/definitions/relational.ParameterGuideline" } }, - "purpose": { + "id": { "type": "string" }, - "remarks": { + "label": { "type": "string" }, - "responsible-roles": { + "links": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleRole" + "$ref": "#/definitions/relational.Link" } }, - "status": { - "$ref": "#/definitions/oscalTypes_1_1_3.SystemComponentStatus" - }, - "title": { + "modifyID": { "type": "string" }, - "type": { + "param-id": { + "description": "required", "type": "string" }, - "uuid": { - "type": "string" + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Prop" + } + }, + "select": { + "$ref": "#/definitions/datatypes.JSONType-relational_ParameterSelection" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } } } }, - "oscalTypes_1_1_3.SystemComponentStatus": { + "relational.Part": { "type": "object", "properties": { - "remarks": { + "class": { "type": "string" }, - "state": { - "type": "string" - } - } - }, - "oscalTypes_1_1_3.SystemId": { - "type": "object", - "properties": { "id": { "type": "string" }, - "identifier-type": { + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Link" + } + }, + "name": { + "type": "string" + }, + "ns": { + "type": "string" + }, + "part_id": { + "type": "string" + }, + "parts": { + "description": "-\u003e Part", + "type": "array", + "items": { + "$ref": "#/definitions/relational.Part" + } + }, + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Prop" + } + }, + "prose": { + "type": "string" + }, + "title": { "type": "string" } } }, - "oscalTypes_1_1_3.SystemImplementation": { + "relational.Party": { "type": "object", "properties": { - "components": { + "addresses": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.SystemComponent" + "$ref": "#/definitions/relational.Address" } }, - "inventory-items": { + "email-addresses": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.InventoryItem" + "type": "string" } }, - "leveraged-authorizations": { + "external-ids": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.LeveragedAuthorization" + "$ref": "#/definitions/relational.PartyExternalID" } }, + "id": { + "type": "string" + }, "links": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" + "$ref": "#/definitions/relational.Link" + } + }, + "locations": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Location" } }, + "member-of-organizations": { + "description": "-\u003e Party", + "type": "array", + "items": { + "$ref": "#/definitions/relational.Party" + } + }, + "name": { + "type": "string" + }, "props": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" + "$ref": "#/definitions/relational.Prop" } }, "remarks": { "type": "string" }, - "users": { + "short-name": { + "type": "string" + }, + "telephone-numbers": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.SystemUser" + "$ref": "#/definitions/relational.TelephoneNumber" } + }, + "type": { + "$ref": "#/definitions/relational.PartyType" } } }, - "oscalTypes_1_1_3.SystemInformation": { + "relational.PartyExternalID": { "type": "object", "properties": { - "information-types": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.InformationType" - } + "id": { + "type": "string" }, - "links": { + "scheme": { + "$ref": "#/definitions/relational.PartyExternalIDScheme" + } + } + }, + "relational.PartyExternalIDScheme": { + "type": "string", + "enum": [ + "http://orcid.org/" + ], + "x-enum-varnames": [ + "PartyExternalIDSchemeOrchid" + ] + }, + "relational.PartyType": { + "type": "string", + "enum": [ + "person", + "organization" + ], + "x-enum-varnames": [ + "PartyTypePerson", + "PartyTypeOrganization" + ] + }, + "relational.Profile": { + "type": "object", + "properties": { + "back-matter": { + "$ref": "#/definitions/relational.BackMatter" + }, + "controls": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" + "$ref": "#/definitions/relational.Control" } }, - "props": { + "id": { + "type": "string" + }, + "imports": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" + "$ref": "#/definitions/relational.Import" } + }, + "merge": { + "$ref": "#/definitions/relational.Merge" + }, + "metadata": { + "$ref": "#/definitions/relational.Metadata" + }, + "modify": { + "$ref": "#/definitions/relational.Modify" } } }, - "oscalTypes_1_1_3.SystemSecurityPlan": { + "relational.Prop": { "type": "object", "properties": { - "back-matter": { - "$ref": "#/definitions/oscalTypes_1_1_3.BackMatter" - }, - "control-implementation": { - "$ref": "#/definitions/oscalTypes_1_1_3.ControlImplementation" + "class": { + "type": "string" }, - "import-profile": { - "$ref": "#/definitions/oscalTypes_1_1_3.ImportProfile" + "group": { + "type": "string" }, - "metadata": { - "$ref": "#/definitions/oscalTypes_1_1_3.Metadata" + "name": { + "type": "string" }, - "system-characteristics": { - "$ref": "#/definitions/oscalTypes_1_1_3.SystemCharacteristics" + "ns": { + "type": "string" }, - "system-implementation": { - "$ref": "#/definitions/oscalTypes_1_1_3.SystemImplementation" + "remarks": { + "type": "string" }, "uuid": { "type": "string" + }, + "value": { + "type": "string" } } }, - "oscalTypes_1_1_3.SystemUser": { + "relational.Protocol": { "type": "object", "properties": { - "authorized-privileges": { + "name": { + "type": "string" + }, + "port-ranges": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.AuthorizedPrivilege" + "$ref": "#/definitions/oscalTypes_1_1_3.PortRange" } }, + "title": { + "type": "string" + }, + "uuid": { + "type": "string" + } + } + }, + "relational.ProvidedControlImplementation": { + "type": "object", + "properties": { "description": { "type": "string" }, + "exportId": { + "type": "string" + }, + "id": { + "type": "string" + }, "links": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" + "$ref": "#/definitions/relational.Link" } }, "props": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" + "$ref": "#/definitions/relational.Prop" } }, "remarks": { "type": "string" }, - "role-ids": { + "responsible-roles": { "type": "array", "items": { - "type": "string" + "$ref": "#/definitions/relational.ResponsibleRole" } + } + } + }, + "relational.Removal": { + "type": "object", + "properties": { + "by-class": { + "type": "string" }, - "short-name": { + "by-id": { "type": "string" }, - "title": { + "by-item-name": { "type": "string" }, - "uuid": { + "by-name": { + "type": "string" + }, + "by-ns": { "type": "string" } } }, - "oscalTypes_1_1_3.Task": { + "relational.ResourceLink": { "type": "object", "properties": { - "associated-activities": { + "hashes": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.AssociatedActivity" + "$ref": "#/definitions/relational.Hash" } }, - "dependencies": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.TaskDependency" - } + "href": { + "description": "required", + "type": "string" }, - "description": { + "media-type": { + "type": "string" + } + } + }, + "relational.ResponsibleParty": { + "type": "object", + "properties": { + "id": { "type": "string" }, "links": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" - } - }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" + "$ref": "#/definitions/relational.Link" } }, - "remarks": { + "parentID": { + "description": "Polymorphic relationship - allows ResponsibleParty to belong to different parent types", "type": "string" }, - "responsible-roles": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleRole" - } + "parentType": { + "type": "string" }, - "subjects": { + "parties": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentSubject" + "$ref": "#/definitions/relational.ResponsiblePartyParties" } }, - "tasks": { + "props": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Task" + "$ref": "#/definitions/relational.Prop" } }, - "timing": { - "$ref": "#/definitions/oscalTypes_1_1_3.EventTiming" - }, - "title": { + "remarks": { "type": "string" }, - "type": { - "type": "string" + "role": { + "$ref": "#/definitions/relational.Role" }, - "uuid": { + "role-id": { + "description": "required", "type": "string" } } }, - "oscalTypes_1_1_3.TaskDependency": { + "relational.ResponsiblePartyParties": { "type": "object", "properties": { - "remarks": { + "partyID": { "type": "string" }, - "task-uuid": { + "responsiblePartyID": { "type": "string" } } }, - "oscalTypes_1_1_3.TelephoneNumber": { + "relational.ResponsibleRole": { "type": "object", "properties": { - "number": { + "id": { "type": "string" }, - "type": { + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Link" + } + }, + "parentID": { "type": "string" - } - } - }, - "oscalTypes_1_1_3.ThreatId": { - "type": "object", - "properties": { - "href": { + }, + "parentType": { "type": "string" }, - "id": { + "parties": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Party" + } + }, + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Prop" + } + }, + "remarks": { "type": "string" }, - "system": { + "role": { + "$ref": "#/definitions/relational.Role" + }, + "role-id": { + "description": "required", "type": "string" } } }, - "oscalTypes_1_1_3.UsesComponent": { + "relational.ReviewedControls": { "type": "object", "properties": { - "component-uuid": { + "controlObjectiveSelections": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.ControlObjectiveSelection" + } + }, + "controlSelections": { + "description": "required", + "type": "array", + "items": { + "$ref": "#/definitions/relational.ControlSelection" + } + }, + "description": { + "type": "string" + }, + "id": { "type": "string" }, "links": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" + "$ref": "#/definitions/relational.Link" } }, "props": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" + "$ref": "#/definitions/relational.Prop" } }, "remarks": { "type": "string" - }, - "responsible-parties": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleParty" - } } } }, - "relational.Action": { + "relational.Revision": { "type": "object", "properties": { - "date": { + "id": { "type": "string" }, - "id": { + "last-modified": { "type": "string" }, "links": { @@ -23608,7 +33387,10 @@ const docTemplate = `{ } }, "metadata-id": { - "description": "Actions only exist on a metadata object. We'll link them straight there with a BelongsTo relationship", + "description": "Revision only exist on a metadata object. We'll link them straight there with a BelongsTo relationship", + "type": "string" + }, + "oscal-version": { "type": "string" }, "props": { @@ -23617,30 +33399,25 @@ const docTemplate = `{ "$ref": "#/definitions/relational.Prop" } }, - "remarks": { + "published": { "type": "string" }, - "responsibleParties": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.ResponsibleParty" - } + "remarks": { + "type": "string" }, - "system": { - "description": "required", + "title": { "type": "string" }, - "type": { + "version": { "description": "required", "type": "string" } } }, - "relational.Activity": { + "relational.Role": { "type": "object", "properties": { "description": { - "description": "required", "type": "string" }, "id": { @@ -23658,120 +33435,29 @@ const docTemplate = `{ "$ref": "#/definitions/relational.Prop" } }, - "related-controls": { - "$ref": "#/definitions/relational.ReviewedControls" - }, - "relatedControlsID": { - "type": "string" - }, "remarks": { - "description": "required", - "type": "string" - }, - "responsible-roles": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.ResponsibleRole" - } - }, - "steps": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.Step" - } - }, - "title": { "type": "string" - } - } - }, - "relational.Address": { - "type": "object", - "properties": { - "city": { - "type": "string" - }, - "country": { - "type": "string" - }, - "lines": { - "type": "array", - "items": { - "type": "string" - } }, - "postal-code": { + "short-name": { "type": "string" }, - "state": { + "title": { "type": "string" - }, - "type": { - "$ref": "#/definitions/relational.AddressType" } } }, - "relational.AddressType": { - "type": "string", - "enum": [ - "work", - "home" - ], - "x-enum-varnames": [ - "AddressTypeWork", - "AddressTypeHome" - ] - }, - "relational.AssessedControlsSelectControlById": { + "relational.SatisfiedControlImplementationResponsibility": { "type": "object", "properties": { - "control": { - "$ref": "#/definitions/relational.Control" - }, - "controlID": { - "type": "string" - }, - "id": { + "by-component-id": { "type": "string" }, - "statements": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.Statement" - } - } - } - }, - "relational.AssessmentSubject": { - "type": "object", - "properties": { "description": { "type": "string" }, - "evidence": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.Evidence" - } - }, - "excludeSubjects": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.SelectSubjectById" - } - }, "id": { "type": "string" }, - "includeAll": { - "$ref": "#/definitions/datatypes.JSONType-relational_IncludeAll" - }, - "includeSubjects": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.SelectSubjectById" - } - }, "links": { "type": "array", "items": { @@ -23787,114 +33473,79 @@ const docTemplate = `{ "remarks": { "type": "string" }, - "type": { - "description": "Type represents a component, party, location, user, or inventory item.\nIt will likely be updated once we can map it correctly", + "responsibility-uuid": { "type": "string" + }, + "responsible-roles": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.ResponsibleRole" + } } } }, - "relational.BackMatter": { + "relational.SelectControlById": { "type": "object", "properties": { "id": { "type": "string" }, + "matching": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Matching" + } + }, "parentID": { "type": "string" }, "parentType": { "type": "string" }, - "resources": { + "with-child-controls": { + "type": "string" + }, + "with-ids": { "type": "array", "items": { - "$ref": "#/definitions/relational.BackMatterResource" + "type": "string" } } } }, - "relational.BackMatterResource": { + "relational.SelectObjectiveById": { "type": "object", "properties": { - "backMatterID": { - "type": "string" - }, - "base64": { - "$ref": "#/definitions/datatypes.JSONType-relational_Base64" - }, - "citation": { - "$ref": "#/definitions/datatypes.JSONType-relational_Citation" - }, - "description": { + "id": { "type": "string" }, - "document-ids": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.DocumentID" - } - }, - "id": { + "objective": { "description": "required", "type": "string" }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.Prop" - } - }, - "remarks": { + "parentID": { "type": "string" }, - "rlinks": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.ResourceLink" - } - }, - "title": { + "parentType": { "type": "string" } } }, - "relational.ByComponent": { + "relational.SelectSubjectById": { "type": "object", "properties": { - "component-uuid": { - "type": "string" - }, - "description": { + "assessmentSubjectID": { "type": "string" }, - "export": { - "$ref": "#/definitions/relational.Export" - }, "id": { "type": "string" }, - "implementation-status": { - "$ref": "#/definitions/datatypes.JSONType-relational_ImplementationStatus" - }, - "inherited-control-implementations": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.InheritedControlImplementation" - } - }, "links": { "type": "array", "items": { "$ref": "#/definitions/relational.Link" } }, - "parentID": { - "description": "As ByComponent can be found in Implemented Requirements \u0026 Statements, using GORM polymorphism to tell us where to attach", - "type": "string" - }, - "parentType": { - "type": "string" - }, "props": { "type": "array", "items": { @@ -23904,218 +33555,199 @@ const docTemplate = `{ "remarks": { "type": "string" }, - "responsible-parties": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.ResponsibleRole" - } + "subjectUUID": { + "description": "SubjectUUID technically represents a UUID of a component, party, location, user, or inventory item.\nIt will likely be updated once we can map it correctly", + "type": "string" + } + } + }, + "relational.SetParameter": { + "type": "object", + "properties": { + "param-id": { + "type": "string" }, - "satisfied": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.SatisfiedControlImplementationResponsibility" - } + "remarks": { + "type": "string" }, - "set-parameters": { + "values": { "type": "array", "items": { - "$ref": "#/definitions/relational.SetParameter" + "type": "string" } } } }, - "relational.Capability": { + "relational.Statement": { "type": "object", "properties": { - "componentDefinition": { - "$ref": "#/definitions/relational.ComponentDefinition" - }, - "componentDefinitionId": { - "type": "string" - }, - "control-implementations": { + "by-components": { "type": "array", "items": { - "$ref": "#/definitions/relational.ControlImplementationSet" + "$ref": "#/definitions/relational.ByComponent" } }, - "description": { - "description": "required", + "id": { "type": "string" }, - "id": { + "implementedRequirementId": { "type": "string" }, - "incorporates-components": { + "links": { "type": "array", "items": { - "$ref": "#/definitions/relational.IncorporatesComponents" + "$ref": "#/definitions/relational.Link" } }, - "links": { + "props": { "type": "array", "items": { - "$ref": "#/definitions/relational.Link" + "$ref": "#/definitions/relational.Prop" } }, - "name": { - "description": "required", + "remarks": { "type": "string" }, - "props": { + "responsible-roles": { "type": "array", "items": { - "$ref": "#/definitions/relational.Prop" + "$ref": "#/definitions/relational.ResponsibleRole" } }, - "remarks": { + "statement-id": { "type": "string" } } }, - "relational.CcfPoamItem": { + "relational.Step": { "type": "object", "properties": { - "createdAt": { - "type": "string" - }, - "deadline": { + "activityID": { "type": "string" }, "description": { + "description": "required", "type": "string" }, "id": { "type": "string" }, - "milestones": { + "links": { "type": "array", "items": { - "$ref": "#/definitions/relational.CcfPoamItemMilestone" + "$ref": "#/definitions/relational.Link" } }, - "pocEmail": { - "type": "string" - }, - "pocName": { - "type": "string" - }, - "pocPhone": { - "type": "string" + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Prop" + } }, "remarks": { "type": "string" }, - "resourceRequired": { - "type": "string" + "responsible-roles": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.ResponsibleRole" + } }, - "sspID": { - "type": "string" + "reviewed-controls": { + "$ref": "#/definitions/relational.ReviewedControls" }, - "status": { + "reviewedControlsID": { "type": "string" }, "title": { "type": "string" - }, - "updatedAt": { - "type": "string" } } }, - "relational.CcfPoamItemMilestone": { + "relational.SystemCharacteristics": { "type": "object", "properties": { - "completedAt": { - "type": "string" + "authorization-boundary": { + "$ref": "#/definitions/relational.AuthorizationBoundary" }, - "createdAt": { - "type": "string" + "dataFlow": { + "$ref": "#/definitions/relational.DataFlow" }, - "description": { + "date-authorized": { "type": "string" }, - "dueDate": { + "description": { "type": "string" }, "id": { "type": "string" }, - "poamItemID": { - "type": "string" - }, - "status": { - "type": "string" - }, - "title": { - "type": "string" - }, - "updatedAt": { - "type": "string" - } - } - }, - "relational.CcfPoamItemRiskLink": { - "type": "object", - "properties": { - "poamItemID": { - "type": "string" + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Link" + } }, - "riskID": { - "type": "string" - } - } - }, - "relational.ComponentDefinition": { - "type": "object", - "properties": { - "back-matter": { - "$ref": "#/definitions/relational.BackMatter" + "networkArchitecture": { + "$ref": "#/definitions/relational.NetworkArchitecture" }, - "capabilities": { + "props": { "type": "array", "items": { - "$ref": "#/definitions/relational.Capability" + "$ref": "#/definitions/relational.Prop" } }, - "components": { + "remarks": { + "type": "string" + }, + "responsible-parties": { "type": "array", "items": { - "$ref": "#/definitions/relational.DefinedComponent" + "$ref": "#/definitions/relational.ResponsibleParty" } }, - "id": { + "security-impact-level": { + "$ref": "#/definitions/datatypes.JSONType-relational_SecurityImpactLevel" + }, + "security-sensitivity-level": { "type": "string" }, - "import-component-definitions": { + "status": { + "$ref": "#/definitions/datatypes.JSONType-relational_Status" + }, + "system-ids": { "type": "array", "items": { - "$ref": "#/definitions/relational.ImportComponentDefinition" + "$ref": "#/definitions/relational.SystemId" } }, - "metadata": { - "description": "required", - "allOf": [ - { - "$ref": "#/definitions/relational.Metadata" - } - ] + "system-information": { + "$ref": "#/definitions/datatypes.JSONType-relational_SystemInformation" + }, + "system-name": { + "type": "string" + }, + "system-name-short": { + "type": "string" + }, + "systemSecurityPlanId": { + "type": "string" } } }, - "relational.Control": { + "relational.SystemComponent": { "type": "object", "properties": { - "catalogID": { + "definedComponentId": { "type": "string" }, - "class": { + "description": { "type": "string" }, - "controls": { + "evidence": { "type": "array", "items": { - "$ref": "#/definitions/relational.Control" + "$ref": "#/definitions/relational.Evidence" } }, "filters": { @@ -24125,7 +33757,6 @@ const docTemplate = `{ } }, "id": { - "description": "required", "type": "string" }, "links": { @@ -24134,96 +33765,100 @@ const docTemplate = `{ "$ref": "#/definitions/relational.Link" } }, - "params": { + "props": { "type": "array", "items": { - "$ref": "#/definitions/relational.Parameter" + "$ref": "#/definitions/relational.Prop" } }, - "parentID": { + "protocols": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Protocol" + } + }, + "purpose": { "type": "string" }, - "parentType": { + "remarks": { "type": "string" }, - "parts": { + "responsible-roles": { "type": "array", "items": { - "$ref": "#/definitions/relational.Part" + "$ref": "#/definitions/relational.ResponsibleRole" } }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.Prop" - } + "status": { + "$ref": "#/definitions/datatypes.JSONType-relational_SystemComponentStatus" + }, + "systemImplementationId": { + "type": "string" }, "title": { - "description": "required", + "type": "string" + }, + "type": { "type": "string" } } }, - "relational.ControlImplementationResponsibility": { + "relational.SystemComponentSuggestion": { "type": "object", "properties": { - "description": { - "description": "required", + "componentDefinitionId": { "type": "string" }, - "exportId": { + "definedComponentId": { "type": "string" }, - "id": { + "description": { "type": "string" }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.Link" - } - }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.Prop" - } - }, - "provided-uuid": { + "name": { "type": "string" }, - "remarks": { + "purpose": { "type": "string" }, - "responsible-roles": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.ResponsibleRole" - } + "type": { + "type": "string" } } }, - "relational.ControlImplementationSet": { + "relational.SystemId": { "type": "object", "properties": { - "definedComponent": { - "$ref": "#/definitions/relational.DefinedComponent" - }, - "definedComponentID": { + "id": { "type": "string" }, - "description": { - "description": "required", + "identifier-type": { "type": "string" + } + } + }, + "relational.SystemImplementation": { + "type": "object", + "properties": { + "components": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.SystemComponent" + } }, "id": { "type": "string" }, - "implemented-requirements": { - "description": "required", + "inventory-items": { "type": "array", "items": { - "$ref": "#/definitions/relational.ImplementedRequirementControlImplementation" + "$ref": "#/definitions/relational.InventoryItem" + } + }, + "leveraged-authorizations": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.LeveragedAuthorization" } }, "links": { @@ -24238,42 +33873,67 @@ const docTemplate = `{ "$ref": "#/definitions/relational.Prop" } }, - "set-parameters": { + "remarks": { + "type": "string" + }, + "systemSecurityPlanId": { + "type": "string" + }, + "users": { "type": "array", "items": { - "$ref": "#/definitions/relational.SetParameter" + "$ref": "#/definitions/relational.SystemUser" } - }, - "source": { - "description": "required", - "type": "string" } } }, - "relational.ControlObjectiveSelection": { + "relational.SystemSecurityPlan": { "type": "object", "properties": { - "description": { - "type": "string" + "back-matter": { + "$ref": "#/definitions/relational.BackMatter" }, - "excludeObjectives": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.SelectObjectiveById" - } + "control-implementation": { + "$ref": "#/definitions/relational.ControlImplementation" }, "id": { "type": "string" }, - "includeAll": { - "$ref": "#/definitions/datatypes.JSONType-relational_IncludeAll" + "import-profile": { + "$ref": "#/definitions/datatypes.JSONType-relational_ImportProfile" }, - "includeObjectives": { + "metadata": { + "$ref": "#/definitions/relational.Metadata" + }, + "profile": { + "$ref": "#/definitions/relational.Profile" + }, + "profileID": { + "type": "string" + }, + "system-characteristics": { + "$ref": "#/definitions/relational.SystemCharacteristics" + }, + "system-implementation": { + "$ref": "#/definitions/relational.SystemImplementation" + } + } + }, + "relational.SystemUser": { + "type": "object", + "properties": { + "authorized-privileges": { "type": "array", "items": { - "$ref": "#/definitions/relational.SelectObjectiveById" + "$ref": "#/definitions/relational.AuthorizedPrivilege" } }, + "description": { + "type": "string" + }, + "id": { + "type": "string" + }, "links": { "type": "array", "items": { @@ -24289,276 +33949,404 @@ const docTemplate = `{ "remarks": { "type": "string" }, - "reviewedControlsID": { + "role-ids": { + "type": "array", + "items": { + "type": "string" + } + }, + "short-name": { + "type": "string" + }, + "systemImplementationId": { + "type": "string" + }, + "title": { "type": "string" } } }, - "relational.ControlSelection": { + "relational.TelephoneNumber": { "type": "object", "properties": { - "description": { + "number": { "type": "string" }, - "excludeControls": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.AssessedControlsSelectControlById" - } + "type": { + "$ref": "#/definitions/relational.TelephoneNumberType" + } + } + }, + "relational.TelephoneNumberType": { + "type": "string", + "enum": [ + "home", + "office", + "mobile" + ], + "x-enum-varnames": [ + "TelephoneNumberTypeHome", + "TelephoneNumberTypeOffice", + "TelephoneNumberTypeMobile" + ] + }, + "relational.User": { + "type": "object", + "properties": { + "authMethod": { + "type": "string" + }, + "createdAt": { + "type": "string" + }, + "deletedAt": { + "description": "Soft delete", + "allOf": [ + { + "$ref": "#/definitions/gorm.DeletedAt" + } + ] + }, + "digestSubscribed": { + "description": "DigestSubscribed indicates if the user wants to receive evidence digest emails", + "type": "boolean" + }, + "email": { + "type": "string" + }, + "failedLogins": { + "type": "integer" + }, + "firstName": { + "type": "string" }, "id": { "type": "string" }, - "includeAll": { - "$ref": "#/definitions/datatypes.JSONType-relational_IncludeAll" + "isActive": { + "type": "boolean" }, - "includeControls": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.AssessedControlsSelectControlById" - } + "isLocked": { + "type": "boolean" }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.Link" - } + "lastLogin": { + "type": "string" }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.Prop" - } + "lastName": { + "type": "string" }, - "remarks": { + "taskAvailableEmailSubscribed": { + "description": "TaskAvailableEmailSubscribed indicates if the user wants an email when tasks become available", + "type": "boolean" + }, + "taskDailyDigestSubscribed": { + "description": "TaskDailyDigestSubscribed indicates if the user wants to receive a daily task digest email", + "type": "boolean" + }, + "updatedAt": { "type": "string" }, - "reviewedControlsID": { + "userAttributes": { "type": "string" } } }, - "relational.ControlStatementImplementation": { + "risks.RiskComponentLink": { "type": "object", "properties": { - "description": { - "description": "required", + "componentId": { "type": "string" }, - "id": { + "createdAt": { "type": "string" }, - "implementedRequirementControlImplementationId": { + "createdById": { "type": "string" }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.Link" - } + "riskId": { + "type": "string" + } + } + }, + "risks.RiskControlLink": { + "type": "object", + "properties": { + "catalogId": { + "type": "string" }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.Prop" - } + "controlId": { + "type": "string" }, - "remarks": { + "createdAt": { "type": "string" }, - "responsible-roles": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.ResponsibleRole" - } + "createdById": { + "type": "string" }, - "statement-id": { - "description": "required", + "riskId": { "type": "string" } } }, - "relational.DefinedComponent": { + "risks.RiskEvidenceLink": { "type": "object", "properties": { - "componentDefinition": { - "$ref": "#/definitions/relational.ComponentDefinition" + "createdAt": { + "type": "string" }, - "componentDefinitionID": { + "createdById": { "type": "string" }, - "control-implementations": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.ControlImplementationSet" - } + "evidenceId": { + "description": "EvidenceID stores the evidence stream UUID (evidences.uuid), not a single evidence row ID.", + "type": "string" }, - "description": { - "description": "required", + "riskId": { + "type": "string" + } + } + }, + "risks.RiskSubjectLink": { + "type": "object", + "properties": { + "createdAt": { "type": "string" }, - "id": { + "createdById": { "type": "string" }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.Link" - } + "riskId": { + "type": "string" }, - "props": { + "subjectId": { + "type": "string" + } + } + }, + "service.ListResponse-handler_riskResponse": { + "type": "object", + "properties": { + "data": { "type": "array", "items": { - "$ref": "#/definitions/relational.Prop" + "$ref": "#/definitions/handler.riskResponse" } }, - "protocols": { + "limit": { + "type": "integer" + }, + "page": { + "type": "integer" + }, + "total": { + "type": "integer" + }, + "totalPages": { + "type": "integer" + } + } + }, + "service.ListResponse-risks_RiskComponentLink": { + "type": "object", + "properties": { + "data": { "type": "array", "items": { - "$ref": "#/definitions/relational.Protocol" + "$ref": "#/definitions/risks.RiskComponentLink" } }, - "purpose": { - "type": "string" + "limit": { + "type": "integer" }, - "remarks": { - "type": "string" + "page": { + "type": "integer" }, - "responsible-roles": { + "total": { + "type": "integer" + }, + "totalPages": { + "type": "integer" + } + } + }, + "service.ListResponse-risks_RiskControlLink": { + "type": "object", + "properties": { + "data": { "type": "array", "items": { - "$ref": "#/definitions/relational.ResponsibleRole" + "$ref": "#/definitions/risks.RiskControlLink" } }, - "title": { - "description": "required", - "type": "string" + "limit": { + "type": "integer" }, - "type": { - "description": "required", - "type": "string" + "page": { + "type": "integer" + }, + "total": { + "type": "integer" + }, + "totalPages": { + "type": "integer" } } }, - "relational.DocumentID": { + "service.ListResponse-risks_RiskSubjectLink": { "type": "object", "properties": { - "identifier": { - "type": "string" + "data": { + "type": "array", + "items": { + "$ref": "#/definitions/risks.RiskSubjectLink" + } }, - "scheme": { - "$ref": "#/definitions/relational.DocumentIDScheme" + "limit": { + "type": "integer" + }, + "page": { + "type": "integer" + }, + "total": { + "type": "integer" + }, + "totalPages": { + "type": "integer" } } }, - "relational.DocumentIDScheme": { - "type": "string", - "enum": [ - "http://www.doi.org/" - ], - "x-enum-varnames": [ - "DocumentIDSchemeDoi" - ] - }, - "relational.Evidence": { + "service.ListResponse-templates_evidenceTemplateResponse": { "type": "object", "properties": { - "activities": { - "description": "What steps did we take to create this evidence", + "data": { "type": "array", "items": { - "$ref": "#/definitions/relational.Activity" + "$ref": "#/definitions/templates.evidenceTemplateResponse" } }, - "back-matter": { - "$ref": "#/definitions/relational.BackMatter" + "limit": { + "type": "integer" }, - "components": { - "description": "Which components of the subject are being observed. A tool, user, policy etc.", + "page": { + "type": "integer" + }, + "total": { + "type": "integer" + }, + "totalPages": { + "type": "integer" + } + } + }, + "service.ListResponse-templates_riskTemplateResponse": { + "type": "object", + "properties": { + "data": { "type": "array", "items": { - "$ref": "#/definitions/relational.SystemComponent" + "$ref": "#/definitions/templates.riskTemplateResponse" } }, - "description": { - "type": "string" - }, - "end": { - "type": "string" + "limit": { + "type": "integer" }, - "expires": { - "type": "string" + "page": { + "type": "integer" }, - "id": { - "type": "string" + "total": { + "type": "integer" }, - "inventory-items": { + "totalPages": { + "type": "integer" + } + } + }, + "service.ListResponse-templates_subjectTemplateResponse": { + "type": "object", + "properties": { + "data": { "type": "array", "items": { - "$ref": "#/definitions/relational.InventoryItem" + "$ref": "#/definitions/templates.subjectTemplateResponse" } }, - "labels": { - "description": "Assigning labels to Evidence makes it searchable and easily usable in the UI", - "type": "array", - "items": { - "$ref": "#/definitions/relational.Labels" - } + "limit": { + "type": "integer" }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.Link" - } + "page": { + "type": "integer" }, - "origins": { - "description": "Who or What is generating this evidence", - "type": "array", - "items": { - "$ref": "#/definitions/relational.Origin" - } + "total": { + "type": "integer" }, - "props": { + "totalPages": { + "type": "integer" + } + } + }, + "service.ListResponse-uuid_UUID": { + "type": "object", + "properties": { + "data": { "type": "array", "items": { - "$ref": "#/definitions/relational.Prop" + "type": "string" } }, - "remarks": { - "type": "string" + "limit": { + "type": "integer" }, - "start": { - "description": "When did we start collecting the evidence, and when did the process end, and how long is it valid for ?", - "type": "string" + "page": { + "type": "integer" }, - "status": { - "description": "Did we satisfy what was being tested for, or did we fail ?", - "allOf": [ - { - "$ref": "#/definitions/datatypes.JSONType-oscalTypes_1_1_3_ObjectiveStatus" - } - ] + "total": { + "type": "integer" }, - "subjects": { - "description": "Who or What are we providing evidence for. What's under test.", - "type": "array", - "items": { - "$ref": "#/definitions/relational.AssessmentSubject" - } + "totalPages": { + "type": "integer" + } + } + }, + "templates.evidenceTemplateDataResponse": { + "type": "object", + "properties": { + "data": { + "$ref": "#/definitions/templates.evidenceTemplateResponse" + } + } + }, + "templates.evidenceTemplateLabelSchemaFieldRequest": { + "type": "object", + "properties": { + "description": { + "type": "string" }, - "title": { + "key": { "type": "string" }, - "uuid": { - "description": "UUID needs to remain consistent when automation runs again, but unique for each subject.\nIt represents the \"stream\" of the same observation being made over time.", + "required": { + "type": "boolean" + } + } + }, + "templates.evidenceTemplateLabelSchemaFieldResponse": { + "type": "object", + "properties": { + "description": { + "type": "string" + }, + "key": { "type": "string" + }, + "required": { + "type": "boolean" } } }, - "relational.Export": { + "templates.evidenceTemplateResponse": { "type": "object", "properties": { - "byComponentId": { + "createdAt": { "type": "string" }, "description": { @@ -24567,266 +34355,250 @@ const docTemplate = `{ "id": { "type": "string" }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.Link" - } + "isActive": { + "type": "boolean" }, - "props": { + "labelSchema": { "type": "array", "items": { - "$ref": "#/definitions/relational.Prop" + "$ref": "#/definitions/templates.evidenceTemplateLabelSchemaFieldResponse" } }, - "provided": { + "methods": { "type": "array", "items": { - "$ref": "#/definitions/relational.ProvidedControlImplementation" + "type": "string" } }, - "remarks": { + "pluginId": { "type": "string" }, - "responsibilities": { + "policyPackage": { + "type": "string" + }, + "riskTemplateIds": { "type": "array", "items": { - "$ref": "#/definitions/relational.ControlImplementationResponsibility" + "type": "string" } - } - } - }, - "relational.Filter": { - "type": "object", - "properties": { - "components": { + }, + "selectorLabels": { "type": "array", "items": { - "$ref": "#/definitions/relational.SystemComponent" + "$ref": "#/definitions/templates.evidenceTemplateSelectorLabelResponse" } }, - "controls": { + "subjectTemplateIds": { "type": "array", "items": { - "$ref": "#/definitions/relational.Control" + "type": "string" } }, - "filter": { - "$ref": "#/definitions/datatypes.JSONType-labelfilter_Filter" - }, - "id": { + "title": { "type": "string" }, - "name": { + "updatedAt": { "type": "string" } } }, - "relational.Hash": { + "templates.evidenceTemplateSelectorLabelRequest": { "type": "object", "properties": { - "algorithm": { - "description": "required", - "allOf": [ - { - "$ref": "#/definitions/relational.HashAlgorithm" - } - ] + "key": { + "type": "string" }, "value": { - "description": "required", "type": "string" } } }, - "relational.HashAlgorithm": { - "type": "string", - "enum": [ - "SHA-224", - "SHA-256", - "SHA-384", - "SHA-512", - "SHA3-224", - "SHA3-256", - "SHA3-384", - "SHA3-512" - ], - "x-enum-varnames": [ - "HashAlgorithmSHA_224", - "HashAlgorithmSHA_256", - "HashAlgorithmSHA_384", - "HashAlgorithmSHA_512", - "HashAlgorithmSHA3_224", - "HashAlgorithmSHA3_256", - "HashAlgorithmSHA3_384", - "HashAlgorithmSHA3_512" - ] - }, - "relational.ImplementedComponent": { + "templates.evidenceTemplateSelectorLabelResponse": { "type": "object", "properties": { - "component": { - "$ref": "#/definitions/relational.DefinedComponent" + "key": { + "type": "string" }, - "component-uuid": { + "value": { "type": "string" + } + } + }, + "templates.remediationTaskRequest": { + "type": "object", + "properties": { + "orderIndex": { + "type": "integer" }, + "title": { + "type": "string" + } + } + }, + "templates.remediationTaskResponse": { + "type": "object", + "properties": { "id": { "type": "string" }, - "inventoryItemId": { + "orderIndex": { + "type": "integer" + }, + "title": { + "type": "string" + } + } + }, + "templates.remediationTemplateRequest": { + "type": "object", + "properties": { + "description": { "type": "string" }, - "links": { + "tasks": { "type": "array", "items": { - "$ref": "#/definitions/relational.Link" + "$ref": "#/definitions/templates.remediationTaskRequest" } }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.Prop" - } + "title": { + "type": "string" + } + } + }, + "templates.remediationTemplateResponse": { + "type": "object", + "properties": { + "description": { + "type": "string" }, - "remarks": { + "id": { "type": "string" }, - "responsible-parties": { + "tasks": { "type": "array", "items": { - "$ref": "#/definitions/relational.ResponsibleParty" + "$ref": "#/definitions/templates.remediationTaskResponse" } + }, + "title": { + "type": "string" } } }, - "relational.ImplementedRequirementControlImplementation": { + "templates.riskTemplateDataResponse": { "type": "object", "properties": { - "control-id": { - "description": "required", + "data": { + "$ref": "#/definitions/templates.riskTemplateResponse" + } + } + }, + "templates.riskTemplateResponse": { + "type": "object", + "properties": { + "createdAt": { "type": "string" }, - "controlImplementationSetID": { + "id": { "type": "string" }, - "description": { - "description": "required", + "impactHint": { "type": "string" }, - "id": { + "isActive": { + "type": "boolean" + }, + "likelihoodHint": { "type": "string" }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.Link" - } + "name": { + "type": "string" }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.Prop" - } + "pluginId": { + "type": "string" }, - "remarks": { + "policyPackage": { "type": "string" }, - "responsible-roles": { - "description": "required", - "type": "array", - "items": { - "$ref": "#/definitions/relational.ResponsibleRole" - } + "remediationTemplate": { + "$ref": "#/definitions/templates.remediationTemplateResponse" }, - "set-parameters": { + "statement": { + "type": "string" + }, + "threatIds": { "type": "array", "items": { - "$ref": "#/definitions/relational.SetParameter" + "$ref": "#/definitions/templates.threatIDResponse" } }, - "statements": { + "title": { + "type": "string" + }, + "updatedAt": { + "type": "string" + }, + "violationIds": { "type": "array", "items": { - "$ref": "#/definitions/relational.ControlStatementImplementation" + "type": "string" } } } }, - "relational.ImportComponentDefinition": { + "templates.subjectTemplateDataResponse": { "type": "object", "properties": { - "href": { - "type": "string" + "data": { + "$ref": "#/definitions/templates.subjectTemplateResponse" } } }, - "relational.IncorporatesComponents": { + "templates.subjectTemplateLabelSchemaFieldRequest": { "type": "object", "properties": { - "component-uuid": { + "description": { "type": "string" }, - "description": { + "key": { "type": "string" } } }, - "relational.InheritedControlImplementation": { + "templates.subjectTemplateLabelSchemaFieldResponse": { "type": "object", "properties": { - "byComponentId": { - "type": "string" - }, "description": { - "description": "required", - "type": "string" - }, - "id": { "type": "string" }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.Link" - } - }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.Prop" - } - }, - "provided-uuid": { + "key": { "type": "string" - }, - "responsible-roles": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.ResponsibleRole" - } } } }, - "relational.InventoryItem": { + "templates.subjectTemplateResponse": { "type": "object", "properties": { - "description": { + "createdAt": { "type": "string" }, - "evidence": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.Evidence" - } + "descriptionTemplate": { + "type": "string" }, "id": { "type": "string" }, - "implemented-components": { + "identityLabelKeys": { "type": "array", "items": { - "$ref": "#/definitions/relational.ImplementedComponent" + "type": "string" + } + }, + "labelSchema": { + "type": "array", + "items": { + "$ref": "#/definitions/templates.subjectTemplateLabelSchemaFieldResponse" } }, "links": { @@ -24835,30 +34607,45 @@ const docTemplate = `{ "$ref": "#/definitions/relational.Link" } }, + "name": { + "type": "string" + }, "props": { "type": "array", "items": { "$ref": "#/definitions/relational.Prop" } }, - "remarks": { + "purposeTemplate": { "type": "string" }, - "responsible-parties": { + "remarksTemplate": { + "type": "string" + }, + "selectorLabels": { "type": "array", "items": { - "$ref": "#/definitions/relational.ResponsibleParty" + "$ref": "#/definitions/templates.subjectTemplateSelectorLabelResponse" } }, - "systemImplementationId": { + "sourceMode": { + "type": "string" + }, + "titleTemplate": { + "type": "string" + }, + "type": { + "type": "string" + }, + "updatedAt": { "type": "string" } } }, - "relational.Labels": { + "templates.subjectTemplateSelectorLabelRequest": { "type": "object", "properties": { - "name": { + "key": { "type": "string" }, "value": { @@ -24866,66 +34653,138 @@ const docTemplate = `{ } } }, - "relational.Link": { + "templates.subjectTemplateSelectorLabelResponse": { "type": "object", "properties": { - "href": { + "key": { "type": "string" }, - "media-type": { + "value": { + "type": "string" + } + } + }, + "templates.threatIDRequest": { + "type": "object", + "properties": { + "id": { "type": "string" }, - "rel": { + "system": { "type": "string" }, - "resource-fragment": { + "title": { "type": "string" }, - "text": { + "url": { "type": "string" } } }, - "relational.Location": { + "templates.threatIDResponse": { "type": "object", "properties": { - "address": { - "$ref": "#/definitions/datatypes.JSONType-relational_Address" + "id": { + "type": "string" }, - "email-addresses": { + "system": { + "type": "string" + }, + "title": { + "type": "string" + }, + "url": { + "type": "string" + } + } + }, + "templates.upsertEvidenceTemplateRequest": { + "type": "object", + "properties": { + "description": { + "type": "string" + }, + "isActive": { + "type": "boolean" + }, + "labelSchema": { + "type": "array", + "items": { + "$ref": "#/definitions/templates.evidenceTemplateLabelSchemaFieldRequest" + } + }, + "methods": { "type": "array", "items": { "type": "string" } }, - "id": { + "pluginId": { "type": "string" }, - "links": { + "policyPackage": { + "type": "string" + }, + "riskTemplateIds": { "type": "array", "items": { - "$ref": "#/definitions/relational.Link" + "type": "string" } }, - "props": { + "selectorLabels": { "type": "array", "items": { - "$ref": "#/definitions/relational.Prop" + "$ref": "#/definitions/templates.evidenceTemplateSelectorLabelRequest" } }, - "remarks": { + "subjectTemplateIds": { + "type": "array", + "items": { + "type": "string" + } + }, + "title": { + "type": "string" + } + } + }, + "templates.upsertRiskTemplateRequest": { + "type": "object", + "properties": { + "impactHint": { "type": "string" }, - "telephone-numbers": { + "isActive": { + "type": "boolean" + }, + "likelihoodHint": { + "type": "string" + }, + "name": { + "type": "string" + }, + "pluginId": { + "type": "string" + }, + "policyPackage": { + "type": "string" + }, + "remediationTemplate": { + "$ref": "#/definitions/templates.remediationTemplateRequest" + }, + "statement": { + "type": "string" + }, + "threatIds": { "type": "array", "items": { - "$ref": "#/definitions/relational.TelephoneNumber" + "$ref": "#/definitions/templates.threatIDRequest" } }, "title": { "type": "string" }, - "urls": { + "violationIds": { "type": "array", "items": { "type": "string" @@ -24933,981 +34792,1425 @@ const docTemplate = `{ } } }, - "relational.Metadata": { + "templates.upsertSubjectTemplateRequest": { "type": "object", + "required": [ + "identityLabelKeys", + "labelSchema", + "name", + "selectorLabels", + "sourceMode", + "type" + ], "properties": { - "actions": { + "descriptionTemplate": { + "type": "string" + }, + "identityLabelKeys": { + "type": "array", + "items": { + "type": "string" + } + }, + "labelSchema": { "type": "array", "items": { - "$ref": "#/definitions/relational.Action" + "$ref": "#/definitions/templates.subjectTemplateLabelSchemaFieldRequest" } }, - "document-ids": { - "description": "-\u003e DocumentID", + "links": { "type": "array", "items": { - "$ref": "#/definitions/relational.DocumentID" + "$ref": "#/definitions/relational.Link" } }, - "id": { - "type": "string" - }, - "last-modified": { + "name": { "type": "string" }, - "links": { + "props": { "type": "array", "items": { - "$ref": "#/definitions/relational.Link" + "$ref": "#/definitions/relational.Prop" } }, - "locations": { + "purposeTemplate": { + "type": "string" + }, + "remarksTemplate": { + "type": "string" + }, + "selectorLabels": { "type": "array", "items": { - "$ref": "#/definitions/relational.Location" + "$ref": "#/definitions/templates.subjectTemplateSelectorLabelRequest" } }, - "oscal-version": { + "sourceMode": { "type": "string" }, - "parentID": { - "description": "Metadata is shared across many resources, and so it mapped using a polymorphic relationship", + "titleTemplate": { "type": "string" }, - "parentType": { + "type": { + "type": "string" + } + } + }, + "time.Duration": { + "type": "integer", + "format": "int64", + "enum": [ + -9223372036854775808, + 9223372036854775807, + 1, + 1000, + 1000000, + 1000000000, + 60000000000, + 3600000000000 + ], + "x-enum-varnames": [ + "minDuration", + "maxDuration", + "Nanosecond", + "Microsecond", + "Millisecond", + "Second", + "Minute", + "Hour" + ] + }, + "workflow.EvidenceSubmission": { + "type": "object", + "properties": { + "description": { "type": "string" }, - "parties": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.Party" - } + "evidence-id": { + "type": "string" }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.Prop" - } + "evidence-type": { + "type": "string" }, - "published": { + "file-content": { + "description": "Base64 encoded file content", "type": "string" }, - "remarks": { + "file-hash": { "type": "string" }, - "responsibleParties": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.ResponsibleParty" - } + "file-path": { + "type": "string" }, - "revisions": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.Revision" - } + "file-size": { + "type": "integer" }, - "roles": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.Role" - } + "media-type": { + "description": "MIME type (e.g., \"application/pdf\", \"image/png\")", + "type": "string" }, - "title": { + "metadata": { "type": "string" }, - "version": { + "name": { "type": "string" } } }, - "relational.Origin": { + "workflow.ExecutionMetrics": { "type": "object", "properties": { - "actors": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.OriginActor" - } + "averageStepDuration": { + "$ref": "#/definitions/time.Duration" }, - "related-tasks": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.RelatedTask" - } + "duration": { + "$ref": "#/definitions/time.Duration" + }, + "executionID": { + "type": "string" + }, + "longestStepDuration": { + "$ref": "#/definitions/time.Duration" + }, + "totalSteps": { + "type": "integer" } } }, - "relational.Parameter": { + "workflow.ExecutionStatus": { "type": "object", "properties": { - "class": { + "blockedSteps": { + "type": "integer" + }, + "cancelledSteps": { + "type": "integer" + }, + "completedAt": { "type": "string" }, - "constraints": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.ParameterConstraint" - } + "completedSteps": { + "type": "integer" }, - "guidelines": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.ParameterGuideline" - } + "executionID": { + "type": "string" }, - "id": { + "failedAt": { "type": "string" }, - "label": { + "failedSteps": { + "type": "integer" + }, + "failureReason": { "type": "string" }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.Link" - } + "inProgressSteps": { + "type": "integer" }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.Prop" - } + "overdueSteps": { + "type": "integer" }, - "remarks": { + "pendingSteps": { + "type": "integer" + }, + "startedAt": { "type": "string" }, - "select": { - "$ref": "#/definitions/datatypes.JSONType-relational_ParameterSelection" + "status": { + "type": "string" }, - "usage": { + "totalSteps": { + "type": "integer" + } + } + }, + "workflows.BulkReassignRoleResponse": { + "type": "object", + "properties": { + "data": { + "$ref": "#/definitions/workflows.BulkReassignRoleResponseData" + } + } + }, + "workflows.BulkReassignRoleResponseData": { + "type": "object", + "properties": { + "execution-id": { "type": "string" }, - "values": { + "reassigned-count": { + "type": "integer" + }, + "reassigned-step-execution-ids": { "type": "array", "items": { "type": "string" } + }, + "role-name": { + "type": "string" } } }, - "relational.ParameterConstraint": { + "workflows.CancelWorkflowExecutionRequest": { "type": "object", "properties": { - "description": { + "reason": { + "type": "string" + } + } + }, + "workflows.ControlRelationship": { + "type": "object", + "properties": { + "catalog_id": { + "description": "Link to catalog if available", "type": "string" }, - "tests": { + "control_id": { + "description": "Control Information", + "type": "string" + }, + "control_source": { + "description": "e.g., \"NIST 800-53 Rev 5\", \"ISO 27001\"", + "type": "string" + }, + "created-at": { + "type": "string" + }, + "deleted_at": { + "$ref": "#/definitions/gorm.DeletedAt" + }, + "id": { + "type": "string" + }, + "is_active": { + "type": "boolean" + }, + "relationship_type": { + "description": "Relationship Information", + "type": "string" + }, + "strength": { + "description": "primary, secondary, supporting", + "type": "string" + }, + "updated-at": { + "type": "string" + }, + "workflow_definition": { + "description": "Relationships", + "allOf": [ + { + "$ref": "#/definitions/workflows.WorkflowDefinition" + } + ] + }, + "workflow_definition_id": { + "description": "Foreign Keys", + "type": "string" + } + } + }, + "workflows.ControlRelationshipListResponse": { + "type": "object", + "properties": { + "data": { "type": "array", "items": { - "$ref": "#/definitions/relational.ParameterConstraintTest" + "$ref": "#/definitions/workflows.ControlRelationship" } } } }, - "relational.ParameterConstraintTest": { + "workflows.ControlRelationshipResponse": { "type": "object", "properties": { - "expression": { + "data": { + "$ref": "#/definitions/workflows.ControlRelationship" + } + } + }, + "workflows.CreateControlRelationshipRequest": { + "type": "object", + "required": [ + "catalog-id", + "control-id", + "workflow-definition-id" + ], + "properties": { + "catalog-id": { "type": "string" }, - "remarks": { + "control-id": { + "type": "string" + }, + "description": { + "type": "string" + }, + "is-active": { + "type": "boolean" + }, + "relationship-type": { + "description": "If not provided - 'satisfies' is used", + "type": "string" + }, + "strength": { + "description": "If not provided - 'primary' is used", + "type": "string" + }, + "workflow-definition-id": { "type": "string" } } }, - "relational.ParameterGuideline": { + "workflows.CreateRoleAssignmentRequest": { "type": "object", + "required": [ + "assigned-to-id", + "assigned-to-type", + "role-name", + "workflow-instance-id" + ], "properties": { - "prose": { + "assigned-to-id": { + "type": "string" + }, + "assigned-to-type": { + "type": "string" + }, + "is-active": { + "type": "boolean" + }, + "role-name": { + "type": "string" + }, + "workflow-instance-id": { "type": "string" } } }, - "relational.Part": { + "workflows.CreateWorkflowDefinitionRequest": { "type": "object", + "required": [ + "name" + ], "properties": { - "class": { + "description": { "type": "string" }, - "id": { + "evidence-required": { "type": "string" }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.Link" - } + "grace-period-days": { + "type": "integer" }, "name": { "type": "string" }, - "ns": { + "suggested-cadence": { "type": "string" }, - "part_id": { + "version": { + "type": "string" + } + } + }, + "workflows.CreateWorkflowInstanceRequest": { + "type": "object", + "required": [ + "name", + "system-id", + "workflow-definition-id" + ], + "properties": { + "cadence": { + "type": "string" + }, + "description": { "type": "string" }, - "parts": { - "description": "-\u003e Part", - "type": "array", - "items": { - "$ref": "#/definitions/relational.Part" - } + "grace-period-days": { + "type": "integer" }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.Prop" - } + "is-active": { + "type": "boolean" }, - "prose": { + "name": { "type": "string" }, - "title": { + "system-id": { + "type": "string" + }, + "workflow-definition-id": { "type": "string" } } }, - "relational.Party": { + "workflows.CreateWorkflowStepDefinitionRequest": { "type": "object", + "required": [ + "name", + "responsible-role", + "workflow-definition-id" + ], "properties": { - "addresses": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.Address" - } - }, - "email-addresses": { + "depends-on": { + "description": "Array of step IDs this step depends on", "type": "array", "items": { "type": "string" } }, - "external-ids": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.PartyExternalID" - } - }, - "id": { + "description": { "type": "string" }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.Link" - } + "estimated-duration": { + "type": "integer" }, - "locations": { + "evidence-required": { "type": "array", "items": { - "$ref": "#/definitions/relational.Location" + "$ref": "#/definitions/workflows.EvidenceRequirement" } }, - "member-of-organizations": { - "description": "-\u003e Party", - "type": "array", - "items": { - "$ref": "#/definitions/relational.Party" - } + "grace-period-days": { + "type": "integer" }, "name": { "type": "string" }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.Prop" - } - }, - "remarks": { + "responsible-role": { "type": "string" }, - "short-name": { + "workflow-definition-id": { "type": "string" - }, - "telephone-numbers": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.TelephoneNumber" - } - }, - "type": { - "$ref": "#/definitions/relational.PartyType" } } }, - "relational.PartyExternalID": { + "workflows.EvidenceRequirement": { "type": "object", "properties": { - "id": { + "description": { "type": "string" }, - "scheme": { - "$ref": "#/definitions/relational.PartyExternalIDScheme" + "required": { + "type": "boolean" + }, + "type": { + "type": "string" } } }, - "relational.PartyExternalIDScheme": { - "type": "string", - "enum": [ - "http://orcid.org/" - ], - "x-enum-varnames": [ - "PartyExternalIDSchemeOrchid" - ] - }, - "relational.PartyType": { - "type": "string", - "enum": [ - "person", - "organization" + "workflows.FailStepRequest": { + "type": "object", + "required": [ + "reason" ], - "x-enum-varnames": [ - "PartyTypePerson", - "PartyTypeOrganization" - ] + "properties": { + "reason": { + "type": "string" + } + } }, - "relational.Prop": { + "workflows.MyAssignmentsResponse": { "type": "object", "properties": { - "class": { - "type": "string" + "data": { + "type": "array", + "items": { + "$ref": "#/definitions/workflows.StepExecution" + } }, - "group": { - "type": "string" + "has-more": { + "type": "boolean" }, - "name": { - "type": "string" + "limit": { + "type": "integer" }, - "ns": { - "type": "string" + "offset": { + "type": "integer" }, - "remarks": { + "total": { + "type": "integer" + } + } + }, + "workflows.ReassignRoleRequest": { + "type": "object", + "required": [ + "new-assigned-to-id", + "new-assigned-to-type", + "role-name" + ], + "properties": { + "new-assigned-to-id": { "type": "string" }, - "uuid": { + "new-assigned-to-type": { + "type": "string", + "enum": [ + "user", + "group", + "email" + ] + }, + "reason": { "type": "string" }, - "value": { + "role-name": { "type": "string" } } }, - "relational.Protocol": { + "workflows.ReassignStepRequest": { "type": "object", + "required": [ + "assigned-to-id", + "assigned-to-type" + ], "properties": { - "name": { + "assigned-to-id": { "type": "string" }, - "port-ranges": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.PortRange" - } - }, - "title": { - "type": "string" + "assigned-to-type": { + "type": "string", + "enum": [ + "user", + "group", + "email" + ] }, - "uuid": { + "reason": { "type": "string" } } }, - "relational.ProvidedControlImplementation": { + "workflows.RoleAssignment": { "type": "object", "properties": { - "description": { + "assigned_to_id": { + "description": "User ID, group ID, or email", "type": "string" }, - "exportId": { + "assigned_to_type": { + "description": "user, group, email", "type": "string" }, "id": { "type": "string" }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.Link" - } - }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.Prop" - } + "is_active": { + "type": "boolean" }, - "remarks": { + "role_name": { "type": "string" }, - "responsible-roles": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.ResponsibleRole" - } + "workflow_instance": { + "description": "Relationships", + "allOf": [ + { + "$ref": "#/definitions/workflows.WorkflowInstance" + } + ] + }, + "workflow_instance_id": { + "type": "string" } } }, - "relational.ResourceLink": { + "workflows.RoleAssignmentListResponse": { "type": "object", "properties": { - "hashes": { + "data": { "type": "array", "items": { - "$ref": "#/definitions/relational.Hash" + "$ref": "#/definitions/workflows.RoleAssignment" } + } + } + }, + "workflows.RoleAssignmentResponse": { + "type": "object", + "properties": { + "data": { + "$ref": "#/definitions/workflows.RoleAssignment" + } + } + }, + "workflows.StartWorkflowExecutionRequest": { + "type": "object", + "required": [ + "triggered-by", + "workflow-instance-id" + ], + "properties": { + "triggered-by": { + "type": "string" }, - "href": { - "description": "required", + "triggered-by-id": { "type": "string" }, - "media-type": { + "workflow-instance-id": { "type": "string" } } }, - "relational.ResponsibleParty": { + "workflows.StepDependency": { "type": "object", "properties": { + "depends_on_step": { + "$ref": "#/definitions/workflows.WorkflowStepDefinition" + }, + "depends_on_step_id": { + "type": "string" + }, "id": { "type": "string" }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.Link" - } + "workflow_step_definition": { + "description": "Relationships", + "allOf": [ + { + "$ref": "#/definitions/workflows.WorkflowStepDefinition" + } + ] }, - "parentID": { - "description": "Polymorphic relationship - allows ResponsibleParty to belong to different parent types", + "workflow_step_definition_id": { + "type": "string" + } + } + }, + "workflows.StepEvidence": { + "type": "object", + "properties": { + "created-at": { "type": "string" }, - "parentType": { + "deleted_at": { + "$ref": "#/definitions/gorm.DeletedAt" + }, + "description": { "type": "string" }, - "parties": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.ResponsiblePartyParties" - } + "evidence": { + "$ref": "#/definitions/relational.Evidence" }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.Prop" - } + "evidence_id": { + "description": "Link to main evidence table", + "type": "string" + }, + "evidence_type": { + "description": "document, attestation, screenshot, log", + "type": "string" + }, + "file-size": { + "description": "File size in bytes", + "type": "integer" + }, + "file_hash": { + "description": "SHA-256 hash of file", + "type": "string" + }, + "file_path": { + "description": "Path to stored file", + "type": "string" + }, + "id": { + "type": "string" + }, + "metadata": { + "description": "JSON metadata", + "type": "string" + }, + "name": { + "description": "Evidence Information", + "type": "string" + }, + "step_execution": { + "description": "Relationships", + "allOf": [ + { + "$ref": "#/definitions/workflows.StepExecution" + } + ] }, - "remarks": { + "step_execution_id": { + "description": "Foreign Keys", "type": "string" }, - "role": { - "$ref": "#/definitions/relational.Role" - }, - "role-id": { - "description": "required", + "updated-at": { "type": "string" } } }, - "relational.ResponsiblePartyParties": { + "workflows.StepExecution": { "type": "object", "properties": { - "partyID": { + "assigned-at": { "type": "string" }, - "responsiblePartyID": { - "type": "string" - } - } - }, - "relational.ResponsibleRole": { - "type": "object", - "properties": { - "id": { + "assigned_to_id": { + "description": "User ID, group ID, or email", "type": "string" }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.Link" - } + "assigned_to_type": { + "description": "Assignment Information", + "type": "string" }, - "parentID": { + "completed-at": { "type": "string" }, - "parentType": { + "created-at": { "type": "string" }, - "parties": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.Party" - } + "deleted_at": { + "$ref": "#/definitions/gorm.DeletedAt" }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.Prop" - } + "due_date": { + "type": "string" }, - "remarks": { + "failed-at": { "type": "string" }, - "role": { - "$ref": "#/definitions/relational.Role" + "failure_reason": { + "type": "string" }, - "role-id": { - "description": "required", + "id": { "type": "string" - } - } - }, - "relational.ReviewedControls": { - "type": "object", - "properties": { - "controlObjectiveSelections": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.ControlObjectiveSelection" - } }, - "controlSelections": { - "description": "required", + "overdue-at": { + "type": "string" + }, + "reassignment_history": { "type": "array", "items": { - "$ref": "#/definitions/relational.ControlSelection" + "$ref": "#/definitions/workflows.StepReassignmentHistory" } }, - "description": { + "started-at": { "type": "string" }, - "id": { + "status": { + "description": "Execution Information", "type": "string" }, - "links": { + "step_evidence": { "type": "array", "items": { - "$ref": "#/definitions/relational.Link" + "$ref": "#/definitions/workflows.StepEvidence" } }, - "props": { + "updated-at": { + "type": "string" + }, + "workflow_execution": { + "description": "Relationships", + "allOf": [ + { + "$ref": "#/definitions/workflows.WorkflowExecution" + } + ] + }, + "workflow_execution_id": { + "description": "Foreign Keys", + "type": "string" + }, + "workflow_step_definition": { + "$ref": "#/definitions/workflows.WorkflowStepDefinition" + }, + "workflow_step_definition_id": { + "type": "string" + } + } + }, + "workflows.StepExecutionListResponse": { + "type": "object", + "properties": { + "data": { "type": "array", "items": { - "$ref": "#/definitions/relational.Prop" + "$ref": "#/definitions/workflows.StepExecution" } - }, - "remarks": { - "type": "string" } } }, - "relational.Revision": { + "workflows.StepExecutionResponse": { + "type": "object", + "properties": { + "data": { + "$ref": "#/definitions/workflows.StepExecution" + } + } + }, + "workflows.StepReassignmentHistory": { "type": "object", "properties": { + "created-at": { + "type": "string" + }, + "deleted_at": { + "$ref": "#/definitions/gorm.DeletedAt" + }, "id": { "type": "string" }, - "last-modified": { + "new_assigned_to_id": { "type": "string" }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.Link" - } + "new_assigned_to_type": { + "type": "string" }, - "metadata-id": { - "description": "Revision only exist on a metadata object. We'll link them straight there with a BelongsTo relationship", + "previous_assigned_to_id": { "type": "string" }, - "oscal-version": { + "previous_assigned_to_type": { "type": "string" }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.Prop" - } + "reason": { + "type": "string" }, - "published": { + "reassigned_by_email": { "type": "string" }, - "remarks": { + "reassigned_by_user_id": { "type": "string" }, - "title": { + "step_execution": { + "$ref": "#/definitions/workflows.StepExecution" + }, + "step_execution_id": { "type": "string" }, - "version": { - "description": "required", + "updated-at": { + "type": "string" + }, + "workflow_execution_id": { "type": "string" } } }, - "relational.Role": { + "workflows.StepTrigger": { "type": "object", "properties": { - "description": { - "type": "string" - }, "id": { "type": "string" }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.Link" - } - }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.Prop" - } + "is_active": { + "type": "boolean" }, - "remarks": { + "trigger_condition": { + "description": "JSON condition expression", "type": "string" }, - "short-name": { + "trigger_type": { + "description": "evidence_stream, time_based, external_event", "type": "string" }, - "title": { + "workflow_step_definition": { + "description": "Relationships", + "allOf": [ + { + "$ref": "#/definitions/workflows.WorkflowStepDefinition" + } + ] + }, + "workflow_step_definition_id": { "type": "string" } } }, - "relational.SatisfiedControlImplementationResponsibility": { + "workflows.TransitionStepRequest": { "type": "object", + "required": [ + "status", + "user-id", + "user-type" + ], "properties": { - "by-component-id": { - "type": "string" - }, - "description": { - "type": "string" - }, - "id": { - "type": "string" - }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.Link" - } - }, - "props": { + "evidence": { "type": "array", "items": { - "$ref": "#/definitions/relational.Prop" + "$ref": "#/definitions/workflow.EvidenceSubmission" } }, - "remarks": { + "notes": { "type": "string" }, - "responsibility-uuid": { + "status": { + "type": "string", + "enum": [ + "in_progress", + "completed" + ] + }, + "user-id": { "type": "string" }, - "responsible-roles": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.ResponsibleRole" - } + "user-type": { + "type": "string", + "enum": [ + "user", + "group", + "email" + ] } } }, - "relational.SelectObjectiveById": { + "workflows.UpdateControlRelationshipRequest": { "type": "object", "properties": { - "id": { + "description": { "type": "string" }, - "objective": { - "description": "required", + "relationship-type": { "type": "string" }, - "parentID": { + "strength": { + "type": "string" + } + } + }, + "workflows.UpdateRoleAssignmentRequest": { + "type": "object", + "properties": { + "assigned-to-id": { "type": "string" }, - "parentType": { + "assigned-to-type": { "type": "string" } } }, - "relational.SelectSubjectById": { + "workflows.UpdateWorkflowDefinitionRequest": { "type": "object", "properties": { - "assessmentSubjectID": { + "description": { "type": "string" }, - "id": { + "evidence-required": { "type": "string" }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.Link" - } + "grace-period-days": { + "type": "integer" }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.Prop" - } + "name": { + "type": "string" }, - "remarks": { + "suggested-cadence": { "type": "string" }, - "subjectUUID": { - "description": "SubjectUUID technically represents a UUID of a component, party, location, user, or inventory item.\nIt will likely be updated once we can map it correctly", + "version": { "type": "string" } } }, - "relational.SetParameter": { + "workflows.UpdateWorkflowInstanceRequest": { "type": "object", "properties": { - "param-id": { + "cadence": { "type": "string" }, - "remarks": { + "description": { "type": "string" }, - "values": { + "grace-period-days": { + "type": "integer" + }, + "is-active": { + "type": "boolean" + }, + "name": { + "type": "string" + } + } + }, + "workflows.UpdateWorkflowStepDefinitionRequest": { + "type": "object", + "properties": { + "depends-on": { "type": "array", "items": { "type": "string" } + }, + "description": { + "type": "string" + }, + "estimated-duration": { + "type": "integer" + }, + "evidence-required": { + "type": "array", + "items": { + "$ref": "#/definitions/workflows.EvidenceRequirement" + } + }, + "grace-period-days": { + "type": "integer" + }, + "name": { + "type": "string" + }, + "responsible-role": { + "type": "string" } } }, - "relational.Statement": { + "workflows.WorkflowDefinition": { "type": "object", "properties": { - "by-components": { + "control_relationships": { "type": "array", "items": { - "$ref": "#/definitions/relational.ByComponent" + "$ref": "#/definitions/workflows.ControlRelationship" } }, - "id": { + "created-at": { + "type": "string" + }, + "created_by_id": { + "description": "Audit Fields", + "type": "string" + }, + "deleted_at": { + "$ref": "#/definitions/gorm.DeletedAt" + }, + "description": { + "type": "string" + }, + "evidence_required": { + "description": "JSON array of required evidence types", "type": "string" }, - "implementedRequirementId": { + "grace-period-days": { + "description": "Override global default if set", + "type": "integer" + }, + "id": { "type": "string" }, - "links": { + "instances": { "type": "array", "items": { - "$ref": "#/definitions/relational.Link" + "$ref": "#/definitions/workflows.WorkflowInstance" } }, - "props": { + "name": { + "description": "Basic Information", + "type": "string" + }, + "steps": { + "description": "Relationships", "type": "array", "items": { - "$ref": "#/definitions/relational.Prop" + "$ref": "#/definitions/workflows.WorkflowStepDefinition" } }, - "remarks": { + "suggested_cadence": { + "description": "Workflow Configuration", "type": "string" }, - "responsible-roles": { + "updated-at": { + "type": "string" + }, + "updated_by_id": { + "type": "string" + }, + "version": { + "type": "string" + } + } + }, + "workflows.WorkflowDefinitionListResponse": { + "type": "object", + "properties": { + "data": { "type": "array", "items": { - "$ref": "#/definitions/relational.ResponsibleRole" + "$ref": "#/definitions/workflows.WorkflowDefinition" } - }, - "statement-id": { - "type": "string" } } }, - "relational.Step": { + "workflows.WorkflowDefinitionResponse": { "type": "object", "properties": { - "activityID": { + "data": { + "$ref": "#/definitions/workflows.WorkflowDefinition" + } + } + }, + "workflows.WorkflowExecution": { + "type": "object", + "properties": { + "completed-at": { "type": "string" }, - "description": { - "description": "required", + "created-at": { + "type": "string" + }, + "created_by_id": { + "description": "Audit Fields", + "type": "string" + }, + "deleted_at": { + "$ref": "#/definitions/gorm.DeletedAt" + }, + "due_date": { + "type": "string" + }, + "failed-at": { + "type": "string" + }, + "failure_reason": { "type": "string" }, "id": { "type": "string" }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.Link" - } + "overdue-at": { + "type": "string" }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.Prop" - } + "period_label": { + "description": "Scheduling Context", + "type": "string" }, - "remarks": { + "started-at": { "type": "string" }, - "responsible-roles": { + "status": { + "description": "Execution Information", + "type": "string" + }, + "step_executions": { "type": "array", "items": { - "$ref": "#/definitions/relational.ResponsibleRole" + "$ref": "#/definitions/workflows.StepExecution" } }, - "reviewed-controls": { - "$ref": "#/definitions/relational.ReviewedControls" + "triggered_by": { + "description": "Execution Context", + "type": "string" }, - "reviewedControlsID": { + "triggered_by_id": { + "description": "User ID or system identifier", "type": "string" }, - "title": { + "updated-at": { + "type": "string" + }, + "updated_by_id": { + "type": "string" + }, + "workflow_instance": { + "description": "Relationships", + "allOf": [ + { + "$ref": "#/definitions/workflows.WorkflowInstance" + } + ] + }, + "workflow_instance_id": { + "description": "Foreign Keys", "type": "string" } } }, - "relational.SystemComponent": { + "workflows.WorkflowExecutionListResponse": { "type": "object", "properties": { - "description": { - "type": "string" - }, - "evidence": { + "data": { "type": "array", "items": { - "$ref": "#/definitions/relational.Evidence" + "$ref": "#/definitions/workflows.WorkflowExecution" } + } + } + }, + "workflows.WorkflowExecutionMetricsResponse": { + "type": "object", + "properties": { + "data": { + "$ref": "#/definitions/workflow.ExecutionMetrics" + } + } + }, + "workflows.WorkflowExecutionResponse": { + "type": "object", + "properties": { + "data": { + "$ref": "#/definitions/workflows.WorkflowExecution" + } + } + }, + "workflows.WorkflowExecutionStatusResponse": { + "type": "object", + "properties": { + "data": { + "$ref": "#/definitions/workflow.ExecutionStatus" + } + } + }, + "workflows.WorkflowInstance": { + "type": "object", + "properties": { + "cadence": { + "description": "Instance Configuration", + "type": "string" }, - "filters": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.Filter" - } + "created-at": { + "type": "string" }, - "id": { + "created_by_id": { + "description": "Audit Fields", "type": "string" }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.Link" - } + "deleted_at": { + "$ref": "#/definitions/gorm.DeletedAt" }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.Prop" - } + "description": { + "type": "string" }, - "protocols": { + "executions": { "type": "array", "items": { - "$ref": "#/definitions/relational.Protocol" + "$ref": "#/definitions/workflows.WorkflowExecution" } }, - "purpose": { + "grace-period-days": { + "description": "Override definition/global default if set", + "type": "integer" + }, + "id": { "type": "string" }, - "remarks": { + "is_active": { + "type": "boolean" + }, + "last-executed-at": { "type": "string" }, - "responsible-roles": { + "name": { + "description": "Basic Information", + "type": "string" + }, + "next-scheduled-at": { + "description": "Scheduling", + "type": "string" + }, + "role_assignments": { "type": "array", "items": { - "$ref": "#/definitions/relational.ResponsibleRole" + "$ref": "#/definitions/workflows.RoleAssignment" } }, - "status": { - "$ref": "#/definitions/datatypes.JSONType-relational_SystemComponentStatus" + "system_id": { + "type": "string" }, - "systemImplementationId": { + "system_security_plan": { + "description": "Relationships", + "allOf": [ + { + "$ref": "#/definitions/relational.SystemSecurityPlan" + } + ] + }, + "updated-at": { "type": "string" }, - "title": { + "updated_by_id": { "type": "string" }, - "type": { + "workflow_definition": { + "$ref": "#/definitions/workflows.WorkflowDefinition" + }, + "workflow_definition_id": { + "description": "Foreign Keys", "type": "string" } } }, - "relational.TelephoneNumber": { + "workflows.WorkflowInstanceListResponse": { "type": "object", "properties": { - "number": { - "type": "string" - }, - "type": { - "$ref": "#/definitions/relational.TelephoneNumberType" + "data": { + "type": "array", + "items": { + "$ref": "#/definitions/workflows.WorkflowInstance" + } } } }, - "relational.TelephoneNumberType": { - "type": "string", - "enum": [ - "home", - "office", - "mobile" - ], - "x-enum-varnames": [ - "TelephoneNumberTypeHome", - "TelephoneNumberTypeOffice", - "TelephoneNumberTypeMobile" - ] + "workflows.WorkflowInstanceResponse": { + "type": "object", + "properties": { + "data": { + "$ref": "#/definitions/workflows.WorkflowInstance" + } + } }, - "relational.User": { + "workflows.WorkflowStepDefinition": { "type": "object", "properties": { - "authMethod": { + "created-at": { "type": "string" }, - "createdAt": { - "type": "string" + "deleted_at": { + "$ref": "#/definitions/gorm.DeletedAt" }, - "deletedAt": { - "description": "Soft delete", - "allOf": [ - { - "$ref": "#/definitions/gorm.DeletedAt" - } - ] + "dependent_steps": { + "type": "array", + "items": { + "$ref": "#/definitions/workflows.StepDependency" + } }, - "digestSubscribed": { - "description": "DigestSubscribed indicates if the user wants to receive evidence digest emails", - "type": "boolean" + "depends_on": { + "type": "array", + "items": { + "$ref": "#/definitions/workflows.StepDependency" + } }, - "email": { + "description": { "type": "string" }, - "failedLogins": { + "estimated_duration": { + "description": "Estimated duration in minutes", "type": "integer" }, - "firstName": { - "type": "string" + "evidence_required": { + "description": "JSON array of required evidence types", + "type": "array", + "items": { + "$ref": "#/definitions/workflows.EvidenceRequirement" + } + }, + "grace-period-days": { + "description": "Override default grace for this specific step", + "type": "integer" }, "id": { "type": "string" }, - "isActive": { - "type": "boolean" + "name": { + "description": "Basic Information", + "type": "string" }, - "isLocked": { - "type": "boolean" + "order": { + "description": "Step Configuration", + "type": "integer" }, - "lastLogin": { + "responsible_role": { + "description": "Role responsible for this step", "type": "string" }, - "lastName": { - "type": "string" + "step_executions": { + "type": "array", + "items": { + "$ref": "#/definitions/workflows.StepExecution" + } }, - "updatedAt": { + "triggers": { + "type": "array", + "items": { + "$ref": "#/definitions/workflows.StepTrigger" + } + }, + "updated-at": { "type": "string" }, - "userAttributes": { + "workflow_definition": { + "description": "Relationships", + "allOf": [ + { + "$ref": "#/definitions/workflows.WorkflowDefinition" + } + ] + }, + "workflow_definition_id": { + "description": "Foreign Keys", "type": "string" } } + }, + "workflows.WorkflowStepDefinitionListResponse": { + "type": "object", + "properties": { + "data": { + "type": "array", + "items": { + "$ref": "#/definitions/workflows.WorkflowStepDefinition" + } + } + } + }, + "workflows.WorkflowStepDefinitionResponse": { + "type": "object", + "properties": { + "data": { + "$ref": "#/definitions/workflows.WorkflowStepDefinition" + } + } } }, "securityDefinitions": { diff --git a/docs/swagger.json b/docs/swagger.json index a80e2df5..b16bdfa9 100644 --- a/docs/swagger.json +++ b/docs/swagger.json @@ -730,6 +730,285 @@ ] } }, + "/evidence-templates": { + "get": { + "description": "List evidence templates with optional filters and pagination.", + "produces": [ + "application/json" + ], + "tags": [ + "Evidence Templates" + ], + "summary": "List evidence templates", + "parameters": [ + { + "type": "string", + "description": "Plugin ID", + "name": "pluginId", + "in": "query" + }, + { + "type": "string", + "description": "Policy package", + "name": "policyPackage", + "in": "query" + }, + { + "type": "boolean", + "description": "Active flag", + "name": "isActive", + "in": "query" + }, + { + "type": "integer", + "description": "Page number", + "name": "page", + "in": "query" + }, + { + "type": "integer", + "description": "Page size", + "name": "limit", + "in": "query" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/service.ListResponse-templates_evidenceTemplateResponse" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + }, + "post": { + "description": "Create an evidence template with selector labels, label schema, and linked risk/subject template IDs.", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "tags": [ + "Evidence Templates" + ], + "summary": "Create evidence template", + "parameters": [ + { + "description": "Evidence template payload", + "name": "template", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/templates.upsertEvidenceTemplateRequest" + } + } + ], + "responses": { + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/templates.evidenceTemplateDataResponse" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + } + }, + "/evidence-templates/{id}": { + "get": { + "description": "Get an evidence template by ID.", + "produces": [ + "application/json" + ], + "tags": [ + "Evidence Templates" + ], + "summary": "Get evidence template", + "parameters": [ + { + "type": "string", + "description": "Evidence Template ID", + "name": "id", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/templates.evidenceTemplateDataResponse" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + }, + "put": { + "description": "Update an evidence template and atomically replace selector labels, label schema, and linked IDs.", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "tags": [ + "Evidence Templates" + ], + "summary": "Update evidence template", + "parameters": [ + { + "type": "string", + "description": "Evidence Template ID", + "name": "id", + "in": "path", + "required": true + }, + { + "description": "Evidence template payload", + "name": "template", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/templates.upsertEvidenceTemplateRequest" + } + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/templates.evidenceTemplateDataResponse" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + }, + "delete": { + "description": "Delete an evidence template and its associated selector labels, label schema, and join rows.", + "produces": [ + "application/json" + ], + "tags": [ + "Evidence Templates" + ], + "summary": "Delete evidence template", + "parameters": [ + { + "type": "string", + "description": "Evidence Template ID", + "name": "id", + "in": "path", + "required": true + } + ], + "responses": { + "204": { + "description": "No Content" + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + } + }, "/evidence/compliance-by-control/{id}": { "get": { "description": "Retrieves the count of evidence statuses for filters associated with a specific Control ID.", @@ -753,7 +1032,7 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/handler.GenericDataListResponse-handler_ComplianceByControl_StatusCount" + "$ref": "#/definitions/handler.GenericDataListResponse-evidence_StatusCount" } }, "500": { @@ -788,7 +1067,7 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/handler.GenericDataListResponse-handler_ComplianceByControl_StatusCount" + "$ref": "#/definitions/handler.GenericDataListResponse-evidence_StatusCount" } }, "400": { @@ -6535,16 +6814,16 @@ ] } }, - "/oscal/catalogs/{id}/back-matter": { + "/oscal/catalogs/{id}/all-controls": { "get": { - "description": "Retrieves the back-matter for a given Catalog.", + "description": "Retrieves the top-level controls for a given Catalog.", "produces": [ "application/json" ], "tags": [ "Catalog" ], - "summary": "Get back-matter for a Catalog", + "summary": "List controls for a Catalog", "parameters": [ { "type": "string", @@ -6558,7 +6837,7 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_BackMatter" + "$ref": "#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_Control" } }, "400": { @@ -6593,16 +6872,16 @@ ] } }, - "/oscal/catalogs/{id}/controls": { + "/oscal/catalogs/{id}/back-matter": { "get": { - "description": "Retrieves the top-level controls for a given Catalog.", + "description": "Retrieves the back-matter for a given Catalog.", "produces": [ "application/json" ], "tags": [ "Catalog" ], - "summary": "List controls for a Catalog", + "summary": "Get back-matter for a Catalog", "parameters": [ { "type": "string", @@ -6616,7 +6895,7 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_Control" + "$ref": "#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_BackMatter" } }, "400": { @@ -6649,11 +6928,69 @@ "OAuth2Password": [] } ] - }, - "post": { - "description": "Adds a top-level control under the specified Catalog.", - "consumes": [ - "application/json" + } + }, + "/oscal/catalogs/{id}/controls": { + "get": { + "description": "Retrieves the top-level controls for a given Catalog.", + "produces": [ + "application/json" + ], + "tags": [ + "Catalog" + ], + "summary": "List controls for a Catalog", + "parameters": [ + { + "type": "string", + "description": "Catalog ID", + "name": "id", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_Control" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "401": { + "description": "Unauthorized", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + }, + "post": { + "description": "Adds a top-level control under the specified Catalog.", + "consumes": [ + "application/json" ], "produces": [ "application/json" @@ -10628,6 +10965,63 @@ } } } + }, + "put": { + "description": "Updates local-definitions for a given POA\u0026M with special handling of array and object fields.\n- Components and inventory-items arrays are treated as full replacements: the existing values on the POA\u0026M are overwritten by the arrays provided in the request body (no per-element merge is performed).\n- Sending an empty array [] for components or inventory-items clears that specific field (resulting in an empty array on the POA\u0026M).\n- Omitting a field in the request body leaves the existing value for that field unchanged.\n- Sending an empty JSON object {} as the payload deletes the entire local-definitions object for the POA\u0026M.", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "tags": [ + "Plan Of Action and Milestones" + ], + "summary": "Update POA\u0026M local-definitions", + "parameters": [ + { + "type": "string", + "description": "POA\u0026M ID", + "name": "id", + "in": "path", + "required": true + }, + { + "description": "Local definitions data", + "name": "local-definitions", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/oscalTypes_1_1_3.PlanOfActionAndMilestonesLocalDefinitions" + } + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_PlanOfActionAndMilestonesLocalDefinitions" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + } } }, "/oscal/plan-of-action-and-milestones/{id}/metadata": { @@ -11820,6 +12214,76 @@ ] } }, + "/oscal/profiles/{id}/compliance-progress": { + "get": { + "description": "Returns aggregated compliance progress for controls in a Profile, including summary, optional per-control rows, and group rollups.", + "produces": [ + "application/json" + ], + "tags": [ + "Profile" + ], + "summary": "Get compliance progress for a Profile", + "parameters": [ + { + "type": "string", + "description": "Profile ID", + "name": "id", + "in": "path", + "required": true + }, + { + "type": "boolean", + "description": "Include per-control breakdown (default true)", + "name": "includeControls", + "in": "query" + }, + { + "type": "string", + "description": "System Security Plan ID for implementation coverage", + "name": "sspId", + "in": "query" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/handler.GenericDataResponse-oscal_ProfileComplianceProgress" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "401": { + "description": "Unauthorized", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + } + }, "/oscal/profiles/{id}/full": { "get": { "description": "Retrieves the full OSCAL Profile, including all nested content.", @@ -13179,6 +13643,52 @@ } } }, + "/oscal/system-security-plans/{id}/bulk-apply-component-suggestions": { + "post": { + "description": "For each ImplementedRequirement, creates SystemComponents from matching DefinedComponents and links them via ByComponent.", + "tags": [ + "System Security Plans" + ], + "summary": "Bulk apply component suggestions for all implemented requirements in an SSP", + "parameters": [ + { + "type": "string", + "description": "SSP ID", + "name": "id", + "in": "path", + "required": true + } + ], + "responses": { + "204": { + "description": "No Content" + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + } + }, "/oscal/system-security-plans/{id}/control-implementation": { "get": { "description": "Retrieves the Control Implementation for a given System Security Plan.", @@ -13510,19 +14020,13 @@ } } }, - "/oscal/system-security-plans/{id}/control-implementation/implemented-requirements/{reqId}/by-components/{byComponentId}": { - "put": { - "description": "Updates an existing by-component that belongs to an implemented requirement for a given SSP.", - "consumes": [ - "application/json" - ], - "produces": [ - "application/json" - ], + "/oscal/system-security-plans/{id}/control-implementation/implemented-requirements/{reqId}/apply-suggestion": { + "post": { + "description": "Creates SystemComponents from DefinedComponents that implement the same control and links them via ByComponent.", "tags": [ "System Security Plans" ], - "summary": "Update a by-component within an implemented requirement", + "summary": "Apply component suggestions for an implemented requirement", "parameters": [ { "type": "string", @@ -13533,35 +14037,94 @@ }, { "type": "string", - "description": "Requirement ID", + "description": "Implemented Requirement ID", "name": "reqId", "in": "path", "required": true - }, - { - "type": "string", - "description": "By-Component ID", - "name": "byComponentId", - "in": "path", - "required": true - }, - { - "description": "By-Component data", - "name": "by-component", - "in": "body", - "required": true, - "schema": { - "$ref": "#/definitions/oscalTypes_1_1_3.ByComponent" - } } ], "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_ByComponent" - } - }, + "204": { + "description": "No Content" + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + } + }, + "/oscal/system-security-plans/{id}/control-implementation/implemented-requirements/{reqId}/by-components/{byComponentId}": { + "put": { + "description": "Updates an existing by-component that belongs to an implemented requirement for a given SSP.", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "tags": [ + "System Security Plans" + ], + "summary": "Update a by-component within an implemented requirement", + "parameters": [ + { + "type": "string", + "description": "SSP ID", + "name": "id", + "in": "path", + "required": true + }, + { + "type": "string", + "description": "Requirement ID", + "name": "reqId", + "in": "path", + "required": true + }, + { + "type": "string", + "description": "By-Component ID", + "name": "byComponentId", + "in": "path", + "required": true + }, + { + "description": "By-Component data", + "name": "by-component", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/oscalTypes_1_1_3.ByComponent" + } + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_ByComponent" + } + }, "400": { "description": "Bad Request", "schema": { @@ -13722,6 +14285,66 @@ } } }, + "/oscal/system-security-plans/{id}/control-implementation/implemented-requirements/{reqId}/statements/{stmtId}/apply-suggestion": { + "post": { + "description": "Creates SystemComponents from DefinedComponents that implement the statement's parent control and links them via ByComponent to the statement.", + "tags": [ + "System Security Plans" + ], + "summary": "Apply component suggestions for a statement", + "parameters": [ + { + "type": "string", + "description": "SSP ID", + "name": "id", + "in": "path", + "required": true + }, + { + "type": "string", + "description": "Implemented Requirement ID", + "name": "reqId", + "in": "path", + "required": true + }, + { + "type": "string", + "description": "Statement ID", + "name": "stmtId", + "in": "path", + "required": true + } + ], + "responses": { + "204": { + "description": "No Content" + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + } + }, "/oscal/system-security-plans/{id}/control-implementation/implemented-requirements/{reqId}/statements/{stmtId}/by-components": { "post": { "description": "Create a by-component within an existing statement within an implemented requirement for a given SSP.", @@ -13944,6 +14567,131 @@ } } }, + "/oscal/system-security-plans/{id}/control-implementation/implemented-requirements/{reqId}/statements/{stmtId}/suggest-components": { + "post": { + "description": "Returns DefinedComponents that implement the statement's parent control and are not yet present in the SSP.", + "produces": [ + "application/json" + ], + "tags": [ + "System Security Plans" + ], + "summary": "Suggest system components for a statement", + "parameters": [ + { + "type": "string", + "description": "SSP ID", + "name": "id", + "in": "path", + "required": true + }, + { + "type": "string", + "description": "Implemented Requirement ID", + "name": "reqId", + "in": "path", + "required": true + }, + { + "type": "string", + "description": "Statement ID", + "name": "stmtId", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/handler.GenericDataListResponse-relational_SystemComponentSuggestion" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + } + }, + "/oscal/system-security-plans/{id}/control-implementation/implemented-requirements/{reqId}/suggest-components": { + "post": { + "description": "Returns DefinedComponents that implement the same control and are not yet present in the SSP.", + "produces": [ + "application/json" + ], + "tags": [ + "System Security Plans" + ], + "summary": "Suggest system components for an implemented requirement", + "parameters": [ + { + "type": "string", + "description": "SSP ID", + "name": "id", + "in": "path", + "required": true + }, + { + "type": "string", + "description": "Implemented Requirement ID", + "name": "reqId", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/handler.GenericDataListResponse-relational_SystemComponentSuggestion" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + } + }, "/oscal/system-security-plans/{id}/import-profile": { "get": { "description": "Retrieves import-profile for a given SSP.", @@ -15372,7 +16120,7 @@ ] }, "post": { - "description": "Creates a new system component for a given SSP.", + "description": "Creates a new system component for a given SSP. Accepts an optional definedComponentId field to link to a DefinedComponent.", "consumes": [ "application/json" ], @@ -15392,12 +16140,12 @@ "required": true }, { - "description": "System Component data", + "description": "System Component data with optional definedComponentId field", "name": "component", "in": "body", "required": true, "schema": { - "$ref": "#/definitions/oscalTypes_1_1_3.SystemComponent" + "$ref": "#/definitions/oscal.SystemComponentRequest" } } ], @@ -15494,7 +16242,7 @@ ] }, "put": { - "description": "Updates an existing system component for a given SSP.", + "description": "Updates an existing system component for a given SSP. Accepts an optional definedComponentId field to link to a DefinedComponent.", "consumes": [ "application/json" ], @@ -15521,12 +16269,12 @@ "required": true }, { - "description": "System Component data", + "description": "System Component data with optional definedComponentId field", "name": "component", "in": "body", "required": true, "schema": { - "$ref": "#/definitions/oscalTypes_1_1_3.SystemComponent" + "$ref": "#/definitions/oscal.SystemComponentRequest" } } ], @@ -16287,7 +17035,6 @@ }, "/poam-items": { "get": { - "description": "List POAM items filtered by status, sspId, riskId, or deadlineBefore.", "produces": [ "application/json" ], @@ -16298,34 +17045,52 @@ "parameters": [ { "type": "string", - "description": "open|in-progress|completed|overdue", + "description": "Filter by status (open|in-progress|completed|overdue)", "name": "status", "in": "query" }, { "type": "string", - "description": "SSP UUID", + "description": "Filter by SSP UUID", "name": "sspId", "in": "query" }, { "type": "string", - "description": "Risk UUID", + "description": "Filter by linked risk UUID", "name": "riskId", "in": "query" }, { "type": "string", - "description": "RFC3339 timestamp", + "description": "Filter by planned_completion_date before (RFC3339)", "name": "deadlineBefore", "in": "query" - } - ], + }, + { + "type": "boolean", + "description": "Return only overdue items", + "name": "overdueOnly", + "in": "query" + }, + { + "type": "string", + "description": "Filter by primary_owner_user_id UUID", + "name": "ownerRef", + "in": "query" + } + ], "responses": { "200": { "description": "OK", "schema": { - "$ref": "#/definitions/handler.GenericDataListResponse-relational_CcfPoamItem" + "$ref": "#/definitions/handler.GenericDataListResponse-handler_poamItemResponse" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" } }, "500": { @@ -16334,10 +17099,14 @@ "$ref": "#/definitions/api.Error" } } - } + }, + "security": [ + { + "OAuth2Password": [] + } + ] }, "post": { - "description": "Creates a POAM item with optional milestones and risk links in a single transaction.", "consumes": [ "application/json" ], @@ -16355,7 +17124,7 @@ "in": "body", "required": true, "schema": { - "$ref": "#/definitions/handler.createPoam" + "$ref": "#/definitions/handler.createPoamItemRequest" } } ], @@ -16363,7 +17132,7 @@ "201": { "description": "Created", "schema": { - "$ref": "#/definitions/handler.GenericDataResponse-relational_CcfPoamItem" + "$ref": "#/definitions/handler.GenericDataResponse-handler_poamItemResponse" } }, "400": { @@ -16372,25 +17141,35 @@ "$ref": "#/definitions/api.Error" } }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, "500": { "description": "Internal Server Error", "schema": { "$ref": "#/definitions/api.Error" } } - } + }, + "security": [ + { + "OAuth2Password": [] + } + ] } }, "/poam-items/{id}": { "get": { - "description": "Get a POAM item with its milestones and risk links.", "produces": [ "application/json" ], "tags": [ "POAM Items" ], - "summary": "Get POAM item", + "summary": "Get a POAM item", "parameters": [ { "type": "string", @@ -16404,7 +17183,7 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/handler.GenericDataResponse-handler_PoamItemWithLinksResponse" + "$ref": "#/definitions/handler.GenericDataResponse-handler_poamItemResponse" } }, "400": { @@ -16425,10 +17204,14 @@ "$ref": "#/definitions/api.Error" } } - } + }, + "security": [ + { + "OAuth2Password": [] + } + ] }, "put": { - "description": "Updates mutable fields of a POAM item.", "consumes": [ "application/json" ], @@ -16438,7 +17221,7 @@ "tags": [ "POAM Items" ], - "summary": "Update POAM item", + "summary": "Update a POAM item", "parameters": [ { "type": "string", @@ -16448,13 +17231,12 @@ "required": true }, { - "description": "Fields to update", + "description": "Update payload", "name": "body", "in": "body", "required": true, "schema": { - "type": "object", - "additionalProperties": true + "$ref": "#/definitions/handler.updatePoamItemRequest" } } ], @@ -16462,7 +17244,7 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/handler.GenericDataResponse-relational_CcfPoamItem" + "$ref": "#/definitions/handler.GenericDataResponse-handler_poamItemResponse" } }, "400": { @@ -16471,23 +17253,30 @@ "$ref": "#/definitions/api.Error" } }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, "500": { "description": "Internal Server Error", "schema": { "$ref": "#/definitions/api.Error" } } - } + }, + "security": [ + { + "OAuth2Password": [] + } + ] }, "delete": { - "description": "Deletes a POAM item and cascades to milestones and risk links.", - "produces": [ - "application/json" - ], "tags": [ "POAM Items" ], - "summary": "Delete POAM item", + "summary": "Delete a POAM item", "parameters": [ { "type": "string", @@ -16499,10 +17288,7 @@ ], "responses": { "204": { - "description": "no content", - "schema": { - "type": "string" - } + "description": "No Content" }, "400": { "description": "Bad Request", @@ -16510,25 +17296,35 @@ "$ref": "#/definitions/api.Error" } }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, "500": { "description": "Internal Server Error", "schema": { "$ref": "#/definitions/api.Error" } } - } + }, + "security": [ + { + "OAuth2Password": [] + } + ] } }, - "/poam-items/{id}/milestones": { + "/poam-items/{id}/controls": { "get": { - "description": "List all milestones for a POAM item.", "produces": [ "application/json" ], "tags": [ "POAM Items" ], - "summary": "List milestones", + "summary": "List linked controls", "parameters": [ { "type": "string", @@ -16542,7 +17338,7 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/handler.GenericDataListResponse-relational_CcfPoamItemMilestone" + "$ref": "#/definitions/handler.GenericDataListResponse-poam_PoamItemControlLink" } }, "400": { @@ -16551,16 +17347,26 @@ "$ref": "#/definitions/api.Error" } }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, "500": { "description": "Internal Server Error", "schema": { "$ref": "#/definitions/api.Error" } } - } + }, + "security": [ + { + "OAuth2Password": [] + } + ] }, "post": { - "description": "Add a milestone to a POAM item.", "consumes": [ "application/json" ], @@ -16570,7 +17376,7 @@ "tags": [ "POAM Items" ], - "summary": "Add milestone", + "summary": "Add a control link", "parameters": [ { "type": "string", @@ -16580,12 +17386,12 @@ "required": true }, { - "description": "Milestone payload", + "description": "Control ref payload", "name": "body", "in": "body", "required": true, "schema": { - "$ref": "#/definitions/handler.createMilestone" + "$ref": "#/definitions/handler.poamControlRefRequest" } } ], @@ -16593,7 +17399,7 @@ "201": { "description": "Created", "schema": { - "$ref": "#/definitions/handler.GenericDataResponse-relational_CcfPoamItemMilestone" + "$ref": "#/definitions/handler.GenericDataResponse-poam_PoamItemControlLink" } }, "400": { @@ -16602,28 +17408,32 @@ "$ref": "#/definitions/api.Error" } }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, "500": { "description": "Internal Server Error", "schema": { "$ref": "#/definitions/api.Error" } } - } + }, + "security": [ + { + "OAuth2Password": [] + } + ] } }, - "/poam-items/{id}/milestones/{milestoneId}": { - "put": { - "description": "Update milestone fields; when status becomes completed, sets completed_at.", - "consumes": [ - "application/json" - ], - "produces": [ - "application/json" - ], + "/poam-items/{id}/controls/{catalogId}/{controlId}": { + "delete": { "tags": [ "POAM Items" ], - "summary": "Update milestone", + "summary": "Delete a control link", "parameters": [ { "type": "string", @@ -16634,28 +17444,22 @@ }, { "type": "string", - "description": "Milestone ID", - "name": "milestoneId", + "description": "Catalog ID", + "name": "catalogId", "in": "path", "required": true }, { - "description": "Fields to update", - "name": "body", - "in": "body", - "required": true, - "schema": { - "type": "object", - "additionalProperties": true - } + "type": "string", + "description": "Control ID", + "name": "controlId", + "in": "path", + "required": true } ], "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/handler.GenericDataResponse-relational_CcfPoamItemMilestone" - } + "204": { + "description": "No Content" }, "400": { "description": "Bad Request", @@ -16663,23 +17467,35 @@ "$ref": "#/definitions/api.Error" } }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, "500": { "description": "Internal Server Error", "schema": { "$ref": "#/definitions/api.Error" } } - } - }, - "delete": { - "description": "Delete a milestone from a POAM item.", + }, + "security": [ + { + "OAuth2Password": [] + } + ] + } + }, + "/poam-items/{id}/evidence": { + "get": { "produces": [ "application/json" ], "tags": [ "POAM Items" ], - "summary": "Delete milestone", + "summary": "List linked evidence", "parameters": [ { "type": "string", @@ -16687,20 +17503,13 @@ "name": "id", "in": "path", "required": true - }, - { - "type": "string", - "description": "Milestone ID", - "name": "milestoneId", - "in": "path", - "required": true } ], "responses": { - "204": { - "description": "no content", + "200": { + "description": "OK", "schema": { - "type": "string" + "$ref": "#/definitions/handler.GenericDataListResponse-poam_PoamItemEvidenceLink" } }, "400": { @@ -16709,34 +17518,63 @@ "$ref": "#/definitions/api.Error" } }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, "500": { "description": "Internal Server Error", "schema": { "$ref": "#/definitions/api.Error" } } - } - } - }, - "/users/me": { - "get": { - "description": "Retrieves the details of the currently logged-in user", + }, + "security": [ + { + "OAuth2Password": [] + } + ] + }, + "post": { + "consumes": [ + "application/json" + ], "produces": [ "application/json" ], "tags": [ - "Users" + "POAM Items" + ], + "summary": "Add an evidence link", + "parameters": [ + { + "type": "string", + "description": "POAM item ID", + "name": "id", + "in": "path", + "required": true + }, + { + "description": "Evidence ID payload", + "name": "body", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/handler.addLinkRequest" + } + } ], - "summary": "Get logged-in user details", "responses": { - "200": { - "description": "OK", + "201": { + "description": "Created", "schema": { - "$ref": "#/definitions/handler.GenericDataResponse-relational_User" + "$ref": "#/definitions/handler.GenericDataResponse-poam_PoamItemEvidenceLink" } }, - "401": { - "description": "Unauthorized", + "400": { + "description": "Bad Request", "schema": { "$ref": "#/definitions/api.Error" } @@ -16761,28 +17599,26 @@ ] } }, - "/users/me/change-password": { - "post": { - "description": "Changes the password for the currently logged-in user", - "consumes": [ - "application/json" - ], - "produces": [ - "application/json" - ], + "/poam-items/{id}/evidence/{evidenceId}": { + "delete": { "tags": [ - "Users" + "POAM Items" ], - "summary": "Change password for logged-in user", + "summary": "Delete an evidence link", "parameters": [ { - "description": "Change Password Request", - "name": "changePasswordRequest", - "in": "body", - "required": true, - "schema": { - "$ref": "#/definitions/handler.UserHandler" - } + "type": "string", + "description": "POAM item ID", + "name": "id", + "in": "path", + "required": true + }, + { + "type": "string", + "description": "Evidence ID", + "name": "evidenceId", + "in": "path", + "required": true } ], "responses": { @@ -16795,8 +17631,8 @@ "$ref": "#/definitions/api.Error" } }, - "401": { - "description": "Unauthorized", + "404": { + "description": "Not Found", "schema": { "$ref": "#/definitions/api.Error" } @@ -16815,25 +17651,33 @@ ] } }, - "/users/me/digest-subscription": { + "/poam-items/{id}/findings": { "get": { - "description": "Gets the current user's digest email subscription status", "produces": [ "application/json" ], "tags": [ - "Users" + "POAM Items" ], - "summary": "Get digest subscription status", - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/handler.GenericDataResponse-handler_UserHandler" + "summary": "List linked findings", + "parameters": [ + { + "type": "string", + "description": "POAM item ID", + "name": "id", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/handler.GenericDataListResponse-poam_PoamItemFindingLink" } }, - "401": { - "description": "Unauthorized", + "400": { + "description": "Bad Request", "schema": { "$ref": "#/definitions/api.Error" } @@ -16857,8 +17701,7 @@ } ] }, - "put": { - "description": "Updates the current user's digest email subscription status", + "post": { "consumes": [ "application/json" ], @@ -16866,25 +17709,32 @@ "application/json" ], "tags": [ - "Users" + "POAM Items" ], - "summary": "Update digest subscription status", + "summary": "Add a finding link", "parameters": [ { - "description": "Subscription status", - "name": "subscription", + "type": "string", + "description": "POAM item ID", + "name": "id", + "in": "path", + "required": true + }, + { + "description": "Finding ID payload", + "name": "body", "in": "body", "required": true, "schema": { - "$ref": "#/definitions/handler.UserHandler" + "$ref": "#/definitions/handler.addLinkRequest" } } ], "responses": { - "200": { - "description": "OK", + "201": { + "description": "Created", "schema": { - "$ref": "#/definitions/handler.GenericDataResponse-handler_UserHandler" + "$ref": "#/definitions/handler.GenericDataResponse-poam_PoamItemFindingLink" } }, "400": { @@ -16893,8 +17743,54 @@ "$ref": "#/definitions/api.Error" } }, - "401": { - "description": "Unauthorized", + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + } + }, + "/poam-items/{id}/findings/{findingId}": { + "delete": { + "tags": [ + "POAM Items" + ], + "summary": "Delete a finding link", + "parameters": [ + { + "type": "string", + "description": "POAM item ID", + "name": "id", + "in": "path", + "required": true + }, + { + "type": "string", + "description": "Finding ID", + "name": "findingId", + "in": "path", + "required": true + } + ], + "responses": { + "204": { + "description": "No Content" + }, + "400": { + "description": "Bad Request", "schema": { "$ref": "#/definitions/api.Error" } @@ -16919,9 +17815,57 @@ ] } }, - "/users/{id}/change-password": { + "/poam-items/{id}/milestones": { + "get": { + "produces": [ + "application/json" + ], + "tags": [ + "POAM Items" + ], + "summary": "List milestones for a POAM item", + "parameters": [ + { + "type": "string", + "description": "POAM item ID", + "name": "id", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/handler.GenericDataListResponse-handler_milestoneResponse" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + }, "post": { - "description": "Changes the password for a user by ID", "consumes": [ "application/json" ], @@ -16929,30 +17873,33 @@ "application/json" ], "tags": [ - "Users" + "POAM Items" ], - "summary": "Change password for a specific user", + "summary": "Add a milestone to a POAM item", "parameters": [ { "type": "string", - "description": "User ID", + "description": "POAM item ID", "name": "id", "in": "path", "required": true }, { - "description": "Change Password Request", - "name": "changePasswordRequest", + "description": "Milestone payload", + "name": "body", "in": "body", "required": true, "schema": { - "$ref": "#/definitions/handler.UserHandler" + "$ref": "#/definitions/handler.createMilestoneRequest" } } ], "responses": { - "204": { - "description": "No Content" + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/handler.GenericDataResponse-handler_milestoneResponse" + } }, "400": { "description": "Bad Request", @@ -16960,8 +17907,72 @@ "$ref": "#/definitions/api.Error" } }, - "401": { - "description": "Unauthorized", + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + } + }, + "/poam-items/{id}/milestones/{milestoneId}": { + "put": { + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "tags": [ + "POAM Items" + ], + "summary": "Update a milestone", + "parameters": [ + { + "type": "string", + "description": "POAM item ID", + "name": "id", + "in": "path", + "required": true + }, + { + "type": "string", + "description": "Milestone ID", + "name": "milestoneId", + "in": "path", + "required": true + }, + { + "description": "Milestone update payload", + "name": "body", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/handler.updateMilestoneRequest" + } + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/handler.GenericDataResponse-handler_milestoneResponse" + } + }, + "400": { + "description": "Bad Request", "schema": { "$ref": "#/definitions/api.Error" } @@ -16984,288 +17995,7544 @@ "OAuth2Password": [] } ] - } - } - }, - "definitions": { - "api.Error": { - "type": "object", - "properties": { - "errors": { - "type": "object", - "additionalProperties": {} - } - } - }, - "auth.AuthHandler": { - "type": "object" - }, - "authn.JWK": { - "type": "object", - "properties": { - "alg": { - "type": "string" - }, - "e": { - "type": "string" - }, - "kid": { - "type": "string" - }, - "kty": { - "type": "string" - }, - "n": { - "type": "string" - }, - "use": { - "type": "string" - } - } - }, - "datatypes.JSONType-labelfilter_Filter": { - "type": "object" - }, - "datatypes.JSONType-oscalTypes_1_1_3_ObjectiveStatus": { + }, + "delete": { + "tags": [ + "POAM Items" + ], + "summary": "Delete a milestone", + "parameters": [ + { + "type": "string", + "description": "POAM item ID", + "name": "id", + "in": "path", + "required": true + }, + { + "type": "string", + "description": "Milestone ID", + "name": "milestoneId", + "in": "path", + "required": true + } + ], + "responses": { + "204": { + "description": "No Content" + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + } + }, + "/poam-items/{id}/risks": { + "get": { + "produces": [ + "application/json" + ], + "tags": [ + "POAM Items" + ], + "summary": "List linked risks", + "parameters": [ + { + "type": "string", + "description": "POAM item ID", + "name": "id", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/handler.GenericDataListResponse-poam_PoamItemRiskLink" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + }, + "post": { + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "tags": [ + "POAM Items" + ], + "summary": "Add a risk link", + "parameters": [ + { + "type": "string", + "description": "POAM item ID", + "name": "id", + "in": "path", + "required": true + }, + { + "description": "Risk ID payload", + "name": "body", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/handler.addLinkRequest" + } + } + ], + "responses": { + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/handler.GenericDataResponse-poam_PoamItemRiskLink" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + } + }, + "/poam-items/{id}/risks/{riskId}": { + "delete": { + "tags": [ + "POAM Items" + ], + "summary": "Delete a risk link", + "parameters": [ + { + "type": "string", + "description": "POAM item ID", + "name": "id", + "in": "path", + "required": true + }, + { + "type": "string", + "description": "Risk ID", + "name": "riskId", + "in": "path", + "required": true + } + ], + "responses": { + "204": { + "description": "No Content" + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + } + }, + "/risk-templates": { + "get": { + "description": "List risk templates with optional filters and pagination.", + "produces": [ + "application/json" + ], + "tags": [ + "Risk Templates" + ], + "summary": "List risk templates", + "parameters": [ + { + "type": "string", + "description": "Plugin ID", + "name": "pluginId", + "in": "query" + }, + { + "type": "string", + "description": "Policy package", + "name": "policyPackage", + "in": "query" + }, + { + "type": "boolean", + "description": "Active flag", + "name": "isActive", + "in": "query" + }, + { + "type": "integer", + "description": "Page number", + "name": "page", + "in": "query" + }, + { + "type": "integer", + "description": "Page size", + "name": "limit", + "in": "query" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/service.ListResponse-templates_riskTemplateResponse" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + }, + "post": { + "description": "Create a risk template with threat references and remediation template/tasks.", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "tags": [ + "Risk Templates" + ], + "summary": "Create risk template", + "parameters": [ + { + "description": "Risk template payload", + "name": "template", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/templates.upsertRiskTemplateRequest" + } + } + ], + "responses": { + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/templates.riskTemplateDataResponse" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + } + }, + "/risk-templates/{id}": { + "get": { + "description": "Get a risk template by ID.", + "produces": [ + "application/json" + ], + "tags": [ + "Risk Templates" + ], + "summary": "Get risk template", + "parameters": [ + { + "type": "string", + "description": "Risk Template ID", + "name": "id", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/templates.riskTemplateDataResponse" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + }, + "put": { + "description": "Update a risk template and atomically replace threat refs and remediation tasks.", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "tags": [ + "Risk Templates" + ], + "summary": "Update risk template", + "parameters": [ + { + "type": "string", + "description": "Risk Template ID", + "name": "id", + "in": "path", + "required": true + }, + { + "description": "Risk template payload", + "name": "template", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/templates.upsertRiskTemplateRequest" + } + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/templates.riskTemplateDataResponse" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + }, + "delete": { + "description": "Delete a risk template and its associated threat references and remediation data.", + "produces": [ + "application/json" + ], + "tags": [ + "Risk Templates" + ], + "summary": "Delete risk template", + "parameters": [ + { + "type": "string", + "description": "Risk Template ID", + "name": "id", + "in": "path", + "required": true + } + ], + "responses": { + "204": { + "description": "No Content" + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + } + }, + "/risks": { + "get": { + "description": "Lists risk register entries with filtering, sorting, and pagination.", + "produces": [ + "application/json" + ], + "tags": [ + "Risks" + ], + "summary": "List risks", + "parameters": [ + { + "type": "string", + "description": "Risk status", + "name": "status", + "in": "query" + }, + { + "type": "string", + "description": "Risk likelihood", + "name": "likelihood", + "in": "query" + }, + { + "type": "string", + "description": "Risk impact", + "name": "impact", + "in": "query" + }, + { + "type": "string", + "description": "SSP ID", + "name": "sspId", + "in": "query" + }, + { + "type": "string", + "description": "Control ID", + "name": "controlId", + "in": "query" + }, + { + "type": "string", + "description": "Evidence ID", + "name": "evidenceId", + "in": "query" + }, + { + "type": "string", + "description": "Owner kind", + "name": "ownerKind", + "in": "query" + }, + { + "type": "string", + "description": "Owner reference", + "name": "ownerRef", + "in": "query" + }, + { + "type": "string", + "description": "Review deadline upper bound (RFC3339)", + "name": "reviewDeadlineBefore", + "in": "query" + }, + { + "type": "integer", + "description": "Page number", + "name": "page", + "in": "query" + }, + { + "type": "integer", + "description": "Page size", + "name": "limit", + "in": "query" + }, + { + "type": "string", + "description": "Sort field", + "name": "sort", + "in": "query" + }, + { + "type": "string", + "description": "Sort order (asc|desc)", + "name": "order", + "in": "query" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/service.ListResponse-handler_riskResponse" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + }, + "post": { + "description": "Creates a risk register entry.", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "tags": [ + "Risks" + ], + "summary": "Create risk", + "parameters": [ + { + "description": "Risk payload", + "name": "risk", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/handler.createRiskRequest" + } + } + ], + "responses": { + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/handler.GenericDataResponse-handler_riskResponse" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "401": { + "description": "Unauthorized", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + } + }, + "/risks/{id}": { + "get": { + "description": "Retrieves a risk register entry by ID.", + "produces": [ + "application/json" + ], + "tags": [ + "Risks" + ], + "summary": "Get risk", + "parameters": [ + { + "type": "string", + "description": "Risk ID", + "name": "id", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/handler.GenericDataResponse-handler_riskResponse" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + }, + "put": { + "description": "Updates a risk register entry by ID.", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "tags": [ + "Risks" + ], + "summary": "Update risk", + "parameters": [ + { + "type": "string", + "description": "Risk ID", + "name": "id", + "in": "path", + "required": true + }, + { + "description": "Risk payload", + "name": "risk", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/handler.updateRiskRequest" + } + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/handler.GenericDataResponse-handler_riskResponse" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + }, + "delete": { + "description": "Deletes a risk register entry and link rows by ID.", + "tags": [ + "Risks" + ], + "summary": "Delete risk", + "parameters": [ + { + "type": "string", + "description": "Risk ID", + "name": "id", + "in": "path", + "required": true + } + ], + "responses": { + "204": { + "description": "No Content" + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + } + }, + "/risks/{id}/accept": { + "post": { + "description": "Accepts a risk with required justification and a future review deadline.", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "tags": [ + "Risks" + ], + "summary": "Accept risk", + "parameters": [ + { + "type": "string", + "description": "Risk ID", + "name": "id", + "in": "path", + "required": true + }, + { + "description": "Accept payload", + "name": "body", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/handler.acceptRiskRequest" + } + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/handler.GenericDataResponse-handler_riskResponse" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + } + }, + "/risks/{id}/components": { + "get": { + "description": "Lists components linked to a risk.", + "produces": [ + "application/json" + ], + "tags": [ + "Risks" + ], + "summary": "List risk component links", + "parameters": [ + { + "type": "string", + "description": "Risk ID", + "name": "id", + "in": "path", + "required": true + }, + { + "type": "integer", + "description": "Page number", + "name": "page", + "in": "query" + }, + { + "type": "integer", + "description": "Page size", + "name": "limit", + "in": "query" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/service.ListResponse-risks_RiskComponentLink" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + }, + "post": { + "description": "Idempotently links a component to a risk.", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "tags": [ + "Risks" + ], + "summary": "Link component to risk", + "parameters": [ + { + "type": "string", + "description": "Risk ID", + "name": "id", + "in": "path", + "required": true + }, + { + "description": "Component link payload", + "name": "link", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/handler.addComponentLinkRequest" + } + } + ], + "responses": { + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/handler.GenericDataResponse-risks_RiskComponentLink" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + } + }, + "/risks/{id}/controls": { + "get": { + "description": "Lists controls linked to a risk.", + "produces": [ + "application/json" + ], + "tags": [ + "Risks" + ], + "summary": "List risk control links", + "parameters": [ + { + "type": "string", + "description": "Risk ID", + "name": "id", + "in": "path", + "required": true + }, + { + "type": "integer", + "description": "Page number", + "name": "page", + "in": "query" + }, + { + "type": "integer", + "description": "Page size", + "name": "limit", + "in": "query" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/service.ListResponse-risks_RiskControlLink" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + }, + "post": { + "description": "Idempotently links a control to a risk.", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "tags": [ + "Risks" + ], + "summary": "Link control to risk", + "parameters": [ + { + "type": "string", + "description": "Risk ID", + "name": "id", + "in": "path", + "required": true + }, + { + "description": "Control link payload", + "name": "link", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/handler.addControlLinkRequest" + } + } + ], + "responses": { + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/handler.GenericDataResponse-risks_RiskControlLink" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + } + }, + "/risks/{id}/evidence": { + "get": { + "description": "Lists evidence IDs linked to a risk.", + "produces": [ + "application/json" + ], + "tags": [ + "Risks" + ], + "summary": "List risk evidence links", + "parameters": [ + { + "type": "string", + "description": "Risk ID", + "name": "id", + "in": "path", + "required": true + }, + { + "type": "integer", + "description": "Page number", + "name": "page", + "in": "query" + }, + { + "type": "integer", + "description": "Page size", + "name": "limit", + "in": "query" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/service.ListResponse-uuid_UUID" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + }, + "post": { + "description": "Idempotently links an evidence item to a risk.", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "tags": [ + "Risks" + ], + "summary": "Link evidence to risk", + "parameters": [ + { + "type": "string", + "description": "Risk ID", + "name": "id", + "in": "path", + "required": true + }, + { + "description": "Evidence link payload", + "name": "link", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/handler.addEvidenceLinkRequest" + } + } + ], + "responses": { + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/handler.GenericDataResponse-risks_RiskEvidenceLink" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + } + }, + "/risks/{id}/evidence/{evidenceId}": { + "delete": { + "description": "Deletes the link between a risk and evidence item.", + "tags": [ + "Risks" + ], + "summary": "Delete risk evidence link", + "parameters": [ + { + "type": "string", + "description": "Risk ID", + "name": "id", + "in": "path", + "required": true + }, + { + "type": "string", + "description": "Evidence ID", + "name": "evidenceId", + "in": "path", + "required": true + } + ], + "responses": { + "204": { + "description": "No Content" + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + } + }, + "/risks/{id}/review": { + "post": { + "description": "Records a structured review for an accepted risk. nextReviewDeadline is required for decision=extend and must be omitted for decision=reopen.", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "tags": [ + "Risks" + ], + "summary": "Review risk", + "parameters": [ + { + "type": "string", + "description": "Risk ID", + "name": "id", + "in": "path", + "required": true + }, + { + "description": "Review payload", + "name": "body", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/handler.reviewRiskRequest" + } + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/handler.GenericDataResponse-handler_riskResponse" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + } + }, + "/risks/{id}/subjects": { + "get": { + "description": "Lists subjects linked to a risk.", + "produces": [ + "application/json" + ], + "tags": [ + "Risks" + ], + "summary": "List risk subject links", + "parameters": [ + { + "type": "string", + "description": "Risk ID", + "name": "id", + "in": "path", + "required": true + }, + { + "type": "integer", + "description": "Page number", + "name": "page", + "in": "query" + }, + { + "type": "integer", + "description": "Page size", + "name": "limit", + "in": "query" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/service.ListResponse-risks_RiskSubjectLink" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + }, + "post": { + "description": "Idempotently links a subject to a risk.", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "tags": [ + "Risks" + ], + "summary": "Link subject to risk", + "parameters": [ + { + "type": "string", + "description": "Risk ID", + "name": "id", + "in": "path", + "required": true + }, + { + "description": "Subject link payload", + "name": "link", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/handler.addSubjectLinkRequest" + } + } + ], + "responses": { + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/handler.GenericDataResponse-risks_RiskSubjectLink" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + } + }, + "/ssp/{sspId}/risks": { + "get": { + "description": "Lists risk register entries scoped to an SSP.", + "produces": [ + "application/json" + ], + "tags": [ + "Risks" + ], + "summary": "List risks for SSP", + "parameters": [ + { + "type": "string", + "description": "SSP ID", + "name": "sspId", + "in": "path", + "required": true + }, + { + "type": "string", + "description": "Risk status", + "name": "status", + "in": "query" + }, + { + "type": "string", + "description": "Risk likelihood", + "name": "likelihood", + "in": "query" + }, + { + "type": "string", + "description": "Risk impact", + "name": "impact", + "in": "query" + }, + { + "type": "string", + "description": "Control ID", + "name": "controlId", + "in": "query" + }, + { + "type": "string", + "description": "Evidence ID", + "name": "evidenceId", + "in": "query" + }, + { + "type": "string", + "description": "Owner kind", + "name": "ownerKind", + "in": "query" + }, + { + "type": "string", + "description": "Owner reference", + "name": "ownerRef", + "in": "query" + }, + { + "type": "string", + "description": "Review deadline upper bound (RFC3339)", + "name": "reviewDeadlineBefore", + "in": "query" + }, + { + "type": "integer", + "description": "Page number", + "name": "page", + "in": "query" + }, + { + "type": "integer", + "description": "Page size", + "name": "limit", + "in": "query" + }, + { + "type": "string", + "description": "Sort field", + "name": "sort", + "in": "query" + }, + { + "type": "string", + "description": "Sort order (asc|desc)", + "name": "order", + "in": "query" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/service.ListResponse-handler_riskResponse" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + }, + "post": { + "description": "Creates a risk register entry scoped to an SSP.", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "tags": [ + "Risks" + ], + "summary": "Create risk for SSP", + "parameters": [ + { + "type": "string", + "description": "SSP ID", + "name": "sspId", + "in": "path", + "required": true + }, + { + "description": "Risk payload", + "name": "risk", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/handler.createRiskRequest" + } + } + ], + "responses": { + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/handler.GenericDataResponse-handler_riskResponse" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + } + }, + "/ssp/{sspId}/risks/{id}": { + "get": { + "description": "Retrieves a risk register entry by ID scoped to an SSP.", + "produces": [ + "application/json" + ], + "tags": [ + "Risks" + ], + "summary": "Get risk for SSP", + "parameters": [ + { + "type": "string", + "description": "SSP ID", + "name": "sspId", + "in": "path", + "required": true + }, + { + "type": "string", + "description": "Risk ID", + "name": "id", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/handler.GenericDataResponse-handler_riskResponse" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + }, + "put": { + "description": "Updates a risk register entry by ID scoped to an SSP.", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "tags": [ + "Risks" + ], + "summary": "Update risk for SSP", + "parameters": [ + { + "type": "string", + "description": "SSP ID", + "name": "sspId", + "in": "path", + "required": true + }, + { + "type": "string", + "description": "Risk ID", + "name": "id", + "in": "path", + "required": true + }, + { + "description": "Risk payload", + "name": "risk", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/handler.updateRiskRequest" + } + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/handler.GenericDataResponse-handler_riskResponse" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + }, + "delete": { + "description": "Deletes a risk register entry by ID scoped to an SSP.", + "tags": [ + "Risks" + ], + "summary": "Delete risk for SSP", + "parameters": [ + { + "type": "string", + "description": "SSP ID", + "name": "sspId", + "in": "path", + "required": true + }, + { + "type": "string", + "description": "Risk ID", + "name": "id", + "in": "path", + "required": true + } + ], + "responses": { + "204": { + "description": "No Content" + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + } + }, + "/ssp/{sspId}/risks/{id}/accept": { + "post": { + "description": "Accepts a risk by ID scoped to an SSP.", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "tags": [ + "Risks" + ], + "summary": "Accept risk for SSP", + "parameters": [ + { + "type": "string", + "description": "SSP ID", + "name": "sspId", + "in": "path", + "required": true + }, + { + "type": "string", + "description": "Risk ID", + "name": "id", + "in": "path", + "required": true + }, + { + "description": "Accept payload", + "name": "body", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/handler.acceptRiskRequest" + } + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/handler.GenericDataResponse-handler_riskResponse" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + } + }, + "/ssp/{sspId}/risks/{id}/review": { + "post": { + "description": "Records a risk review by ID scoped to an SSP. nextReviewDeadline is required for decision=extend and must be omitted for decision=reopen.", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "tags": [ + "Risks" + ], + "summary": "Review risk for SSP", + "parameters": [ + { + "type": "string", + "description": "SSP ID", + "name": "sspId", + "in": "path", + "required": true + }, + { + "type": "string", + "description": "Risk ID", + "name": "id", + "in": "path", + "required": true + }, + { + "description": "Review payload", + "name": "body", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/handler.reviewRiskRequest" + } + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/handler.GenericDataResponse-handler_riskResponse" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + } + }, + "/subject-templates": { + "get": { + "description": "List subject templates with optional filters and pagination.", + "produces": [ + "application/json" + ], + "tags": [ + "Subject Templates" + ], + "summary": "List subject templates", + "parameters": [ + { + "type": "string", + "description": "Subject type", + "name": "type", + "in": "query" + }, + { + "type": "string", + "description": "Source mode", + "name": "sourceMode", + "in": "query" + }, + { + "type": "integer", + "description": "Page number", + "name": "page", + "in": "query" + }, + { + "type": "integer", + "description": "Page size", + "name": "limit", + "in": "query" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/service.ListResponse-templates_subjectTemplateResponse" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + }, + "post": { + "description": "Create a subject template with selector labels and label schema.", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "tags": [ + "Subject Templates" + ], + "summary": "Create subject template", + "parameters": [ + { + "description": "Subject template payload", + "name": "template", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/templates.upsertSubjectTemplateRequest" + } + } + ], + "responses": { + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/templates.subjectTemplateDataResponse" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + } + }, + "/subject-templates/{id}": { + "get": { + "description": "Get a subject template by ID.", + "produces": [ + "application/json" + ], + "tags": [ + "Subject Templates" + ], + "summary": "Get subject template", + "parameters": [ + { + "type": "string", + "description": "Subject Template ID", + "name": "id", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/templates.subjectTemplateDataResponse" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + }, + "put": { + "description": "Update a subject template and atomically replace selector labels and label schema.", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "tags": [ + "Subject Templates" + ], + "summary": "Update subject template", + "parameters": [ + { + "type": "string", + "description": "Subject Template ID", + "name": "id", + "in": "path", + "required": true + }, + { + "description": "Subject template payload", + "name": "template", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/templates.upsertSubjectTemplateRequest" + } + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/templates.subjectTemplateDataResponse" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + } + }, + "/users/me": { + "get": { + "description": "Retrieves the details of the currently logged-in user", + "produces": [ + "application/json" + ], + "tags": [ + "Users" + ], + "summary": "Get logged-in user details", + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/handler.GenericDataResponse-relational_User" + } + }, + "401": { + "description": "Unauthorized", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + } + }, + "/users/me/change-password": { + "post": { + "description": "Changes the password for the currently logged-in user", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "tags": [ + "Users" + ], + "summary": "Change password for logged-in user", + "parameters": [ + { + "description": "Change Password Request", + "name": "changePasswordRequest", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/handler.UserHandler" + } + } + ], + "responses": { + "204": { + "description": "No Content" + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "401": { + "description": "Unauthorized", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + } + }, + "/users/me/subscriptions": { + "get": { + "description": "Gets the current user's digest and workflow notification email preferences", + "produces": [ + "application/json" + ], + "tags": [ + "Users" + ], + "summary": "Get notification preferences", + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/handler.GenericDataResponse-handler_SubscriptionsResponse" + } + }, + "401": { + "description": "Unauthorized", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + }, + "put": { + "description": "Updates the current user's digest and workflow notification email preferences", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "tags": [ + "Users" + ], + "summary": "Update notification preferences", + "parameters": [ + { + "description": "Notification preferences", + "name": "subscription", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/handler.UpdateSubscriptionsRequest" + } + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/handler.GenericDataResponse-handler_SubscriptionsResponse" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "401": { + "description": "Unauthorized", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + } + }, + "/users/{id}/change-password": { + "post": { + "description": "Changes the password for a user by ID", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "tags": [ + "Users" + ], + "summary": "Change password for a specific user", + "parameters": [ + { + "type": "string", + "description": "User ID", + "name": "id", + "in": "path", + "required": true + }, + { + "description": "Change Password Request", + "name": "changePasswordRequest", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/handler.UserHandler" + } + } + ], + "responses": { + "204": { + "description": "No Content" + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "401": { + "description": "Unauthorized", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + } + }, + "/workflows/control-relationships": { + "get": { + "description": "List all control relationships, optionally filtered by workflow definition", + "produces": [ + "application/json" + ], + "tags": [ + "Control Relationships" + ], + "summary": "List control relationships", + "parameters": [ + { + "type": "string", + "description": "Workflow Definition ID", + "name": "workflow_definition_id", + "in": "query" + }, + { + "type": "string", + "description": "Control ID", + "name": "control_id", + "in": "query" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/workflows.ControlRelationshipListResponse" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "401": { + "description": "Unauthorized", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + }, + "post": { + "description": "Create a new control relationship for a workflow", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "tags": [ + "Control Relationships" + ], + "summary": "Create control relationship", + "parameters": [ + { + "description": "Control relationship details", + "name": "request", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/workflows.CreateControlRelationshipRequest" + } + } + ], + "responses": { + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/workflows.ControlRelationshipResponse" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "401": { + "description": "Unauthorized", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + } + }, + "/workflows/control-relationships/{id}": { + "get": { + "description": "Get control relationship by ID", + "produces": [ + "application/json" + ], + "tags": [ + "Control Relationships" + ], + "summary": "Get control relationship", + "parameters": [ + { + "type": "string", + "description": "Control Relationship ID", + "name": "id", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/workflows.ControlRelationshipResponse" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "401": { + "description": "Unauthorized", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + }, + "put": { + "description": "Update an existing control relationship", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "tags": [ + "Control Relationships" + ], + "summary": "Update control relationship", + "parameters": [ + { + "type": "string", + "description": "Control Relationship ID", + "name": "id", + "in": "path", + "required": true + }, + { + "description": "Update details", + "name": "request", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/workflows.UpdateControlRelationshipRequest" + } + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/workflows.ControlRelationshipResponse" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "401": { + "description": "Unauthorized", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + }, + "delete": { + "description": "Delete a control relationship", + "tags": [ + "Control Relationships" + ], + "summary": "Delete control relationship", + "parameters": [ + { + "type": "string", + "description": "Control Relationship ID", + "name": "id", + "in": "path", + "required": true + } + ], + "responses": { + "204": { + "description": "No Content" + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "401": { + "description": "Unauthorized", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + } + }, + "/workflows/control-relationships/{id}/activate": { + "put": { + "description": "Activate a control relationship", + "produces": [ + "application/json" + ], + "tags": [ + "Control Relationships" + ], + "summary": "Activate control relationship", + "parameters": [ + { + "type": "string", + "description": "Control Relationship ID", + "name": "id", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/workflows.ControlRelationshipResponse" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "401": { + "description": "Unauthorized", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + } + }, + "/workflows/control-relationships/{id}/deactivate": { + "put": { + "description": "Deactivate a control relationship", + "produces": [ + "application/json" + ], + "tags": [ + "Control Relationships" + ], + "summary": "Deactivate control relationship", + "parameters": [ + { + "type": "string", + "description": "Control Relationship ID", + "name": "id", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/workflows.ControlRelationshipResponse" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "401": { + "description": "Unauthorized", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + } + }, + "/workflows/definitions": { + "get": { + "description": "List all workflow definition templates", + "produces": [ + "application/json" + ], + "tags": [ + "Workflow Definitions" + ], + "summary": "List workflow definitions", + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/workflows.WorkflowDefinitionListResponse" + } + }, + "401": { + "description": "Unauthorized", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + }, + "post": { + "description": "Create a new workflow definition template", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "tags": [ + "Workflow Definitions" + ], + "summary": "Create workflow definition", + "parameters": [ + { + "description": "Workflow definition details", + "name": "request", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/workflows.CreateWorkflowDefinitionRequest" + } + } + ], + "responses": { + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/workflows.WorkflowDefinitionResponse" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "401": { + "description": "Unauthorized", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + } + }, + "/workflows/definitions/{id}": { + "get": { + "description": "Get workflow definition by ID", + "produces": [ + "application/json" + ], + "tags": [ + "Workflow Definitions" + ], + "summary": "Get workflow definition", + "parameters": [ + { + "type": "string", + "description": "Workflow Definition ID", + "name": "id", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/workflows.WorkflowDefinitionResponse" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "401": { + "description": "Unauthorized", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + }, + "put": { + "description": "Update workflow definition by ID", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "tags": [ + "Workflow Definitions" + ], + "summary": "Update workflow definition", + "parameters": [ + { + "type": "string", + "description": "Workflow Definition ID", + "name": "id", + "in": "path", + "required": true + }, + { + "description": "Updated workflow definition details", + "name": "request", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/workflows.UpdateWorkflowDefinitionRequest" + } + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/workflows.WorkflowDefinitionResponse" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "401": { + "description": "Unauthorized", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + }, + "delete": { + "description": "Delete workflow definition by ID", + "produces": [ + "application/json" + ], + "tags": [ + "Workflow Definitions" + ], + "summary": "Delete workflow definition", + "parameters": [ + { + "type": "string", + "description": "Workflow Definition ID", + "name": "id", + "in": "path", + "required": true + } + ], + "responses": { + "204": { + "description": "No Content" + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "401": { + "description": "Unauthorized", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + } + }, + "/workflows/executions": { + "get": { + "description": "List all executions for a workflow instance", + "produces": [ + "application/json" + ], + "tags": [ + "Workflow Executions" + ], + "summary": "List workflow executions", + "parameters": [ + { + "type": "string", + "description": "Workflow Instance ID", + "name": "workflow_instance_id", + "in": "query", + "required": true + }, + { + "type": "integer", + "description": "Limit", + "name": "limit", + "in": "query" + }, + { + "type": "integer", + "description": "Offset", + "name": "offset", + "in": "query" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/workflows.WorkflowExecutionListResponse" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "401": { + "description": "Unauthorized", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + }, + "post": { + "description": "Start a new execution of a workflow instance", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "tags": [ + "Workflow Executions" + ], + "summary": "Start workflow execution", + "parameters": [ + { + "description": "Execution details", + "name": "request", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/workflows.StartWorkflowExecutionRequest" + } + } + ], + "responses": { + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/workflows.WorkflowExecutionResponse" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "401": { + "description": "Unauthorized", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + } + }, + "/workflows/executions/{id}": { + "get": { + "description": "Get workflow execution by ID", + "produces": [ + "application/json" + ], + "tags": [ + "Workflow Executions" + ], + "summary": "Get workflow execution", + "parameters": [ + { + "type": "string", + "description": "Workflow Execution ID", + "name": "id", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/workflows.WorkflowExecutionResponse" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "401": { + "description": "Unauthorized", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + } + }, + "/workflows/executions/{id}/cancel": { + "put": { + "description": "Cancel a running workflow execution", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "tags": [ + "Workflow Executions" + ], + "summary": "Cancel workflow execution", + "parameters": [ + { + "type": "string", + "description": "Workflow Execution ID", + "name": "id", + "in": "path", + "required": true + }, + { + "description": "Cancel details", + "name": "request", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/workflows.CancelWorkflowExecutionRequest" + } + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/workflows.WorkflowExecutionResponse" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "401": { + "description": "Unauthorized", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + } + }, + "/workflows/executions/{id}/metrics": { + "get": { + "description": "Get performance metrics for a workflow execution", + "produces": [ + "application/json" + ], + "tags": [ + "Workflow Executions" + ], + "summary": "Get workflow execution metrics", + "parameters": [ + { + "type": "string", + "description": "Workflow Execution ID", + "name": "id", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/workflows.WorkflowExecutionMetricsResponse" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "401": { + "description": "Unauthorized", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + } + }, + "/workflows/executions/{id}/reassign-role": { + "put": { + "description": "Reassign eligible steps in an execution for a given role", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "tags": [ + "Workflow Executions" + ], + "summary": "Bulk reassign steps by role", + "parameters": [ + { + "type": "string", + "description": "Workflow Execution ID", + "name": "id", + "in": "path", + "required": true + }, + { + "description": "Bulk reassignment details", + "name": "request", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/workflows.ReassignRoleRequest" + } + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/workflows.BulkReassignRoleResponse" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "401": { + "description": "Unauthorized", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + } + }, + "/workflows/executions/{id}/retry": { + "post": { + "description": "Create a new execution to retry a failed workflow", + "produces": [ + "application/json" + ], + "tags": [ + "Workflow Executions" + ], + "summary": "Retry workflow execution", + "parameters": [ + { + "type": "string", + "description": "Workflow Execution ID", + "name": "id", + "in": "path", + "required": true + } + ], + "responses": { + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/workflows.WorkflowExecutionResponse" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "401": { + "description": "Unauthorized", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + } + }, + "/workflows/executions/{id}/status": { + "get": { + "description": "Get detailed status of a workflow execution including step counts", + "produces": [ + "application/json" + ], + "tags": [ + "Workflow Executions" + ], + "summary": "Get workflow execution status", + "parameters": [ + { + "type": "string", + "description": "Workflow Execution ID", + "name": "id", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/workflows.WorkflowExecutionStatusResponse" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "401": { + "description": "Unauthorized", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + } + }, + "/workflows/instances": { + "get": { + "description": "List all workflow instances with optional filtering", + "produces": [ + "application/json" + ], + "tags": [ + "Workflow Instances" + ], + "summary": "List workflow instances", + "parameters": [ + { + "type": "string", + "description": "Filter by Workflow Definition ID", + "name": "workflow_definition_id", + "in": "query" + }, + { + "type": "string", + "description": "Filter by System Security Plan ID", + "name": "system_security_plan_id", + "in": "query" + }, + { + "type": "boolean", + "description": "Filter by Active Status", + "name": "is_active", + "in": "query" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/workflows.WorkflowInstanceListResponse" + } + }, + "401": { + "description": "Unauthorized", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + }, + "post": { + "description": "Create a new workflow instance for a specific system", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "tags": [ + "Workflow Instances" + ], + "summary": "Create workflow instance", + "parameters": [ + { + "description": "Workflow instance details", + "name": "request", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/workflows.CreateWorkflowInstanceRequest" + } + } + ], + "responses": { + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/workflows.WorkflowInstanceResponse" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "401": { + "description": "Unauthorized", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + } + }, + "/workflows/instances/{id}": { + "get": { + "description": "Get workflow instance by ID", + "produces": [ + "application/json" + ], + "tags": [ + "Workflow Instances" + ], + "summary": "Get workflow instance", + "parameters": [ + { + "type": "string", + "description": "Workflow Instance ID", + "name": "id", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/workflows.WorkflowInstanceResponse" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "401": { + "description": "Unauthorized", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + }, + "put": { + "description": "Update workflow instance by ID", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "tags": [ + "Workflow Instances" + ], + "summary": "Update workflow instance", + "parameters": [ + { + "type": "string", + "description": "Workflow Instance ID", + "name": "id", + "in": "path", + "required": true + }, + { + "description": "Updated workflow instance details", + "name": "request", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/workflows.UpdateWorkflowInstanceRequest" + } + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/workflows.WorkflowInstanceResponse" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "401": { + "description": "Unauthorized", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + }, + "delete": { + "description": "Delete workflow instance by ID", + "produces": [ + "application/json" + ], + "tags": [ + "Workflow Instances" + ], + "summary": "Delete workflow instance", + "parameters": [ + { + "type": "string", + "description": "Workflow Instance ID", + "name": "id", + "in": "path", + "required": true + } + ], + "responses": { + "204": { + "description": "No Content" + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "401": { + "description": "Unauthorized", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + } + }, + "/workflows/instances/{id}/activate": { + "put": { + "description": "Activate a workflow instance to enable scheduled executions", + "produces": [ + "application/json" + ], + "tags": [ + "Workflow Instances" + ], + "summary": "Activate workflow instance", + "parameters": [ + { + "type": "string", + "description": "Workflow Instance ID", + "name": "id", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/workflows.WorkflowInstanceResponse" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "401": { + "description": "Unauthorized", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + } + }, + "/workflows/instances/{id}/deactivate": { + "put": { + "description": "Deactivate a workflow instance to disable scheduled executions", + "produces": [ + "application/json" + ], + "tags": [ + "Workflow Instances" + ], + "summary": "Deactivate workflow instance", + "parameters": [ + { + "type": "string", + "description": "Workflow Instance ID", + "name": "id", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/workflows.WorkflowInstanceResponse" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "401": { + "description": "Unauthorized", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + } + }, + "/workflows/role-assignments": { + "get": { + "description": "List all role assignments, optionally filtered by workflow instance", + "produces": [ + "application/json" + ], + "tags": [ + "Role Assignments" + ], + "summary": "List role assignments", + "parameters": [ + { + "type": "string", + "description": "Workflow Instance ID", + "name": "workflow_instance_id", + "in": "query" + }, + { + "type": "string", + "description": "Role Name", + "name": "role_name", + "in": "query" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/workflows.RoleAssignmentListResponse" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "401": { + "description": "Unauthorized", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + }, + "post": { + "description": "Create a new role assignment for a workflow instance", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "tags": [ + "Role Assignments" + ], + "summary": "Create role assignment", + "parameters": [ + { + "description": "Role assignment details", + "name": "request", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/workflows.CreateRoleAssignmentRequest" + } + } + ], + "responses": { + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/workflows.RoleAssignmentResponse" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "401": { + "description": "Unauthorized", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + } + }, + "/workflows/role-assignments/{id}": { + "get": { + "description": "Get role assignment by ID", + "produces": [ + "application/json" + ], + "tags": [ + "Role Assignments" + ], + "summary": "Get role assignment", + "parameters": [ + { + "type": "string", + "description": "Role Assignment ID", + "name": "id", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/workflows.RoleAssignmentResponse" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "401": { + "description": "Unauthorized", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + }, + "put": { + "description": "Update an existing role assignment", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "tags": [ + "Role Assignments" + ], + "summary": "Update role assignment", + "parameters": [ + { + "type": "string", + "description": "Role Assignment ID", + "name": "id", + "in": "path", + "required": true + }, + { + "description": "Update details", + "name": "request", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/workflows.UpdateRoleAssignmentRequest" + } + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/workflows.RoleAssignmentResponse" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "401": { + "description": "Unauthorized", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + }, + "delete": { + "description": "Delete a role assignment", + "tags": [ + "Role Assignments" + ], + "summary": "Delete role assignment", + "parameters": [ + { + "type": "string", + "description": "Role Assignment ID", + "name": "id", + "in": "path", + "required": true + } + ], + "responses": { + "204": { + "description": "No Content" + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "401": { + "description": "Unauthorized", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + } + }, + "/workflows/role-assignments/{id}/activate": { + "put": { + "description": "Activate a role assignment", + "produces": [ + "application/json" + ], + "tags": [ + "Role Assignments" + ], + "summary": "Activate role assignment", + "parameters": [ + { + "type": "string", + "description": "Role Assignment ID", + "name": "id", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/workflows.RoleAssignmentResponse" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "401": { + "description": "Unauthorized", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + } + }, + "/workflows/role-assignments/{id}/deactivate": { + "put": { + "description": "Deactivate a role assignment", + "produces": [ + "application/json" + ], + "tags": [ + "Role Assignments" + ], + "summary": "Deactivate role assignment", + "parameters": [ + { + "type": "string", + "description": "Role Assignment ID", + "name": "id", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/workflows.RoleAssignmentResponse" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "401": { + "description": "Unauthorized", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + } + }, + "/workflows/step-executions": { + "get": { + "description": "List all step executions for a workflow execution", + "produces": [ + "application/json" + ], + "tags": [ + "Step Executions" + ], + "summary": "List step executions", + "parameters": [ + { + "type": "string", + "description": "Workflow Execution ID", + "name": "workflow_execution_id", + "in": "query", + "required": true + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/workflows.StepExecutionListResponse" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "401": { + "description": "Unauthorized", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + } + }, + "/workflows/step-executions/my": { + "get": { + "description": "List all step executions assigned to the current user with optional filters and pagination", + "produces": [ + "application/json" + ], + "tags": [ + "Step Executions" + ], + "summary": "List my step assignments", + "parameters": [ + { + "type": "string", + "description": "Filter by status (pending, in_progress, blocked)", + "name": "status", + "in": "query" + }, + { + "type": "string", + "description": "Filter by due date before (RFC3339 format)", + "name": "due_before", + "in": "query" + }, + { + "type": "string", + "description": "Filter by due date after (RFC3339 format)", + "name": "due_after", + "in": "query" + }, + { + "type": "string", + "description": "Filter by workflow definition ID", + "name": "workflow_definition_id", + "in": "query" + }, + { + "type": "integer", + "description": "Limit (default 20, max 100)", + "name": "limit", + "in": "query" + }, + { + "type": "integer", + "description": "Offset (default 0)", + "name": "offset", + "in": "query" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/workflows.MyAssignmentsResponse" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "401": { + "description": "Unauthorized", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + } + }, + "/workflows/step-executions/{id}": { + "get": { + "description": "Get step execution by ID", + "produces": [ + "application/json" + ], + "tags": [ + "Step Executions" + ], + "summary": "Get step execution", + "parameters": [ + { + "type": "string", + "description": "Step Execution ID", + "name": "id", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/workflows.StepExecutionResponse" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "401": { + "description": "Unauthorized", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + } + }, + "/workflows/step-executions/{id}/can-transition": { + "get": { + "description": "Check if a user has permission to transition a step execution", + "produces": [ + "application/json" + ], + "tags": [ + "Step Executions" + ], + "summary": "Check if user can transition step", + "parameters": [ + { + "type": "string", + "description": "Step Execution ID", + "name": "id", + "in": "path", + "required": true + }, + { + "type": "string", + "description": "User ID", + "name": "user_id", + "in": "query", + "required": true + }, + { + "type": "string", + "description": "User Type (user, group, email)", + "name": "user_type", + "in": "query", + "required": true + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "type": "object", + "additionalProperties": true + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + } + }, + "/workflows/step-executions/{id}/evidence-requirements": { + "get": { + "description": "Get the evidence requirements for a step execution", + "produces": [ + "application/json" + ], + "tags": [ + "Step Executions" + ], + "summary": "Get evidence requirements for step", + "parameters": [ + { + "type": "string", + "description": "Step Execution ID", + "name": "id", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "type": "object", + "additionalProperties": true + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + } + }, + "/workflows/step-executions/{id}/fail": { + "put": { + "description": "Mark a step execution as failed with a reason", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "tags": [ + "Step Executions" + ], + "summary": "Fail step execution", + "parameters": [ + { + "type": "string", + "description": "Step Execution ID", + "name": "id", + "in": "path", + "required": true + }, + { + "description": "Failure details", + "name": "request", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/workflows.FailStepRequest" + } + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/workflows.StepExecutionResponse" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "401": { + "description": "Unauthorized", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + } + }, + "/workflows/step-executions/{id}/reassign": { + "put": { + "description": "Reassign a step execution to a new assignee", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "tags": [ + "Step Executions" + ], + "summary": "Reassign step execution", + "parameters": [ + { + "type": "string", + "description": "Step Execution ID", + "name": "id", + "in": "path", + "required": true + }, + { + "description": "Reassignment details", + "name": "request", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/workflows.ReassignStepRequest" + } + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/workflows.StepExecutionResponse" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "401": { + "description": "Unauthorized", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + } + }, + "/workflows/step-executions/{id}/transition": { + "put": { + "description": "Transition a step execution status with role verification and evidence validation", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "tags": [ + "Step Executions" + ], + "summary": "Transition step execution status", + "parameters": [ + { + "type": "string", + "description": "Step Execution ID", + "name": "id", + "in": "path", + "required": true + }, + { + "description": "Transition request", + "name": "request", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/workflows.TransitionStepRequest" + } + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/workflows.StepExecutionResponse" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "401": { + "description": "Unauthorized", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "403": { + "description": "Forbidden", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + } + }, + "/workflows/steps": { + "get": { + "description": "List all step definitions for a workflow definition", + "produces": [ + "application/json" + ], + "tags": [ + "Workflow Step Definitions" + ], + "summary": "List workflow step definitions", + "parameters": [ + { + "type": "string", + "description": "Workflow Definition ID", + "name": "workflow_definition_id", + "in": "query", + "required": true + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/workflows.WorkflowStepDefinitionListResponse" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "401": { + "description": "Unauthorized", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + }, + "post": { + "description": "Create a new step definition for a workflow", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "tags": [ + "Workflow Step Definitions" + ], + "summary": "Create workflow step definition", + "parameters": [ + { + "description": "Step definition details", + "name": "request", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/workflows.CreateWorkflowStepDefinitionRequest" + } + } + ], + "responses": { + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/workflows.WorkflowStepDefinitionResponse" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "401": { + "description": "Unauthorized", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + } + }, + "/workflows/steps/{id}": { + "get": { + "description": "Get workflow step definition by ID", + "produces": [ + "application/json" + ], + "tags": [ + "Workflow Step Definitions" + ], + "summary": "Get workflow step definition", + "parameters": [ + { + "type": "string", + "description": "Step Definition ID", + "name": "id", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/workflows.WorkflowStepDefinitionResponse" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "401": { + "description": "Unauthorized", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + }, + "put": { + "description": "Update workflow step definition by ID", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "tags": [ + "Workflow Step Definitions" + ], + "summary": "Update workflow step definition", + "parameters": [ + { + "type": "string", + "description": "Step Definition ID", + "name": "id", + "in": "path", + "required": true + }, + { + "description": "Updated step definition details", + "name": "request", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/workflows.UpdateWorkflowStepDefinitionRequest" + } + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/workflows.WorkflowStepDefinitionResponse" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "401": { + "description": "Unauthorized", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + }, + "delete": { + "description": "Delete workflow step definition by ID", + "produces": [ + "application/json" + ], + "tags": [ + "Workflow Step Definitions" + ], + "summary": "Delete workflow step definition", + "parameters": [ + { + "type": "string", + "description": "Step Definition ID", + "name": "id", + "in": "path", + "required": true + } + ], + "responses": { + "204": { + "description": "No Content" + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "401": { + "description": "Unauthorized", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + } + }, + "/workflows/steps/{id}/dependencies": { + "get": { + "description": "Get all dependencies for a workflow step definition", + "produces": [ + "application/json" + ], + "tags": [ + "Workflow Step Definitions" + ], + "summary": "Get step dependencies", + "parameters": [ + { + "type": "string", + "description": "Step Definition ID", + "name": "id", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/workflows.WorkflowStepDefinitionListResponse" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "401": { + "description": "Unauthorized", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "404": { + "description": "Not Found", + "schema": { + "$ref": "#/definitions/api.Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/api.Error" + } + } + }, + "security": [ + { + "OAuth2Password": [] + } + ] + } + } + }, + "definitions": { + "api.Error": { + "type": "object", + "properties": { + "errors": { + "type": "object", + "additionalProperties": {} + } + } + }, + "auth.AuthHandler": { + "type": "object" + }, + "authn.JWK": { + "type": "object", + "properties": { + "alg": { + "type": "string" + }, + "e": { + "type": "string" + }, + "kid": { + "type": "string" + }, + "kty": { + "type": "string" + }, + "n": { + "type": "string" + }, + "use": { + "type": "string" + } + } + }, + "datatypes.JSONType-labelfilter_Filter": { + "type": "object" + }, + "datatypes.JSONType-oscalTypes_1_1_3_ObjectiveStatus": { + "type": "object" + }, + "datatypes.JSONType-relational_Address": { + "type": "object" + }, + "datatypes.JSONType-relational_Base64": { + "type": "object" + }, + "datatypes.JSONType-relational_Citation": { + "type": "object" + }, + "datatypes.JSONType-relational_CombinationRule": { + "type": "object" + }, + "datatypes.JSONType-relational_FlatWithoutGrouping": { + "type": "object" + }, + "datatypes.JSONType-relational_ImplementationStatus": { + "type": "object" + }, + "datatypes.JSONType-relational_ImportProfile": { + "type": "object" + }, + "datatypes.JSONType-relational_IncludeAll": { + "type": "object" + }, + "datatypes.JSONType-relational_ParameterSelection": { + "type": "object" + }, + "datatypes.JSONType-relational_SecurityImpactLevel": { + "type": "object" + }, + "datatypes.JSONType-relational_Status": { "type": "object" }, - "datatypes.JSONType-relational_Address": { - "type": "object" + "datatypes.JSONType-relational_SystemComponentStatus": { + "type": "object" + }, + "datatypes.JSONType-relational_SystemInformation": { + "type": "object" + }, + "digest.EvidenceItem": { + "type": "object", + "properties": { + "description": { + "type": "string" + }, + "expiresAt": { + "description": "Formatted expiration date string (empty if no expiration)", + "type": "string" + }, + "id": { + "type": "string" + }, + "labels": { + "type": "array", + "items": { + "type": "string" + } + }, + "status": { + "type": "string" + }, + "title": { + "type": "string" + }, + "uuid": { + "type": "string" + } + } + }, + "digest.EvidenceSummary": { + "type": "object", + "properties": { + "expiredCount": { + "type": "integer", + "format": "int64" + }, + "notSatisfiedCount": { + "type": "integer", + "format": "int64" + }, + "otherCount": { + "type": "integer", + "format": "int64" + }, + "satisfiedCount": { + "type": "integer", + "format": "int64" + }, + "topExpired": { + "description": "Top items for the digest email", + "type": "array", + "items": { + "$ref": "#/definitions/digest.EvidenceItem" + } + }, + "topNotSatisfied": { + "type": "array", + "items": { + "$ref": "#/definitions/digest.EvidenceItem" + } + }, + "totalCount": { + "type": "integer", + "format": "int64" + } + } + }, + "evidence.StatusCount": { + "type": "object", + "properties": { + "count": { + "type": "integer" + }, + "status": { + "type": "string" + } + } + }, + "gorm.DeletedAt": { + "type": "object", + "properties": { + "time": { + "type": "string" + }, + "valid": { + "description": "Valid is true if Time is not NULL", + "type": "boolean" + } + } + }, + "handler.EvidenceActivity": { + "type": "object", + "properties": { + "description": { + "type": "string" + }, + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Link" + } + }, + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Property" + } + }, + "remarks": { + "type": "string" + }, + "steps": { + "type": "array", + "items": { + "$ref": "#/definitions/handler.EvidenceActivityStep" + } + }, + "title": { + "type": "string" + }, + "uuid": { + "type": "string" + } + } + }, + "handler.EvidenceActivityStep": { + "type": "object", + "properties": { + "description": { + "type": "string" + }, + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Link" + } + }, + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Property" + } + }, + "remarks": { + "type": "string" + }, + "title": { + "type": "string" + }, + "uuid": { + "type": "string" + } + } + }, + "handler.EvidenceComponent": { + "type": "object", + "properties": { + "description": { + "type": "string" + }, + "identifier": { + "description": "components/common/ssh\ncomponents/common/github-repository\ncomponents/common/github-organisation\ncomponents/common/ubuntu-22\ncomponents/internal/auth-policy", + "type": "string" + }, + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Link" + } + }, + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Property" + } + }, + "protocols": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Protocol" + } + }, + "purpose": { + "type": "string" + }, + "remarks": { + "type": "string" + }, + "title": { + "type": "string" + }, + "type": { + "description": "Software\nService", + "type": "string" + } + } + }, + "handler.EvidenceCreateRequest": { + "type": "object", + "properties": { + "activities": { + "description": "What steps did we take to create this evidence", + "type": "array", + "items": { + "$ref": "#/definitions/handler.EvidenceActivity" + } + }, + "back-matter": { + "$ref": "#/definitions/oscalTypes_1_1_3.BackMatter" + }, + "components": { + "description": "Which components of the subject are being observed. A tool, user, policy etc.", + "type": "array", + "items": { + "$ref": "#/definitions/handler.EvidenceComponent" + } + }, + "description": { + "type": "string" + }, + "end": { + "type": "string" + }, + "expires": { + "type": "string" + }, + "inventoryItems": { + "type": "array", + "items": { + "$ref": "#/definitions/handler.EvidenceInventoryItem" + } + }, + "labels": { + "description": "Assigning labels to Evidence makes it searchable and easily usable in the UI", + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Link" + } + }, + "origins": { + "description": "Who or What is generating this evidence", + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Origin" + } + }, + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Property" + } + }, + "remarks": { + "type": "string" + }, + "start": { + "description": "When did we start collecting the evidence, and when did the process end, and how long is it valid for ?", + "type": "string" + }, + "status": { + "description": "Did we satisfy what was being tested for, or did we fail ?", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.ObjectiveStatus" + } + ] + }, + "subjects": { + "description": "Who or What are we providing evidence for. What's under test.", + "type": "array", + "items": { + "$ref": "#/definitions/handler.EvidenceSubject" + } + }, + "title": { + "type": "string" + }, + "uuid": { + "description": "UUID needs to remain consistent for a piece of evidence being collected periodically.\nIt represents the \"stream\" of the same observation being made over time.\nFor the same checks, performed on the same machine, the UUID for each check should remain the same.\nFor the same check, performed on two different machines, the UUID should differ.", + "type": "string" + } + } + }, + "handler.EvidenceInventoryItem": { + "type": "object", + "properties": { + "description": { + "type": "string" + }, + "identifier": { + "description": "user/chris@linguine.tech\noperating-system/ubuntu/22.4\nweb-server/ec2/i-12345", + "type": "string" + }, + "implementedComponents": { + "type": "array", + "items": { + "type": "object", + "properties": { + "identifier": { + "type": "string" + } + } + } + }, + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Link" + } + }, + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Property" + } + }, + "remarks": { + "type": "string" + }, + "title": { + "type": "string" + }, + "type": { + "description": "\"operating-system\"\tdescription=\"System software that manages computer hardware, software resources, and provides common services for computer programs.\"\n\"database\"\t\t\tdescription=\"An electronic collection of data, or information, that is specially organized for rapid search and retrieval.\"\n\"web-server\"\t\t\tdescription=\"A system that delivers content or services to end users over the Internet or an intranet.\"\n\"dns-server\"\t\t\tdescription=\"A system that resolves domain names to internet protocol (IP) addresses.\"\n\"email-server\"\t\tdescription=\"A computer system that sends and receives electronic mail messages.\"\n\"directory-server\"\tdescription=\"A system that stores, organizes and provides access to directory information in order to unify network resources.\"\n\"pbx\"\t\t\t\tdescription=\"A private branch exchange (PBX) provides a a private telephone switchboard.\"\n\"firewall\"\t\t\tdescription=\"A network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules.\"\n\"router\"\t\t\t\tdescription=\"A physical or virtual networking device that forwards data packets between computer networks.\"\n\"switch\"\t\t\t\tdescription=\"A physical or virtual networking device that connects devices within a computer network by using packet switching to receive and forward data to the destination device.\"\n\"storage-array\"\t\tdescription=\"A consolidated, block-level data storage capability.\"\n\"appliance\"\t\t\tdescription=\"A physical or virtual machine that centralizes hardware, software, or services for a specific purpose.\"", + "type": "string" + } + } + }, + "handler.EvidenceSubject": { + "type": "object", + "properties": { + "description": { + "type": "string" + }, + "identifier": { + "type": "string" + }, + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Link" + } + }, + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Property" + } + }, + "remarks": { + "type": "string" + }, + "type": { + "description": "InventoryItem\nComponent", + "type": "string" + } + } + }, + "handler.FilterImportFileResult": { + "type": "object", + "properties": { + "count": { + "type": "integer" + }, + "filename": { + "type": "string" + }, + "message": { + "type": "string" + }, + "success": { + "type": "boolean" + } + } + }, + "handler.FilterImportResponse": { + "type": "object", + "properties": { + "failed_count": { + "type": "integer" + }, + "results": { + "type": "array", + "items": { + "$ref": "#/definitions/handler.FilterImportFileResult" + } + }, + "successful_count": { + "type": "integer" + }, + "total_dashboards": { + "type": "integer" + }, + "total_files": { + "type": "integer" + } + } + }, + "handler.FilterWithAssociations": { + "type": "object", + "properties": { + "components": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.SystemComponent" + } + }, + "controls": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Control" + } + }, + "filter": { + "$ref": "#/definitions/datatypes.JSONType-labelfilter_Filter" + }, + "id": { + "type": "string" + }, + "name": { + "type": "string" + } + } + }, + "handler.ForControl.EvidenceDataListResponse": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "type": "array", + "items": { + "$ref": "#/definitions/handler.OscalLikeEvidence" + } + }, + "metadata": { + "$ref": "#/definitions/handler.ForControl.responseMetadata" + } + } + }, + "handler.ForControl.responseMetadata": { + "type": "object", + "properties": { + "control": { + "$ref": "#/definitions/oscalTypes_1_1_3.Control" + } + } + }, + "handler.GenericDataListResponse-array_oscalTypes_1_1_3_Control": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "type": "array", + "items": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Control" + } + } + } + } + }, + "handler.GenericDataListResponse-evidence_StatusCount": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "type": "array", + "items": { + "$ref": "#/definitions/evidence.StatusCount" + } + } + } + }, + "handler.GenericDataListResponse-handler_FilterWithAssociations": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "type": "array", + "items": { + "$ref": "#/definitions/handler.FilterWithAssociations" + } + } + } + }, + "handler.GenericDataListResponse-handler_OscalLikeEvidence": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "type": "array", + "items": { + "$ref": "#/definitions/handler.OscalLikeEvidence" + } + } + } + }, + "handler.GenericDataListResponse-handler_OverTime_HeartbeatInterval": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "type": "array", + "items": { + "$ref": "#/definitions/handler.OverTime.HeartbeatInterval" + } + } + } + }, + "handler.GenericDataListResponse-handler_StatusInterval": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "type": "array", + "items": { + "$ref": "#/definitions/handler.StatusInterval" + } + } + } + }, + "handler.GenericDataListResponse-handler_milestoneResponse": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "type": "array", + "items": { + "$ref": "#/definitions/handler.milestoneResponse" + } + } + } + }, + "handler.GenericDataListResponse-handler_poamItemResponse": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "type": "array", + "items": { + "$ref": "#/definitions/handler.poamItemResponse" + } + } + } + }, + "handler.GenericDataListResponse-oscalTypes_1_1_3_AssessmentPlan": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentPlan" + } + } + } + }, + "handler.GenericDataListResponse-oscalTypes_1_1_3_AssessmentResults": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentResults" + } + } + } + }, + "handler.GenericDataListResponse-oscalTypes_1_1_3_AssociatedActivity": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.AssociatedActivity" + } + } + } + }, + "handler.GenericDataListResponse-oscalTypes_1_1_3_AttestationStatements": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.AttestationStatements" + } + } + } + }, + "handler.GenericDataListResponse-oscalTypes_1_1_3_Capability": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Capability" + } + } + } + }, + "handler.GenericDataListResponse-oscalTypes_1_1_3_Catalog": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Catalog" + } + } + } + }, + "handler.GenericDataListResponse-oscalTypes_1_1_3_ComponentDefinition": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.ComponentDefinition" + } + } + } + }, + "handler.GenericDataListResponse-oscalTypes_1_1_3_Control": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Control" + } + } + } + }, + "handler.GenericDataListResponse-oscalTypes_1_1_3_ControlImplementationSet": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.ControlImplementationSet" + } + } + } + }, + "handler.GenericDataListResponse-oscalTypes_1_1_3_ControlStatementImplementation": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.ControlStatementImplementation" + } + } + } + }, + "handler.GenericDataListResponse-oscalTypes_1_1_3_DefinedComponent": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.DefinedComponent" + } + } + } + }, + "handler.GenericDataListResponse-oscalTypes_1_1_3_Finding": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Finding" + } + } + } + }, + "handler.GenericDataListResponse-oscalTypes_1_1_3_Group": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Group" + } + } + } + }, + "handler.GenericDataListResponse-oscalTypes_1_1_3_ImplementedRequirement": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.ImplementedRequirement" + } + } + } + }, + "handler.GenericDataListResponse-oscalTypes_1_1_3_ImplementedRequirementControlImplementation": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.ImplementedRequirementControlImplementation" + } + } + } + }, + "handler.GenericDataListResponse-oscalTypes_1_1_3_Import": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Import" + } + } + } + }, + "handler.GenericDataListResponse-oscalTypes_1_1_3_ImportComponentDefinition": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.ImportComponentDefinition" + } + } + } + }, + "handler.GenericDataListResponse-oscalTypes_1_1_3_IncorporatesComponent": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.IncorporatesComponent" + } + } + } + }, + "handler.GenericDataListResponse-oscalTypes_1_1_3_InventoryItem": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.InventoryItem" + } + } + } + }, + "handler.GenericDataListResponse-oscalTypes_1_1_3_LeveragedAuthorization": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.LeveragedAuthorization" + } + } + } + }, + "handler.GenericDataListResponse-oscalTypes_1_1_3_Observation": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Observation" + } + } + } + }, + "handler.GenericDataListResponse-oscalTypes_1_1_3_Party": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Party" + } + } + } + }, + "handler.GenericDataListResponse-oscalTypes_1_1_3_PlanOfActionAndMilestones": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.PlanOfActionAndMilestones" + } + } + } + }, + "handler.GenericDataListResponse-oscalTypes_1_1_3_PoamItem": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.PoamItem" + } + } + } + }, + "handler.GenericDataListResponse-oscalTypes_1_1_3_Resource": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Resource" + } + } + } + }, + "handler.GenericDataListResponse-oscalTypes_1_1_3_Result": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Result" + } + } + } + }, + "handler.GenericDataListResponse-oscalTypes_1_1_3_Risk": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Risk" + } + } + } + }, + "handler.GenericDataListResponse-oscalTypes_1_1_3_Role": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Role" + } + } + } + }, + "handler.GenericDataListResponse-oscalTypes_1_1_3_SystemComponent": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.SystemComponent" + } + } + } + }, + "handler.GenericDataListResponse-oscalTypes_1_1_3_SystemSecurityPlan": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.SystemSecurityPlan" + } + } + } + }, + "handler.GenericDataListResponse-oscalTypes_1_1_3_SystemUser": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.SystemUser" + } + } + } + }, + "handler.GenericDataListResponse-oscal_InventoryItemWithSource": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "type": "array", + "items": { + "$ref": "#/definitions/oscal.InventoryItemWithSource" + } + } + } + }, + "handler.GenericDataListResponse-oscal_ProfileHandler": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "type": "array", + "items": { + "$ref": "#/definitions/oscal.ProfileHandler" + } + } + } + }, + "handler.GenericDataListResponse-poam_PoamItemControlLink": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "type": "array", + "items": { + "$ref": "#/definitions/poam.PoamItemControlLink" + } + } + } + }, + "handler.GenericDataListResponse-poam_PoamItemEvidenceLink": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "type": "array", + "items": { + "$ref": "#/definitions/poam.PoamItemEvidenceLink" + } + } + } + }, + "handler.GenericDataListResponse-poam_PoamItemFindingLink": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "type": "array", + "items": { + "$ref": "#/definitions/poam.PoamItemFindingLink" + } + } + } + }, + "handler.GenericDataListResponse-poam_PoamItemRiskLink": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "type": "array", + "items": { + "$ref": "#/definitions/poam.PoamItemRiskLink" + } + } + } + }, + "handler.GenericDataListResponse-relational_Evidence": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "type": "array", + "items": { + "$ref": "#/definitions/relational.Evidence" + } + } + } + }, + "handler.GenericDataListResponse-relational_SystemComponentSuggestion": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "type": "array", + "items": { + "$ref": "#/definitions/relational.SystemComponentSuggestion" + } + } + } + }, + "handler.GenericDataListResponse-relational_User": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "type": "array", + "items": { + "$ref": "#/definitions/relational.User" + } + } + } + }, + "handler.GenericDataResponse-array_oscalTypes_1_1_3_AssessmentAssets": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentAssets" + } + } + } + }, + "handler.GenericDataResponse-array_oscalTypes_1_1_3_AssessmentSubject": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentSubject" + } + } + } + }, + "handler.GenericDataResponse-array_oscalTypes_1_1_3_Task": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Task" + } + } + } + }, + "handler.GenericDataResponse-auth_AuthHandler": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/auth.AuthHandler" + } + ] + } + } + }, + "handler.GenericDataResponse-digest_EvidenceSummary": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/digest.EvidenceSummary" + } + ] + } + } + }, + "handler.GenericDataResponse-handler_FilterImportResponse": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/handler.FilterImportResponse" + } + ] + } + } + }, + "handler.GenericDataResponse-handler_FilterWithAssociations": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/handler.FilterWithAssociations" + } + ] + } + } + }, + "handler.GenericDataResponse-handler_OscalLikeEvidence": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/handler.OscalLikeEvidence" + } + ] + } + } + }, + "handler.GenericDataResponse-handler_SubscriptionsResponse": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/handler.SubscriptionsResponse" + } + ] + } + } + }, + "handler.GenericDataResponse-handler_milestoneResponse": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/handler.milestoneResponse" + } + ] + } + } + }, + "handler.GenericDataResponse-handler_poamItemResponse": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/handler.poamItemResponse" + } + ] + } + } + }, + "handler.GenericDataResponse-handler_riskResponse": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/handler.riskResponse" + } + ] + } + } + }, + "handler.GenericDataResponse-oscalTypes_1_1_3_Activity": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.Activity" + } + ] + } + } + }, + "handler.GenericDataResponse-oscalTypes_1_1_3_AssessmentAssets": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentAssets" + } + ] + } + } + }, + "handler.GenericDataResponse-oscalTypes_1_1_3_AssessmentPlan": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentPlan" + } + ] + } + } + }, + "handler.GenericDataResponse-oscalTypes_1_1_3_AssessmentPlanTermsAndConditions": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentPlanTermsAndConditions" + } + ] + } + } + }, + "handler.GenericDataResponse-oscalTypes_1_1_3_AssessmentResults": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentResults" + } + ] + } + } + }, + "handler.GenericDataResponse-oscalTypes_1_1_3_AssessmentSubject": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentSubject" + } + ] + } + } + }, + "handler.GenericDataResponse-oscalTypes_1_1_3_AttestationStatements": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.AttestationStatements" + } + ] + } + } + }, + "handler.GenericDataResponse-oscalTypes_1_1_3_AuthorizationBoundary": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.AuthorizationBoundary" + } + ] + } + } + }, + "handler.GenericDataResponse-oscalTypes_1_1_3_BackMatter": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.BackMatter" + } + ] + } + } + }, + "handler.GenericDataResponse-oscalTypes_1_1_3_ByComponent": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.ByComponent" + } + ] + } + } + }, + "handler.GenericDataResponse-oscalTypes_1_1_3_Capability": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.Capability" + } + ] + } + } + }, + "handler.GenericDataResponse-oscalTypes_1_1_3_Catalog": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.Catalog" + } + ] + } + } + }, + "handler.GenericDataResponse-oscalTypes_1_1_3_ComponentDefinition": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.ComponentDefinition" + } + ] + } + } + }, + "handler.GenericDataResponse-oscalTypes_1_1_3_Control": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.Control" + } + ] + } + } + }, + "handler.GenericDataResponse-oscalTypes_1_1_3_ControlImplementation": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.ControlImplementation" + } + ] + } + } + }, + "handler.GenericDataResponse-oscalTypes_1_1_3_ControlImplementationSet": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.ControlImplementationSet" + } + ] + } + } + }, + "handler.GenericDataResponse-oscalTypes_1_1_3_DataFlow": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.DataFlow" + } + ] + } + } + }, + "handler.GenericDataResponse-oscalTypes_1_1_3_DefinedComponent": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.DefinedComponent" + } + ] + } + } + }, + "handler.GenericDataResponse-oscalTypes_1_1_3_Diagram": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.Diagram" + } + ] + } + } + }, + "handler.GenericDataResponse-oscalTypes_1_1_3_Finding": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.Finding" + } + ] + } + } + }, + "handler.GenericDataResponse-oscalTypes_1_1_3_Group": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.Group" + } + ] + } + } + }, + "handler.GenericDataResponse-oscalTypes_1_1_3_ImplementedRequirement": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.ImplementedRequirement" + } + ] + } + } + }, + "handler.GenericDataResponse-oscalTypes_1_1_3_Import": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.Import" + } + ] + } + } + }, + "handler.GenericDataResponse-oscalTypes_1_1_3_ImportAp": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.ImportAp" + } + ] + } + } + }, + "handler.GenericDataResponse-oscalTypes_1_1_3_ImportProfile": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.ImportProfile" + } + ] + } + } + }, + "handler.GenericDataResponse-oscalTypes_1_1_3_ImportSsp": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.ImportSsp" + } + ] + } + } + }, + "handler.GenericDataResponse-oscalTypes_1_1_3_InventoryItem": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.InventoryItem" + } + ] + } + } + }, + "handler.GenericDataResponse-oscalTypes_1_1_3_LeveragedAuthorization": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.LeveragedAuthorization" + } + ] + } + } + }, + "handler.GenericDataResponse-oscalTypes_1_1_3_LocalDefinitions": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.LocalDefinitions" + } + ] + } + } + }, + "handler.GenericDataResponse-oscalTypes_1_1_3_Merge": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.Merge" + } + ] + } + } + }, + "handler.GenericDataResponse-oscalTypes_1_1_3_Metadata": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.Metadata" + } + ] + } + } + }, + "handler.GenericDataResponse-oscalTypes_1_1_3_Modify": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.Modify" + } + ] + } + } + }, + "handler.GenericDataResponse-oscalTypes_1_1_3_NetworkArchitecture": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.NetworkArchitecture" + } + ] + } + } + }, + "handler.GenericDataResponse-oscalTypes_1_1_3_Observation": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.Observation" + } + ] + } + } + }, + "handler.GenericDataResponse-oscalTypes_1_1_3_Party": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.Party" + } + ] + } + } + }, + "handler.GenericDataResponse-oscalTypes_1_1_3_PlanOfActionAndMilestones": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.PlanOfActionAndMilestones" + } + ] + } + } + }, + "handler.GenericDataResponse-oscalTypes_1_1_3_PlanOfActionAndMilestonesLocalDefinitions": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.PlanOfActionAndMilestonesLocalDefinitions" + } + ] + } + } + }, + "handler.GenericDataResponse-oscalTypes_1_1_3_PoamItem": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.PoamItem" + } + ] + } + } + }, + "handler.GenericDataResponse-oscalTypes_1_1_3_Profile": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.Profile" + } + ] + } + } + }, + "handler.GenericDataResponse-oscalTypes_1_1_3_Resource": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.Resource" + } + ] + } + } + }, + "handler.GenericDataResponse-oscalTypes_1_1_3_Result": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.Result" + } + ] + } + } + }, + "handler.GenericDataResponse-oscalTypes_1_1_3_Risk": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.Risk" + } + ] + } + } + }, + "handler.GenericDataResponse-oscalTypes_1_1_3_Role": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.Role" + } + ] + } + } + }, + "handler.GenericDataResponse-oscalTypes_1_1_3_Statement": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.Statement" + } + ] + } + } + }, + "handler.GenericDataResponse-oscalTypes_1_1_3_SystemCharacteristics": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.SystemCharacteristics" + } + ] + } + } + }, + "handler.GenericDataResponse-oscalTypes_1_1_3_SystemComponent": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.SystemComponent" + } + ] + } + } + }, + "handler.GenericDataResponse-oscalTypes_1_1_3_SystemId": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.SystemId" + } + ] + } + } + }, + "handler.GenericDataResponse-oscalTypes_1_1_3_SystemImplementation": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.SystemImplementation" + } + ] + } + } + }, + "handler.GenericDataResponse-oscalTypes_1_1_3_SystemSecurityPlan": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.SystemSecurityPlan" + } + ] + } + } + }, + "handler.GenericDataResponse-oscalTypes_1_1_3_SystemUser": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.SystemUser" + } + ] + } + } + }, + "handler.GenericDataResponse-oscalTypes_1_1_3_Task": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscalTypes_1_1_3.Task" + } + ] + } + } + }, + "handler.GenericDataResponse-oscal_BuildByPropsResponse": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscal.BuildByPropsResponse" + } + ] + } + } + }, + "handler.GenericDataResponse-oscal_ImportResponse": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscal.ImportResponse" + } + ] + } + } + }, + "handler.GenericDataResponse-oscal_InventoryItemWithSource": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscal.InventoryItemWithSource" + } + ] + } + } }, - "datatypes.JSONType-relational_Base64": { - "type": "object" + "handler.GenericDataResponse-oscal_ProfileComplianceProgress": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscal.ProfileComplianceProgress" + } + ] + } + } }, - "datatypes.JSONType-relational_Citation": { - "type": "object" + "handler.GenericDataResponse-oscal_ProfileHandler": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/oscal.ProfileHandler" + } + ] + } + } }, - "datatypes.JSONType-relational_ImplementationStatus": { - "type": "object" + "handler.GenericDataResponse-poam_PoamItemControlLink": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/poam.PoamItemControlLink" + } + ] + } + } }, - "datatypes.JSONType-relational_IncludeAll": { - "type": "object" + "handler.GenericDataResponse-poam_PoamItemEvidenceLink": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/poam.PoamItemEvidenceLink" + } + ] + } + } }, - "datatypes.JSONType-relational_ParameterSelection": { - "type": "object" + "handler.GenericDataResponse-poam_PoamItemFindingLink": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/poam.PoamItemFindingLink" + } + ] + } + } }, - "datatypes.JSONType-relational_SystemComponentStatus": { - "type": "object" + "handler.GenericDataResponse-poam_PoamItemRiskLink": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/poam.PoamItemRiskLink" + } + ] + } + } }, - "digest.EvidenceItem": { + "handler.GenericDataResponse-relational_Evidence": { "type": "object", "properties": { - "description": { - "type": "string" - }, - "expiresAt": { - "description": "Formatted expiration date string (empty if no expiration)", - "type": "string" - }, - "id": { - "type": "string" - }, - "labels": { - "type": "array", - "items": { - "type": "string" - } - }, - "status": { - "type": "string" - }, - "title": { - "type": "string" - }, - "uuid": { - "type": "string" + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/relational.Evidence" + } + ] } } }, - "digest.EvidenceSummary": { + "handler.GenericDataResponse-relational_Filter": { "type": "object", "properties": { - "expiredCount": { - "type": "integer", - "format": "int64" - }, - "notSatisfiedCount": { - "type": "integer", - "format": "int64" - }, - "otherCount": { - "type": "integer", - "format": "int64" - }, - "satisfiedCount": { - "type": "integer", - "format": "int64" - }, - "topExpired": { - "description": "Top items for the digest email", - "type": "array", - "items": { - "$ref": "#/definitions/digest.EvidenceItem" - } - }, - "topNotSatisfied": { - "type": "array", - "items": { - "$ref": "#/definitions/digest.EvidenceItem" - } - }, - "totalCount": { - "type": "integer", - "format": "int64" + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/relational.Filter" + } + ] } } }, - "gorm.DeletedAt": { + "handler.GenericDataResponse-relational_User": { "type": "object", "properties": { - "time": { - "type": "string" - }, - "valid": { - "description": "Valid is true if Time is not NULL", - "type": "boolean" + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/relational.User" + } + ] } } }, - "handler.ComplianceByControl.StatusCount": { + "handler.GenericDataResponse-risks_RiskComponentLink": { "type": "object", "properties": { - "count": { - "type": "integer" - }, - "status": { - "type": "string" + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/risks.RiskComponentLink" + } + ] } } }, - "handler.EvidenceActivity": { + "handler.GenericDataResponse-risks_RiskControlLink": { "type": "object", "properties": { - "description": { - "type": "string" - }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" - } - }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" - } - }, - "remarks": { - "type": "string" - }, - "steps": { - "type": "array", - "items": { - "$ref": "#/definitions/handler.EvidenceActivityStep" - } - }, - "title": { - "type": "string" - }, - "uuid": { - "type": "string" + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/risks.RiskControlLink" + } + ] } } }, - "handler.EvidenceActivityStep": { + "handler.GenericDataResponse-risks_RiskEvidenceLink": { "type": "object", "properties": { - "description": { - "type": "string" - }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" - } - }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" - } - }, - "remarks": { - "type": "string" - }, - "title": { - "type": "string" - }, - "uuid": { - "type": "string" + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/risks.RiskEvidenceLink" + } + ] } } }, - "handler.EvidenceComponent": { + "handler.GenericDataResponse-risks_RiskSubjectLink": { "type": "object", "properties": { - "description": { - "type": "string" - }, - "identifier": { - "description": "components/common/ssh\ncomponents/common/github-repository\ncomponents/common/github-organisation\ncomponents/common/ubuntu-22\ncomponents/internal/auth-policy", - "type": "string" - }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" - } - }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" - } - }, - "protocols": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Protocol" - } - }, - "purpose": { - "type": "string" - }, - "remarks": { + "data": { + "description": "Items from the list response", + "allOf": [ + { + "$ref": "#/definitions/risks.RiskSubjectLink" + } + ] + } + } + }, + "handler.GenericDataResponse-string": { + "type": "object", + "properties": { + "data": { + "description": "Items from the list response", "type": "string" - }, - "title": { + } + } + }, + "handler.HeartbeatCreateRequest": { + "type": "object", + "required": [ + "created_at", + "uuid" + ], + "properties": { + "created_at": { "type": "string" }, - "type": { - "description": "Software\nService", + "uuid": { "type": "string" } } }, - "handler.EvidenceCreateRequest": { + "handler.OscalLikeEvidence": { "type": "object", "properties": { "activities": { - "description": "What steps did we take to create this evidence", "type": "array", "items": { - "$ref": "#/definitions/handler.EvidenceActivity" + "$ref": "#/definitions/oscalTypes_1_1_3.Activity" } }, "back-matter": { "$ref": "#/definitions/oscalTypes_1_1_3.BackMatter" }, "components": { - "description": "Which components of the subject are being observed. A tool, user, policy etc.", "type": "array", "items": { - "$ref": "#/definitions/handler.EvidenceComponent" + "$ref": "#/definitions/oscalTypes_1_1_3.SystemComponent" } }, "description": { @@ -17277,17 +25544,20 @@ "expires": { "type": "string" }, - "inventoryItems": { + "id": { + "type": "string" + }, + "inventory-items": { "type": "array", "items": { - "$ref": "#/definitions/handler.EvidenceInventoryItem" + "$ref": "#/definitions/oscalTypes_1_1_3.InventoryItem" } }, "labels": { "description": "Assigning labels to Evidence makes it searchable and easily usable in the UI", - "type": "object", - "additionalProperties": { - "type": "string" + "type": "array", + "items": { + "$ref": "#/definitions/relational.Labels" } }, "links": { @@ -17297,7 +25567,6 @@ } }, "origins": { - "description": "Who or What is generating this evidence", "type": "array", "items": { "$ref": "#/definitions/oscalTypes_1_1_3.Origin" @@ -17317,1636 +25586,2511 @@ "type": "string" }, "status": { - "description": "Did we satisfy what was being tested for, or did we fail ?", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.ObjectiveStatus" - } - ] + "$ref": "#/definitions/oscalTypes_1_1_3.ObjectiveStatus" }, "subjects": { - "description": "Who or What are we providing evidence for. What's under test.", - "type": "array", - "items": { - "$ref": "#/definitions/handler.EvidenceSubject" - } - }, - "title": { - "type": "string" - }, - "uuid": { - "description": "UUID needs to remain consistent for a piece of evidence being collected periodically.\nIt represents the \"stream\" of the same observation being made over time.\nFor the same checks, performed on the same machine, the UUID for each check should remain the same.\nFor the same check, performed on two different machines, the UUID should differ.", - "type": "string" - } - } - }, - "handler.EvidenceInventoryItem": { - "type": "object", - "properties": { - "description": { - "type": "string" - }, - "identifier": { - "description": "user/chris@linguine.tech\noperating-system/ubuntu/22.4\nweb-server/ec2/i-12345", - "type": "string" - }, - "implementedComponents": { - "type": "array", - "items": { - "type": "object", - "properties": { - "identifier": { - "type": "string" - } - } - } - }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" - } - }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" - } - }, - "remarks": { - "type": "string" - }, - "title": { - "type": "string" - }, - "type": { - "description": "\"operating-system\"\tdescription=\"System software that manages computer hardware, software resources, and provides common services for computer programs.\"\n\"database\"\t\t\tdescription=\"An electronic collection of data, or information, that is specially organized for rapid search and retrieval.\"\n\"web-server\"\t\t\tdescription=\"A system that delivers content or services to end users over the Internet or an intranet.\"\n\"dns-server\"\t\t\tdescription=\"A system that resolves domain names to internet protocol (IP) addresses.\"\n\"email-server\"\t\tdescription=\"A computer system that sends and receives electronic mail messages.\"\n\"directory-server\"\tdescription=\"A system that stores, organizes and provides access to directory information in order to unify network resources.\"\n\"pbx\"\t\t\t\tdescription=\"A private branch exchange (PBX) provides a a private telephone switchboard.\"\n\"firewall\"\t\t\tdescription=\"A network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules.\"\n\"router\"\t\t\t\tdescription=\"A physical or virtual networking device that forwards data packets between computer networks.\"\n\"switch\"\t\t\t\tdescription=\"A physical or virtual networking device that connects devices within a computer network by using packet switching to receive and forward data to the destination device.\"\n\"storage-array\"\t\tdescription=\"A consolidated, block-level data storage capability.\"\n\"appliance\"\t\t\tdescription=\"A physical or virtual machine that centralizes hardware, software, or services for a specific purpose.\"", - "type": "string" - } - } - }, - "handler.EvidenceSubject": { - "type": "object", - "properties": { - "description": { - "type": "string" - }, - "identifier": { - "type": "string" - }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" - } - }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" - } - }, - "remarks": { - "type": "string" - }, - "type": { - "description": "InventoryItem\nComponent", - "type": "string" - } - } - }, - "handler.FilterImportFileResult": { - "type": "object", - "properties": { - "count": { - "type": "integer" - }, - "filename": { - "type": "string" - }, - "message": { - "type": "string" - }, - "success": { - "type": "boolean" - } - } - }, - "handler.FilterImportResponse": { - "type": "object", - "properties": { - "failed_count": { - "type": "integer" - }, - "results": { - "type": "array", - "items": { - "$ref": "#/definitions/handler.FilterImportFileResult" - } - }, - "successful_count": { - "type": "integer" - }, - "total_dashboards": { - "type": "integer" - }, - "total_files": { - "type": "integer" - } - } - }, - "handler.FilterWithAssociations": { - "type": "object", - "properties": { - "components": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.SystemComponent" - } - }, - "controls": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Control" - } - }, - "filter": { - "$ref": "#/definitions/datatypes.JSONType-labelfilter_Filter" - }, - "id": { - "type": "string" - }, - "name": { - "type": "string" - } - } - }, - "handler.ForControl.EvidenceDataListResponse": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", "type": "array", "items": { - "$ref": "#/definitions/handler.OscalLikeEvidence" + "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentSubject" } }, - "metadata": { - "$ref": "#/definitions/handler.ForControl.responseMetadata" + "title": { + "type": "string" + }, + "uuid": { + "description": "UUID needs to remain consistent when automation runs again, but unique for each subject.\nIt represents the \"stream\" of the same observation being made over time.", + "type": "string" } } }, - "handler.ForControl.responseMetadata": { + "handler.OverTime.HeartbeatInterval": { "type": "object", "properties": { - "control": { - "$ref": "#/definitions/oscalTypes_1_1_3.Control" + "interval": { + "type": "string" + }, + "total": { + "type": "integer" } } }, - "handler.GenericDataListResponse-array_oscalTypes_1_1_3_Control": { + "handler.StatusInterval": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", + "interval": { + "type": "string" + }, + "statuses": { "type": "array", "items": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Control" - } + "$ref": "#/definitions/evidence.StatusCount" } } } }, - "handler.GenericDataListResponse-handler_ComplianceByControl_StatusCount": { + "handler.SubscriptionsResponse": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "type": "array", - "items": { - "$ref": "#/definitions/handler.ComplianceByControl.StatusCount" - } + "subscribed": { + "type": "boolean" + }, + "taskAvailableEmailSubscribed": { + "type": "boolean" + }, + "taskDailyDigestSubscribed": { + "type": "boolean" } } }, - "handler.GenericDataListResponse-handler_FilterWithAssociations": { + "handler.UpdateSubscriptionsRequest": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "type": "array", - "items": { - "$ref": "#/definitions/handler.FilterWithAssociations" - } + "subscribed": { + "type": "boolean" + }, + "taskAvailableEmailSubscribed": { + "type": "boolean" + }, + "taskDailyDigestSubscribed": { + "type": "boolean" } } }, - "handler.GenericDataListResponse-handler_OscalLikeEvidence": { + "handler.UserHandler": { + "type": "object" + }, + "handler.acceptRiskRequest": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "type": "array", - "items": { - "$ref": "#/definitions/handler.OscalLikeEvidence" - } + "justification": { + "type": "string" + }, + "reviewDeadline": { + "type": "string" } } }, - "handler.GenericDataListResponse-handler_OverTime_HeartbeatInterval": { + "handler.addComponentLinkRequest": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "type": "array", - "items": { - "$ref": "#/definitions/handler.OverTime.HeartbeatInterval" - } + "componentId": { + "type": "string" } } }, - "handler.GenericDataListResponse-handler_StatusInterval": { + "handler.addControlLinkRequest": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "type": "array", - "items": { - "$ref": "#/definitions/handler.StatusInterval" - } + "catalogId": { + "type": "string" + }, + "controlId": { + "type": "string" } } }, - "handler.GenericDataListResponse-oscalTypes_1_1_3_AssessmentPlan": { + "handler.addEvidenceLinkRequest": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentPlan" - } + "evidenceId": { + "type": "string" } } }, - "handler.GenericDataListResponse-oscalTypes_1_1_3_AssessmentResults": { + "handler.addLinkRequest": { "type": "object", + "required": [ + "id" + ], "properties": { - "data": { - "description": "Items from the list response", - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentResults" - } + "id": { + "type": "string" } } }, - "handler.GenericDataListResponse-oscalTypes_1_1_3_AssociatedActivity": { + "handler.addSubjectLinkRequest": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.AssociatedActivity" - } + "subjectId": { + "type": "string" } } }, - "handler.GenericDataListResponse-oscalTypes_1_1_3_AttestationStatements": { + "handler.controlLinkResponse": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.AttestationStatements" - } + "catalogId": { + "type": "string" + }, + "controlId": { + "type": "string" + }, + "createdAt": { + "type": "string" + }, + "poamItemId": { + "type": "string" } } }, - "handler.GenericDataListResponse-oscalTypes_1_1_3_Capability": { + "handler.createFilterRequest": { "type": "object", + "required": [ + "filter", + "name" + ], "properties": { - "data": { - "description": "Items from the list response", + "components": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Capability" + "type": "string" } - } - } - }, - "handler.GenericDataListResponse-oscalTypes_1_1_3_Catalog": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", + }, + "controls": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Catalog" + "type": "string" } + }, + "filter": { + "$ref": "#/definitions/labelfilter.Filter" + }, + "name": { + "type": "string" } } }, - "handler.GenericDataListResponse-oscalTypes_1_1_3_ComponentDefinition": { + "handler.createMilestoneRequest": { "type": "object", + "required": [ + "title" + ], "properties": { - "data": { - "description": "Items from the list response", - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ComponentDefinition" - } + "description": { + "type": "string" + }, + "orderIndex": { + "type": "integer" + }, + "scheduledCompletionDate": { + "type": "string" + }, + "status": { + "type": "string" + }, + "title": { + "type": "string" } } }, - "handler.GenericDataListResponse-oscalTypes_1_1_3_Control": { + "handler.createPoamItemRequest": { "type": "object", + "required": [ + "sspId", + "title" + ], "properties": { - "data": { - "description": "Items from the list response", + "acceptanceRationale": { + "type": "string" + }, + "controlRefs": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Control" + "$ref": "#/definitions/handler.poamControlRefRequest" } - } - } - }, - "handler.GenericDataListResponse-oscalTypes_1_1_3_ControlImplementationSet": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", + }, + "createdFromRiskId": { + "type": "string" + }, + "description": { + "type": "string" + }, + "evidenceIds": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ControlImplementationSet" + "type": "string" } - } - } - }, - "handler.GenericDataListResponse-oscalTypes_1_1_3_ControlStatementImplementation": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", + }, + "findingIds": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ControlStatementImplementation" + "type": "string" } - } - } - }, - "handler.GenericDataListResponse-oscalTypes_1_1_3_DefinedComponent": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", + }, + "milestones": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.DefinedComponent" + "$ref": "#/definitions/handler.createMilestoneRequest" + } + }, + "plannedCompletionDate": { + "type": "string" + }, + "primaryOwnerUserId": { + "type": "string" + }, + "riskIds": { + "type": "array", + "items": { + "type": "string" } + }, + "sourceType": { + "type": "string" + }, + "sspId": { + "type": "string" + }, + "status": { + "type": "string" + }, + "title": { + "type": "string" } } }, - "handler.GenericDataListResponse-oscalTypes_1_1_3_Finding": { + "handler.createRiskRequest": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", + "acceptanceJustification": { + "type": "string" + }, + "description": { + "type": "string" + }, + "impact": { + "type": "string" + }, + "lastReviewedAt": { + "type": "string" + }, + "likelihood": { + "type": "string" + }, + "ownerAssignments": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Finding" + "$ref": "#/definitions/handler.riskOwnerAssignmentRequest" } + }, + "primaryOwnerUserId": { + "type": "string" + }, + "reviewDeadline": { + "type": "string" + }, + "riskTemplateId": { + "type": "string" + }, + "sspId": { + "type": "string" + }, + "status": { + "type": "string" + }, + "title": { + "type": "string" } } }, - "handler.GenericDataListResponse-oscalTypes_1_1_3_Group": { + "handler.evidenceLinkResponse": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Group" - } + "createdAt": { + "type": "string" + }, + "evidenceId": { + "type": "string" + }, + "poamItemId": { + "type": "string" } } }, - "handler.GenericDataListResponse-oscalTypes_1_1_3_ImplementedRequirement": { + "handler.findingLinkResponse": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ImplementedRequirement" - } + "createdAt": { + "type": "string" + }, + "findingId": { + "type": "string" + }, + "poamItemId": { + "type": "string" } } }, - "handler.GenericDataListResponse-oscalTypes_1_1_3_ImplementedRequirementControlImplementation": { + "handler.milestoneResponse": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ImplementedRequirementControlImplementation" - } + "completionDate": { + "type": "string" + }, + "createdAt": { + "type": "string" + }, + "description": { + "type": "string" + }, + "id": { + "type": "string" + }, + "orderIndex": { + "type": "integer" + }, + "poamItemId": { + "type": "string" + }, + "scheduledCompletionDate": { + "type": "string" + }, + "status": { + "type": "string" + }, + "title": { + "type": "string" + }, + "updatedAt": { + "type": "string" } } }, - "handler.GenericDataListResponse-oscalTypes_1_1_3_Import": { + "handler.poamControlRefRequest": { "type": "object", + "required": [ + "catalogId", + "controlId" + ], "properties": { - "data": { - "description": "Items from the list response", - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Import" - } + "catalogId": { + "type": "string" + }, + "controlId": { + "type": "string" } } }, - "handler.GenericDataListResponse-oscalTypes_1_1_3_ImportComponentDefinition": { + "handler.poamItemResponse": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", + "acceptanceRationale": { + "type": "string" + }, + "completedAt": { + "type": "string" + }, + "controlLinks": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ImportComponentDefinition" + "$ref": "#/definitions/handler.controlLinkResponse" } - } - } - }, - "handler.GenericDataListResponse-oscalTypes_1_1_3_IncorporatesComponent": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", + }, + "createdAt": { + "type": "string" + }, + "createdFromRiskId": { + "type": "string" + }, + "description": { + "type": "string" + }, + "evidenceLinks": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.IncorporatesComponent" + "$ref": "#/definitions/handler.evidenceLinkResponse" } - } - } - }, - "handler.GenericDataListResponse-oscalTypes_1_1_3_InventoryItem": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", + }, + "findingLinks": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.InventoryItem" + "$ref": "#/definitions/handler.findingLinkResponse" } - } - } - }, - "handler.GenericDataListResponse-oscalTypes_1_1_3_LeveragedAuthorization": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", + }, + "id": { + "type": "string" + }, + "lastStatusChangeAt": { + "type": "string" + }, + "milestones": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.LeveragedAuthorization" + "$ref": "#/definitions/handler.milestoneResponse" } - } - } - }, - "handler.GenericDataListResponse-oscalTypes_1_1_3_Observation": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", + }, + "plannedCompletionDate": { + "type": "string" + }, + "primaryOwnerUserId": { + "type": "string" + }, + "riskLinks": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Observation" + "$ref": "#/definitions/handler.riskLinkResponse" } + }, + "sourceType": { + "type": "string" + }, + "sspId": { + "type": "string" + }, + "status": { + "type": "string" + }, + "title": { + "type": "string" + }, + "updatedAt": { + "type": "string" } } }, - "handler.GenericDataListResponse-oscalTypes_1_1_3_Party": { + "handler.reviewRiskRequest": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Party" - } + "decision": { + "type": "string" + }, + "nextReviewDeadline": { + "type": "string" + }, + "notes": { + "type": "string" + }, + "reviewedAt": { + "type": "string" } } }, - "handler.GenericDataListResponse-oscalTypes_1_1_3_PlanOfActionAndMilestones": { + "handler.riskControlLinkResponse": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.PlanOfActionAndMilestones" - } + "catalogId": { + "type": "string" + }, + "controlId": { + "type": "string" } } }, - "handler.GenericDataListResponse-oscalTypes_1_1_3_PoamItem": { + "handler.riskLinkResponse": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.PoamItem" - } + "createdAt": { + "type": "string" + }, + "poamItemId": { + "type": "string" + }, + "riskId": { + "type": "string" } } }, - "handler.GenericDataListResponse-oscalTypes_1_1_3_Resource": { + "handler.riskOwnerAssignmentRequest": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Resource" - } + "isPrimary": { + "type": "boolean" + }, + "ownerKind": { + "type": "string" + }, + "ownerRef": { + "type": "string" } } }, - "handler.GenericDataListResponse-oscalTypes_1_1_3_Result": { + "handler.riskOwnerAssignmentResponse": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Result" - } + "isPrimary": { + "type": "boolean" + }, + "ownerKind": { + "type": "string" + }, + "ownerRef": { + "type": "string" } } }, - "handler.GenericDataListResponse-oscalTypes_1_1_3_Risk": { + "handler.riskResponse": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", + "acceptanceJustification": { + "type": "string" + }, + "componentIds": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Risk" + "type": "string" } - } - } - }, - "handler.GenericDataListResponse-oscalTypes_1_1_3_Role": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", + }, + "controlLinks": { + "type": "array", + "items": { + "$ref": "#/definitions/handler.riskControlLinkResponse" + } + }, + "createdAt": { + "type": "string" + }, + "dedupeKey": { + "type": "string" + }, + "description": { + "type": "string" + }, + "evidenceIds": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Role" + "type": "string" } - } - } - }, - "handler.GenericDataListResponse-oscalTypes_1_1_3_SystemComponent": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", + }, + "firstSeenAt": { + "type": "string" + }, + "id": { + "type": "string" + }, + "impact": { + "type": "string" + }, + "lastReviewedAt": { + "type": "string" + }, + "lastSeenAt": { + "type": "string" + }, + "likelihood": { + "type": "string" + }, + "ownerAssignments": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.SystemComponent" + "$ref": "#/definitions/handler.riskOwnerAssignmentResponse" } - } - } - }, - "handler.GenericDataListResponse-oscalTypes_1_1_3_SystemSecurityPlan": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", + }, + "primaryOwnerUserId": { + "type": "string" + }, + "reviewDeadline": { + "type": "string" + }, + "riskTemplateId": { + "type": "string" + }, + "sourceType": { + "type": "string" + }, + "sspId": { + "type": "string" + }, + "status": { + "type": "string" + }, + "subjectIds": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.SystemSecurityPlan" + "type": "string" } + }, + "title": { + "type": "string" + }, + "updatedAt": { + "type": "string" } } }, - "handler.GenericDataListResponse-oscalTypes_1_1_3_SystemUser": { + "handler.updateMilestoneRequest": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.SystemUser" - } + "description": { + "type": "string" + }, + "orderIndex": { + "type": "integer" + }, + "scheduledCompletionDate": { + "type": "string" + }, + "status": { + "type": "string" + }, + "title": { + "type": "string" } } }, - "handler.GenericDataListResponse-oscal_InventoryItemWithSource": { + "handler.updatePoamItemRequest": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", + "acceptanceRationale": { + "type": "string" + }, + "addControlRefs": { "type": "array", "items": { - "$ref": "#/definitions/oscal.InventoryItemWithSource" + "$ref": "#/definitions/handler.poamControlRefRequest" } - } - } - }, - "handler.GenericDataListResponse-oscal_ProfileHandler": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", + }, + "addEvidenceIds": { "type": "array", "items": { - "$ref": "#/definitions/oscal.ProfileHandler" + "type": "string" } - } - } - }, - "handler.GenericDataListResponse-relational_CcfPoamItem": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", + }, + "addFindingIds": { "type": "array", "items": { - "$ref": "#/definitions/relational.CcfPoamItem" + "type": "string" } - } - } - }, - "handler.GenericDataListResponse-relational_CcfPoamItemMilestone": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", + }, + "addRiskIds": { + "description": "Link management — add/remove in the same call as scalar updates.", "type": "array", "items": { - "$ref": "#/definitions/relational.CcfPoamItemMilestone" + "type": "string" } - } - } - }, - "handler.GenericDataListResponse-relational_Evidence": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", + }, + "description": { + "type": "string" + }, + "plannedCompletionDate": { + "type": "string" + }, + "primaryOwnerUserId": { + "type": "string" + }, + "removeControlRefs": { "type": "array", "items": { - "$ref": "#/definitions/relational.Evidence" + "$ref": "#/definitions/handler.poamControlRefRequest" } - } - } - }, - "handler.GenericDataListResponse-relational_User": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", + }, + "removeEvidenceIds": { "type": "array", "items": { - "$ref": "#/definitions/relational.User" + "type": "string" } - } - } - }, - "handler.GenericDataResponse-array_oscalTypes_1_1_3_AssessmentAssets": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", + }, + "removeFindingIds": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentAssets" + "type": "string" } - } - } - }, - "handler.GenericDataResponse-array_oscalTypes_1_1_3_AssessmentSubject": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", + }, + "removeRiskIds": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentSubject" + "type": "string" } + }, + "status": { + "type": "string" + }, + "title": { + "type": "string" } } }, - "handler.GenericDataResponse-array_oscalTypes_1_1_3_Task": { + "handler.updateRiskRequest": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", + "acceptanceJustification": { + "type": "string" + }, + "description": { + "type": "string" + }, + "impact": { + "type": "string" + }, + "lastReviewedAt": { + "type": "string" + }, + "likelihood": { + "type": "string" + }, + "ownerAssignments": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Task" + "$ref": "#/definitions/handler.riskOwnerAssignmentRequest" } + }, + "primaryOwnerUserId": { + "type": "string" + }, + "reviewDeadline": { + "type": "string" + }, + "reviewJustification": { + "type": "string" + }, + "riskTemplateId": { + "type": "string" + }, + "status": { + "type": "string" + }, + "title": { + "type": "string" } } }, - "handler.GenericDataResponse-auth_AuthHandler": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/auth.AuthHandler" - } - ] - } - } - }, - "handler.GenericDataResponse-digest_EvidenceSummary": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/digest.EvidenceSummary" - } - ] - } - } - }, - "handler.GenericDataResponse-handler_FilterImportResponse": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/handler.FilterImportResponse" - } - ] - } - } - }, - "handler.GenericDataResponse-handler_FilterWithAssociations": { + "labelfilter.Condition": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/handler.FilterWithAssociations" - } - ] + "label": { + "description": "Label name (e.g., \"type\", \"group\", \"app\").", + "type": "string" + }, + "operator": { + "description": "Operator (e.g., \"=\", \"!=\", etc.).", + "type": "string" + }, + "value": { + "description": "Value for the condition (e.g., \"ssh\", \"prod\").", + "type": "string" } } }, - "handler.GenericDataResponse-handler_OscalLikeEvidence": { + "labelfilter.Filter": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/handler.OscalLikeEvidence" - } - ] + "scope": { + "$ref": "#/definitions/labelfilter.Scope" } } }, - "handler.GenericDataResponse-handler_PoamItemWithLinksResponse": { + "labelfilter.Query": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/handler.PoamItemWithLinksResponse" - } - ] + "operator": { + "description": "Logical operator (e.g., \"AND\", \"OR\").", + "type": "string" + }, + "scopes": { + "description": "Scopes can be either `Condition` or nested `Query`.", + "type": "array", + "items": { + "$ref": "#/definitions/labelfilter.Scope" + } } } }, - "handler.GenericDataResponse-handler_UserHandler": { + "labelfilter.Scope": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/handler.UserHandler" - } - ] + "condition": { + "$ref": "#/definitions/labelfilter.Condition" + }, + "query": { + "$ref": "#/definitions/labelfilter.Query" } } }, - "handler.GenericDataResponse-oscalTypes_1_1_3_Activity": { + "oscal.BuildByPropsRequest": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.Activity" - } - ] + "catalogId": { + "type": "string" + }, + "matchStrategy": { + "description": "all | any", + "type": "string" + }, + "rules": { + "type": "array", + "items": { + "$ref": "#/definitions/oscal.rule" + } + }, + "title": { + "type": "string" + }, + "version": { + "type": "string" } } }, - "handler.GenericDataResponse-oscalTypes_1_1_3_AssessmentAssets": { + "oscal.BuildByPropsResponse": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentAssets" - } - ] + "controlIds": { + "type": "array", + "items": { + "type": "string" + } + }, + "profile": { + "$ref": "#/definitions/oscalTypes_1_1_3.Profile" + }, + "profileId": { + "type": "string" } } }, - "handler.GenericDataResponse-oscalTypes_1_1_3_AssessmentPlan": { + "oscal.CreateInventoryItemRequest": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentPlan" - } - ] + "destination": { + "description": "\"ssp\", \"poam\", or \"unattached\"", + "type": "string" + }, + "destination_id": { + "type": "string" + }, + "inventory_item": { + "$ref": "#/definitions/oscalTypes_1_1_3.InventoryItem" } } }, - "handler.GenericDataResponse-oscalTypes_1_1_3_AssessmentPlanTermsAndConditions": { + "oscal.ImportFileResult": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentPlanTermsAndConditions" - } - ] + "filename": { + "type": "string" + }, + "message": { + "type": "string" + }, + "success": { + "type": "boolean" + }, + "title": { + "type": "string" + }, + "type": { + "type": "string" } } }, - "handler.GenericDataResponse-oscalTypes_1_1_3_AssessmentResults": { + "oscal.ImportResponse": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentResults" - } - ] + "failed_count": { + "type": "integer" + }, + "results": { + "type": "array", + "items": { + "$ref": "#/definitions/oscal.ImportFileResult" + } + }, + "successful_count": { + "type": "integer" + }, + "total_files": { + "type": "integer" } } }, - "handler.GenericDataResponse-oscalTypes_1_1_3_AssessmentSubject": { + "oscal.InventoryItemWithSource": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentSubject" - } - ] + "description": { + "type": "string" + }, + "implemented-components": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.ImplementedComponent" + } + }, + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Link" + } + }, + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Property" + } + }, + "remarks": { + "type": "string" + }, + "responsible-parties": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleParty" + } + }, + "source": { + "type": "string" + }, + "source_id": { + "type": "string" + }, + "source_type": { + "type": "string" + }, + "uuid": { + "type": "string" } } }, - "handler.GenericDataResponse-oscalTypes_1_1_3_AttestationStatements": { + "oscal.ProfileComplianceControl": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.AttestationStatements" - } - ] + "catalogId": { + "type": "string" + }, + "computedStatus": { + "type": "string" + }, + "controlId": { + "type": "string" + }, + "groupId": { + "type": "string" + }, + "groupTitle": { + "type": "string" + }, + "implemented": { + "type": "boolean" + }, + "statusCounts": { + "type": "array", + "items": { + "$ref": "#/definitions/oscal.ProfileComplianceStatusCount" + } + }, + "title": { + "type": "string" } } }, - "handler.GenericDataResponse-oscalTypes_1_1_3_AuthorizationBoundary": { + "oscal.ProfileComplianceGroup": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.AuthorizationBoundary" - } - ] + "compliancePercent": { + "type": "integer" + }, + "id": { + "type": "string" + }, + "notSatisfied": { + "type": "integer" + }, + "satisfied": { + "type": "integer" + }, + "title": { + "type": "string" + }, + "totalControls": { + "type": "integer" + }, + "unknown": { + "type": "integer" } } }, - "handler.GenericDataResponse-oscalTypes_1_1_3_BackMatter": { + "oscal.ProfileComplianceImplementation": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.BackMatter" - } - ] + "implementationPercent": { + "type": "integer" + }, + "implementedControls": { + "type": "integer" + }, + "unimplementedControls": { + "type": "integer" } } }, - "handler.GenericDataResponse-oscalTypes_1_1_3_ByComponent": { + "oscal.ProfileComplianceProgress": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.ByComponent" - } - ] + "controls": { + "type": "array", + "items": { + "$ref": "#/definitions/oscal.ProfileComplianceControl" + } + }, + "groups": { + "type": "array", + "items": { + "$ref": "#/definitions/oscal.ProfileComplianceGroup" + } + }, + "implementation": { + "$ref": "#/definitions/oscal.ProfileComplianceImplementation" + }, + "scope": { + "$ref": "#/definitions/oscal.ProfileComplianceScope" + }, + "summary": { + "$ref": "#/definitions/oscal.ProfileComplianceSummary" } } }, - "handler.GenericDataResponse-oscalTypes_1_1_3_Capability": { + "oscal.ProfileComplianceScope": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.Capability" - } - ] + "id": { + "type": "string" + }, + "title": { + "type": "string" + }, + "type": { + "type": "string" } } }, - "handler.GenericDataResponse-oscalTypes_1_1_3_Catalog": { + "oscal.ProfileComplianceStatusCount": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.Catalog" - } - ] + "count": { + "type": "integer" + }, + "status": { + "type": "string" } } }, - "handler.GenericDataResponse-oscalTypes_1_1_3_ComponentDefinition": { + "oscal.ProfileComplianceSummary": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.ComponentDefinition" - } - ] + "assessedPercent": { + "type": "integer" + }, + "compliancePercent": { + "type": "integer" + }, + "implementedControls": { + "type": "integer" + }, + "notSatisfied": { + "type": "integer" + }, + "satisfied": { + "type": "integer" + }, + "totalControls": { + "type": "integer" + }, + "unknown": { + "type": "integer" } } }, - "handler.GenericDataResponse-oscalTypes_1_1_3_Control": { - "type": "object", - "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.Control" - } - ] - } - } + "oscal.ProfileHandler": { + "type": "object" }, - "handler.GenericDataResponse-oscalTypes_1_1_3_ControlImplementation": { + "oscal.SystemComponentRequest": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.ControlImplementation" - } - ] + "definedComponentId": { + "type": "string" + }, + "description": { + "type": "string" + }, + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Link" + } + }, + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Property" + } + }, + "protocols": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Protocol" + } + }, + "purpose": { + "type": "string" + }, + "remarks": { + "type": "string" + }, + "responsible-roles": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleRole" + } + }, + "status": { + "$ref": "#/definitions/oscalTypes_1_1_3.SystemComponentStatus" + }, + "title": { + "type": "string" + }, + "type": { + "type": "string" + }, + "uuid": { + "type": "string" } } }, - "handler.GenericDataResponse-oscalTypes_1_1_3_ControlImplementationSet": { + "oscal.rule": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.ControlImplementationSet" - } - ] + "name": { + "type": "string" + }, + "ns": { + "type": "string" + }, + "operator": { + "description": "equals | contains | regex | in", + "type": "string" + }, + "value": { + "type": "string" } } }, - "handler.GenericDataResponse-oscalTypes_1_1_3_DataFlow": { + "oscalTypes_1_1_3.Action": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.DataFlow" - } - ] + "date": { + "type": "string" + }, + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Link" + } + }, + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Property" + } + }, + "remarks": { + "type": "string" + }, + "responsible-parties": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleParty" + } + }, + "system": { + "type": "string" + }, + "type": { + "type": "string" + }, + "uuid": { + "type": "string" } } }, - "handler.GenericDataResponse-oscalTypes_1_1_3_DefinedComponent": { + "oscalTypes_1_1_3.Activity": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.DefinedComponent" - } - ] + "description": { + "type": "string" + }, + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Link" + } + }, + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Property" + } + }, + "related-controls": { + "$ref": "#/definitions/oscalTypes_1_1_3.ReviewedControls" + }, + "remarks": { + "type": "string" + }, + "responsible-roles": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleRole" + } + }, + "steps": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Step" + } + }, + "title": { + "type": "string" + }, + "uuid": { + "type": "string" } } }, - "handler.GenericDataResponse-oscalTypes_1_1_3_Diagram": { + "oscalTypes_1_1_3.Addition": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.Diagram" - } - ] + "by-id": { + "type": "string" + }, + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Link" + } + }, + "params": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Parameter" + } + }, + "parts": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Part" + } + }, + "position": { + "type": "string" + }, + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Property" + } + }, + "title": { + "type": "string" } } }, - "handler.GenericDataResponse-oscalTypes_1_1_3_Finding": { + "oscalTypes_1_1_3.Address": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.Finding" - } - ] + "addr-lines": { + "type": "array", + "items": { + "type": "string" + } + }, + "city": { + "type": "string" + }, + "country": { + "type": "string" + }, + "postal-code": { + "type": "string" + }, + "state": { + "type": "string" + }, + "type": { + "type": "string" } } }, - "handler.GenericDataResponse-oscalTypes_1_1_3_Group": { + "oscalTypes_1_1_3.Alteration": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.Group" - } - ] + "adds": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Addition" + } + }, + "control-id": { + "type": "string" + }, + "removes": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Removal" + } } } }, - "handler.GenericDataResponse-oscalTypes_1_1_3_ImplementedRequirement": { + "oscalTypes_1_1_3.AssessedControls": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.ImplementedRequirement" - } - ] + "description": { + "type": "string" + }, + "exclude-controls": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.AssessedControlsSelectControlById" + } + }, + "include-all": { + "$ref": "#/definitions/oscalTypes_1_1_3.IncludeAll" + }, + "include-controls": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.AssessedControlsSelectControlById" + } + }, + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Link" + } + }, + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Property" + } + }, + "remarks": { + "type": "string" } } }, - "handler.GenericDataResponse-oscalTypes_1_1_3_Import": { + "oscalTypes_1_1_3.AssessedControlsSelectControlById": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.Import" - } - ] + "control-id": { + "type": "string" + }, + "statement-ids": { + "type": "array", + "items": { + "type": "string" + } } } }, - "handler.GenericDataResponse-oscalTypes_1_1_3_ImportAp": { + "oscalTypes_1_1_3.AssessmentAssets": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.ImportAp" - } - ] + "assessment-platforms": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentPlatform" + } + }, + "components": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.SystemComponent" + } } } }, - "handler.GenericDataResponse-oscalTypes_1_1_3_ImportProfile": { + "oscalTypes_1_1_3.AssessmentLog": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.ImportProfile" - } - ] + "entries": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentLogEntry" + } } } }, - "handler.GenericDataResponse-oscalTypes_1_1_3_ImportSsp": { + "oscalTypes_1_1_3.AssessmentLogEntry": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.ImportSsp" - } - ] + "description": { + "type": "string" + }, + "end": { + "type": "string" + }, + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Link" + } + }, + "logged-by": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.LoggedBy" + } + }, + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Property" + } + }, + "related-tasks": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.RelatedTask" + } + }, + "remarks": { + "type": "string" + }, + "start": { + "type": "string" + }, + "title": { + "type": "string" + }, + "uuid": { + "type": "string" } } }, - "handler.GenericDataResponse-oscalTypes_1_1_3_InventoryItem": { + "oscalTypes_1_1_3.AssessmentPart": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.InventoryItem" - } - ] + "class": { + "type": "string" + }, + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Link" + } + }, + "name": { + "type": "string" + }, + "ns": { + "type": "string" + }, + "parts": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentPart" + } + }, + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Property" + } + }, + "prose": { + "type": "string" + }, + "title": { + "type": "string" + }, + "uuid": { + "type": "string" } } }, - "handler.GenericDataResponse-oscalTypes_1_1_3_LeveragedAuthorization": { + "oscalTypes_1_1_3.AssessmentPlan": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.LeveragedAuthorization" - } - ] + "assessment-assets": { + "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentAssets" + }, + "assessment-subjects": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentSubject" + } + }, + "back-matter": { + "$ref": "#/definitions/oscalTypes_1_1_3.BackMatter" + }, + "import-ssp": { + "$ref": "#/definitions/oscalTypes_1_1_3.ImportSsp" + }, + "local-definitions": { + "$ref": "#/definitions/oscalTypes_1_1_3.LocalDefinitions" + }, + "metadata": { + "$ref": "#/definitions/oscalTypes_1_1_3.Metadata" + }, + "reviewed-controls": { + "$ref": "#/definitions/oscalTypes_1_1_3.ReviewedControls" + }, + "tasks": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Task" + } + }, + "terms-and-conditions": { + "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentPlanTermsAndConditions" + }, + "uuid": { + "type": "string" } } }, - "handler.GenericDataResponse-oscalTypes_1_1_3_LocalDefinitions": { + "oscalTypes_1_1_3.AssessmentPlanTermsAndConditions": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.LocalDefinitions" - } - ] + "parts": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentPart" + } } } }, - "handler.GenericDataResponse-oscalTypes_1_1_3_Merge": { + "oscalTypes_1_1_3.AssessmentPlatform": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.Merge" - } - ] + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Link" + } + }, + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Property" + } + }, + "remarks": { + "type": "string" + }, + "title": { + "type": "string" + }, + "uses-components": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.UsesComponent" + } + }, + "uuid": { + "type": "string" } } }, - "handler.GenericDataResponse-oscalTypes_1_1_3_Metadata": { + "oscalTypes_1_1_3.AssessmentResults": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.Metadata" - } - ] + "back-matter": { + "$ref": "#/definitions/oscalTypes_1_1_3.BackMatter" + }, + "import-ap": { + "$ref": "#/definitions/oscalTypes_1_1_3.ImportAp" + }, + "local-definitions": { + "$ref": "#/definitions/oscalTypes_1_1_3.LocalDefinitions" + }, + "metadata": { + "$ref": "#/definitions/oscalTypes_1_1_3.Metadata" + }, + "results": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Result" + } + }, + "uuid": { + "type": "string" } } }, - "handler.GenericDataResponse-oscalTypes_1_1_3_Modify": { + "oscalTypes_1_1_3.AssessmentSubject": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.Modify" - } - ] + "description": { + "type": "string" + }, + "exclude-subjects": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.SelectSubjectById" + } + }, + "include-all": { + "$ref": "#/definitions/oscalTypes_1_1_3.IncludeAll" + }, + "include-subjects": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.SelectSubjectById" + } + }, + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Link" + } + }, + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Property" + } + }, + "remarks": { + "type": "string" + }, + "type": { + "type": "string" } } }, - "handler.GenericDataResponse-oscalTypes_1_1_3_NetworkArchitecture": { + "oscalTypes_1_1_3.AssociatedActivity": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.NetworkArchitecture" - } - ] + "activity-uuid": { + "type": "string" + }, + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Link" + } + }, + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Property" + } + }, + "remarks": { + "type": "string" + }, + "responsible-roles": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleRole" + } + }, + "subjects": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentSubject" + } } } }, - "handler.GenericDataResponse-oscalTypes_1_1_3_Observation": { + "oscalTypes_1_1_3.AssociatedRisk": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.Observation" - } - ] + "risk-uuid": { + "type": "string" } } }, - "handler.GenericDataResponse-oscalTypes_1_1_3_Party": { + "oscalTypes_1_1_3.AttestationStatements": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.Party" - } - ] + "parts": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentPart" + } + }, + "responsible-parties": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleParty" + } } } }, - "handler.GenericDataResponse-oscalTypes_1_1_3_PlanOfActionAndMilestones": { + "oscalTypes_1_1_3.AuthorizationBoundary": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.PlanOfActionAndMilestones" - } - ] + "description": { + "type": "string" + }, + "diagrams": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Diagram" + } + }, + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Link" + } + }, + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Property" + } + }, + "remarks": { + "type": "string" } } }, - "handler.GenericDataResponse-oscalTypes_1_1_3_PlanOfActionAndMilestonesLocalDefinitions": { + "oscalTypes_1_1_3.AuthorizedPrivilege": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.PlanOfActionAndMilestonesLocalDefinitions" - } - ] + "description": { + "type": "string" + }, + "functions-performed": { + "type": "array", + "items": { + "type": "string" + } + }, + "title": { + "type": "string" } } }, - "handler.GenericDataResponse-oscalTypes_1_1_3_PoamItem": { + "oscalTypes_1_1_3.BackMatter": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.PoamItem" - } - ] + "resources": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Resource" + } } } }, - "handler.GenericDataResponse-oscalTypes_1_1_3_Profile": { + "oscalTypes_1_1_3.Base64": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.Profile" - } - ] + "filename": { + "type": "string" + }, + "media-type": { + "type": "string" + }, + "value": { + "type": "string" } } }, - "handler.GenericDataResponse-oscalTypes_1_1_3_Resource": { + "oscalTypes_1_1_3.ByComponent": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.Resource" - } - ] + "component-uuid": { + "type": "string" + }, + "description": { + "type": "string" + }, + "export": { + "$ref": "#/definitions/oscalTypes_1_1_3.Export" + }, + "implementation-status": { + "$ref": "#/definitions/oscalTypes_1_1_3.ImplementationStatus" + }, + "inherited": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.InheritedControlImplementation" + } + }, + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Link" + } + }, + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Property" + } + }, + "remarks": { + "type": "string" + }, + "responsible-roles": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleRole" + } + }, + "satisfied": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.SatisfiedControlImplementationResponsibility" + } + }, + "set-parameters": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.SetParameter" + } + }, + "uuid": { + "type": "string" } } }, - "handler.GenericDataResponse-oscalTypes_1_1_3_Result": { + "oscalTypes_1_1_3.Capability": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.Result" - } - ] + "control-implementations": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.ControlImplementationSet" + } + }, + "description": { + "type": "string" + }, + "incorporates-components": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.IncorporatesComponent" + } + }, + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Link" + } + }, + "name": { + "type": "string" + }, + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Property" + } + }, + "remarks": { + "type": "string" + }, + "uuid": { + "type": "string" } } }, - "handler.GenericDataResponse-oscalTypes_1_1_3_Risk": { + "oscalTypes_1_1_3.Catalog": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.Risk" - } - ] + "back-matter": { + "$ref": "#/definitions/oscalTypes_1_1_3.BackMatter" + }, + "controls": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Control" + } + }, + "groups": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Group" + } + }, + "metadata": { + "$ref": "#/definitions/oscalTypes_1_1_3.Metadata" + }, + "params": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Parameter" + } + }, + "uuid": { + "type": "string" } } }, - "handler.GenericDataResponse-oscalTypes_1_1_3_Role": { + "oscalTypes_1_1_3.Characterization": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.Role" - } - ] + "facets": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Facet" + } + }, + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Link" + } + }, + "origin": { + "$ref": "#/definitions/oscalTypes_1_1_3.Origin" + }, + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Property" + } } } }, - "handler.GenericDataResponse-oscalTypes_1_1_3_Statement": { + "oscalTypes_1_1_3.Citation": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.Statement" - } - ] + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Link" + } + }, + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Property" + } + }, + "text": { + "type": "string" } } }, - "handler.GenericDataResponse-oscalTypes_1_1_3_SystemCharacteristics": { + "oscalTypes_1_1_3.CombinationRule": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.SystemCharacteristics" - } - ] + "method": { + "type": "string" } } }, - "handler.GenericDataResponse-oscalTypes_1_1_3_SystemComponent": { + "oscalTypes_1_1_3.ComponentDefinition": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.SystemComponent" - } - ] + "back-matter": { + "$ref": "#/definitions/oscalTypes_1_1_3.BackMatter" + }, + "capabilities": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Capability" + } + }, + "components": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.DefinedComponent" + } + }, + "import-component-definitions": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.ImportComponentDefinition" + } + }, + "metadata": { + "$ref": "#/definitions/oscalTypes_1_1_3.Metadata" + }, + "uuid": { + "type": "string" } } }, - "handler.GenericDataResponse-oscalTypes_1_1_3_SystemId": { + "oscalTypes_1_1_3.ConstraintTest": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.SystemId" - } - ] + "expression": { + "type": "string" + }, + "remarks": { + "type": "string" } } }, - "handler.GenericDataResponse-oscalTypes_1_1_3_SystemImplementation": { + "oscalTypes_1_1_3.Control": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.SystemImplementation" - } - ] + "class": { + "type": "string" + }, + "controls": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Control" + } + }, + "id": { + "type": "string" + }, + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Link" + } + }, + "params": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Parameter" + } + }, + "parts": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Part" + } + }, + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Property" + } + }, + "title": { + "type": "string" } } }, - "handler.GenericDataResponse-oscalTypes_1_1_3_SystemSecurityPlan": { + "oscalTypes_1_1_3.ControlImplementation": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.SystemSecurityPlan" - } - ] + "description": { + "type": "string" + }, + "implemented-requirements": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.ImplementedRequirement" + } + }, + "set-parameters": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.SetParameter" + } } } }, - "handler.GenericDataResponse-oscalTypes_1_1_3_SystemUser": { + "oscalTypes_1_1_3.ControlImplementationResponsibility": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.SystemUser" - } - ] + "description": { + "type": "string" + }, + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Link" + } + }, + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Property" + } + }, + "provided-uuid": { + "type": "string" + }, + "remarks": { + "type": "string" + }, + "responsible-roles": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleRole" + } + }, + "uuid": { + "type": "string" } } }, - "handler.GenericDataResponse-oscalTypes_1_1_3_Task": { + "oscalTypes_1_1_3.ControlImplementationSet": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscalTypes_1_1_3.Task" - } - ] + "description": { + "type": "string" + }, + "implemented-requirements": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.ImplementedRequirementControlImplementation" + } + }, + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Link" + } + }, + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Property" + } + }, + "set-parameters": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.SetParameter" + } + }, + "source": { + "type": "string" + }, + "uuid": { + "type": "string" } } }, - "handler.GenericDataResponse-oscal_BuildByPropsResponse": { + "oscalTypes_1_1_3.ControlStatementImplementation": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscal.BuildByPropsResponse" - } - ] + "description": { + "type": "string" + }, + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Link" + } + }, + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Property" + } + }, + "remarks": { + "type": "string" + }, + "responsible-roles": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleRole" + } + }, + "statement-id": { + "type": "string" + }, + "uuid": { + "type": "string" } } }, - "handler.GenericDataResponse-oscal_ImportResponse": { + "oscalTypes_1_1_3.CustomGrouping": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscal.ImportResponse" - } - ] + "groups": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.CustomGroupingGroup" + } + }, + "insert-controls": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.InsertControls" + } } } }, - "handler.GenericDataResponse-oscal_InventoryItemWithSource": { + "oscalTypes_1_1_3.CustomGroupingGroup": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscal.InventoryItemWithSource" - } - ] + "class": { + "type": "string" + }, + "groups": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.CustomGroupingGroup" + } + }, + "id": { + "type": "string" + }, + "insert-controls": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.InsertControls" + } + }, + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Link" + } + }, + "params": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Parameter" + } + }, + "parts": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Part" + } + }, + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Property" + } + }, + "title": { + "type": "string" } } }, - "handler.GenericDataResponse-oscal_ProfileHandler": { + "oscalTypes_1_1_3.DataFlow": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/oscal.ProfileHandler" - } - ] + "description": { + "type": "string" + }, + "diagrams": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Diagram" + } + }, + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Link" + } + }, + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Property" + } + }, + "remarks": { + "type": "string" } } }, - "handler.GenericDataResponse-relational_CcfPoamItem": { + "oscalTypes_1_1_3.DefinedComponent": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/relational.CcfPoamItem" - } - ] + "control-implementations": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.ControlImplementationSet" + } + }, + "description": { + "type": "string" + }, + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Link" + } + }, + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Property" + } + }, + "protocols": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Protocol" + } + }, + "purpose": { + "type": "string" + }, + "remarks": { + "type": "string" + }, + "responsible-roles": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleRole" + } + }, + "title": { + "type": "string" + }, + "type": { + "type": "string" + }, + "uuid": { + "type": "string" } } }, - "handler.GenericDataResponse-relational_CcfPoamItemMilestone": { + "oscalTypes_1_1_3.Diagram": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/relational.CcfPoamItemMilestone" - } - ] + "caption": { + "type": "string" + }, + "description": { + "type": "string" + }, + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Link" + } + }, + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Property" + } + }, + "remarks": { + "type": "string" + }, + "uuid": { + "type": "string" } } }, - "handler.GenericDataResponse-relational_Evidence": { + "oscalTypes_1_1_3.DocumentId": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/relational.Evidence" - } - ] + "identifier": { + "type": "string" + }, + "scheme": { + "type": "string" } } }, - "handler.GenericDataResponse-relational_Filter": { + "oscalTypes_1_1_3.EventTiming": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/relational.Filter" - } - ] + "at-frequency": { + "$ref": "#/definitions/oscalTypes_1_1_3.FrequencyCondition" + }, + "on-date": { + "$ref": "#/definitions/oscalTypes_1_1_3.OnDateCondition" + }, + "within-date-range": { + "$ref": "#/definitions/oscalTypes_1_1_3.OnDateRangeCondition" } } }, - "handler.GenericDataResponse-relational_User": { + "oscalTypes_1_1_3.Export": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", - "allOf": [ - { - "$ref": "#/definitions/relational.User" - } - ] + "description": { + "type": "string" + }, + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Link" + } + }, + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Property" + } + }, + "provided": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.ProvidedControlImplementation" + } + }, + "remarks": { + "type": "string" + }, + "responsibilities": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.ControlImplementationResponsibility" + } } } }, - "handler.GenericDataResponse-string": { + "oscalTypes_1_1_3.Facet": { "type": "object", "properties": { - "data": { - "description": "Items from the list response", + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Link" + } + }, + "name": { + "type": "string" + }, + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Property" + } + }, + "remarks": { + "type": "string" + }, + "system": { + "type": "string" + }, + "value": { "type": "string" } } }, - "handler.HeartbeatCreateRequest": { + "oscalTypes_1_1_3.Finding": { "type": "object", - "required": [ - "created_at", - "uuid" - ], "properties": { - "created_at": { + "description": { + "type": "string" + }, + "implementation-statement-uuid": { + "type": "string" + }, + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Link" + } + }, + "origins": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Origin" + } + }, + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Property" + } + }, + "related-observations": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.RelatedObservation" + } + }, + "related-risks": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.AssociatedRisk" + } + }, + "remarks": { + "type": "string" + }, + "target": { + "$ref": "#/definitions/oscalTypes_1_1_3.FindingTarget" + }, + "title": { "type": "string" }, "uuid": { @@ -18954,385 +28098,487 @@ } } }, - "handler.OscalLikeEvidence": { + "oscalTypes_1_1_3.FindingTarget": { "type": "object", "properties": { - "activities": { + "description": { + "type": "string" + }, + "implementation-status": { + "$ref": "#/definitions/oscalTypes_1_1_3.ImplementationStatus" + }, + "links": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Activity" + "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, - "back-matter": { - "$ref": "#/definitions/oscalTypes_1_1_3.BackMatter" - }, - "components": { + "props": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.SystemComponent" + "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, - "description": { + "remarks": { "type": "string" }, - "end": { + "status": { + "$ref": "#/definitions/oscalTypes_1_1_3.ObjectiveStatus" + }, + "target-id": { "type": "string" }, - "expires": { + "title": { "type": "string" }, - "id": { + "type": { + "type": "string" + } + } + }, + "oscalTypes_1_1_3.FlatWithoutGrouping": { + "type": "object", + "additionalProperties": true + }, + "oscalTypes_1_1_3.FrequencyCondition": { + "type": "object", + "properties": { + "period": { + "type": "integer" + }, + "unit": { + "type": "string" + } + } + }, + "oscalTypes_1_1_3.Group": { + "type": "object", + "properties": { + "class": { "type": "string" }, - "inventory-items": { + "controls": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.InventoryItem" + "$ref": "#/definitions/oscalTypes_1_1_3.Control" } }, - "labels": { - "description": "Assigning labels to Evidence makes it searchable and easily usable in the UI", + "groups": { "type": "array", "items": { - "$ref": "#/definitions/relational.Labels" + "$ref": "#/definitions/oscalTypes_1_1_3.Group" } }, + "id": { + "type": "string" + }, "links": { "type": "array", "items": { "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, - "origins": { + "params": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Origin" + "$ref": "#/definitions/oscalTypes_1_1_3.Parameter" } }, - "props": { + "parts": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" + "$ref": "#/definitions/oscalTypes_1_1_3.Part" } }, - "remarks": { - "type": "string" - }, - "start": { - "description": "When did we start collecting the evidence, and when did the process end, and how long is it valid for ?", - "type": "string" - }, - "status": { - "$ref": "#/definitions/oscalTypes_1_1_3.ObjectiveStatus" - }, - "subjects": { + "props": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentSubject" + "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, "title": { "type": "string" + } + } + }, + "oscalTypes_1_1_3.Hash": { + "type": "object", + "properties": { + "algorithm": { + "type": "string" }, - "uuid": { - "description": "UUID needs to remain consistent when automation runs again, but unique for each subject.\nIt represents the \"stream\" of the same observation being made over time.", + "value": { "type": "string" } } }, - "handler.OverTime.HeartbeatInterval": { + "oscalTypes_1_1_3.IdentifiedSubject": { "type": "object", "properties": { - "interval": { + "subject-placeholder-uuid": { "type": "string" }, - "total": { - "type": "integer" + "subjects": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentSubject" + } } } }, - "handler.PoamItemWithLinksResponse": { + "oscalTypes_1_1_3.Impact": { "type": "object", "properties": { - "item": { - "$ref": "#/definitions/relational.CcfPoamItem" + "adjustment-justification": { + "type": "string" }, - "riskLinks": { + "base": { + "type": "string" + }, + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Link" + } + }, + "props": { "type": "array", "items": { - "$ref": "#/definitions/relational.CcfPoamItemRiskLink" + "$ref": "#/definitions/oscalTypes_1_1_3.Property" } + }, + "selected": { + "type": "string" } } }, - "handler.StatusCount": { + "oscalTypes_1_1_3.ImplementationStatus": { "type": "object", "properties": { - "count": { - "type": "integer" + "remarks": { + "type": "string" }, - "status": { + "state": { "type": "string" } } }, - "handler.StatusInterval": { + "oscalTypes_1_1_3.ImplementedComponent": { "type": "object", "properties": { - "interval": { + "component-uuid": { "type": "string" }, - "statuses": { + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Link" + } + }, + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Property" + } + }, + "remarks": { + "type": "string" + }, + "responsible-parties": { "type": "array", "items": { - "$ref": "#/definitions/handler.StatusCount" + "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleParty" } } } }, - "handler.UserHandler": { - "type": "object" - }, - "handler.createFilterRequest": { + "oscalTypes_1_1_3.ImplementedRequirement": { "type": "object", - "required": [ - "filter", - "name" - ], "properties": { - "components": { + "by-components": { "type": "array", "items": { - "type": "string" + "$ref": "#/definitions/oscalTypes_1_1_3.ByComponent" } }, - "controls": { + "control-id": { + "type": "string" + }, + "links": { "type": "array", "items": { - "type": "string" + "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, - "filter": { - "$ref": "#/definitions/labelfilter.Filter" + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Property" + } }, - "name": { - "type": "string" - } - } - }, - "handler.createMilestone": { - "type": "object", - "properties": { - "description": { + "remarks": { "type": "string" }, - "dueDate": { - "type": "string" + "responsible-roles": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleRole" + } }, - "status": { - "type": "string" + "set-parameters": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.SetParameter" + } }, - "title": { + "statements": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Statement" + } + }, + "uuid": { "type": "string" } } }, - "handler.createPoam": { + "oscalTypes_1_1_3.ImplementedRequirementControlImplementation": { "type": "object", "properties": { - "deadline": { + "control-id": { "type": "string" }, "description": { "type": "string" }, - "milestones": { + "links": { "type": "array", "items": { - "$ref": "#/definitions/handler.createMilestone" + "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, - "pocEmail": { - "type": "string" - }, - "pocName": { - "type": "string" - }, - "pocPhone": { - "type": "string" + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Property" + } }, "remarks": { "type": "string" }, - "resourceRequired": { - "type": "string" - }, - "riskIds": { + "responsible-roles": { "type": "array", "items": { - "type": "string" + "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleRole" } }, - "sspId": { - "type": "string" + "set-parameters": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.SetParameter" + } }, - "status": { - "type": "string" + "statements": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.ControlStatementImplementation" + } }, - "title": { + "uuid": { "type": "string" } } }, - "labelfilter.Condition": { + "oscalTypes_1_1_3.Import": { "type": "object", "properties": { - "label": { - "description": "Label name (e.g., \"type\", \"group\", \"app\").", + "exclude-controls": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.SelectControlById" + } + }, + "href": { "type": "string" }, - "operator": { - "description": "Operator (e.g., \"=\", \"!=\", etc.).", + "include-all": { + "$ref": "#/definitions/oscalTypes_1_1_3.IncludeAll" + }, + "include-controls": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.SelectControlById" + } + } + } + }, + "oscalTypes_1_1_3.ImportAp": { + "type": "object", + "properties": { + "href": { "type": "string" }, - "value": { - "description": "Value for the condition (e.g., \"ssh\", \"prod\").", + "remarks": { "type": "string" } } }, - "labelfilter.Filter": { + "oscalTypes_1_1_3.ImportComponentDefinition": { "type": "object", "properties": { - "scope": { - "$ref": "#/definitions/labelfilter.Scope" + "href": { + "type": "string" } } }, - "labelfilter.Query": { + "oscalTypes_1_1_3.ImportProfile": { "type": "object", "properties": { - "operator": { - "description": "Logical operator (e.g., \"AND\", \"OR\").", + "href": { "type": "string" }, - "scopes": { - "description": "Scopes can be either `Condition` or nested `Query`.", - "type": "array", - "items": { - "$ref": "#/definitions/labelfilter.Scope" - } + "remarks": { + "type": "string" } } }, - "labelfilter.Scope": { + "oscalTypes_1_1_3.ImportSsp": { "type": "object", "properties": { - "condition": { - "$ref": "#/definitions/labelfilter.Condition" + "href": { + "type": "string" }, - "query": { - "$ref": "#/definitions/labelfilter.Query" + "remarks": { + "type": "string" } } }, - "oscal.BuildByPropsRequest": { + "oscalTypes_1_1_3.IncludeAll": { + "type": "object", + "additionalProperties": true + }, + "oscalTypes_1_1_3.IncorporatesComponent": { "type": "object", "properties": { - "catalogId": { + "component-uuid": { "type": "string" }, - "matchStrategy": { - "description": "all | any", + "description": { "type": "string" + } + } + }, + "oscalTypes_1_1_3.InformationType": { + "type": "object", + "properties": { + "availability-impact": { + "$ref": "#/definitions/oscalTypes_1_1_3.Impact" }, - "rules": { + "categorizations": { "type": "array", "items": { - "$ref": "#/definitions/oscal.rule" + "$ref": "#/definitions/oscalTypes_1_1_3.InformationTypeCategorization" + } + }, + "confidentiality-impact": { + "$ref": "#/definitions/oscalTypes_1_1_3.Impact" + }, + "description": { + "type": "string" + }, + "integrity-impact": { + "$ref": "#/definitions/oscalTypes_1_1_3.Impact" + }, + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Link" + } + }, + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, "title": { "type": "string" }, - "version": { + "uuid": { "type": "string" } } }, - "oscal.BuildByPropsResponse": { + "oscalTypes_1_1_3.InformationTypeCategorization": { "type": "object", "properties": { - "controlIds": { + "information-type-ids": { "type": "array", "items": { "type": "string" } }, - "profile": { - "$ref": "#/definitions/oscalTypes_1_1_3.Profile" - }, - "profileId": { + "system": { "type": "string" } } }, - "oscal.CreateInventoryItemRequest": { + "oscalTypes_1_1_3.InheritedControlImplementation": { "type": "object", "properties": { - "destination": { - "description": "\"ssp\", \"poam\", or \"unattached\"", + "description": { "type": "string" }, - "destination_id": { - "type": "string" + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Link" + } }, - "inventory_item": { - "$ref": "#/definitions/oscalTypes_1_1_3.InventoryItem" - } - } - }, - "oscal.ImportFileResult": { - "type": "object", - "properties": { - "filename": { - "type": "string" + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Property" + } }, - "message": { + "provided-uuid": { "type": "string" }, - "success": { - "type": "boolean" - }, - "title": { - "type": "string" + "responsible-roles": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleRole" + } }, - "type": { + "uuid": { "type": "string" } } }, - "oscal.ImportResponse": { - "type": "object", - "properties": { - "failed_count": { - "type": "integer" - }, - "results": { + "oscalTypes_1_1_3.InsertControls": { + "type": "object", + "properties": { + "exclude-controls": { "type": "array", "items": { - "$ref": "#/definitions/oscal.ImportFileResult" + "$ref": "#/definitions/oscalTypes_1_1_3.SelectControlById" } }, - "successful_count": { - "type": "integer" + "include-all": { + "$ref": "#/definitions/oscalTypes_1_1_3.IncludeAll" }, - "total_files": { - "type": "integer" + "include-controls": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.SelectControlById" + } + }, + "order": { + "type": "string" } } }, - "oscal.InventoryItemWithSource": { + "oscalTypes_1_1_3.InventoryItem": { "type": "object", "properties": { "description": { @@ -19365,13 +28611,36 @@ "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleParty" } }, - "source": { + "uuid": { + "type": "string" + } + } + }, + "oscalTypes_1_1_3.LeveragedAuthorization": { + "type": "object", + "properties": { + "date-authorized": { "type": "string" }, - "source_id": { + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Link" + } + }, + "party-uuid": { "type": "string" }, - "source_type": { + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Property" + } + }, + "remarks": { + "type": "string" + }, + "title": { "type": "string" }, "uuid": { @@ -19379,70 +28648,107 @@ } } }, - "oscal.ProfileHandler": { - "type": "object" - }, - "oscal.rule": { + "oscalTypes_1_1_3.Link": { "type": "object", "properties": { - "name": { + "href": { "type": "string" }, - "ns": { + "media-type": { "type": "string" }, - "operator": { - "description": "equals | contains | regex | in", + "rel": { "type": "string" }, - "value": { + "resource-fragment": { + "type": "string" + }, + "text": { "type": "string" } } }, - "oscalTypes_1_1_3.Action": { + "oscalTypes_1_1_3.LocalDefinitions": { "type": "object", "properties": { - "date": { - "type": "string" + "activities": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Activity" + } }, - "links": { + "components": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" + "$ref": "#/definitions/oscalTypes_1_1_3.SystemComponent" } }, - "props": { + "inventory-items": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" + "$ref": "#/definitions/oscalTypes_1_1_3.InventoryItem" + } + }, + "objectives-and-methods": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.LocalObjective" } }, "remarks": { "type": "string" }, - "responsible-parties": { + "users": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleParty" + "$ref": "#/definitions/oscalTypes_1_1_3.SystemUser" } - }, - "system": { + } + } + }, + "oscalTypes_1_1_3.LocalObjective": { + "type": "object", + "properties": { + "control-id": { "type": "string" }, - "type": { + "description": { "type": "string" }, - "uuid": { + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Link" + } + }, + "parts": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Part" + } + }, + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Property" + } + }, + "remarks": { "type": "string" } } }, - "oscalTypes_1_1_3.Activity": { + "oscalTypes_1_1_3.Location": { "type": "object", "properties": { - "description": { - "type": "string" + "address": { + "$ref": "#/definitions/oscalTypes_1_1_3.Address" + }, + "email-addresses": { + "type": "array", + "items": { + "type": "string" + } }, "links": { "type": "array", @@ -19456,136 +28762,150 @@ "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, - "related-controls": { - "$ref": "#/definitions/oscalTypes_1_1_3.ReviewedControls" - }, "remarks": { "type": "string" }, - "responsible-roles": { + "telephone-numbers": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleRole" + "$ref": "#/definitions/oscalTypes_1_1_3.TelephoneNumber" } }, - "steps": { + "title": { + "type": "string" + }, + "urls": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Step" + "type": "string" } }, - "title": { + "uuid": { + "type": "string" + } + } + }, + "oscalTypes_1_1_3.LoggedBy": { + "type": "object", + "properties": { + "party-uuid": { "type": "string" }, - "uuid": { + "role-id": { "type": "string" } } }, - "oscalTypes_1_1_3.Addition": { + "oscalTypes_1_1_3.Matching": { "type": "object", "properties": { - "by-id": { + "pattern": { "type": "string" + } + } + }, + "oscalTypes_1_1_3.Merge": { + "type": "object", + "properties": { + "as-is": { + "type": "boolean" }, - "links": { + "combine": { + "$ref": "#/definitions/oscalTypes_1_1_3.CombinationRule" + }, + "custom": { + "$ref": "#/definitions/oscalTypes_1_1_3.CustomGrouping" + }, + "flat": { + "$ref": "#/definitions/oscalTypes_1_1_3.FlatWithoutGrouping" + } + } + }, + "oscalTypes_1_1_3.Metadata": { + "type": "object", + "properties": { + "actions": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" + "$ref": "#/definitions/oscalTypes_1_1_3.Action" } }, - "params": { + "document-ids": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Parameter" + "$ref": "#/definitions/oscalTypes_1_1_3.DocumentId" } }, - "parts": { + "last-modified": { + "type": "string" + }, + "links": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Part" + "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, - "position": { - "type": "string" - }, - "props": { + "locations": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" + "$ref": "#/definitions/oscalTypes_1_1_3.Location" } }, - "title": { + "oscal-version": { "type": "string" - } - } - }, - "oscalTypes_1_1_3.Address": { - "type": "object", - "properties": { - "addr-lines": { + }, + "parties": { "type": "array", "items": { - "type": "string" + "$ref": "#/definitions/oscalTypes_1_1_3.Party" } }, - "city": { - "type": "string" + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Property" + } }, - "country": { + "published": { "type": "string" }, - "postal-code": { + "remarks": { "type": "string" }, - "state": { - "type": "string" + "responsible-parties": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleParty" + } }, - "type": { - "type": "string" - } - } - }, - "oscalTypes_1_1_3.Alteration": { - "type": "object", - "properties": { - "adds": { + "revisions": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.RevisionHistoryEntry" + } + }, + "roles": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Addition" + "$ref": "#/definitions/oscalTypes_1_1_3.Role" } }, - "control-id": { + "title": { "type": "string" }, - "removes": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Removal" - } + "version": { + "type": "string" } } }, - "oscalTypes_1_1_3.AssessedControls": { + "oscalTypes_1_1_3.MitigatingFactor": { "type": "object", "properties": { "description": { "type": "string" }, - "exclude-controls": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.AssessedControlsSelectControlById" - } - }, - "include-all": { - "$ref": "#/definitions/oscalTypes_1_1_3.IncludeAll" - }, - "include-controls": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.AssessedControlsSelectControlById" - } + "implementation-uuid": { + "type": "string" }, "links": { "type": "array", @@ -19599,60 +28919,87 @@ "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, - "remarks": { + "subjects": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.SubjectReference" + } + }, + "uuid": { "type": "string" } } }, - "oscalTypes_1_1_3.AssessedControlsSelectControlById": { + "oscalTypes_1_1_3.Modify": { "type": "object", "properties": { - "control-id": { - "type": "string" + "alters": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Alteration" + } }, - "statement-ids": { + "set-parameters": { "type": "array", "items": { - "type": "string" + "$ref": "#/definitions/oscalTypes_1_1_3.ParameterSetting" } } } }, - "oscalTypes_1_1_3.AssessmentAssets": { + "oscalTypes_1_1_3.NetworkArchitecture": { "type": "object", "properties": { - "assessment-platforms": { + "description": { + "type": "string" + }, + "diagrams": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentPlatform" + "$ref": "#/definitions/oscalTypes_1_1_3.Diagram" } }, - "components": { + "links": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.SystemComponent" + "$ref": "#/definitions/oscalTypes_1_1_3.Link" + } + }, + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Property" } + }, + "remarks": { + "type": "string" } } }, - "oscalTypes_1_1_3.AssessmentLog": { + "oscalTypes_1_1_3.ObjectiveStatus": { "type": "object", "properties": { - "entries": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentLogEntry" - } + "reason": { + "type": "string" + }, + "remarks": { + "type": "string" + }, + "state": { + "type": "string" } } }, - "oscalTypes_1_1_3.AssessmentLogEntry": { + "oscalTypes_1_1_3.Observation": { "type": "object", "properties": { + "collected": { + "type": "string" + }, "description": { "type": "string" }, - "end": { + "expires": { "type": "string" }, "links": { @@ -19661,10 +29008,16 @@ "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, - "logged-by": { + "methods": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.LoggedBy" + "type": "string" + } + }, + "origins": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Origin" } }, "props": { @@ -19673,48 +29026,81 @@ "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, - "related-tasks": { + "relevant-evidence": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.RelatedTask" + "$ref": "#/definitions/oscalTypes_1_1_3.RelevantEvidence" } }, "remarks": { "type": "string" }, - "start": { - "type": "string" + "subjects": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.SubjectReference" + } }, "title": { "type": "string" }, + "types": { + "type": "array", + "items": { + "type": "string" + } + }, "uuid": { "type": "string" } } }, - "oscalTypes_1_1_3.AssessmentPart": { + "oscalTypes_1_1_3.OnDateCondition": { "type": "object", "properties": { - "class": { + "date": { + "type": "string" + } + } + }, + "oscalTypes_1_1_3.OnDateRangeCondition": { + "type": "object", + "properties": { + "end": { "type": "string" }, - "links": { + "start": { + "type": "string" + } + } + }, + "oscalTypes_1_1_3.Origin": { + "type": "object", + "properties": { + "actors": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" + "$ref": "#/definitions/oscalTypes_1_1_3.OriginActor" } }, - "name": { - "type": "string" - }, - "ns": { + "related-tasks": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.RelatedTask" + } + } + } + }, + "oscalTypes_1_1_3.OriginActor": { + "type": "object", + "properties": { + "actor-uuid": { "type": "string" }, - "parts": { + "links": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentPart" + "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, "props": { @@ -19723,72 +29109,41 @@ "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, - "prose": { - "type": "string" - }, - "title": { + "role-id": { "type": "string" }, - "uuid": { + "type": { "type": "string" } } }, - "oscalTypes_1_1_3.AssessmentPlan": { + "oscalTypes_1_1_3.Parameter": { "type": "object", "properties": { - "assessment-assets": { - "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentAssets" + "class": { + "type": "string" }, - "assessment-subjects": { + "constraints": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentSubject" + "$ref": "#/definitions/oscalTypes_1_1_3.ParameterConstraint" } }, - "back-matter": { - "$ref": "#/definitions/oscalTypes_1_1_3.BackMatter" - }, - "import-ssp": { - "$ref": "#/definitions/oscalTypes_1_1_3.ImportSsp" - }, - "local-definitions": { - "$ref": "#/definitions/oscalTypes_1_1_3.LocalDefinitions" - }, - "metadata": { - "$ref": "#/definitions/oscalTypes_1_1_3.Metadata" - }, - "reviewed-controls": { - "$ref": "#/definitions/oscalTypes_1_1_3.ReviewedControls" + "depends-on": { + "type": "string" }, - "tasks": { + "guidelines": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Task" + "$ref": "#/definitions/oscalTypes_1_1_3.ParameterGuideline" } }, - "terms-and-conditions": { - "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentPlanTermsAndConditions" + "id": { + "type": "string" }, - "uuid": { + "label": { "type": "string" - } - } - }, - "oscalTypes_1_1_3.AssessmentPlanTermsAndConditions": { - "type": "object", - "properties": { - "parts": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentPart" - } - } - } - }, - "oscalTypes_1_1_3.AssessmentPlatform": { - "type": "object", - "properties": { + }, "links": { "type": "array", "items": { @@ -19804,91 +29159,116 @@ "remarks": { "type": "string" }, - "title": { + "select": { + "$ref": "#/definitions/oscalTypes_1_1_3.ParameterSelection" + }, + "usage": { "type": "string" }, - "uses-components": { + "values": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.UsesComponent" + "type": "string" } + } + } + }, + "oscalTypes_1_1_3.ParameterConstraint": { + "type": "object", + "properties": { + "description": { + "type": "string" }, - "uuid": { + "tests": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.ConstraintTest" + } + } + } + }, + "oscalTypes_1_1_3.ParameterGuideline": { + "type": "object", + "properties": { + "prose": { "type": "string" } } }, - "oscalTypes_1_1_3.AssessmentResults": { + "oscalTypes_1_1_3.ParameterSelection": { "type": "object", "properties": { - "back-matter": { - "$ref": "#/definitions/oscalTypes_1_1_3.BackMatter" - }, - "import-ap": { - "$ref": "#/definitions/oscalTypes_1_1_3.ImportAp" - }, - "local-definitions": { - "$ref": "#/definitions/oscalTypes_1_1_3.LocalDefinitions" - }, - "metadata": { - "$ref": "#/definitions/oscalTypes_1_1_3.Metadata" - }, - "results": { + "choice": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Result" + "type": "string" } }, - "uuid": { + "how-many": { "type": "string" } } }, - "oscalTypes_1_1_3.AssessmentSubject": { + "oscalTypes_1_1_3.ParameterSetting": { "type": "object", "properties": { - "description": { + "class": { "type": "string" }, - "exclude-subjects": { + "constraints": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.SelectSubjectById" + "$ref": "#/definitions/oscalTypes_1_1_3.ParameterConstraint" } }, - "include-all": { - "$ref": "#/definitions/oscalTypes_1_1_3.IncludeAll" + "depends-on": { + "type": "string" }, - "include-subjects": { + "guidelines": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.SelectSubjectById" + "$ref": "#/definitions/oscalTypes_1_1_3.ParameterGuideline" } }, + "label": { + "type": "string" + }, "links": { "type": "array", "items": { "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, + "param-id": { + "type": "string" + }, "props": { "type": "array", "items": { "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, - "remarks": { - "type": "string" + "select": { + "$ref": "#/definitions/oscalTypes_1_1_3.ParameterSelection" }, - "type": { + "usage": { "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } } } }, - "oscalTypes_1_1_3.AssociatedActivity": { + "oscalTypes_1_1_3.Part": { "type": "object", "properties": { - "activity-uuid": { + "class": { + "type": "string" + }, + "id": { "type": "string" }, "links": { @@ -19897,64 +29277,51 @@ "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" - } + "name": { + "type": "string" }, - "remarks": { + "ns": { "type": "string" }, - "responsible-roles": { + "parts": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleRole" + "$ref": "#/definitions/oscalTypes_1_1_3.Part" } }, - "subjects": { + "props": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentSubject" + "$ref": "#/definitions/oscalTypes_1_1_3.Property" } - } - } - }, - "oscalTypes_1_1_3.AssociatedRisk": { - "type": "object", - "properties": { - "risk-uuid": { + }, + "prose": { + "type": "string" + }, + "title": { "type": "string" } } }, - "oscalTypes_1_1_3.AttestationStatements": { + "oscalTypes_1_1_3.Party": { "type": "object", "properties": { - "parts": { + "addresses": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentPart" + "$ref": "#/definitions/oscalTypes_1_1_3.Address" } }, - "responsible-parties": { + "email-addresses": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleParty" + "type": "string" } - } - } - }, - "oscalTypes_1_1_3.AuthorizationBoundary": { - "type": "object", - "properties": { - "description": { - "type": "string" }, - "diagrams": { + "external-ids": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Diagram" + "$ref": "#/definitions/oscalTypes_1_1_3.PartyExternalIdentifier" } }, "links": { @@ -19963,6 +29330,21 @@ "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, + "location-uuids": { + "type": "array", + "items": { + "type": "string" + } + }, + "member-of-organizations": { + "type": "array", + "items": { + "type": "string" + } + }, + "name": { + "type": "string" + }, "props": { "type": "array", "items": { @@ -19971,212 +29353,261 @@ }, "remarks": { "type": "string" - } - } - }, - "oscalTypes_1_1_3.AuthorizedPrivilege": { - "type": "object", - "properties": { - "description": { + }, + "short-name": { "type": "string" }, - "functions-performed": { + "telephone-numbers": { "type": "array", "items": { - "type": "string" + "$ref": "#/definitions/oscalTypes_1_1_3.TelephoneNumber" } }, - "title": { + "type": { + "type": "string" + }, + "uuid": { "type": "string" } } }, - "oscalTypes_1_1_3.BackMatter": { - "type": "object", - "properties": { - "resources": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Resource" - } - } - } - }, - "oscalTypes_1_1_3.Base64": { + "oscalTypes_1_1_3.PartyExternalIdentifier": { "type": "object", "properties": { - "filename": { - "type": "string" - }, - "media-type": { + "id": { "type": "string" }, - "value": { + "scheme": { "type": "string" } } }, - "oscalTypes_1_1_3.ByComponent": { + "oscalTypes_1_1_3.PlanOfActionAndMilestones": { "type": "object", "properties": { - "component-uuid": { - "type": "string" + "back-matter": { + "$ref": "#/definitions/oscalTypes_1_1_3.BackMatter" }, - "description": { - "type": "string" + "findings": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Finding" + } }, - "export": { - "$ref": "#/definitions/oscalTypes_1_1_3.Export" + "import-ssp": { + "$ref": "#/definitions/oscalTypes_1_1_3.ImportSsp" }, - "implementation-status": { - "$ref": "#/definitions/oscalTypes_1_1_3.ImplementationStatus" + "local-definitions": { + "$ref": "#/definitions/oscalTypes_1_1_3.PlanOfActionAndMilestonesLocalDefinitions" }, - "inherited": { + "metadata": { + "$ref": "#/definitions/oscalTypes_1_1_3.Metadata" + }, + "observations": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.InheritedControlImplementation" + "$ref": "#/definitions/oscalTypes_1_1_3.Observation" } }, - "links": { + "poam-items": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" + "$ref": "#/definitions/oscalTypes_1_1_3.PoamItem" } }, - "props": { + "risks": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" + "$ref": "#/definitions/oscalTypes_1_1_3.Risk" } }, - "remarks": { - "type": "string" + "system-id": { + "$ref": "#/definitions/oscalTypes_1_1_3.SystemId" }, - "responsible-roles": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleRole" - } + "uuid": { + "type": "string" + } + } + }, + "oscalTypes_1_1_3.PlanOfActionAndMilestonesLocalDefinitions": { + "type": "object", + "properties": { + "assessment-assets": { + "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentAssets" }, - "satisfied": { + "components": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.SatisfiedControlImplementationResponsibility" + "$ref": "#/definitions/oscalTypes_1_1_3.SystemComponent" } }, - "set-parameters": { + "inventory-items": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.SetParameter" + "$ref": "#/definitions/oscalTypes_1_1_3.InventoryItem" } }, - "uuid": { + "remarks": { "type": "string" } } }, - "oscalTypes_1_1_3.Capability": { + "oscalTypes_1_1_3.PoamItem": { "type": "object", "properties": { - "control-implementations": { + "description": { + "type": "string" + }, + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Link" + } + }, + "origins": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.PoamItemOrigin" + } + }, + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Property" + } + }, + "related-findings": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ControlImplementationSet" + "$ref": "#/definitions/oscalTypes_1_1_3.RelatedFinding" } }, - "description": { - "type": "string" - }, - "incorporates-components": { + "related-observations": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.IncorporatesComponent" + "$ref": "#/definitions/oscalTypes_1_1_3.RelatedObservation" } }, - "links": { + "related-risks": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" + "$ref": "#/definitions/oscalTypes_1_1_3.AssociatedRisk" } }, - "name": { + "remarks": { "type": "string" }, - "props": { + "title": { + "type": "string" + }, + "uuid": { + "type": "string" + } + } + }, + "oscalTypes_1_1_3.PoamItemOrigin": { + "type": "object", + "properties": { + "actors": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" + "$ref": "#/definitions/oscalTypes_1_1_3.OriginActor" } + } + } + }, + "oscalTypes_1_1_3.PortRange": { + "type": "object", + "properties": { + "end": { + "type": "integer" }, - "remarks": { - "type": "string" + "start": { + "type": "integer" }, - "uuid": { + "transport": { "type": "string" } } }, - "oscalTypes_1_1_3.Catalog": { + "oscalTypes_1_1_3.Profile": { "type": "object", "properties": { "back-matter": { "$ref": "#/definitions/oscalTypes_1_1_3.BackMatter" }, - "controls": { + "imports": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Control" + "$ref": "#/definitions/oscalTypes_1_1_3.Import" } }, - "groups": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Group" - } + "merge": { + "$ref": "#/definitions/oscalTypes_1_1_3.Merge" }, "metadata": { "$ref": "#/definitions/oscalTypes_1_1_3.Metadata" }, - "params": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Parameter" - } + "modify": { + "$ref": "#/definitions/oscalTypes_1_1_3.Modify" }, "uuid": { "type": "string" } } }, - "oscalTypes_1_1_3.Characterization": { + "oscalTypes_1_1_3.Property": { "type": "object", "properties": { - "facets": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Facet" - } + "class": { + "type": "string" }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" - } + "group": { + "type": "string" }, - "origin": { - "$ref": "#/definitions/oscalTypes_1_1_3.Origin" + "name": { + "type": "string" }, - "props": { + "ns": { + "type": "string" + }, + "remarks": { + "type": "string" + }, + "uuid": { + "type": "string" + }, + "value": { + "type": "string" + } + } + }, + "oscalTypes_1_1_3.Protocol": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "port-ranges": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" + "$ref": "#/definitions/oscalTypes_1_1_3.PortRange" } + }, + "title": { + "type": "string" + }, + "uuid": { + "type": "string" } } }, - "oscalTypes_1_1_3.Citation": { + "oscalTypes_1_1_3.ProvidedControlImplementation": { "type": "object", "properties": { + "description": { + "type": "string" + }, "links": { "type": "array", "items": { @@ -20189,76 +29620,79 @@ "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, - "text": { + "remarks": { "type": "string" - } - } - }, - "oscalTypes_1_1_3.CombinationRule": { - "type": "object", - "properties": { - "method": { + }, + "responsible-roles": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleRole" + } + }, + "uuid": { "type": "string" } } }, - "oscalTypes_1_1_3.ComponentDefinition": { + "oscalTypes_1_1_3.ReferencedControlObjectives": { "type": "object", "properties": { - "back-matter": { - "$ref": "#/definitions/oscalTypes_1_1_3.BackMatter" + "description": { + "type": "string" }, - "capabilities": { + "exclude-objectives": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Capability" + "$ref": "#/definitions/oscalTypes_1_1_3.SelectObjectiveById" } }, - "components": { + "include-all": { + "$ref": "#/definitions/oscalTypes_1_1_3.IncludeAll" + }, + "include-objectives": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.DefinedComponent" + "$ref": "#/definitions/oscalTypes_1_1_3.SelectObjectiveById" } }, - "import-component-definitions": { + "links": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ImportComponentDefinition" + "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, - "metadata": { - "$ref": "#/definitions/oscalTypes_1_1_3.Metadata" + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Property" + } }, - "uuid": { + "remarks": { "type": "string" } } }, - "oscalTypes_1_1_3.ConstraintTest": { + "oscalTypes_1_1_3.RelatedFinding": { "type": "object", "properties": { - "expression": { - "type": "string" - }, - "remarks": { + "finding-uuid": { "type": "string" } } }, - "oscalTypes_1_1_3.Control": { + "oscalTypes_1_1_3.RelatedObservation": { "type": "object", "properties": { - "class": { - "type": "string" - }, - "controls": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Control" - } - }, - "id": { + "observation-uuid": { "type": "string" + } + } + }, + "oscalTypes_1_1_3.RelatedTask": { + "type": "object", + "properties": { + "identified-subject": { + "$ref": "#/definitions/oscalTypes_1_1_3.IdentifiedSubject" }, "links": { "type": "array", @@ -20266,55 +29700,41 @@ "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, - "params": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Parameter" - } - }, - "parts": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Part" - } - }, "props": { "type": "array", "items": { "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, - "title": { - "type": "string" - } - } - }, - "oscalTypes_1_1_3.ControlImplementation": { - "type": "object", - "properties": { - "description": { + "remarks": { "type": "string" }, - "implemented-requirements": { + "responsible-parties": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ImplementedRequirement" + "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleParty" } }, - "set-parameters": { + "subjects": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.SetParameter" + "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentSubject" } + }, + "task-uuid": { + "type": "string" } } }, - "oscalTypes_1_1_3.ControlImplementationResponsibility": { + "oscalTypes_1_1_3.RelevantEvidence": { "type": "object", "properties": { "description": { "type": "string" }, + "href": { + "type": "string" + }, "links": { "type": "array", "items": { @@ -20327,35 +29747,37 @@ "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, - "provided-uuid": { + "remarks": { + "type": "string" + } + } + }, + "oscalTypes_1_1_3.Removal": { + "type": "object", + "properties": { + "by-class": { "type": "string" }, - "remarks": { + "by-id": { "type": "string" }, - "responsible-roles": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleRole" - } + "by-item-name": { + "type": "string" }, - "uuid": { + "by-name": { + "type": "string" + }, + "by-ns": { "type": "string" } } }, - "oscalTypes_1_1_3.ControlImplementationSet": { + "oscalTypes_1_1_3.RequiredAsset": { "type": "object", "properties": { "description": { "type": "string" }, - "implemented-requirements": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ImplementedRequirementControlImplementation" - } - }, "links": { "type": "array", "items": { @@ -20368,13 +29790,16 @@ "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, - "set-parameters": { + "remarks": { + "type": "string" + }, + "subjects": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.SetParameter" + "$ref": "#/definitions/oscalTypes_1_1_3.SubjectReference" } }, - "source": { + "title": { "type": "string" }, "uuid": { @@ -20382,16 +29807,22 @@ } } }, - "oscalTypes_1_1_3.ControlStatementImplementation": { + "oscalTypes_1_1_3.Resource": { "type": "object", "properties": { + "base64": { + "$ref": "#/definitions/oscalTypes_1_1_3.Base64" + }, + "citation": { + "$ref": "#/definitions/oscalTypes_1_1_3.Citation" + }, "description": { "type": "string" }, - "links": { + "document-ids": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" + "$ref": "#/definitions/oscalTypes_1_1_3.DocumentId" } }, "props": { @@ -20403,13 +29834,13 @@ "remarks": { "type": "string" }, - "responsible-roles": { + "rlinks": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleRole" + "$ref": "#/definitions/oscalTypes_1_1_3.ResourceLink" } }, - "statement-id": { + "title": { "type": "string" }, "uuid": { @@ -20417,60 +29848,42 @@ } } }, - "oscalTypes_1_1_3.CustomGrouping": { + "oscalTypes_1_1_3.ResourceLink": { "type": "object", "properties": { - "groups": { + "hashes": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.CustomGroupingGroup" + "$ref": "#/definitions/oscalTypes_1_1_3.Hash" } }, - "insert-controls": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.InsertControls" - } + "href": { + "type": "string" + }, + "media-type": { + "type": "string" } } }, - "oscalTypes_1_1_3.CustomGroupingGroup": { + "oscalTypes_1_1_3.Response": { "type": "object", "properties": { - "class": { + "description": { "type": "string" }, - "groups": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.CustomGroupingGroup" - } - }, - "id": { + "lifecycle": { "type": "string" }, - "insert-controls": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.InsertControls" - } - }, "links": { "type": "array", "items": { "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, - "params": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Parameter" - } - }, - "parts": { + "origins": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Part" + "$ref": "#/definitions/oscalTypes_1_1_3.Origin" } }, "props": { @@ -20479,108 +29892,73 @@ "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, - "title": { - "type": "string" - } - } - }, - "oscalTypes_1_1_3.DataFlow": { - "type": "object", - "properties": { - "description": { + "remarks": { "type": "string" }, - "diagrams": { + "required-assets": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Diagram" + "$ref": "#/definitions/oscalTypes_1_1_3.RequiredAsset" } }, - "links": { + "tasks": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" + "$ref": "#/definitions/oscalTypes_1_1_3.Task" } }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" - } + "title": { + "type": "string" }, - "remarks": { + "uuid": { "type": "string" } } }, - "oscalTypes_1_1_3.DefinedComponent": { + "oscalTypes_1_1_3.ResponsibleParty": { "type": "object", "properties": { - "control-implementations": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ControlImplementationSet" - } - }, - "description": { - "type": "string" - }, "links": { "type": "array", "items": { "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, - "props": { + "party-uuids": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" + "type": "string" } }, - "protocols": { + "props": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Protocol" + "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, - "purpose": { - "type": "string" - }, "remarks": { "type": "string" }, - "responsible-roles": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleRole" - } - }, - "title": { - "type": "string" - }, - "type": { - "type": "string" - }, - "uuid": { + "role-id": { "type": "string" } } }, - "oscalTypes_1_1_3.Diagram": { + "oscalTypes_1_1_3.ResponsibleRole": { "type": "object", "properties": { - "caption": { - "type": "string" - }, - "description": { - "type": "string" - }, "links": { "type": "array", "items": { "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, + "party-uuids": { + "type": "array", + "items": { + "type": "string" + } + }, "props": { "type": "array", "items": { @@ -20590,288 +29968,241 @@ "remarks": { "type": "string" }, - "uuid": { - "type": "string" - } - } - }, - "oscalTypes_1_1_3.DocumentId": { - "type": "object", - "properties": { - "identifier": { - "type": "string" - }, - "scheme": { + "role-id": { "type": "string" } } }, - "oscalTypes_1_1_3.EventTiming": { + "oscalTypes_1_1_3.Result": { "type": "object", "properties": { - "at-frequency": { - "$ref": "#/definitions/oscalTypes_1_1_3.FrequencyCondition" + "assessment-log": { + "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentLog" }, - "on-date": { - "$ref": "#/definitions/oscalTypes_1_1_3.OnDateCondition" + "attestations": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.AttestationStatements" + } }, - "within-date-range": { - "$ref": "#/definitions/oscalTypes_1_1_3.OnDateRangeCondition" - } - } - }, - "oscalTypes_1_1_3.Export": { - "type": "object", - "properties": { "description": { "type": "string" }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" - } + "end": { + "type": "string" }, - "props": { + "findings": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" + "$ref": "#/definitions/oscalTypes_1_1_3.Finding" } }, - "provided": { + "links": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ProvidedControlImplementation" + "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, - "remarks": { - "type": "string" + "local-definitions": { + "$ref": "#/definitions/oscalTypes_1_1_3.LocalDefinitions" }, - "responsibilities": { + "observations": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ControlImplementationResponsibility" + "$ref": "#/definitions/oscalTypes_1_1_3.Observation" } - } - } - }, - "oscalTypes_1_1_3.Facet": { - "type": "object", - "properties": { - "links": { + }, + "props": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" + "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, - "name": { + "remarks": { "type": "string" }, - "props": { + "reviewed-controls": { + "$ref": "#/definitions/oscalTypes_1_1_3.ReviewedControls" + }, + "risks": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" + "$ref": "#/definitions/oscalTypes_1_1_3.Risk" } }, - "remarks": { + "start": { "type": "string" }, - "system": { + "title": { "type": "string" }, - "value": { + "uuid": { "type": "string" } } }, - "oscalTypes_1_1_3.Finding": { + "oscalTypes_1_1_3.ReviewedControls": { "type": "object", - "properties": { - "description": { - "type": "string" - }, - "implementation-statement-uuid": { - "type": "string" - }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" - } - }, - "origins": { + "properties": { + "control-objective-selections": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Origin" + "$ref": "#/definitions/oscalTypes_1_1_3.ReferencedControlObjectives" } }, - "props": { + "control-selections": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" + "$ref": "#/definitions/oscalTypes_1_1_3.AssessedControls" } }, - "related-observations": { + "description": { + "type": "string" + }, + "links": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.RelatedObservation" + "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, - "related-risks": { + "props": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.AssociatedRisk" + "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, "remarks": { "type": "string" - }, - "target": { - "$ref": "#/definitions/oscalTypes_1_1_3.FindingTarget" - }, - "title": { - "type": "string" - }, - "uuid": { - "type": "string" } } }, - "oscalTypes_1_1_3.FindingTarget": { + "oscalTypes_1_1_3.RevisionHistoryEntry": { "type": "object", "properties": { - "description": { + "last-modified": { "type": "string" }, - "implementation-status": { - "$ref": "#/definitions/oscalTypes_1_1_3.ImplementationStatus" - }, "links": { "type": "array", "items": { "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, + "oscal-version": { + "type": "string" + }, "props": { "type": "array", "items": { "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, - "remarks": { + "published": { "type": "string" }, - "status": { - "$ref": "#/definitions/oscalTypes_1_1_3.ObjectiveStatus" - }, - "target-id": { + "remarks": { "type": "string" }, "title": { "type": "string" }, - "type": { + "version": { "type": "string" } } }, - "oscalTypes_1_1_3.FlatWithoutGrouping": { - "type": "object", - "additionalProperties": true - }, - "oscalTypes_1_1_3.FrequencyCondition": { + "oscalTypes_1_1_3.Risk": { "type": "object", "properties": { - "period": { - "type": "integer" + "characterizations": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Characterization" + } }, - "unit": { + "deadline": { "type": "string" - } - } - }, - "oscalTypes_1_1_3.Group": { - "type": "object", - "properties": { - "class": { + }, + "description": { "type": "string" }, - "controls": { + "links": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Control" + "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, - "groups": { + "mitigating-factors": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Group" + "$ref": "#/definitions/oscalTypes_1_1_3.MitigatingFactor" } }, - "id": { - "type": "string" + "origins": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Origin" + } }, - "links": { + "props": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" + "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, - "params": { + "related-observations": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Parameter" + "$ref": "#/definitions/oscalTypes_1_1_3.RelatedObservation" } }, - "parts": { + "remediations": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Part" + "$ref": "#/definitions/oscalTypes_1_1_3.Response" } }, - "props": { + "risk-log": { + "$ref": "#/definitions/oscalTypes_1_1_3.RiskLog" + }, + "statement": { + "type": "string" + }, + "status": { + "type": "string" + }, + "threat-ids": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" + "$ref": "#/definitions/oscalTypes_1_1_3.ThreatId" } }, "title": { "type": "string" - } - } - }, - "oscalTypes_1_1_3.Hash": { - "type": "object", - "properties": { - "algorithm": { - "type": "string" }, - "value": { + "uuid": { "type": "string" } } }, - "oscalTypes_1_1_3.IdentifiedSubject": { + "oscalTypes_1_1_3.RiskLog": { "type": "object", "properties": { - "subject-placeholder-uuid": { - "type": "string" - }, - "subjects": { + "entries": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentSubject" + "$ref": "#/definitions/oscalTypes_1_1_3.RiskLogEntry" } } } }, - "oscalTypes_1_1_3.Impact": { + "oscalTypes_1_1_3.RiskLogEntry": { "type": "object", "properties": { - "adjustment-justification": { + "description": { "type": "string" }, - "base": { + "end": { "type": "string" }, "links": { @@ -20880,34 +30211,44 @@ "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, + "logged-by": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.LoggedBy" + } + }, "props": { "type": "array", "items": { "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, - "selected": { - "type": "string" - } - } - }, - "oscalTypes_1_1_3.ImplementationStatus": { - "type": "object", - "properties": { + "related-responses": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.RiskResponseReference" + } + }, "remarks": { "type": "string" }, - "state": { + "start": { + "type": "string" + }, + "status-change": { + "type": "string" + }, + "title": { + "type": "string" + }, + "uuid": { "type": "string" } } }, - "oscalTypes_1_1_3.ImplementedComponent": { + "oscalTypes_1_1_3.RiskResponseReference": { "type": "object", "properties": { - "component-uuid": { - "type": "string" - }, "links": { "type": "array", "items": { @@ -20920,27 +30261,27 @@ "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, - "remarks": { - "type": "string" - }, - "responsible-parties": { + "related-tasks": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleParty" + "$ref": "#/definitions/oscalTypes_1_1_3.RelatedTask" } + }, + "remarks": { + "type": "string" + }, + "response-uuid": { + "type": "string" } } }, - "oscalTypes_1_1_3.ImplementedRequirement": { + "oscalTypes_1_1_3.Role": { "type": "object", "properties": { - "by-components": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ByComponent" - } + "description": { + "type": "string" }, - "control-id": { + "id": { "type": "string" }, "links": { @@ -20958,35 +30299,17 @@ "remarks": { "type": "string" }, - "responsible-roles": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleRole" - } - }, - "set-parameters": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.SetParameter" - } - }, - "statements": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Statement" - } + "short-name": { + "type": "string" }, - "uuid": { + "title": { "type": "string" } } }, - "oscalTypes_1_1_3.ImplementedRequirementControlImplementation": { + "oscalTypes_1_1_3.SatisfiedControlImplementationResponsibility": { "type": "object", "properties": { - "control-id": { - "type": "string" - }, "description": { "type": "string" }, @@ -21005,129 +30328,114 @@ "remarks": { "type": "string" }, - "responsible-roles": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleRole" - } - }, - "set-parameters": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.SetParameter" - } - }, - "statements": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ControlStatementImplementation" - } - }, - "uuid": { - "type": "string" - } - } - }, - "oscalTypes_1_1_3.Import": { - "type": "object", - "properties": { - "exclude-controls": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.SelectControlById" - } - }, - "href": { + "responsibility-uuid": { "type": "string" }, - "include-all": { - "$ref": "#/definitions/oscalTypes_1_1_3.IncludeAll" - }, - "include-controls": { + "responsible-roles": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.SelectControlById" + "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleRole" } + }, + "uuid": { + "type": "string" } } }, - "oscalTypes_1_1_3.ImportAp": { + "oscalTypes_1_1_3.SecurityImpactLevel": { "type": "object", "properties": { - "href": { + "security-objective-availability": { "type": "string" }, - "remarks": { + "security-objective-confidentiality": { + "type": "string" + }, + "security-objective-integrity": { "type": "string" } } }, - "oscalTypes_1_1_3.ImportComponentDefinition": { + "oscalTypes_1_1_3.SelectControlById": { "type": "object", "properties": { - "href": { + "matching": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Matching" + } + }, + "with-child-controls": { "type": "string" + }, + "with-ids": { + "type": "array", + "items": { + "type": "string" + } } } }, - "oscalTypes_1_1_3.ImportProfile": { + "oscalTypes_1_1_3.SelectObjectiveById": { "type": "object", "properties": { - "href": { - "type": "string" - }, - "remarks": { + "objective-id": { "type": "string" } } }, - "oscalTypes_1_1_3.ImportSsp": { + "oscalTypes_1_1_3.SelectSubjectById": { "type": "object", "properties": { - "href": { - "type": "string" + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Link" + } + }, + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Property" + } }, "remarks": { "type": "string" + }, + "subject-uuid": { + "type": "string" + }, + "type": { + "type": "string" } } }, - "oscalTypes_1_1_3.IncludeAll": { - "type": "object", - "additionalProperties": true - }, - "oscalTypes_1_1_3.IncorporatesComponent": { + "oscalTypes_1_1_3.SetParameter": { "type": "object", "properties": { - "component-uuid": { + "param-id": { "type": "string" }, - "description": { + "remarks": { "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } } } }, - "oscalTypes_1_1_3.InformationType": { + "oscalTypes_1_1_3.Statement": { "type": "object", "properties": { - "availability-impact": { - "$ref": "#/definitions/oscalTypes_1_1_3.Impact" - }, - "categorizations": { + "by-components": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.InformationTypeCategorization" + "$ref": "#/definitions/oscalTypes_1_1_3.ByComponent" } }, - "confidentiality-impact": { - "$ref": "#/definitions/oscalTypes_1_1_3.Impact" - }, - "description": { - "type": "string" - }, - "integrity-impact": { - "$ref": "#/definitions/oscalTypes_1_1_3.Impact" - }, "links": { "type": "array", "items": { @@ -21140,7 +30448,16 @@ "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, - "title": { + "remarks": { + "type": "string" + }, + "responsible-roles": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleRole" + } + }, + "statement-id": { "type": "string" }, "uuid": { @@ -21148,21 +30465,18 @@ } } }, - "oscalTypes_1_1_3.InformationTypeCategorization": { + "oscalTypes_1_1_3.Status": { "type": "object", "properties": { - "information-type-ids": { - "type": "array", - "items": { - "type": "string" - } + "remarks": { + "type": "string" }, - "system": { + "state": { "type": "string" } } }, - "oscalTypes_1_1_3.InheritedControlImplementation": { + "oscalTypes_1_1_3.Step": { "type": "object", "properties": { "description": { @@ -21180,7 +30494,7 @@ "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, - "provided-uuid": { + "remarks": { "type": "string" }, "responsible-roles": { @@ -21189,45 +30503,60 @@ "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleRole" } }, + "reviewed-controls": { + "$ref": "#/definitions/oscalTypes_1_1_3.ReviewedControls" + }, + "title": { + "type": "string" + }, "uuid": { "type": "string" } } }, - "oscalTypes_1_1_3.InsertControls": { + "oscalTypes_1_1_3.SubjectReference": { "type": "object", "properties": { - "exclude-controls": { + "links": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.SelectControlById" + "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, - "include-all": { - "$ref": "#/definitions/oscalTypes_1_1_3.IncludeAll" - }, - "include-controls": { + "props": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.SelectControlById" + "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, - "order": { + "remarks": { + "type": "string" + }, + "subject-uuid": { + "type": "string" + }, + "title": { + "type": "string" + }, + "type": { "type": "string" } } }, - "oscalTypes_1_1_3.InventoryItem": { + "oscalTypes_1_1_3.SystemCharacteristics": { "type": "object", "properties": { - "description": { + "authorization-boundary": { + "$ref": "#/definitions/oscalTypes_1_1_3.AuthorizationBoundary" + }, + "data-flow": { + "$ref": "#/definitions/oscalTypes_1_1_3.DataFlow" + }, + "date-authorized": { "type": "string" }, - "implemented-components": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ImplementedComponent" - } + "description": { + "type": "string" }, "links": { "type": "array", @@ -21235,6 +30564,9 @@ "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, + "network-architecture": { + "$ref": "#/definitions/oscalTypes_1_1_3.NetworkArchitecture" + }, "props": { "type": "array", "items": { @@ -21250,15 +30582,36 @@ "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleParty" } }, - "uuid": { + "security-impact-level": { + "$ref": "#/definitions/oscalTypes_1_1_3.SecurityImpactLevel" + }, + "security-sensitivity-level": { + "type": "string" + }, + "status": { + "$ref": "#/definitions/oscalTypes_1_1_3.Status" + }, + "system-ids": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.SystemId" + } + }, + "system-information": { + "$ref": "#/definitions/oscalTypes_1_1_3.SystemInformation" + }, + "system-name": { + "type": "string" + }, + "system-name-short": { "type": "string" } } }, - "oscalTypes_1_1_3.LeveragedAuthorization": { + "oscalTypes_1_1_3.SystemComponent": { "type": "object", "properties": { - "date-authorized": { + "description": { "type": "string" }, "links": { @@ -21267,71 +30620,97 @@ "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, - "party-uuid": { - "type": "string" - }, "props": { "type": "array", "items": { "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, + "protocols": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Protocol" + } + }, + "purpose": { + "type": "string" + }, "remarks": { "type": "string" }, + "responsible-roles": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleRole" + } + }, + "status": { + "$ref": "#/definitions/oscalTypes_1_1_3.SystemComponentStatus" + }, "title": { "type": "string" }, + "type": { + "type": "string" + }, "uuid": { "type": "string" } } }, - "oscalTypes_1_1_3.Link": { + "oscalTypes_1_1_3.SystemComponentStatus": { "type": "object", "properties": { - "href": { - "type": "string" - }, - "media-type": { + "remarks": { "type": "string" }, - "rel": { + "state": { "type": "string" - }, - "resource-fragment": { + } + } + }, + "oscalTypes_1_1_3.SystemId": { + "type": "object", + "properties": { + "id": { "type": "string" }, - "text": { + "identifier-type": { "type": "string" } } }, - "oscalTypes_1_1_3.LocalDefinitions": { + "oscalTypes_1_1_3.SystemImplementation": { "type": "object", "properties": { - "activities": { + "components": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Activity" + "$ref": "#/definitions/oscalTypes_1_1_3.SystemComponent" + } + }, + "inventory-items": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.InventoryItem" } }, - "components": { + "leveraged-authorizations": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.SystemComponent" + "$ref": "#/definitions/oscalTypes_1_1_3.LeveragedAuthorization" } }, - "inventory-items": { + "links": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.InventoryItem" + "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, - "objectives-and-methods": { + "props": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.LocalObjective" + "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, "remarks": { @@ -21345,11 +30724,63 @@ } } }, - "oscalTypes_1_1_3.LocalObjective": { + "oscalTypes_1_1_3.SystemInformation": { "type": "object", "properties": { - "control-id": { + "information-types": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.InformationType" + } + }, + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Link" + } + }, + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.Property" + } + } + } + }, + "oscalTypes_1_1_3.SystemSecurityPlan": { + "type": "object", + "properties": { + "back-matter": { + "$ref": "#/definitions/oscalTypes_1_1_3.BackMatter" + }, + "control-implementation": { + "$ref": "#/definitions/oscalTypes_1_1_3.ControlImplementation" + }, + "import-profile": { + "$ref": "#/definitions/oscalTypes_1_1_3.ImportProfile" + }, + "metadata": { + "$ref": "#/definitions/oscalTypes_1_1_3.Metadata" + }, + "system-characteristics": { + "$ref": "#/definitions/oscalTypes_1_1_3.SystemCharacteristics" + }, + "system-implementation": { + "$ref": "#/definitions/oscalTypes_1_1_3.SystemImplementation" + }, + "uuid": { "type": "string" + } + } + }, + "oscalTypes_1_1_3.SystemUser": { + "type": "object", + "properties": { + "authorized-privileges": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.AuthorizedPrivilege" + } }, "description": { "type": "string" @@ -21360,35 +30791,50 @@ "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, - "parts": { + "props": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Part" + "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, - "props": { + "remarks": { + "type": "string" + }, + "role-ids": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" + "type": "string" } }, - "remarks": { + "short-name": { + "type": "string" + }, + "title": { + "type": "string" + }, + "uuid": { "type": "string" } } }, - "oscalTypes_1_1_3.Location": { + "oscalTypes_1_1_3.Task": { "type": "object", "properties": { - "address": { - "$ref": "#/definitions/oscalTypes_1_1_3.Address" + "associated-activities": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.AssociatedActivity" + } }, - "email-addresses": { + "dependencies": { "type": "array", "items": { - "type": "string" + "$ref": "#/definitions/oscalTypes_1_1_3.TaskDependency" } }, + "description": { + "type": "string" + }, "links": { "type": "array", "items": { @@ -21404,78 +30850,78 @@ "remarks": { "type": "string" }, - "telephone-numbers": { + "responsible-roles": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.TelephoneNumber" + "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleRole" } }, - "title": { - "type": "string" + "subjects": { + "type": "array", + "items": { + "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentSubject" + } }, - "urls": { + "tasks": { "type": "array", "items": { - "type": "string" + "$ref": "#/definitions/oscalTypes_1_1_3.Task" } }, + "timing": { + "$ref": "#/definitions/oscalTypes_1_1_3.EventTiming" + }, + "title": { + "type": "string" + }, + "type": { + "type": "string" + }, "uuid": { "type": "string" } } }, - "oscalTypes_1_1_3.LoggedBy": { + "oscalTypes_1_1_3.TaskDependency": { "type": "object", "properties": { - "party-uuid": { + "remarks": { "type": "string" }, - "role-id": { + "task-uuid": { "type": "string" } } }, - "oscalTypes_1_1_3.Matching": { + "oscalTypes_1_1_3.TelephoneNumber": { "type": "object", "properties": { - "pattern": { + "number": { + "type": "string" + }, + "type": { "type": "string" } } }, - "oscalTypes_1_1_3.Merge": { + "oscalTypes_1_1_3.ThreatId": { "type": "object", "properties": { - "as-is": { - "type": "boolean" - }, - "combine": { - "$ref": "#/definitions/oscalTypes_1_1_3.CombinationRule" + "href": { + "type": "string" }, - "custom": { - "$ref": "#/definitions/oscalTypes_1_1_3.CustomGrouping" + "id": { + "type": "string" }, - "flat": { - "$ref": "#/definitions/oscalTypes_1_1_3.FlatWithoutGrouping" + "system": { + "type": "string" } } }, - "oscalTypes_1_1_3.Metadata": { + "oscalTypes_1_1_3.UsesComponent": { "type": "object", "properties": { - "actions": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Action" - } - }, - "document-ids": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.DocumentId" - } - }, - "last-modified": { + "component-uuid": { "type": "string" }, "links": { @@ -21484,30 +30930,12 @@ "$ref": "#/definitions/oscalTypes_1_1_3.Link" } }, - "locations": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Location" - } - }, - "oscal-version": { - "type": "string" - }, - "parties": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Party" - } - }, "props": { "type": "array", "items": { "$ref": "#/definitions/oscalTypes_1_1_3.Property" } }, - "published": { - "type": "string" - }, "remarks": { "type": "string" }, @@ -21516,747 +30944,902 @@ "items": { "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleParty" } + } + } + }, + "poam.PoamItemControlLink": { + "type": "object", + "properties": { + "catalogId": { + "type": "string" }, - "revisions": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.RevisionHistoryEntry" - } - }, - "roles": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Role" - } + "controlId": { + "type": "string" }, - "title": { + "createdAt": { "type": "string" }, - "version": { + "poamItemId": { "type": "string" } } }, - "oscalTypes_1_1_3.MitigatingFactor": { + "poam.PoamItemEvidenceLink": { "type": "object", "properties": { - "description": { + "createdAt": { "type": "string" }, - "implementation-uuid": { + "evidenceId": { "type": "string" }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" - } - }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" - } + "poamItemId": { + "type": "string" + } + } + }, + "poam.PoamItemFindingLink": { + "type": "object", + "properties": { + "createdAt": { + "type": "string" }, - "subjects": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.SubjectReference" - } + "findingId": { + "type": "string" }, - "uuid": { + "poamItemId": { "type": "string" } } }, - "oscalTypes_1_1_3.Modify": { + "poam.PoamItemRiskLink": { "type": "object", "properties": { - "alters": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Alteration" - } + "createdAt": { + "type": "string" }, - "set-parameters": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ParameterSetting" - } + "poamItemId": { + "type": "string" + }, + "riskId": { + "type": "string" } } }, - "oscalTypes_1_1_3.NetworkArchitecture": { + "relational.Action": { "type": "object", "properties": { - "description": { + "date": { "type": "string" }, - "diagrams": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Diagram" - } + "id": { + "type": "string" }, "links": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" + "$ref": "#/definitions/relational.Link" } }, + "metadata-id": { + "description": "Actions only exist on a metadata object. We'll link them straight there with a BelongsTo relationship", + "type": "string" + }, "props": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" + "$ref": "#/definitions/relational.Prop" } }, "remarks": { "type": "string" - } - } - }, - "oscalTypes_1_1_3.ObjectiveStatus": { - "type": "object", - "properties": { - "reason": { - "type": "string" }, - "remarks": { + "responsibleParties": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.ResponsibleParty" + } + }, + "system": { + "description": "required", "type": "string" }, - "state": { + "type": { + "description": "required", "type": "string" } } }, - "oscalTypes_1_1_3.Observation": { + "relational.Activity": { "type": "object", "properties": { - "collected": { - "type": "string" - }, "description": { + "description": "required", "type": "string" }, - "expires": { + "id": { "type": "string" }, "links": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" + "$ref": "#/definitions/relational.Link" } }, - "methods": { + "props": { "type": "array", "items": { - "type": "string" + "$ref": "#/definitions/relational.Prop" } }, - "origins": { + "related-controls": { + "$ref": "#/definitions/relational.ReviewedControls" + }, + "relatedControlsID": { + "type": "string" + }, + "remarks": { + "description": "required", + "type": "string" + }, + "responsible-roles": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Origin" + "$ref": "#/definitions/relational.ResponsibleRole" } }, - "props": { + "steps": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" + "$ref": "#/definitions/relational.Step" } }, - "relevant-evidence": { + "title": { + "type": "string" + } + } + }, + "relational.Addition": { + "type": "object", + "properties": { + "alterationID": { + "type": "string" + }, + "by-id": { + "type": "string" + }, + "id": { + "type": "string" + }, + "links": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.RelevantEvidence" + "$ref": "#/definitions/relational.Link" } }, - "remarks": { - "type": "string" + "params": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Parameter" + } }, - "subjects": { + "parts": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.SubjectReference" + "$ref": "#/definitions/relational.Part" } }, - "title": { + "position": { "type": "string" }, - "types": { + "props": { "type": "array", "items": { - "type": "string" + "$ref": "#/definitions/relational.Prop" } }, - "uuid": { + "title": { "type": "string" } } }, - "oscalTypes_1_1_3.OnDateCondition": { + "relational.Address": { "type": "object", "properties": { - "date": { + "city": { "type": "string" - } - } - }, - "oscalTypes_1_1_3.OnDateRangeCondition": { - "type": "object", - "properties": { - "end": { + }, + "country": { "type": "string" }, - "start": { + "lines": { + "type": "array", + "items": { + "type": "string" + } + }, + "postal-code": { + "type": "string" + }, + "state": { "type": "string" + }, + "type": { + "$ref": "#/definitions/relational.AddressType" } } }, - "oscalTypes_1_1_3.Origin": { + "relational.AddressType": { + "type": "string", + "enum": [ + "work", + "home" + ], + "x-enum-varnames": [ + "AddressTypeWork", + "AddressTypeHome" + ] + }, + "relational.Alteration": { "type": "object", "properties": { - "actors": { + "adds": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.OriginActor" + "$ref": "#/definitions/relational.Addition" } }, - "related-tasks": { + "control-id": { + "description": "required", + "type": "string" + }, + "id": { + "type": "string" + }, + "modify-id": { + "type": "string" + }, + "removes": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.RelatedTask" + "$ref": "#/definitions/relational.Removal" } } } }, - "oscalTypes_1_1_3.OriginActor": { + "relational.AssessedControlsSelectControlById": { "type": "object", "properties": { - "actor-uuid": { + "control": { + "$ref": "#/definitions/relational.Control" + }, + "controlID": { "type": "string" }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" - } + "id": { + "type": "string" }, - "props": { + "statements": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" + "$ref": "#/definitions/relational.Statement" } - }, - "role-id": { - "type": "string" - }, - "type": { - "type": "string" } } }, - "oscalTypes_1_1_3.Parameter": { + "relational.AssessmentSubject": { "type": "object", "properties": { - "class": { + "description": { "type": "string" }, - "constraints": { + "evidence": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ParameterConstraint" + "$ref": "#/definitions/relational.Evidence" } }, - "depends-on": { - "type": "string" - }, - "guidelines": { + "excludeSubjects": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ParameterGuideline" + "$ref": "#/definitions/relational.SelectSubjectById" } }, "id": { "type": "string" }, - "label": { - "type": "string" + "includeAll": { + "$ref": "#/definitions/datatypes.JSONType-relational_IncludeAll" + }, + "includeSubjects": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.SelectSubjectById" + } }, "links": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" + "$ref": "#/definitions/relational.Link" } }, "props": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" + "$ref": "#/definitions/relational.Prop" } }, "remarks": { "type": "string" }, - "select": { - "$ref": "#/definitions/oscalTypes_1_1_3.ParameterSelection" - }, - "usage": { + "sspId": { "type": "string" }, - "values": { - "type": "array", - "items": { - "type": "string" - } + "type": { + "description": "Type represents a component, party, location, user, or inventory item.\nIt will likely be updated once we can map it correctly", + "type": "string" } } }, - "oscalTypes_1_1_3.ParameterConstraint": { + "relational.AuthorizationBoundary": { "type": "object", "properties": { "description": { "type": "string" }, - "tests": { + "diagrams": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ConstraintTest" + "$ref": "#/definitions/relational.Diagram" } - } - } - }, - "oscalTypes_1_1_3.ParameterGuideline": { - "type": "object", - "properties": { - "prose": { + }, + "id": { + "type": "string" + }, + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Link" + } + }, + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Prop" + } + }, + "remarks": { + "type": "string" + }, + "systemCharacteristicsId": { "type": "string" } } }, - "oscalTypes_1_1_3.ParameterSelection": { + "relational.AuthorizedPrivilege": { "type": "object", "properties": { - "choice": { + "description": { + "type": "string" + }, + "functions-performed": { "type": "array", "items": { "type": "string" } }, - "how-many": { + "id": { + "type": "string" + }, + "systemUserId": { + "type": "string" + }, + "title": { "type": "string" } } }, - "oscalTypes_1_1_3.ParameterSetting": { + "relational.BackMatter": { "type": "object", "properties": { - "class": { + "id": { "type": "string" }, - "constraints": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ParameterConstraint" - } + "parentID": { + "type": "string" }, - "depends-on": { + "parentType": { "type": "string" }, - "guidelines": { + "resources": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ParameterGuideline" + "$ref": "#/definitions/relational.BackMatterResource" } + } + } + }, + "relational.BackMatterResource": { + "type": "object", + "properties": { + "backMatterID": { + "type": "string" }, - "label": { + "base64": { + "$ref": "#/definitions/datatypes.JSONType-relational_Base64" + }, + "citation": { + "$ref": "#/definitions/datatypes.JSONType-relational_Citation" + }, + "description": { "type": "string" }, - "links": { + "document-ids": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" + "$ref": "#/definitions/relational.DocumentID" } }, - "param-id": { + "id": { + "description": "required", "type": "string" }, "props": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" + "$ref": "#/definitions/relational.Prop" } }, - "select": { - "$ref": "#/definitions/oscalTypes_1_1_3.ParameterSelection" - }, - "usage": { + "remarks": { "type": "string" }, - "values": { + "rlinks": { "type": "array", "items": { - "type": "string" + "$ref": "#/definitions/relational.ResourceLink" } + }, + "title": { + "type": "string" } } }, - "oscalTypes_1_1_3.Part": { + "relational.ByComponent": { "type": "object", "properties": { - "class": { + "component-uuid": { + "type": "string" + }, + "description": { "type": "string" }, + "export": { + "$ref": "#/definitions/relational.Export" + }, "id": { "type": "string" }, + "implementation-status": { + "$ref": "#/definitions/datatypes.JSONType-relational_ImplementationStatus" + }, + "inherited-control-implementations": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.InheritedControlImplementation" + } + }, "links": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" + "$ref": "#/definitions/relational.Link" } }, - "name": { + "parentID": { + "description": "As ByComponent can be found in Implemented Requirements \u0026 Statements, using GORM polymorphism to tell us where to attach", "type": "string" }, - "ns": { + "parentType": { "type": "string" }, - "parts": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Part" - } - }, "props": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" + "$ref": "#/definitions/relational.Prop" } }, - "prose": { + "remarks": { "type": "string" }, - "title": { - "type": "string" - } - } - }, - "oscalTypes_1_1_3.Party": { - "type": "object", - "properties": { - "addresses": { + "responsible-parties": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Address" + "$ref": "#/definitions/relational.ResponsibleRole" } }, - "email-addresses": { + "satisfied": { "type": "array", "items": { - "type": "string" + "$ref": "#/definitions/relational.SatisfiedControlImplementationResponsibility" } }, - "external-ids": { + "set-parameters": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.PartyExternalIdentifier" + "$ref": "#/definitions/relational.SetParameter" } + } + } + }, + "relational.Capability": { + "type": "object", + "properties": { + "componentDefinition": { + "$ref": "#/definitions/relational.ComponentDefinition" }, - "links": { + "componentDefinitionId": { + "type": "string" + }, + "control-implementations": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" + "$ref": "#/definitions/relational.ControlImplementationSet" } }, - "location-uuids": { + "description": { + "description": "required", + "type": "string" + }, + "id": { + "type": "string" + }, + "incorporates-components": { "type": "array", "items": { - "type": "string" + "$ref": "#/definitions/relational.IncorporatesComponents" } }, - "member-of-organizations": { + "links": { "type": "array", "items": { - "type": "string" + "$ref": "#/definitions/relational.Link" } }, "name": { + "description": "required", "type": "string" }, "props": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" + "$ref": "#/definitions/relational.Prop" } }, "remarks": { "type": "string" + } + } + }, + "relational.ComponentDefinition": { + "type": "object", + "properties": { + "back-matter": { + "$ref": "#/definitions/relational.BackMatter" }, - "short-name": { - "type": "string" + "capabilities": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Capability" + } }, - "telephone-numbers": { + "components": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.TelephoneNumber" + "$ref": "#/definitions/relational.DefinedComponent" } }, - "type": { + "id": { "type": "string" }, - "uuid": { - "type": "string" + "import-component-definitions": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.ImportComponentDefinition" + } + }, + "metadata": { + "description": "required", + "allOf": [ + { + "$ref": "#/definitions/relational.Metadata" + } + ] } } }, - "oscalTypes_1_1_3.PartyExternalIdentifier": { + "relational.Control": { "type": "object", "properties": { - "id": { + "catalogID": { "type": "string" }, - "scheme": { + "class": { "type": "string" - } - } - }, - "oscalTypes_1_1_3.PlanOfActionAndMilestones": { - "type": "object", - "properties": { - "back-matter": { - "$ref": "#/definitions/oscalTypes_1_1_3.BackMatter" }, - "findings": { + "controls": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Finding" + "$ref": "#/definitions/relational.Control" } }, - "import-ssp": { - "$ref": "#/definitions/oscalTypes_1_1_3.ImportSsp" - }, - "local-definitions": { - "$ref": "#/definitions/oscalTypes_1_1_3.PlanOfActionAndMilestonesLocalDefinitions" + "filters": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Filter" + } }, - "metadata": { - "$ref": "#/definitions/oscalTypes_1_1_3.Metadata" + "id": { + "description": "required", + "type": "string" }, - "observations": { + "links": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Observation" + "$ref": "#/definitions/relational.Link" } }, - "poam-items": { + "params": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.PoamItem" + "$ref": "#/definitions/relational.Parameter" } }, - "risks": { + "parentID": { + "type": "string" + }, + "parentType": { + "type": "string" + }, + "parts": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Risk" + "$ref": "#/definitions/relational.Part" } }, - "system-id": { - "$ref": "#/definitions/oscalTypes_1_1_3.SystemId" + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Prop" + } }, - "uuid": { + "title": { + "description": "required", "type": "string" } } }, - "oscalTypes_1_1_3.PlanOfActionAndMilestonesLocalDefinitions": { + "relational.ControlImplementation": { "type": "object", "properties": { - "assessment-assets": { - "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentAssets" + "description": { + "type": "string" }, - "components": { + "id": { + "type": "string" + }, + "implemented-requirements": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.SystemComponent" + "$ref": "#/definitions/relational.ImplementedRequirement" } }, - "inventory-items": { + "set-parameters": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.InventoryItem" + "$ref": "#/definitions/relational.SetParameter" } }, - "remarks": { + "systemSecurityPlanId": { "type": "string" } } }, - "oscalTypes_1_1_3.PoamItem": { + "relational.ControlImplementationResponsibility": { "type": "object", "properties": { "description": { + "description": "required", + "type": "string" + }, + "exportId": { + "type": "string" + }, + "id": { "type": "string" }, "links": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" + "$ref": "#/definitions/relational.Link" } }, - "origins": { + "props": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.PoamItemOrigin" + "$ref": "#/definitions/relational.Prop" } }, - "props": { + "provided-uuid": { + "type": "string" + }, + "remarks": { + "type": "string" + }, + "responsible-roles": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" + "$ref": "#/definitions/relational.ResponsibleRole" } + } + } + }, + "relational.ControlImplementationSet": { + "type": "object", + "properties": { + "definedComponent": { + "$ref": "#/definitions/relational.DefinedComponent" }, - "related-findings": { + "definedComponentID": { + "type": "string" + }, + "description": { + "description": "required", + "type": "string" + }, + "id": { + "type": "string" + }, + "implemented-requirements": { + "description": "required", "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.RelatedFinding" + "$ref": "#/definitions/relational.ImplementedRequirementControlImplementation" } }, - "related-observations": { + "links": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.RelatedObservation" + "$ref": "#/definitions/relational.Link" } }, - "related-risks": { + "props": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.AssociatedRisk" + "$ref": "#/definitions/relational.Prop" } }, - "remarks": { - "type": "string" - }, - "title": { - "type": "string" + "set-parameters": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.SetParameter" + } }, - "uuid": { + "source": { + "description": "required", "type": "string" } } }, - "oscalTypes_1_1_3.PoamItemOrigin": { + "relational.ControlObjectiveSelection": { "type": "object", "properties": { - "actors": { + "description": { + "type": "string" + }, + "excludeObjectives": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.OriginActor" + "$ref": "#/definitions/relational.SelectObjectiveById" } - } - } - }, - "oscalTypes_1_1_3.PortRange": { - "type": "object", - "properties": { - "end": { - "type": "integer" - }, - "start": { - "type": "integer" }, - "transport": { + "id": { "type": "string" - } - } - }, - "oscalTypes_1_1_3.Profile": { - "type": "object", - "properties": { - "back-matter": { - "$ref": "#/definitions/oscalTypes_1_1_3.BackMatter" }, - "imports": { + "includeAll": { + "$ref": "#/definitions/datatypes.JSONType-relational_IncludeAll" + }, + "includeObjectives": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Import" + "$ref": "#/definitions/relational.SelectObjectiveById" } }, - "merge": { - "$ref": "#/definitions/oscalTypes_1_1_3.Merge" + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Link" + } }, - "metadata": { - "$ref": "#/definitions/oscalTypes_1_1_3.Metadata" + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Prop" + } }, - "modify": { - "$ref": "#/definitions/oscalTypes_1_1_3.Modify" + "remarks": { + "type": "string" }, - "uuid": { + "reviewedControlsID": { "type": "string" } } }, - "oscalTypes_1_1_3.Property": { + "relational.ControlSelection": { "type": "object", "properties": { - "class": { - "type": "string" - }, - "group": { + "description": { "type": "string" }, - "name": { - "type": "string" + "excludeControls": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.AssessedControlsSelectControlById" + } }, - "ns": { + "id": { "type": "string" }, - "remarks": { - "type": "string" + "includeAll": { + "$ref": "#/definitions/datatypes.JSONType-relational_IncludeAll" }, - "uuid": { - "type": "string" + "includeControls": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.AssessedControlsSelectControlById" + } }, - "value": { - "type": "string" - } - } - }, - "oscalTypes_1_1_3.Protocol": { - "type": "object", - "properties": { - "name": { - "type": "string" + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Link" + } }, - "port-ranges": { + "props": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.PortRange" + "$ref": "#/definitions/relational.Prop" } }, - "title": { + "remarks": { "type": "string" }, - "uuid": { + "reviewedControlsID": { "type": "string" } } }, - "oscalTypes_1_1_3.ProvidedControlImplementation": { + "relational.ControlStatementImplementation": { "type": "object", "properties": { "description": { + "description": "required", + "type": "string" + }, + "id": { + "type": "string" + }, + "implementedRequirementControlImplementationId": { "type": "string" }, "links": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" + "$ref": "#/definitions/relational.Link" } }, "props": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" + "$ref": "#/definitions/relational.Prop" } }, "remarks": { @@ -22265,125 +31848,140 @@ "responsible-roles": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleRole" + "$ref": "#/definitions/relational.ResponsibleRole" } }, - "uuid": { + "statement-id": { + "description": "required", "type": "string" } } }, - "oscalTypes_1_1_3.ReferencedControlObjectives": { + "relational.DataFlow": { "type": "object", "properties": { "description": { "type": "string" }, - "exclude-objectives": { + "diagrams": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.SelectObjectiveById" + "$ref": "#/definitions/relational.Diagram" } }, - "include-all": { - "$ref": "#/definitions/oscalTypes_1_1_3.IncludeAll" - }, - "include-objectives": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.SelectObjectiveById" - } + "id": { + "type": "string" }, "links": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" + "$ref": "#/definitions/relational.Link" } }, "props": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" + "$ref": "#/definitions/relational.Prop" } }, "remarks": { "type": "string" - } - } - }, - "oscalTypes_1_1_3.RelatedFinding": { - "type": "object", - "properties": { - "finding-uuid": { + }, + "systemCharacteristicsId": { "type": "string" } } }, - "oscalTypes_1_1_3.RelatedObservation": { + "relational.DefinedComponent": { "type": "object", "properties": { - "observation-uuid": { + "componentDefinition": { + "$ref": "#/definitions/relational.ComponentDefinition" + }, + "componentDefinitionID": { + "type": "string" + }, + "control-implementations": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.ControlImplementationSet" + } + }, + "description": { + "description": "required", + "type": "string" + }, + "id": { "type": "string" - } - } - }, - "oscalTypes_1_1_3.RelatedTask": { - "type": "object", - "properties": { - "identified-subject": { - "$ref": "#/definitions/oscalTypes_1_1_3.IdentifiedSubject" }, "links": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" + "$ref": "#/definitions/relational.Link" } }, "props": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" + "$ref": "#/definitions/relational.Prop" } }, - "remarks": { - "type": "string" - }, - "responsible-parties": { + "protocols": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleParty" + "$ref": "#/definitions/relational.Protocol" } }, - "subjects": { + "purpose": { + "type": "string" + }, + "remarks": { + "type": "string" + }, + "responsible-roles": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentSubject" + "$ref": "#/definitions/relational.ResponsibleRole" } }, - "task-uuid": { + "title": { + "description": "required", + "type": "string" + }, + "type": { + "description": "required", "type": "string" } } }, - "oscalTypes_1_1_3.RelevantEvidence": { + "relational.Diagram": { "type": "object", "properties": { + "caption": { + "type": "string" + }, "description": { "type": "string" }, - "href": { + "id": { "type": "string" }, "links": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" + "$ref": "#/definitions/relational.Link" } }, + "parentID": { + "type": "string" + }, + "parentType": { + "type": "string" + }, "props": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" + "$ref": "#/definitions/relational.Prop" } }, "remarks": { @@ -22391,1208 +31989,1389 @@ } } }, - "oscalTypes_1_1_3.Removal": { + "relational.DocumentID": { "type": "object", "properties": { - "by-class": { - "type": "string" - }, - "by-id": { - "type": "string" - }, - "by-item-name": { - "type": "string" - }, - "by-name": { + "identifier": { "type": "string" }, - "by-ns": { - "type": "string" + "scheme": { + "$ref": "#/definitions/relational.DocumentIDScheme" } } }, - "oscalTypes_1_1_3.RequiredAsset": { + "relational.DocumentIDScheme": { + "type": "string", + "enum": [ + "http://www.doi.org/" + ], + "x-enum-varnames": [ + "DocumentIDSchemeDoi" + ] + }, + "relational.Evidence": { "type": "object", "properties": { + "activities": { + "description": "What steps did we take to create this evidence", + "type": "array", + "items": { + "$ref": "#/definitions/relational.Activity" + } + }, + "back-matter": { + "$ref": "#/definitions/relational.BackMatter" + }, + "components": { + "description": "Which components of the subject are being observed. A tool, user, policy etc.", + "type": "array", + "items": { + "$ref": "#/definitions/relational.SystemComponent" + } + }, "description": { "type": "string" }, + "end": { + "type": "string" + }, + "expires": { + "type": "string" + }, + "id": { + "type": "string" + }, + "inventory-items": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.InventoryItem" + } + }, + "labels": { + "description": "Assigning labels to Evidence makes it searchable and easily usable in the UI", + "type": "array", + "items": { + "$ref": "#/definitions/relational.Labels" + } + }, "links": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" + "$ref": "#/definitions/relational.Link" + } + }, + "origins": { + "description": "Who or What is generating this evidence", + "type": "array", + "items": { + "$ref": "#/definitions/relational.Origin" } }, "props": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" + "$ref": "#/definitions/relational.Prop" } }, "remarks": { "type": "string" }, + "start": { + "description": "When did we start collecting the evidence, and when did the process end, and how long is it valid for ?", + "type": "string" + }, + "status": { + "description": "Did we satisfy what was being tested for, or did we fail ?", + "allOf": [ + { + "$ref": "#/definitions/datatypes.JSONType-oscalTypes_1_1_3_ObjectiveStatus" + } + ] + }, "subjects": { + "description": "Who or What are we providing evidence for. What's under test.", "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.SubjectReference" + "$ref": "#/definitions/relational.AssessmentSubject" } }, "title": { "type": "string" }, "uuid": { + "description": "UUID needs to remain consistent when automation runs again, but unique for each subject.\nIt represents the \"stream\" of the same observation being made over time.", "type": "string" } } }, - "oscalTypes_1_1_3.Resource": { + "relational.Export": { "type": "object", "properties": { - "base64": { - "$ref": "#/definitions/oscalTypes_1_1_3.Base64" - }, - "citation": { - "$ref": "#/definitions/oscalTypes_1_1_3.Citation" + "byComponentId": { + "type": "string" }, "description": { "type": "string" }, - "document-ids": { + "id": { + "type": "string" + }, + "links": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.DocumentId" + "$ref": "#/definitions/relational.Link" } }, "props": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" + "$ref": "#/definitions/relational.Prop" } }, - "remarks": { - "type": "string" - }, - "rlinks": { + "provided": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ResourceLink" + "$ref": "#/definitions/relational.ProvidedControlImplementation" } }, - "title": { + "remarks": { "type": "string" }, - "uuid": { - "type": "string" + "responsibilities": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.ControlImplementationResponsibility" + } } } }, - "oscalTypes_1_1_3.ResourceLink": { + "relational.Filter": { "type": "object", "properties": { - "hashes": { + "components": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Hash" + "$ref": "#/definitions/relational.SystemComponent" } }, - "href": { + "controls": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Control" + } + }, + "filter": { + "$ref": "#/definitions/datatypes.JSONType-labelfilter_Filter" + }, + "id": { "type": "string" }, - "media-type": { + "name": { "type": "string" } } }, - "oscalTypes_1_1_3.Response": { + "relational.Hash": { "type": "object", "properties": { - "description": { + "algorithm": { + "description": "required", + "allOf": [ + { + "$ref": "#/definitions/relational.HashAlgorithm" + } + ] + }, + "value": { + "description": "required", + "type": "string" + } + } + }, + "relational.HashAlgorithm": { + "type": "string", + "enum": [ + "SHA-224", + "SHA-256", + "SHA-384", + "SHA-512", + "SHA3-224", + "SHA3-256", + "SHA3-384", + "SHA3-512" + ], + "x-enum-varnames": [ + "HashAlgorithmSHA_224", + "HashAlgorithmSHA_256", + "HashAlgorithmSHA_384", + "HashAlgorithmSHA_512", + "HashAlgorithmSHA3_224", + "HashAlgorithmSHA3_256", + "HashAlgorithmSHA3_384", + "HashAlgorithmSHA3_512" + ] + }, + "relational.ImplementedComponent": { + "type": "object", + "properties": { + "component": { + "$ref": "#/definitions/relational.DefinedComponent" + }, + "component-uuid": { "type": "string" }, - "lifecycle": { + "id": { "type": "string" }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" - } + "inventoryItemId": { + "type": "string" }, - "origins": { + "links": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Origin" + "$ref": "#/definitions/relational.Link" } }, "props": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" + "$ref": "#/definitions/relational.Prop" } }, "remarks": { "type": "string" }, - "required-assets": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.RequiredAsset" - } - }, - "tasks": { + "responsible-parties": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Task" + "$ref": "#/definitions/relational.ResponsibleParty" } - }, - "title": { - "type": "string" - }, - "uuid": { - "type": "string" } } }, - "oscalTypes_1_1_3.ResponsibleParty": { + "relational.ImplementedRequirement": { "type": "object", "properties": { - "links": { + "by-components": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" + "$ref": "#/definitions/relational.ByComponent" } }, - "party-uuids": { + "control-id": { + "type": "string" + }, + "controlImplementationId": { + "type": "string" + }, + "id": { + "type": "string" + }, + "links": { "type": "array", "items": { - "type": "string" + "$ref": "#/definitions/relational.Link" } }, "props": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" + "$ref": "#/definitions/relational.Prop" } }, "remarks": { "type": "string" }, - "role-id": { - "type": "string" - } - } - }, - "oscalTypes_1_1_3.ResponsibleRole": { - "type": "object", - "properties": { - "links": { + "responsible-roles": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" + "$ref": "#/definitions/relational.ResponsibleRole" } }, - "party-uuids": { + "set-parameters": { "type": "array", "items": { - "type": "string" + "$ref": "#/definitions/relational.SetParameter" } }, - "props": { + "statements": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" + "$ref": "#/definitions/relational.Statement" } - }, - "remarks": { - "type": "string" - }, - "role-id": { - "type": "string" } } }, - "oscalTypes_1_1_3.Result": { + "relational.ImplementedRequirementControlImplementation": { "type": "object", "properties": { - "assessment-log": { - "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentLog" + "control-id": { + "description": "required", + "type": "string" }, - "attestations": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.AttestationStatements" - } + "controlImplementationSetID": { + "type": "string" }, "description": { + "description": "required", "type": "string" }, - "end": { + "id": { "type": "string" }, - "findings": { + "links": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Finding" + "$ref": "#/definitions/relational.Link" } }, - "links": { + "props": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" + "$ref": "#/definitions/relational.Prop" } }, - "local-definitions": { - "$ref": "#/definitions/oscalTypes_1_1_3.LocalDefinitions" + "remarks": { + "type": "string" }, - "observations": { + "responsible-roles": { + "description": "required", "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Observation" + "$ref": "#/definitions/relational.ResponsibleRole" } }, - "props": { + "set-parameters": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" + "$ref": "#/definitions/relational.SetParameter" } }, - "remarks": { - "type": "string" - }, - "reviewed-controls": { - "$ref": "#/definitions/oscalTypes_1_1_3.ReviewedControls" - }, - "risks": { + "statements": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Risk" + "$ref": "#/definitions/relational.ControlStatementImplementation" } - }, - "start": { - "type": "string" - }, - "title": { - "type": "string" - }, - "uuid": { - "type": "string" } } }, - "oscalTypes_1_1_3.ReviewedControls": { + "relational.Import": { "type": "object", "properties": { - "control-objective-selections": { + "exclude-controls": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ReferencedControlObjectives" + "$ref": "#/definitions/relational.SelectControlById" } }, - "control-selections": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.AssessedControls" - } + "href": { + "description": "Href as per the OSCAL docs can be an absolute network path (potentially remote), relative or a URI fragment\nfor the moment to make the system's life easier, it should be a URI fragment to back-matter and try and resolve\nback to an ingested catalog.", + "type": "string" }, - "description": { + "id": { "type": "string" }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" - } + "include-all": { + "$ref": "#/definitions/datatypes.JSONType-relational_IncludeAll" }, - "props": { + "include-controls": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" + "$ref": "#/definitions/relational.SelectControlById" } }, - "remarks": { + "profileID": { "type": "string" } } }, - "oscalTypes_1_1_3.RevisionHistoryEntry": { + "relational.ImportComponentDefinition": { "type": "object", "properties": { - "last-modified": { - "type": "string" - }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" - } - }, - "oscal-version": { - "type": "string" - }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" - } - }, - "published": { - "type": "string" - }, - "remarks": { + "href": { "type": "string" - }, - "title": { + } + } + }, + "relational.IncorporatesComponents": { + "type": "object", + "properties": { + "component-uuid": { "type": "string" }, - "version": { + "description": { "type": "string" } } }, - "oscalTypes_1_1_3.Risk": { + "relational.InheritedControlImplementation": { "type": "object", "properties": { - "characterizations": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Characterization" - } - }, - "deadline": { + "byComponentId": { "type": "string" }, "description": { + "description": "required", "type": "string" }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" - } - }, - "mitigating-factors": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.MitigatingFactor" - } + "id": { + "type": "string" }, - "origins": { + "links": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Origin" + "$ref": "#/definitions/relational.Link" } }, "props": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" - } - }, - "related-observations": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.RelatedObservation" - } - }, - "remediations": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Response" - } - }, - "risk-log": { - "$ref": "#/definitions/oscalTypes_1_1_3.RiskLog" - }, - "statement": { - "type": "string" - }, - "status": { - "type": "string" - }, - "threat-ids": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ThreatId" + "$ref": "#/definitions/relational.Prop" } }, - "title": { - "type": "string" - }, - "uuid": { - "type": "string" - } - } - }, - "oscalTypes_1_1_3.RiskLog": { - "type": "object", - "properties": { - "entries": { + "provided-uuid": { + "type": "string" + }, + "responsible-roles": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.RiskLogEntry" + "$ref": "#/definitions/relational.ResponsibleRole" } } } }, - "oscalTypes_1_1_3.RiskLogEntry": { + "relational.InventoryItem": { "type": "object", "properties": { "description": { "type": "string" }, - "end": { - "type": "string" - }, - "links": { + "evidence": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" + "$ref": "#/definitions/relational.Evidence" } }, - "logged-by": { + "id": { + "type": "string" + }, + "implemented-components": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.LoggedBy" + "$ref": "#/definitions/relational.ImplementedComponent" } }, - "props": { + "links": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" + "$ref": "#/definitions/relational.Link" } }, - "related-responses": { + "props": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.RiskResponseReference" + "$ref": "#/definitions/relational.Prop" } }, "remarks": { "type": "string" }, - "start": { - "type": "string" + "responsible-parties": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.ResponsibleParty" + } }, - "status-change": { + "systemImplementationId": { "type": "string" - }, - "title": { + } + } + }, + "relational.Labels": { + "type": "object", + "properties": { + "name": { "type": "string" }, - "uuid": { + "value": { "type": "string" } } }, - "oscalTypes_1_1_3.RiskResponseReference": { + "relational.LeveragedAuthorization": { "type": "object", "properties": { + "date-authorized": { + "type": "string" + }, + "id": { + "type": "string" + }, "links": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" + "$ref": "#/definitions/relational.Link" } }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" - } + "party-uuid": { + "type": "string" }, - "related-tasks": { + "props": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.RelatedTask" + "$ref": "#/definitions/relational.Prop" } }, "remarks": { "type": "string" }, - "response-uuid": { + "systemImplementationId": { + "type": "string" + }, + "title": { "type": "string" } } }, - "oscalTypes_1_1_3.Role": { + "relational.Link": { "type": "object", "properties": { - "description": { + "href": { "type": "string" }, - "id": { + "media-type": { "type": "string" }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" - } - }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" - } - }, - "remarks": { + "rel": { "type": "string" }, - "short-name": { + "resource-fragment": { "type": "string" }, - "title": { + "text": { "type": "string" } } }, - "oscalTypes_1_1_3.SatisfiedControlImplementationResponsibility": { + "relational.Location": { "type": "object", "properties": { - "description": { + "address": { + "$ref": "#/definitions/datatypes.JSONType-relational_Address" + }, + "email-addresses": { + "type": "array", + "items": { + "type": "string" + } + }, + "id": { "type": "string" }, "links": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" + "$ref": "#/definitions/relational.Link" } }, "props": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" + "$ref": "#/definitions/relational.Prop" } }, "remarks": { "type": "string" }, - "responsibility-uuid": { - "type": "string" - }, - "responsible-roles": { + "telephone-numbers": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleRole" + "$ref": "#/definitions/relational.TelephoneNumber" } }, - "uuid": { + "title": { "type": "string" + }, + "urls": { + "type": "array", + "items": { + "type": "string" + } } } }, - "oscalTypes_1_1_3.SecurityImpactLevel": { + "relational.Matching": { "type": "object", "properties": { - "security-objective-availability": { + "pattern": { "type": "string" + } + } + }, + "relational.Merge": { + "type": "object", + "properties": { + "as-is": { + "type": "boolean" }, - "security-objective-confidentiality": { + "combine": { + "$ref": "#/definitions/datatypes.JSONType-relational_CombinationRule" + }, + "flat": { + "$ref": "#/definitions/datatypes.JSONType-relational_FlatWithoutGrouping" + }, + "id": { "type": "string" }, - "security-objective-integrity": { + "profileID": { "type": "string" } } }, - "oscalTypes_1_1_3.SelectControlById": { + "relational.Metadata": { "type": "object", "properties": { - "matching": { + "actions": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Matching" + "$ref": "#/definitions/relational.Action" } }, - "with-child-controls": { - "type": "string" - }, - "with-ids": { + "document-ids": { + "description": "-\u003e DocumentID", "type": "array", "items": { - "type": "string" + "$ref": "#/definitions/relational.DocumentID" } - } - } - }, - "oscalTypes_1_1_3.SelectObjectiveById": { - "type": "object", - "properties": { - "objective-id": { + }, + "id": { "type": "string" - } - } - }, - "oscalTypes_1_1_3.SelectSubjectById": { - "type": "object", - "properties": { + }, + "last-modified": { + "type": "string" + }, "links": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" + "$ref": "#/definitions/relational.Link" } }, - "props": { + "locations": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" + "$ref": "#/definitions/relational.Location" } }, - "remarks": { - "type": "string" - }, - "subject-uuid": { + "oscal-version": { "type": "string" }, - "type": { - "type": "string" - } - } - }, - "oscalTypes_1_1_3.SetParameter": { - "type": "object", - "properties": { - "param-id": { + "parentID": { + "description": "Metadata is shared across many resources, and so it mapped using a polymorphic relationship", "type": "string" }, - "remarks": { + "parentType": { "type": "string" }, - "values": { + "parties": { "type": "array", "items": { - "type": "string" + "$ref": "#/definitions/relational.Party" } - } - } - }, - "oscalTypes_1_1_3.Statement": { - "type": "object", - "properties": { - "by-components": { + }, + "props": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ByComponent" + "$ref": "#/definitions/relational.Prop" } }, - "links": { + "published": { + "type": "string" + }, + "remarks": { + "type": "string" + }, + "responsibleParties": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" + "$ref": "#/definitions/relational.ResponsibleParty" } }, - "props": { + "revisions": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" + "$ref": "#/definitions/relational.Revision" } }, - "remarks": { - "type": "string" - }, - "responsible-roles": { + "roles": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleRole" + "$ref": "#/definitions/relational.Role" } }, - "statement-id": { + "title": { "type": "string" }, - "uuid": { + "version": { "type": "string" } } }, - "oscalTypes_1_1_3.Status": { + "relational.Modify": { "type": "object", "properties": { - "remarks": { + "alters": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Alteration" + } + }, + "id": { "type": "string" }, - "state": { + "profileID": { "type": "string" + }, + "set-parameters": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.ParameterSetting" + } } } }, - "oscalTypes_1_1_3.Step": { + "relational.NetworkArchitecture": { "type": "object", "properties": { "description": { "type": "string" }, - "links": { + "diagrams": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" + "$ref": "#/definitions/relational.Diagram" } }, - "props": { + "id": { + "type": "string" + }, + "links": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" + "$ref": "#/definitions/relational.Link" } }, - "remarks": { - "type": "string" - }, - "responsible-roles": { + "props": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleRole" + "$ref": "#/definitions/relational.Prop" } }, - "reviewed-controls": { - "$ref": "#/definitions/oscalTypes_1_1_3.ReviewedControls" - }, - "title": { + "remarks": { "type": "string" }, - "uuid": { + "systemCharacteristicsId": { "type": "string" } } }, - "oscalTypes_1_1_3.SubjectReference": { + "relational.Origin": { "type": "object", "properties": { - "links": { + "actors": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" + "$ref": "#/definitions/oscalTypes_1_1_3.OriginActor" } }, - "props": { + "related-tasks": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" + "$ref": "#/definitions/oscalTypes_1_1_3.RelatedTask" } - }, - "remarks": { - "type": "string" - }, - "subject-uuid": { - "type": "string" - }, - "title": { - "type": "string" - }, - "type": { - "type": "string" } } }, - "oscalTypes_1_1_3.SystemCharacteristics": { + "relational.Parameter": { "type": "object", "properties": { - "authorization-boundary": { - "$ref": "#/definitions/oscalTypes_1_1_3.AuthorizationBoundary" + "class": { + "type": "string" }, - "data-flow": { - "$ref": "#/definitions/oscalTypes_1_1_3.DataFlow" + "constraints": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.ParameterConstraint" + } }, - "date-authorized": { + "guidelines": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.ParameterGuideline" + } + }, + "id": { "type": "string" }, - "description": { + "label": { "type": "string" }, "links": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" + "$ref": "#/definitions/relational.Link" } }, - "network-architecture": { - "$ref": "#/definitions/oscalTypes_1_1_3.NetworkArchitecture" - }, "props": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" + "$ref": "#/definitions/relational.Prop" } }, "remarks": { "type": "string" }, - "responsible-parties": { + "select": { + "$ref": "#/definitions/datatypes.JSONType-relational_ParameterSelection" + }, + "usage": { + "type": "string" + }, + "values": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleParty" + "type": "string" } - }, - "security-impact-level": { - "$ref": "#/definitions/oscalTypes_1_1_3.SecurityImpactLevel" - }, - "security-sensitivity-level": { + } + } + }, + "relational.ParameterConstraint": { + "type": "object", + "properties": { + "description": { "type": "string" }, - "status": { - "$ref": "#/definitions/oscalTypes_1_1_3.Status" - }, - "system-ids": { + "tests": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.SystemId" + "$ref": "#/definitions/relational.ParameterConstraintTest" } - }, - "system-information": { - "$ref": "#/definitions/oscalTypes_1_1_3.SystemInformation" - }, - "system-name": { + } + } + }, + "relational.ParameterConstraintTest": { + "type": "object", + "properties": { + "expression": { "type": "string" }, - "system-name-short": { + "remarks": { "type": "string" } } }, - "oscalTypes_1_1_3.SystemComponent": { + "relational.ParameterGuideline": { "type": "object", "properties": { - "description": { + "prose": { + "type": "string" + } + } + }, + "relational.ParameterSetting": { + "type": "object", + "properties": { + "class": { "type": "string" }, - "links": { + "constraints": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" + "$ref": "#/definitions/relational.ParameterConstraint" } }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" - } + "depends-on": { + "type": "string" }, - "protocols": { + "guidelines": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Protocol" + "$ref": "#/definitions/relational.ParameterGuideline" } }, - "purpose": { + "id": { "type": "string" }, - "remarks": { + "label": { "type": "string" }, - "responsible-roles": { + "links": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleRole" + "$ref": "#/definitions/relational.Link" } }, - "status": { - "$ref": "#/definitions/oscalTypes_1_1_3.SystemComponentStatus" - }, - "title": { + "modifyID": { "type": "string" }, - "type": { + "param-id": { + "description": "required", "type": "string" }, - "uuid": { - "type": "string" + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Prop" + } + }, + "select": { + "$ref": "#/definitions/datatypes.JSONType-relational_ParameterSelection" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } } } }, - "oscalTypes_1_1_3.SystemComponentStatus": { + "relational.Part": { "type": "object", "properties": { - "remarks": { + "class": { "type": "string" }, - "state": { - "type": "string" - } - } - }, - "oscalTypes_1_1_3.SystemId": { - "type": "object", - "properties": { "id": { "type": "string" }, - "identifier-type": { + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Link" + } + }, + "name": { + "type": "string" + }, + "ns": { + "type": "string" + }, + "part_id": { + "type": "string" + }, + "parts": { + "description": "-\u003e Part", + "type": "array", + "items": { + "$ref": "#/definitions/relational.Part" + } + }, + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Prop" + } + }, + "prose": { + "type": "string" + }, + "title": { "type": "string" } } }, - "oscalTypes_1_1_3.SystemImplementation": { + "relational.Party": { "type": "object", "properties": { - "components": { + "addresses": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.SystemComponent" + "$ref": "#/definitions/relational.Address" } }, - "inventory-items": { + "email-addresses": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.InventoryItem" + "type": "string" } }, - "leveraged-authorizations": { + "external-ids": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.LeveragedAuthorization" + "$ref": "#/definitions/relational.PartyExternalID" } }, + "id": { + "type": "string" + }, "links": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" + "$ref": "#/definitions/relational.Link" + } + }, + "locations": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Location" } }, + "member-of-organizations": { + "description": "-\u003e Party", + "type": "array", + "items": { + "$ref": "#/definitions/relational.Party" + } + }, + "name": { + "type": "string" + }, "props": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" + "$ref": "#/definitions/relational.Prop" } }, "remarks": { "type": "string" }, - "users": { + "short-name": { + "type": "string" + }, + "telephone-numbers": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.SystemUser" + "$ref": "#/definitions/relational.TelephoneNumber" } + }, + "type": { + "$ref": "#/definitions/relational.PartyType" } } }, - "oscalTypes_1_1_3.SystemInformation": { + "relational.PartyExternalID": { "type": "object", "properties": { - "information-types": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.InformationType" - } + "id": { + "type": "string" }, - "links": { + "scheme": { + "$ref": "#/definitions/relational.PartyExternalIDScheme" + } + } + }, + "relational.PartyExternalIDScheme": { + "type": "string", + "enum": [ + "http://orcid.org/" + ], + "x-enum-varnames": [ + "PartyExternalIDSchemeOrchid" + ] + }, + "relational.PartyType": { + "type": "string", + "enum": [ + "person", + "organization" + ], + "x-enum-varnames": [ + "PartyTypePerson", + "PartyTypeOrganization" + ] + }, + "relational.Profile": { + "type": "object", + "properties": { + "back-matter": { + "$ref": "#/definitions/relational.BackMatter" + }, + "controls": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" + "$ref": "#/definitions/relational.Control" } }, - "props": { + "id": { + "type": "string" + }, + "imports": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" + "$ref": "#/definitions/relational.Import" } + }, + "merge": { + "$ref": "#/definitions/relational.Merge" + }, + "metadata": { + "$ref": "#/definitions/relational.Metadata" + }, + "modify": { + "$ref": "#/definitions/relational.Modify" } } }, - "oscalTypes_1_1_3.SystemSecurityPlan": { + "relational.Prop": { "type": "object", "properties": { - "back-matter": { - "$ref": "#/definitions/oscalTypes_1_1_3.BackMatter" - }, - "control-implementation": { - "$ref": "#/definitions/oscalTypes_1_1_3.ControlImplementation" + "class": { + "type": "string" }, - "import-profile": { - "$ref": "#/definitions/oscalTypes_1_1_3.ImportProfile" + "group": { + "type": "string" }, - "metadata": { - "$ref": "#/definitions/oscalTypes_1_1_3.Metadata" + "name": { + "type": "string" }, - "system-characteristics": { - "$ref": "#/definitions/oscalTypes_1_1_3.SystemCharacteristics" + "ns": { + "type": "string" }, - "system-implementation": { - "$ref": "#/definitions/oscalTypes_1_1_3.SystemImplementation" + "remarks": { + "type": "string" }, "uuid": { "type": "string" + }, + "value": { + "type": "string" } } }, - "oscalTypes_1_1_3.SystemUser": { + "relational.Protocol": { "type": "object", "properties": { - "authorized-privileges": { + "name": { + "type": "string" + }, + "port-ranges": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.AuthorizedPrivilege" + "$ref": "#/definitions/oscalTypes_1_1_3.PortRange" } }, + "title": { + "type": "string" + }, + "uuid": { + "type": "string" + } + } + }, + "relational.ProvidedControlImplementation": { + "type": "object", + "properties": { "description": { "type": "string" }, + "exportId": { + "type": "string" + }, + "id": { + "type": "string" + }, "links": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" + "$ref": "#/definitions/relational.Link" } }, "props": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" + "$ref": "#/definitions/relational.Prop" } }, "remarks": { "type": "string" }, - "role-ids": { + "responsible-roles": { "type": "array", "items": { - "type": "string" + "$ref": "#/definitions/relational.ResponsibleRole" } + } + } + }, + "relational.Removal": { + "type": "object", + "properties": { + "by-class": { + "type": "string" }, - "short-name": { + "by-id": { "type": "string" }, - "title": { + "by-item-name": { "type": "string" }, - "uuid": { + "by-name": { + "type": "string" + }, + "by-ns": { "type": "string" } } }, - "oscalTypes_1_1_3.Task": { + "relational.ResourceLink": { "type": "object", "properties": { - "associated-activities": { + "hashes": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.AssociatedActivity" + "$ref": "#/definitions/relational.Hash" } }, - "dependencies": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.TaskDependency" - } + "href": { + "description": "required", + "type": "string" }, - "description": { + "media-type": { + "type": "string" + } + } + }, + "relational.ResponsibleParty": { + "type": "object", + "properties": { + "id": { "type": "string" }, "links": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" - } - }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" + "$ref": "#/definitions/relational.Link" } }, - "remarks": { + "parentID": { + "description": "Polymorphic relationship - allows ResponsibleParty to belong to different parent types", "type": "string" }, - "responsible-roles": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleRole" - } + "parentType": { + "type": "string" }, - "subjects": { + "parties": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.AssessmentSubject" + "$ref": "#/definitions/relational.ResponsiblePartyParties" } }, - "tasks": { + "props": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Task" + "$ref": "#/definitions/relational.Prop" } }, - "timing": { - "$ref": "#/definitions/oscalTypes_1_1_3.EventTiming" - }, - "title": { + "remarks": { "type": "string" }, - "type": { - "type": "string" + "role": { + "$ref": "#/definitions/relational.Role" }, - "uuid": { + "role-id": { + "description": "required", "type": "string" } } }, - "oscalTypes_1_1_3.TaskDependency": { + "relational.ResponsiblePartyParties": { "type": "object", "properties": { - "remarks": { + "partyID": { "type": "string" }, - "task-uuid": { + "responsiblePartyID": { "type": "string" } } }, - "oscalTypes_1_1_3.TelephoneNumber": { + "relational.ResponsibleRole": { "type": "object", "properties": { - "number": { + "id": { "type": "string" }, - "type": { + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Link" + } + }, + "parentID": { "type": "string" - } - } - }, - "oscalTypes_1_1_3.ThreatId": { - "type": "object", - "properties": { - "href": { + }, + "parentType": { "type": "string" }, - "id": { + "parties": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Party" + } + }, + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Prop" + } + }, + "remarks": { "type": "string" }, - "system": { + "role": { + "$ref": "#/definitions/relational.Role" + }, + "role-id": { + "description": "required", "type": "string" } } }, - "oscalTypes_1_1_3.UsesComponent": { + "relational.ReviewedControls": { "type": "object", "properties": { - "component-uuid": { + "controlObjectiveSelections": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.ControlObjectiveSelection" + } + }, + "controlSelections": { + "description": "required", + "type": "array", + "items": { + "$ref": "#/definitions/relational.ControlSelection" + } + }, + "description": { + "type": "string" + }, + "id": { "type": "string" }, "links": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Link" + "$ref": "#/definitions/relational.Link" } }, "props": { "type": "array", "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.Property" + "$ref": "#/definitions/relational.Prop" } }, "remarks": { "type": "string" - }, - "responsible-parties": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.ResponsibleParty" - } } } }, - "relational.Action": { + "relational.Revision": { "type": "object", "properties": { - "date": { + "id": { "type": "string" }, - "id": { + "last-modified": { "type": "string" }, "links": { @@ -23602,7 +33381,10 @@ } }, "metadata-id": { - "description": "Actions only exist on a metadata object. We'll link them straight there with a BelongsTo relationship", + "description": "Revision only exist on a metadata object. We'll link them straight there with a BelongsTo relationship", + "type": "string" + }, + "oscal-version": { "type": "string" }, "props": { @@ -23611,30 +33393,25 @@ "$ref": "#/definitions/relational.Prop" } }, - "remarks": { + "published": { "type": "string" }, - "responsibleParties": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.ResponsibleParty" - } + "remarks": { + "type": "string" }, - "system": { - "description": "required", + "title": { "type": "string" }, - "type": { + "version": { "description": "required", "type": "string" } } }, - "relational.Activity": { + "relational.Role": { "type": "object", "properties": { "description": { - "description": "required", "type": "string" }, "id": { @@ -23652,120 +33429,29 @@ "$ref": "#/definitions/relational.Prop" } }, - "related-controls": { - "$ref": "#/definitions/relational.ReviewedControls" - }, - "relatedControlsID": { - "type": "string" - }, "remarks": { - "description": "required", - "type": "string" - }, - "responsible-roles": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.ResponsibleRole" - } - }, - "steps": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.Step" - } - }, - "title": { "type": "string" - } - } - }, - "relational.Address": { - "type": "object", - "properties": { - "city": { - "type": "string" - }, - "country": { - "type": "string" - }, - "lines": { - "type": "array", - "items": { - "type": "string" - } }, - "postal-code": { + "short-name": { "type": "string" }, - "state": { + "title": { "type": "string" - }, - "type": { - "$ref": "#/definitions/relational.AddressType" } } }, - "relational.AddressType": { - "type": "string", - "enum": [ - "work", - "home" - ], - "x-enum-varnames": [ - "AddressTypeWork", - "AddressTypeHome" - ] - }, - "relational.AssessedControlsSelectControlById": { + "relational.SatisfiedControlImplementationResponsibility": { "type": "object", "properties": { - "control": { - "$ref": "#/definitions/relational.Control" - }, - "controlID": { - "type": "string" - }, - "id": { + "by-component-id": { "type": "string" }, - "statements": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.Statement" - } - } - } - }, - "relational.AssessmentSubject": { - "type": "object", - "properties": { "description": { "type": "string" }, - "evidence": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.Evidence" - } - }, - "excludeSubjects": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.SelectSubjectById" - } - }, "id": { "type": "string" }, - "includeAll": { - "$ref": "#/definitions/datatypes.JSONType-relational_IncludeAll" - }, - "includeSubjects": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.SelectSubjectById" - } - }, "links": { "type": "array", "items": { @@ -23781,114 +33467,79 @@ "remarks": { "type": "string" }, - "type": { - "description": "Type represents a component, party, location, user, or inventory item.\nIt will likely be updated once we can map it correctly", + "responsibility-uuid": { "type": "string" + }, + "responsible-roles": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.ResponsibleRole" + } } } }, - "relational.BackMatter": { + "relational.SelectControlById": { "type": "object", "properties": { "id": { "type": "string" }, + "matching": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Matching" + } + }, "parentID": { "type": "string" }, "parentType": { "type": "string" }, - "resources": { + "with-child-controls": { + "type": "string" + }, + "with-ids": { "type": "array", "items": { - "$ref": "#/definitions/relational.BackMatterResource" + "type": "string" } } } }, - "relational.BackMatterResource": { + "relational.SelectObjectiveById": { "type": "object", "properties": { - "backMatterID": { - "type": "string" - }, - "base64": { - "$ref": "#/definitions/datatypes.JSONType-relational_Base64" - }, - "citation": { - "$ref": "#/definitions/datatypes.JSONType-relational_Citation" - }, - "description": { + "id": { "type": "string" }, - "document-ids": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.DocumentID" - } - }, - "id": { + "objective": { "description": "required", "type": "string" }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.Prop" - } - }, - "remarks": { + "parentID": { "type": "string" }, - "rlinks": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.ResourceLink" - } - }, - "title": { + "parentType": { "type": "string" } } }, - "relational.ByComponent": { + "relational.SelectSubjectById": { "type": "object", "properties": { - "component-uuid": { - "type": "string" - }, - "description": { + "assessmentSubjectID": { "type": "string" }, - "export": { - "$ref": "#/definitions/relational.Export" - }, "id": { "type": "string" }, - "implementation-status": { - "$ref": "#/definitions/datatypes.JSONType-relational_ImplementationStatus" - }, - "inherited-control-implementations": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.InheritedControlImplementation" - } - }, "links": { "type": "array", "items": { "$ref": "#/definitions/relational.Link" } }, - "parentID": { - "description": "As ByComponent can be found in Implemented Requirements \u0026 Statements, using GORM polymorphism to tell us where to attach", - "type": "string" - }, - "parentType": { - "type": "string" - }, "props": { "type": "array", "items": { @@ -23898,218 +33549,199 @@ "remarks": { "type": "string" }, - "responsible-parties": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.ResponsibleRole" - } + "subjectUUID": { + "description": "SubjectUUID technically represents a UUID of a component, party, location, user, or inventory item.\nIt will likely be updated once we can map it correctly", + "type": "string" + } + } + }, + "relational.SetParameter": { + "type": "object", + "properties": { + "param-id": { + "type": "string" }, - "satisfied": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.SatisfiedControlImplementationResponsibility" - } + "remarks": { + "type": "string" }, - "set-parameters": { + "values": { "type": "array", "items": { - "$ref": "#/definitions/relational.SetParameter" + "type": "string" } } } }, - "relational.Capability": { + "relational.Statement": { "type": "object", "properties": { - "componentDefinition": { - "$ref": "#/definitions/relational.ComponentDefinition" - }, - "componentDefinitionId": { - "type": "string" - }, - "control-implementations": { + "by-components": { "type": "array", "items": { - "$ref": "#/definitions/relational.ControlImplementationSet" + "$ref": "#/definitions/relational.ByComponent" } }, - "description": { - "description": "required", + "id": { "type": "string" }, - "id": { + "implementedRequirementId": { "type": "string" }, - "incorporates-components": { + "links": { "type": "array", "items": { - "$ref": "#/definitions/relational.IncorporatesComponents" + "$ref": "#/definitions/relational.Link" } }, - "links": { + "props": { "type": "array", "items": { - "$ref": "#/definitions/relational.Link" + "$ref": "#/definitions/relational.Prop" } }, - "name": { - "description": "required", + "remarks": { "type": "string" }, - "props": { + "responsible-roles": { "type": "array", "items": { - "$ref": "#/definitions/relational.Prop" + "$ref": "#/definitions/relational.ResponsibleRole" } }, - "remarks": { + "statement-id": { "type": "string" } } }, - "relational.CcfPoamItem": { + "relational.Step": { "type": "object", "properties": { - "createdAt": { - "type": "string" - }, - "deadline": { + "activityID": { "type": "string" }, "description": { + "description": "required", "type": "string" }, "id": { "type": "string" }, - "milestones": { + "links": { "type": "array", "items": { - "$ref": "#/definitions/relational.CcfPoamItemMilestone" + "$ref": "#/definitions/relational.Link" } }, - "pocEmail": { - "type": "string" - }, - "pocName": { - "type": "string" - }, - "pocPhone": { - "type": "string" + "props": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Prop" + } }, "remarks": { "type": "string" }, - "resourceRequired": { - "type": "string" + "responsible-roles": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.ResponsibleRole" + } }, - "sspID": { - "type": "string" + "reviewed-controls": { + "$ref": "#/definitions/relational.ReviewedControls" }, - "status": { + "reviewedControlsID": { "type": "string" }, "title": { "type": "string" - }, - "updatedAt": { - "type": "string" } } }, - "relational.CcfPoamItemMilestone": { + "relational.SystemCharacteristics": { "type": "object", "properties": { - "completedAt": { - "type": "string" + "authorization-boundary": { + "$ref": "#/definitions/relational.AuthorizationBoundary" }, - "createdAt": { - "type": "string" + "dataFlow": { + "$ref": "#/definitions/relational.DataFlow" }, - "description": { + "date-authorized": { "type": "string" }, - "dueDate": { + "description": { "type": "string" }, "id": { "type": "string" }, - "poamItemID": { - "type": "string" - }, - "status": { - "type": "string" - }, - "title": { - "type": "string" - }, - "updatedAt": { - "type": "string" - } - } - }, - "relational.CcfPoamItemRiskLink": { - "type": "object", - "properties": { - "poamItemID": { - "type": "string" + "links": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Link" + } }, - "riskID": { - "type": "string" - } - } - }, - "relational.ComponentDefinition": { - "type": "object", - "properties": { - "back-matter": { - "$ref": "#/definitions/relational.BackMatter" + "networkArchitecture": { + "$ref": "#/definitions/relational.NetworkArchitecture" }, - "capabilities": { + "props": { "type": "array", "items": { - "$ref": "#/definitions/relational.Capability" + "$ref": "#/definitions/relational.Prop" } }, - "components": { + "remarks": { + "type": "string" + }, + "responsible-parties": { "type": "array", "items": { - "$ref": "#/definitions/relational.DefinedComponent" + "$ref": "#/definitions/relational.ResponsibleParty" } }, - "id": { + "security-impact-level": { + "$ref": "#/definitions/datatypes.JSONType-relational_SecurityImpactLevel" + }, + "security-sensitivity-level": { "type": "string" }, - "import-component-definitions": { + "status": { + "$ref": "#/definitions/datatypes.JSONType-relational_Status" + }, + "system-ids": { "type": "array", "items": { - "$ref": "#/definitions/relational.ImportComponentDefinition" + "$ref": "#/definitions/relational.SystemId" } }, - "metadata": { - "description": "required", - "allOf": [ - { - "$ref": "#/definitions/relational.Metadata" - } - ] + "system-information": { + "$ref": "#/definitions/datatypes.JSONType-relational_SystemInformation" + }, + "system-name": { + "type": "string" + }, + "system-name-short": { + "type": "string" + }, + "systemSecurityPlanId": { + "type": "string" } } }, - "relational.Control": { + "relational.SystemComponent": { "type": "object", "properties": { - "catalogID": { + "definedComponentId": { "type": "string" }, - "class": { + "description": { "type": "string" }, - "controls": { + "evidence": { "type": "array", "items": { - "$ref": "#/definitions/relational.Control" + "$ref": "#/definitions/relational.Evidence" } }, "filters": { @@ -24119,7 +33751,6 @@ } }, "id": { - "description": "required", "type": "string" }, "links": { @@ -24128,96 +33759,100 @@ "$ref": "#/definitions/relational.Link" } }, - "params": { + "props": { "type": "array", "items": { - "$ref": "#/definitions/relational.Parameter" + "$ref": "#/definitions/relational.Prop" } }, - "parentID": { + "protocols": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.Protocol" + } + }, + "purpose": { "type": "string" }, - "parentType": { + "remarks": { "type": "string" }, - "parts": { + "responsible-roles": { "type": "array", "items": { - "$ref": "#/definitions/relational.Part" + "$ref": "#/definitions/relational.ResponsibleRole" } }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.Prop" - } + "status": { + "$ref": "#/definitions/datatypes.JSONType-relational_SystemComponentStatus" + }, + "systemImplementationId": { + "type": "string" }, "title": { - "description": "required", + "type": "string" + }, + "type": { "type": "string" } } }, - "relational.ControlImplementationResponsibility": { + "relational.SystemComponentSuggestion": { "type": "object", "properties": { - "description": { - "description": "required", + "componentDefinitionId": { "type": "string" }, - "exportId": { + "definedComponentId": { "type": "string" }, - "id": { + "description": { "type": "string" }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.Link" - } - }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.Prop" - } - }, - "provided-uuid": { + "name": { "type": "string" }, - "remarks": { + "purpose": { "type": "string" }, - "responsible-roles": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.ResponsibleRole" - } + "type": { + "type": "string" } } }, - "relational.ControlImplementationSet": { + "relational.SystemId": { "type": "object", "properties": { - "definedComponent": { - "$ref": "#/definitions/relational.DefinedComponent" - }, - "definedComponentID": { + "id": { "type": "string" }, - "description": { - "description": "required", + "identifier-type": { "type": "string" + } + } + }, + "relational.SystemImplementation": { + "type": "object", + "properties": { + "components": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.SystemComponent" + } }, "id": { "type": "string" }, - "implemented-requirements": { - "description": "required", + "inventory-items": { "type": "array", "items": { - "$ref": "#/definitions/relational.ImplementedRequirementControlImplementation" + "$ref": "#/definitions/relational.InventoryItem" + } + }, + "leveraged-authorizations": { + "type": "array", + "items": { + "$ref": "#/definitions/relational.LeveragedAuthorization" } }, "links": { @@ -24232,42 +33867,67 @@ "$ref": "#/definitions/relational.Prop" } }, - "set-parameters": { + "remarks": { + "type": "string" + }, + "systemSecurityPlanId": { + "type": "string" + }, + "users": { "type": "array", "items": { - "$ref": "#/definitions/relational.SetParameter" + "$ref": "#/definitions/relational.SystemUser" } - }, - "source": { - "description": "required", - "type": "string" } } }, - "relational.ControlObjectiveSelection": { + "relational.SystemSecurityPlan": { "type": "object", "properties": { - "description": { - "type": "string" + "back-matter": { + "$ref": "#/definitions/relational.BackMatter" }, - "excludeObjectives": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.SelectObjectiveById" - } + "control-implementation": { + "$ref": "#/definitions/relational.ControlImplementation" }, "id": { "type": "string" }, - "includeAll": { - "$ref": "#/definitions/datatypes.JSONType-relational_IncludeAll" + "import-profile": { + "$ref": "#/definitions/datatypes.JSONType-relational_ImportProfile" }, - "includeObjectives": { + "metadata": { + "$ref": "#/definitions/relational.Metadata" + }, + "profile": { + "$ref": "#/definitions/relational.Profile" + }, + "profileID": { + "type": "string" + }, + "system-characteristics": { + "$ref": "#/definitions/relational.SystemCharacteristics" + }, + "system-implementation": { + "$ref": "#/definitions/relational.SystemImplementation" + } + } + }, + "relational.SystemUser": { + "type": "object", + "properties": { + "authorized-privileges": { "type": "array", "items": { - "$ref": "#/definitions/relational.SelectObjectiveById" + "$ref": "#/definitions/relational.AuthorizedPrivilege" } }, + "description": { + "type": "string" + }, + "id": { + "type": "string" + }, "links": { "type": "array", "items": { @@ -24283,276 +33943,404 @@ "remarks": { "type": "string" }, - "reviewedControlsID": { + "role-ids": { + "type": "array", + "items": { + "type": "string" + } + }, + "short-name": { + "type": "string" + }, + "systemImplementationId": { + "type": "string" + }, + "title": { "type": "string" } } }, - "relational.ControlSelection": { + "relational.TelephoneNumber": { "type": "object", "properties": { - "description": { + "number": { "type": "string" }, - "excludeControls": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.AssessedControlsSelectControlById" - } + "type": { + "$ref": "#/definitions/relational.TelephoneNumberType" + } + } + }, + "relational.TelephoneNumberType": { + "type": "string", + "enum": [ + "home", + "office", + "mobile" + ], + "x-enum-varnames": [ + "TelephoneNumberTypeHome", + "TelephoneNumberTypeOffice", + "TelephoneNumberTypeMobile" + ] + }, + "relational.User": { + "type": "object", + "properties": { + "authMethod": { + "type": "string" + }, + "createdAt": { + "type": "string" + }, + "deletedAt": { + "description": "Soft delete", + "allOf": [ + { + "$ref": "#/definitions/gorm.DeletedAt" + } + ] + }, + "digestSubscribed": { + "description": "DigestSubscribed indicates if the user wants to receive evidence digest emails", + "type": "boolean" + }, + "email": { + "type": "string" + }, + "failedLogins": { + "type": "integer" + }, + "firstName": { + "type": "string" }, "id": { "type": "string" }, - "includeAll": { - "$ref": "#/definitions/datatypes.JSONType-relational_IncludeAll" + "isActive": { + "type": "boolean" }, - "includeControls": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.AssessedControlsSelectControlById" - } + "isLocked": { + "type": "boolean" }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.Link" - } + "lastLogin": { + "type": "string" }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.Prop" - } + "lastName": { + "type": "string" }, - "remarks": { + "taskAvailableEmailSubscribed": { + "description": "TaskAvailableEmailSubscribed indicates if the user wants an email when tasks become available", + "type": "boolean" + }, + "taskDailyDigestSubscribed": { + "description": "TaskDailyDigestSubscribed indicates if the user wants to receive a daily task digest email", + "type": "boolean" + }, + "updatedAt": { "type": "string" }, - "reviewedControlsID": { + "userAttributes": { "type": "string" } } }, - "relational.ControlStatementImplementation": { + "risks.RiskComponentLink": { "type": "object", "properties": { - "description": { - "description": "required", + "componentId": { "type": "string" }, - "id": { + "createdAt": { "type": "string" }, - "implementedRequirementControlImplementationId": { + "createdById": { "type": "string" }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.Link" - } + "riskId": { + "type": "string" + } + } + }, + "risks.RiskControlLink": { + "type": "object", + "properties": { + "catalogId": { + "type": "string" }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.Prop" - } + "controlId": { + "type": "string" }, - "remarks": { + "createdAt": { "type": "string" }, - "responsible-roles": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.ResponsibleRole" - } + "createdById": { + "type": "string" }, - "statement-id": { - "description": "required", + "riskId": { "type": "string" } } }, - "relational.DefinedComponent": { + "risks.RiskEvidenceLink": { "type": "object", "properties": { - "componentDefinition": { - "$ref": "#/definitions/relational.ComponentDefinition" + "createdAt": { + "type": "string" }, - "componentDefinitionID": { + "createdById": { "type": "string" }, - "control-implementations": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.ControlImplementationSet" - } + "evidenceId": { + "description": "EvidenceID stores the evidence stream UUID (evidences.uuid), not a single evidence row ID.", + "type": "string" }, - "description": { - "description": "required", + "riskId": { + "type": "string" + } + } + }, + "risks.RiskSubjectLink": { + "type": "object", + "properties": { + "createdAt": { "type": "string" }, - "id": { + "createdById": { "type": "string" }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.Link" - } + "riskId": { + "type": "string" }, - "props": { + "subjectId": { + "type": "string" + } + } + }, + "service.ListResponse-handler_riskResponse": { + "type": "object", + "properties": { + "data": { "type": "array", "items": { - "$ref": "#/definitions/relational.Prop" + "$ref": "#/definitions/handler.riskResponse" } }, - "protocols": { + "limit": { + "type": "integer" + }, + "page": { + "type": "integer" + }, + "total": { + "type": "integer" + }, + "totalPages": { + "type": "integer" + } + } + }, + "service.ListResponse-risks_RiskComponentLink": { + "type": "object", + "properties": { + "data": { "type": "array", "items": { - "$ref": "#/definitions/relational.Protocol" + "$ref": "#/definitions/risks.RiskComponentLink" } }, - "purpose": { - "type": "string" + "limit": { + "type": "integer" }, - "remarks": { - "type": "string" + "page": { + "type": "integer" }, - "responsible-roles": { + "total": { + "type": "integer" + }, + "totalPages": { + "type": "integer" + } + } + }, + "service.ListResponse-risks_RiskControlLink": { + "type": "object", + "properties": { + "data": { "type": "array", "items": { - "$ref": "#/definitions/relational.ResponsibleRole" + "$ref": "#/definitions/risks.RiskControlLink" } }, - "title": { - "description": "required", - "type": "string" + "limit": { + "type": "integer" }, - "type": { - "description": "required", - "type": "string" + "page": { + "type": "integer" + }, + "total": { + "type": "integer" + }, + "totalPages": { + "type": "integer" } } }, - "relational.DocumentID": { + "service.ListResponse-risks_RiskSubjectLink": { "type": "object", "properties": { - "identifier": { - "type": "string" + "data": { + "type": "array", + "items": { + "$ref": "#/definitions/risks.RiskSubjectLink" + } }, - "scheme": { - "$ref": "#/definitions/relational.DocumentIDScheme" + "limit": { + "type": "integer" + }, + "page": { + "type": "integer" + }, + "total": { + "type": "integer" + }, + "totalPages": { + "type": "integer" } } }, - "relational.DocumentIDScheme": { - "type": "string", - "enum": [ - "http://www.doi.org/" - ], - "x-enum-varnames": [ - "DocumentIDSchemeDoi" - ] - }, - "relational.Evidence": { + "service.ListResponse-templates_evidenceTemplateResponse": { "type": "object", "properties": { - "activities": { - "description": "What steps did we take to create this evidence", + "data": { "type": "array", "items": { - "$ref": "#/definitions/relational.Activity" + "$ref": "#/definitions/templates.evidenceTemplateResponse" } }, - "back-matter": { - "$ref": "#/definitions/relational.BackMatter" + "limit": { + "type": "integer" }, - "components": { - "description": "Which components of the subject are being observed. A tool, user, policy etc.", + "page": { + "type": "integer" + }, + "total": { + "type": "integer" + }, + "totalPages": { + "type": "integer" + } + } + }, + "service.ListResponse-templates_riskTemplateResponse": { + "type": "object", + "properties": { + "data": { "type": "array", "items": { - "$ref": "#/definitions/relational.SystemComponent" + "$ref": "#/definitions/templates.riskTemplateResponse" } }, - "description": { - "type": "string" - }, - "end": { - "type": "string" + "limit": { + "type": "integer" }, - "expires": { - "type": "string" + "page": { + "type": "integer" }, - "id": { - "type": "string" + "total": { + "type": "integer" }, - "inventory-items": { + "totalPages": { + "type": "integer" + } + } + }, + "service.ListResponse-templates_subjectTemplateResponse": { + "type": "object", + "properties": { + "data": { "type": "array", "items": { - "$ref": "#/definitions/relational.InventoryItem" + "$ref": "#/definitions/templates.subjectTemplateResponse" } }, - "labels": { - "description": "Assigning labels to Evidence makes it searchable and easily usable in the UI", - "type": "array", - "items": { - "$ref": "#/definitions/relational.Labels" - } + "limit": { + "type": "integer" }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.Link" - } + "page": { + "type": "integer" }, - "origins": { - "description": "Who or What is generating this evidence", - "type": "array", - "items": { - "$ref": "#/definitions/relational.Origin" - } + "total": { + "type": "integer" }, - "props": { + "totalPages": { + "type": "integer" + } + } + }, + "service.ListResponse-uuid_UUID": { + "type": "object", + "properties": { + "data": { "type": "array", "items": { - "$ref": "#/definitions/relational.Prop" + "type": "string" } }, - "remarks": { - "type": "string" + "limit": { + "type": "integer" }, - "start": { - "description": "When did we start collecting the evidence, and when did the process end, and how long is it valid for ?", - "type": "string" + "page": { + "type": "integer" }, - "status": { - "description": "Did we satisfy what was being tested for, or did we fail ?", - "allOf": [ - { - "$ref": "#/definitions/datatypes.JSONType-oscalTypes_1_1_3_ObjectiveStatus" - } - ] + "total": { + "type": "integer" }, - "subjects": { - "description": "Who or What are we providing evidence for. What's under test.", - "type": "array", - "items": { - "$ref": "#/definitions/relational.AssessmentSubject" - } + "totalPages": { + "type": "integer" + } + } + }, + "templates.evidenceTemplateDataResponse": { + "type": "object", + "properties": { + "data": { + "$ref": "#/definitions/templates.evidenceTemplateResponse" + } + } + }, + "templates.evidenceTemplateLabelSchemaFieldRequest": { + "type": "object", + "properties": { + "description": { + "type": "string" }, - "title": { + "key": { "type": "string" }, - "uuid": { - "description": "UUID needs to remain consistent when automation runs again, but unique for each subject.\nIt represents the \"stream\" of the same observation being made over time.", + "required": { + "type": "boolean" + } + } + }, + "templates.evidenceTemplateLabelSchemaFieldResponse": { + "type": "object", + "properties": { + "description": { + "type": "string" + }, + "key": { "type": "string" + }, + "required": { + "type": "boolean" } } }, - "relational.Export": { + "templates.evidenceTemplateResponse": { "type": "object", "properties": { - "byComponentId": { + "createdAt": { "type": "string" }, "description": { @@ -24561,266 +34349,250 @@ "id": { "type": "string" }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.Link" - } + "isActive": { + "type": "boolean" }, - "props": { + "labelSchema": { "type": "array", "items": { - "$ref": "#/definitions/relational.Prop" + "$ref": "#/definitions/templates.evidenceTemplateLabelSchemaFieldResponse" } }, - "provided": { + "methods": { "type": "array", "items": { - "$ref": "#/definitions/relational.ProvidedControlImplementation" + "type": "string" } }, - "remarks": { + "pluginId": { "type": "string" }, - "responsibilities": { + "policyPackage": { + "type": "string" + }, + "riskTemplateIds": { "type": "array", "items": { - "$ref": "#/definitions/relational.ControlImplementationResponsibility" + "type": "string" } - } - } - }, - "relational.Filter": { - "type": "object", - "properties": { - "components": { + }, + "selectorLabels": { "type": "array", "items": { - "$ref": "#/definitions/relational.SystemComponent" + "$ref": "#/definitions/templates.evidenceTemplateSelectorLabelResponse" } }, - "controls": { + "subjectTemplateIds": { "type": "array", "items": { - "$ref": "#/definitions/relational.Control" + "type": "string" } }, - "filter": { - "$ref": "#/definitions/datatypes.JSONType-labelfilter_Filter" - }, - "id": { + "title": { "type": "string" }, - "name": { + "updatedAt": { "type": "string" } } }, - "relational.Hash": { + "templates.evidenceTemplateSelectorLabelRequest": { "type": "object", "properties": { - "algorithm": { - "description": "required", - "allOf": [ - { - "$ref": "#/definitions/relational.HashAlgorithm" - } - ] + "key": { + "type": "string" }, "value": { - "description": "required", "type": "string" } } }, - "relational.HashAlgorithm": { - "type": "string", - "enum": [ - "SHA-224", - "SHA-256", - "SHA-384", - "SHA-512", - "SHA3-224", - "SHA3-256", - "SHA3-384", - "SHA3-512" - ], - "x-enum-varnames": [ - "HashAlgorithmSHA_224", - "HashAlgorithmSHA_256", - "HashAlgorithmSHA_384", - "HashAlgorithmSHA_512", - "HashAlgorithmSHA3_224", - "HashAlgorithmSHA3_256", - "HashAlgorithmSHA3_384", - "HashAlgorithmSHA3_512" - ] - }, - "relational.ImplementedComponent": { + "templates.evidenceTemplateSelectorLabelResponse": { "type": "object", "properties": { - "component": { - "$ref": "#/definitions/relational.DefinedComponent" + "key": { + "type": "string" }, - "component-uuid": { + "value": { "type": "string" + } + } + }, + "templates.remediationTaskRequest": { + "type": "object", + "properties": { + "orderIndex": { + "type": "integer" }, + "title": { + "type": "string" + } + } + }, + "templates.remediationTaskResponse": { + "type": "object", + "properties": { "id": { "type": "string" }, - "inventoryItemId": { + "orderIndex": { + "type": "integer" + }, + "title": { + "type": "string" + } + } + }, + "templates.remediationTemplateRequest": { + "type": "object", + "properties": { + "description": { "type": "string" }, - "links": { + "tasks": { "type": "array", "items": { - "$ref": "#/definitions/relational.Link" + "$ref": "#/definitions/templates.remediationTaskRequest" } }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.Prop" - } + "title": { + "type": "string" + } + } + }, + "templates.remediationTemplateResponse": { + "type": "object", + "properties": { + "description": { + "type": "string" }, - "remarks": { + "id": { "type": "string" }, - "responsible-parties": { + "tasks": { "type": "array", "items": { - "$ref": "#/definitions/relational.ResponsibleParty" + "$ref": "#/definitions/templates.remediationTaskResponse" } + }, + "title": { + "type": "string" } } }, - "relational.ImplementedRequirementControlImplementation": { + "templates.riskTemplateDataResponse": { "type": "object", "properties": { - "control-id": { - "description": "required", + "data": { + "$ref": "#/definitions/templates.riskTemplateResponse" + } + } + }, + "templates.riskTemplateResponse": { + "type": "object", + "properties": { + "createdAt": { "type": "string" }, - "controlImplementationSetID": { + "id": { "type": "string" }, - "description": { - "description": "required", + "impactHint": { "type": "string" }, - "id": { + "isActive": { + "type": "boolean" + }, + "likelihoodHint": { "type": "string" }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.Link" - } + "name": { + "type": "string" }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.Prop" - } + "pluginId": { + "type": "string" }, - "remarks": { + "policyPackage": { "type": "string" }, - "responsible-roles": { - "description": "required", - "type": "array", - "items": { - "$ref": "#/definitions/relational.ResponsibleRole" - } + "remediationTemplate": { + "$ref": "#/definitions/templates.remediationTemplateResponse" }, - "set-parameters": { + "statement": { + "type": "string" + }, + "threatIds": { "type": "array", "items": { - "$ref": "#/definitions/relational.SetParameter" + "$ref": "#/definitions/templates.threatIDResponse" } }, - "statements": { + "title": { + "type": "string" + }, + "updatedAt": { + "type": "string" + }, + "violationIds": { "type": "array", "items": { - "$ref": "#/definitions/relational.ControlStatementImplementation" + "type": "string" } } } }, - "relational.ImportComponentDefinition": { + "templates.subjectTemplateDataResponse": { "type": "object", "properties": { - "href": { - "type": "string" + "data": { + "$ref": "#/definitions/templates.subjectTemplateResponse" } } }, - "relational.IncorporatesComponents": { + "templates.subjectTemplateLabelSchemaFieldRequest": { "type": "object", "properties": { - "component-uuid": { + "description": { "type": "string" }, - "description": { + "key": { "type": "string" } } }, - "relational.InheritedControlImplementation": { + "templates.subjectTemplateLabelSchemaFieldResponse": { "type": "object", "properties": { - "byComponentId": { - "type": "string" - }, "description": { - "description": "required", - "type": "string" - }, - "id": { "type": "string" }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.Link" - } - }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.Prop" - } - }, - "provided-uuid": { + "key": { "type": "string" - }, - "responsible-roles": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.ResponsibleRole" - } } } }, - "relational.InventoryItem": { + "templates.subjectTemplateResponse": { "type": "object", "properties": { - "description": { + "createdAt": { "type": "string" }, - "evidence": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.Evidence" - } + "descriptionTemplate": { + "type": "string" }, "id": { "type": "string" }, - "implemented-components": { + "identityLabelKeys": { "type": "array", "items": { - "$ref": "#/definitions/relational.ImplementedComponent" + "type": "string" + } + }, + "labelSchema": { + "type": "array", + "items": { + "$ref": "#/definitions/templates.subjectTemplateLabelSchemaFieldResponse" } }, "links": { @@ -24829,30 +34601,45 @@ "$ref": "#/definitions/relational.Link" } }, + "name": { + "type": "string" + }, "props": { "type": "array", "items": { "$ref": "#/definitions/relational.Prop" } }, - "remarks": { + "purposeTemplate": { "type": "string" }, - "responsible-parties": { + "remarksTemplate": { + "type": "string" + }, + "selectorLabels": { "type": "array", "items": { - "$ref": "#/definitions/relational.ResponsibleParty" + "$ref": "#/definitions/templates.subjectTemplateSelectorLabelResponse" } }, - "systemImplementationId": { + "sourceMode": { + "type": "string" + }, + "titleTemplate": { + "type": "string" + }, + "type": { + "type": "string" + }, + "updatedAt": { "type": "string" } } }, - "relational.Labels": { + "templates.subjectTemplateSelectorLabelRequest": { "type": "object", "properties": { - "name": { + "key": { "type": "string" }, "value": { @@ -24860,66 +34647,138 @@ } } }, - "relational.Link": { + "templates.subjectTemplateSelectorLabelResponse": { "type": "object", "properties": { - "href": { + "key": { "type": "string" }, - "media-type": { + "value": { + "type": "string" + } + } + }, + "templates.threatIDRequest": { + "type": "object", + "properties": { + "id": { "type": "string" }, - "rel": { + "system": { "type": "string" }, - "resource-fragment": { + "title": { "type": "string" }, - "text": { + "url": { "type": "string" } } }, - "relational.Location": { + "templates.threatIDResponse": { "type": "object", "properties": { - "address": { - "$ref": "#/definitions/datatypes.JSONType-relational_Address" + "id": { + "type": "string" }, - "email-addresses": { + "system": { + "type": "string" + }, + "title": { + "type": "string" + }, + "url": { + "type": "string" + } + } + }, + "templates.upsertEvidenceTemplateRequest": { + "type": "object", + "properties": { + "description": { + "type": "string" + }, + "isActive": { + "type": "boolean" + }, + "labelSchema": { + "type": "array", + "items": { + "$ref": "#/definitions/templates.evidenceTemplateLabelSchemaFieldRequest" + } + }, + "methods": { "type": "array", "items": { "type": "string" } }, - "id": { + "pluginId": { "type": "string" }, - "links": { + "policyPackage": { + "type": "string" + }, + "riskTemplateIds": { "type": "array", "items": { - "$ref": "#/definitions/relational.Link" + "type": "string" } }, - "props": { + "selectorLabels": { "type": "array", "items": { - "$ref": "#/definitions/relational.Prop" + "$ref": "#/definitions/templates.evidenceTemplateSelectorLabelRequest" } }, - "remarks": { + "subjectTemplateIds": { + "type": "array", + "items": { + "type": "string" + } + }, + "title": { + "type": "string" + } + } + }, + "templates.upsertRiskTemplateRequest": { + "type": "object", + "properties": { + "impactHint": { "type": "string" }, - "telephone-numbers": { + "isActive": { + "type": "boolean" + }, + "likelihoodHint": { + "type": "string" + }, + "name": { + "type": "string" + }, + "pluginId": { + "type": "string" + }, + "policyPackage": { + "type": "string" + }, + "remediationTemplate": { + "$ref": "#/definitions/templates.remediationTemplateRequest" + }, + "statement": { + "type": "string" + }, + "threatIds": { "type": "array", "items": { - "$ref": "#/definitions/relational.TelephoneNumber" + "$ref": "#/definitions/templates.threatIDRequest" } }, "title": { "type": "string" }, - "urls": { + "violationIds": { "type": "array", "items": { "type": "string" @@ -24927,981 +34786,1425 @@ } } }, - "relational.Metadata": { + "templates.upsertSubjectTemplateRequest": { "type": "object", + "required": [ + "identityLabelKeys", + "labelSchema", + "name", + "selectorLabels", + "sourceMode", + "type" + ], "properties": { - "actions": { + "descriptionTemplate": { + "type": "string" + }, + "identityLabelKeys": { + "type": "array", + "items": { + "type": "string" + } + }, + "labelSchema": { "type": "array", "items": { - "$ref": "#/definitions/relational.Action" + "$ref": "#/definitions/templates.subjectTemplateLabelSchemaFieldRequest" } }, - "document-ids": { - "description": "-\u003e DocumentID", + "links": { "type": "array", "items": { - "$ref": "#/definitions/relational.DocumentID" + "$ref": "#/definitions/relational.Link" } }, - "id": { - "type": "string" - }, - "last-modified": { + "name": { "type": "string" }, - "links": { + "props": { "type": "array", "items": { - "$ref": "#/definitions/relational.Link" + "$ref": "#/definitions/relational.Prop" } }, - "locations": { + "purposeTemplate": { + "type": "string" + }, + "remarksTemplate": { + "type": "string" + }, + "selectorLabels": { "type": "array", "items": { - "$ref": "#/definitions/relational.Location" + "$ref": "#/definitions/templates.subjectTemplateSelectorLabelRequest" } }, - "oscal-version": { + "sourceMode": { "type": "string" }, - "parentID": { - "description": "Metadata is shared across many resources, and so it mapped using a polymorphic relationship", + "titleTemplate": { "type": "string" }, - "parentType": { + "type": { + "type": "string" + } + } + }, + "time.Duration": { + "type": "integer", + "format": "int64", + "enum": [ + -9223372036854775808, + 9223372036854775807, + 1, + 1000, + 1000000, + 1000000000, + 60000000000, + 3600000000000 + ], + "x-enum-varnames": [ + "minDuration", + "maxDuration", + "Nanosecond", + "Microsecond", + "Millisecond", + "Second", + "Minute", + "Hour" + ] + }, + "workflow.EvidenceSubmission": { + "type": "object", + "properties": { + "description": { "type": "string" }, - "parties": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.Party" - } + "evidence-id": { + "type": "string" }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.Prop" - } + "evidence-type": { + "type": "string" }, - "published": { + "file-content": { + "description": "Base64 encoded file content", "type": "string" }, - "remarks": { + "file-hash": { "type": "string" }, - "responsibleParties": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.ResponsibleParty" - } + "file-path": { + "type": "string" }, - "revisions": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.Revision" - } + "file-size": { + "type": "integer" }, - "roles": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.Role" - } + "media-type": { + "description": "MIME type (e.g., \"application/pdf\", \"image/png\")", + "type": "string" }, - "title": { + "metadata": { "type": "string" }, - "version": { + "name": { "type": "string" } } }, - "relational.Origin": { + "workflow.ExecutionMetrics": { "type": "object", "properties": { - "actors": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.OriginActor" - } + "averageStepDuration": { + "$ref": "#/definitions/time.Duration" }, - "related-tasks": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.RelatedTask" - } + "duration": { + "$ref": "#/definitions/time.Duration" + }, + "executionID": { + "type": "string" + }, + "longestStepDuration": { + "$ref": "#/definitions/time.Duration" + }, + "totalSteps": { + "type": "integer" } } }, - "relational.Parameter": { + "workflow.ExecutionStatus": { "type": "object", "properties": { - "class": { + "blockedSteps": { + "type": "integer" + }, + "cancelledSteps": { + "type": "integer" + }, + "completedAt": { "type": "string" }, - "constraints": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.ParameterConstraint" - } + "completedSteps": { + "type": "integer" }, - "guidelines": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.ParameterGuideline" - } + "executionID": { + "type": "string" }, - "id": { + "failedAt": { "type": "string" }, - "label": { + "failedSteps": { + "type": "integer" + }, + "failureReason": { "type": "string" }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.Link" - } + "inProgressSteps": { + "type": "integer" }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.Prop" - } + "overdueSteps": { + "type": "integer" }, - "remarks": { + "pendingSteps": { + "type": "integer" + }, + "startedAt": { "type": "string" }, - "select": { - "$ref": "#/definitions/datatypes.JSONType-relational_ParameterSelection" + "status": { + "type": "string" }, - "usage": { + "totalSteps": { + "type": "integer" + } + } + }, + "workflows.BulkReassignRoleResponse": { + "type": "object", + "properties": { + "data": { + "$ref": "#/definitions/workflows.BulkReassignRoleResponseData" + } + } + }, + "workflows.BulkReassignRoleResponseData": { + "type": "object", + "properties": { + "execution-id": { "type": "string" }, - "values": { + "reassigned-count": { + "type": "integer" + }, + "reassigned-step-execution-ids": { "type": "array", "items": { "type": "string" } + }, + "role-name": { + "type": "string" } } }, - "relational.ParameterConstraint": { + "workflows.CancelWorkflowExecutionRequest": { "type": "object", "properties": { - "description": { + "reason": { + "type": "string" + } + } + }, + "workflows.ControlRelationship": { + "type": "object", + "properties": { + "catalog_id": { + "description": "Link to catalog if available", "type": "string" }, - "tests": { + "control_id": { + "description": "Control Information", + "type": "string" + }, + "control_source": { + "description": "e.g., \"NIST 800-53 Rev 5\", \"ISO 27001\"", + "type": "string" + }, + "created-at": { + "type": "string" + }, + "deleted_at": { + "$ref": "#/definitions/gorm.DeletedAt" + }, + "id": { + "type": "string" + }, + "is_active": { + "type": "boolean" + }, + "relationship_type": { + "description": "Relationship Information", + "type": "string" + }, + "strength": { + "description": "primary, secondary, supporting", + "type": "string" + }, + "updated-at": { + "type": "string" + }, + "workflow_definition": { + "description": "Relationships", + "allOf": [ + { + "$ref": "#/definitions/workflows.WorkflowDefinition" + } + ] + }, + "workflow_definition_id": { + "description": "Foreign Keys", + "type": "string" + } + } + }, + "workflows.ControlRelationshipListResponse": { + "type": "object", + "properties": { + "data": { "type": "array", "items": { - "$ref": "#/definitions/relational.ParameterConstraintTest" + "$ref": "#/definitions/workflows.ControlRelationship" } } } }, - "relational.ParameterConstraintTest": { + "workflows.ControlRelationshipResponse": { "type": "object", "properties": { - "expression": { + "data": { + "$ref": "#/definitions/workflows.ControlRelationship" + } + } + }, + "workflows.CreateControlRelationshipRequest": { + "type": "object", + "required": [ + "catalog-id", + "control-id", + "workflow-definition-id" + ], + "properties": { + "catalog-id": { "type": "string" }, - "remarks": { + "control-id": { + "type": "string" + }, + "description": { + "type": "string" + }, + "is-active": { + "type": "boolean" + }, + "relationship-type": { + "description": "If not provided - 'satisfies' is used", + "type": "string" + }, + "strength": { + "description": "If not provided - 'primary' is used", + "type": "string" + }, + "workflow-definition-id": { "type": "string" } } }, - "relational.ParameterGuideline": { + "workflows.CreateRoleAssignmentRequest": { "type": "object", + "required": [ + "assigned-to-id", + "assigned-to-type", + "role-name", + "workflow-instance-id" + ], "properties": { - "prose": { + "assigned-to-id": { + "type": "string" + }, + "assigned-to-type": { + "type": "string" + }, + "is-active": { + "type": "boolean" + }, + "role-name": { + "type": "string" + }, + "workflow-instance-id": { "type": "string" } } }, - "relational.Part": { + "workflows.CreateWorkflowDefinitionRequest": { "type": "object", + "required": [ + "name" + ], "properties": { - "class": { + "description": { "type": "string" }, - "id": { + "evidence-required": { "type": "string" }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.Link" - } + "grace-period-days": { + "type": "integer" }, "name": { "type": "string" }, - "ns": { + "suggested-cadence": { "type": "string" }, - "part_id": { + "version": { + "type": "string" + } + } + }, + "workflows.CreateWorkflowInstanceRequest": { + "type": "object", + "required": [ + "name", + "system-id", + "workflow-definition-id" + ], + "properties": { + "cadence": { + "type": "string" + }, + "description": { "type": "string" }, - "parts": { - "description": "-\u003e Part", - "type": "array", - "items": { - "$ref": "#/definitions/relational.Part" - } + "grace-period-days": { + "type": "integer" }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.Prop" - } + "is-active": { + "type": "boolean" }, - "prose": { + "name": { "type": "string" }, - "title": { + "system-id": { + "type": "string" + }, + "workflow-definition-id": { "type": "string" } } }, - "relational.Party": { + "workflows.CreateWorkflowStepDefinitionRequest": { "type": "object", + "required": [ + "name", + "responsible-role", + "workflow-definition-id" + ], "properties": { - "addresses": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.Address" - } - }, - "email-addresses": { + "depends-on": { + "description": "Array of step IDs this step depends on", "type": "array", "items": { "type": "string" } }, - "external-ids": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.PartyExternalID" - } - }, - "id": { + "description": { "type": "string" }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.Link" - } + "estimated-duration": { + "type": "integer" }, - "locations": { + "evidence-required": { "type": "array", "items": { - "$ref": "#/definitions/relational.Location" + "$ref": "#/definitions/workflows.EvidenceRequirement" } }, - "member-of-organizations": { - "description": "-\u003e Party", - "type": "array", - "items": { - "$ref": "#/definitions/relational.Party" - } + "grace-period-days": { + "type": "integer" }, "name": { "type": "string" }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.Prop" - } - }, - "remarks": { + "responsible-role": { "type": "string" }, - "short-name": { + "workflow-definition-id": { "type": "string" - }, - "telephone-numbers": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.TelephoneNumber" - } - }, - "type": { - "$ref": "#/definitions/relational.PartyType" } } }, - "relational.PartyExternalID": { + "workflows.EvidenceRequirement": { "type": "object", "properties": { - "id": { + "description": { "type": "string" }, - "scheme": { - "$ref": "#/definitions/relational.PartyExternalIDScheme" + "required": { + "type": "boolean" + }, + "type": { + "type": "string" } } }, - "relational.PartyExternalIDScheme": { - "type": "string", - "enum": [ - "http://orcid.org/" - ], - "x-enum-varnames": [ - "PartyExternalIDSchemeOrchid" - ] - }, - "relational.PartyType": { - "type": "string", - "enum": [ - "person", - "organization" + "workflows.FailStepRequest": { + "type": "object", + "required": [ + "reason" ], - "x-enum-varnames": [ - "PartyTypePerson", - "PartyTypeOrganization" - ] + "properties": { + "reason": { + "type": "string" + } + } }, - "relational.Prop": { + "workflows.MyAssignmentsResponse": { "type": "object", "properties": { - "class": { - "type": "string" + "data": { + "type": "array", + "items": { + "$ref": "#/definitions/workflows.StepExecution" + } }, - "group": { - "type": "string" + "has-more": { + "type": "boolean" }, - "name": { - "type": "string" + "limit": { + "type": "integer" }, - "ns": { - "type": "string" + "offset": { + "type": "integer" }, - "remarks": { + "total": { + "type": "integer" + } + } + }, + "workflows.ReassignRoleRequest": { + "type": "object", + "required": [ + "new-assigned-to-id", + "new-assigned-to-type", + "role-name" + ], + "properties": { + "new-assigned-to-id": { "type": "string" }, - "uuid": { + "new-assigned-to-type": { + "type": "string", + "enum": [ + "user", + "group", + "email" + ] + }, + "reason": { "type": "string" }, - "value": { + "role-name": { "type": "string" } } }, - "relational.Protocol": { + "workflows.ReassignStepRequest": { "type": "object", + "required": [ + "assigned-to-id", + "assigned-to-type" + ], "properties": { - "name": { + "assigned-to-id": { "type": "string" }, - "port-ranges": { - "type": "array", - "items": { - "$ref": "#/definitions/oscalTypes_1_1_3.PortRange" - } - }, - "title": { - "type": "string" + "assigned-to-type": { + "type": "string", + "enum": [ + "user", + "group", + "email" + ] }, - "uuid": { + "reason": { "type": "string" } } }, - "relational.ProvidedControlImplementation": { + "workflows.RoleAssignment": { "type": "object", "properties": { - "description": { + "assigned_to_id": { + "description": "User ID, group ID, or email", "type": "string" }, - "exportId": { + "assigned_to_type": { + "description": "user, group, email", "type": "string" }, "id": { "type": "string" }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.Link" - } - }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.Prop" - } + "is_active": { + "type": "boolean" }, - "remarks": { + "role_name": { "type": "string" }, - "responsible-roles": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.ResponsibleRole" - } + "workflow_instance": { + "description": "Relationships", + "allOf": [ + { + "$ref": "#/definitions/workflows.WorkflowInstance" + } + ] + }, + "workflow_instance_id": { + "type": "string" } } }, - "relational.ResourceLink": { + "workflows.RoleAssignmentListResponse": { "type": "object", "properties": { - "hashes": { + "data": { "type": "array", "items": { - "$ref": "#/definitions/relational.Hash" + "$ref": "#/definitions/workflows.RoleAssignment" } + } + } + }, + "workflows.RoleAssignmentResponse": { + "type": "object", + "properties": { + "data": { + "$ref": "#/definitions/workflows.RoleAssignment" + } + } + }, + "workflows.StartWorkflowExecutionRequest": { + "type": "object", + "required": [ + "triggered-by", + "workflow-instance-id" + ], + "properties": { + "triggered-by": { + "type": "string" }, - "href": { - "description": "required", + "triggered-by-id": { "type": "string" }, - "media-type": { + "workflow-instance-id": { "type": "string" } } }, - "relational.ResponsibleParty": { + "workflows.StepDependency": { "type": "object", "properties": { + "depends_on_step": { + "$ref": "#/definitions/workflows.WorkflowStepDefinition" + }, + "depends_on_step_id": { + "type": "string" + }, "id": { "type": "string" }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.Link" - } + "workflow_step_definition": { + "description": "Relationships", + "allOf": [ + { + "$ref": "#/definitions/workflows.WorkflowStepDefinition" + } + ] }, - "parentID": { - "description": "Polymorphic relationship - allows ResponsibleParty to belong to different parent types", + "workflow_step_definition_id": { + "type": "string" + } + } + }, + "workflows.StepEvidence": { + "type": "object", + "properties": { + "created-at": { "type": "string" }, - "parentType": { + "deleted_at": { + "$ref": "#/definitions/gorm.DeletedAt" + }, + "description": { "type": "string" }, - "parties": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.ResponsiblePartyParties" - } + "evidence": { + "$ref": "#/definitions/relational.Evidence" }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.Prop" - } + "evidence_id": { + "description": "Link to main evidence table", + "type": "string" + }, + "evidence_type": { + "description": "document, attestation, screenshot, log", + "type": "string" + }, + "file-size": { + "description": "File size in bytes", + "type": "integer" + }, + "file_hash": { + "description": "SHA-256 hash of file", + "type": "string" + }, + "file_path": { + "description": "Path to stored file", + "type": "string" + }, + "id": { + "type": "string" + }, + "metadata": { + "description": "JSON metadata", + "type": "string" + }, + "name": { + "description": "Evidence Information", + "type": "string" + }, + "step_execution": { + "description": "Relationships", + "allOf": [ + { + "$ref": "#/definitions/workflows.StepExecution" + } + ] }, - "remarks": { + "step_execution_id": { + "description": "Foreign Keys", "type": "string" }, - "role": { - "$ref": "#/definitions/relational.Role" - }, - "role-id": { - "description": "required", + "updated-at": { "type": "string" } } }, - "relational.ResponsiblePartyParties": { + "workflows.StepExecution": { "type": "object", "properties": { - "partyID": { + "assigned-at": { "type": "string" }, - "responsiblePartyID": { - "type": "string" - } - } - }, - "relational.ResponsibleRole": { - "type": "object", - "properties": { - "id": { + "assigned_to_id": { + "description": "User ID, group ID, or email", "type": "string" }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.Link" - } + "assigned_to_type": { + "description": "Assignment Information", + "type": "string" }, - "parentID": { + "completed-at": { "type": "string" }, - "parentType": { + "created-at": { "type": "string" }, - "parties": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.Party" - } + "deleted_at": { + "$ref": "#/definitions/gorm.DeletedAt" }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.Prop" - } + "due_date": { + "type": "string" }, - "remarks": { + "failed-at": { "type": "string" }, - "role": { - "$ref": "#/definitions/relational.Role" + "failure_reason": { + "type": "string" }, - "role-id": { - "description": "required", + "id": { "type": "string" - } - } - }, - "relational.ReviewedControls": { - "type": "object", - "properties": { - "controlObjectiveSelections": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.ControlObjectiveSelection" - } }, - "controlSelections": { - "description": "required", + "overdue-at": { + "type": "string" + }, + "reassignment_history": { "type": "array", "items": { - "$ref": "#/definitions/relational.ControlSelection" + "$ref": "#/definitions/workflows.StepReassignmentHistory" } }, - "description": { + "started-at": { "type": "string" }, - "id": { + "status": { + "description": "Execution Information", "type": "string" }, - "links": { + "step_evidence": { "type": "array", "items": { - "$ref": "#/definitions/relational.Link" + "$ref": "#/definitions/workflows.StepEvidence" } }, - "props": { + "updated-at": { + "type": "string" + }, + "workflow_execution": { + "description": "Relationships", + "allOf": [ + { + "$ref": "#/definitions/workflows.WorkflowExecution" + } + ] + }, + "workflow_execution_id": { + "description": "Foreign Keys", + "type": "string" + }, + "workflow_step_definition": { + "$ref": "#/definitions/workflows.WorkflowStepDefinition" + }, + "workflow_step_definition_id": { + "type": "string" + } + } + }, + "workflows.StepExecutionListResponse": { + "type": "object", + "properties": { + "data": { "type": "array", "items": { - "$ref": "#/definitions/relational.Prop" + "$ref": "#/definitions/workflows.StepExecution" } - }, - "remarks": { - "type": "string" } } }, - "relational.Revision": { + "workflows.StepExecutionResponse": { + "type": "object", + "properties": { + "data": { + "$ref": "#/definitions/workflows.StepExecution" + } + } + }, + "workflows.StepReassignmentHistory": { "type": "object", "properties": { + "created-at": { + "type": "string" + }, + "deleted_at": { + "$ref": "#/definitions/gorm.DeletedAt" + }, "id": { "type": "string" }, - "last-modified": { + "new_assigned_to_id": { "type": "string" }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.Link" - } + "new_assigned_to_type": { + "type": "string" }, - "metadata-id": { - "description": "Revision only exist on a metadata object. We'll link them straight there with a BelongsTo relationship", + "previous_assigned_to_id": { "type": "string" }, - "oscal-version": { + "previous_assigned_to_type": { "type": "string" }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.Prop" - } + "reason": { + "type": "string" }, - "published": { + "reassigned_by_email": { "type": "string" }, - "remarks": { + "reassigned_by_user_id": { "type": "string" }, - "title": { + "step_execution": { + "$ref": "#/definitions/workflows.StepExecution" + }, + "step_execution_id": { "type": "string" }, - "version": { - "description": "required", + "updated-at": { + "type": "string" + }, + "workflow_execution_id": { "type": "string" } } }, - "relational.Role": { + "workflows.StepTrigger": { "type": "object", "properties": { - "description": { - "type": "string" - }, "id": { "type": "string" }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.Link" - } - }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.Prop" - } + "is_active": { + "type": "boolean" }, - "remarks": { + "trigger_condition": { + "description": "JSON condition expression", "type": "string" }, - "short-name": { + "trigger_type": { + "description": "evidence_stream, time_based, external_event", "type": "string" }, - "title": { + "workflow_step_definition": { + "description": "Relationships", + "allOf": [ + { + "$ref": "#/definitions/workflows.WorkflowStepDefinition" + } + ] + }, + "workflow_step_definition_id": { "type": "string" } } }, - "relational.SatisfiedControlImplementationResponsibility": { + "workflows.TransitionStepRequest": { "type": "object", + "required": [ + "status", + "user-id", + "user-type" + ], "properties": { - "by-component-id": { - "type": "string" - }, - "description": { - "type": "string" - }, - "id": { - "type": "string" - }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.Link" - } - }, - "props": { + "evidence": { "type": "array", "items": { - "$ref": "#/definitions/relational.Prop" + "$ref": "#/definitions/workflow.EvidenceSubmission" } }, - "remarks": { + "notes": { "type": "string" }, - "responsibility-uuid": { + "status": { + "type": "string", + "enum": [ + "in_progress", + "completed" + ] + }, + "user-id": { "type": "string" }, - "responsible-roles": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.ResponsibleRole" - } + "user-type": { + "type": "string", + "enum": [ + "user", + "group", + "email" + ] } } }, - "relational.SelectObjectiveById": { + "workflows.UpdateControlRelationshipRequest": { "type": "object", "properties": { - "id": { + "description": { "type": "string" }, - "objective": { - "description": "required", + "relationship-type": { "type": "string" }, - "parentID": { + "strength": { + "type": "string" + } + } + }, + "workflows.UpdateRoleAssignmentRequest": { + "type": "object", + "properties": { + "assigned-to-id": { "type": "string" }, - "parentType": { + "assigned-to-type": { "type": "string" } } }, - "relational.SelectSubjectById": { + "workflows.UpdateWorkflowDefinitionRequest": { "type": "object", "properties": { - "assessmentSubjectID": { + "description": { "type": "string" }, - "id": { + "evidence-required": { "type": "string" }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.Link" - } + "grace-period-days": { + "type": "integer" }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.Prop" - } + "name": { + "type": "string" }, - "remarks": { + "suggested-cadence": { "type": "string" }, - "subjectUUID": { - "description": "SubjectUUID technically represents a UUID of a component, party, location, user, or inventory item.\nIt will likely be updated once we can map it correctly", + "version": { "type": "string" } } }, - "relational.SetParameter": { + "workflows.UpdateWorkflowInstanceRequest": { "type": "object", "properties": { - "param-id": { + "cadence": { "type": "string" }, - "remarks": { + "description": { "type": "string" }, - "values": { + "grace-period-days": { + "type": "integer" + }, + "is-active": { + "type": "boolean" + }, + "name": { + "type": "string" + } + } + }, + "workflows.UpdateWorkflowStepDefinitionRequest": { + "type": "object", + "properties": { + "depends-on": { "type": "array", "items": { "type": "string" } + }, + "description": { + "type": "string" + }, + "estimated-duration": { + "type": "integer" + }, + "evidence-required": { + "type": "array", + "items": { + "$ref": "#/definitions/workflows.EvidenceRequirement" + } + }, + "grace-period-days": { + "type": "integer" + }, + "name": { + "type": "string" + }, + "responsible-role": { + "type": "string" } } }, - "relational.Statement": { + "workflows.WorkflowDefinition": { "type": "object", "properties": { - "by-components": { + "control_relationships": { "type": "array", "items": { - "$ref": "#/definitions/relational.ByComponent" + "$ref": "#/definitions/workflows.ControlRelationship" } }, - "id": { + "created-at": { + "type": "string" + }, + "created_by_id": { + "description": "Audit Fields", + "type": "string" + }, + "deleted_at": { + "$ref": "#/definitions/gorm.DeletedAt" + }, + "description": { + "type": "string" + }, + "evidence_required": { + "description": "JSON array of required evidence types", "type": "string" }, - "implementedRequirementId": { + "grace-period-days": { + "description": "Override global default if set", + "type": "integer" + }, + "id": { "type": "string" }, - "links": { + "instances": { "type": "array", "items": { - "$ref": "#/definitions/relational.Link" + "$ref": "#/definitions/workflows.WorkflowInstance" } }, - "props": { + "name": { + "description": "Basic Information", + "type": "string" + }, + "steps": { + "description": "Relationships", "type": "array", "items": { - "$ref": "#/definitions/relational.Prop" + "$ref": "#/definitions/workflows.WorkflowStepDefinition" } }, - "remarks": { + "suggested_cadence": { + "description": "Workflow Configuration", "type": "string" }, - "responsible-roles": { + "updated-at": { + "type": "string" + }, + "updated_by_id": { + "type": "string" + }, + "version": { + "type": "string" + } + } + }, + "workflows.WorkflowDefinitionListResponse": { + "type": "object", + "properties": { + "data": { "type": "array", "items": { - "$ref": "#/definitions/relational.ResponsibleRole" + "$ref": "#/definitions/workflows.WorkflowDefinition" } - }, - "statement-id": { - "type": "string" } } }, - "relational.Step": { + "workflows.WorkflowDefinitionResponse": { "type": "object", "properties": { - "activityID": { + "data": { + "$ref": "#/definitions/workflows.WorkflowDefinition" + } + } + }, + "workflows.WorkflowExecution": { + "type": "object", + "properties": { + "completed-at": { "type": "string" }, - "description": { - "description": "required", + "created-at": { + "type": "string" + }, + "created_by_id": { + "description": "Audit Fields", + "type": "string" + }, + "deleted_at": { + "$ref": "#/definitions/gorm.DeletedAt" + }, + "due_date": { + "type": "string" + }, + "failed-at": { + "type": "string" + }, + "failure_reason": { "type": "string" }, "id": { "type": "string" }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.Link" - } + "overdue-at": { + "type": "string" }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.Prop" - } + "period_label": { + "description": "Scheduling Context", + "type": "string" }, - "remarks": { + "started-at": { "type": "string" }, - "responsible-roles": { + "status": { + "description": "Execution Information", + "type": "string" + }, + "step_executions": { "type": "array", "items": { - "$ref": "#/definitions/relational.ResponsibleRole" + "$ref": "#/definitions/workflows.StepExecution" } }, - "reviewed-controls": { - "$ref": "#/definitions/relational.ReviewedControls" + "triggered_by": { + "description": "Execution Context", + "type": "string" }, - "reviewedControlsID": { + "triggered_by_id": { + "description": "User ID or system identifier", "type": "string" }, - "title": { + "updated-at": { + "type": "string" + }, + "updated_by_id": { + "type": "string" + }, + "workflow_instance": { + "description": "Relationships", + "allOf": [ + { + "$ref": "#/definitions/workflows.WorkflowInstance" + } + ] + }, + "workflow_instance_id": { + "description": "Foreign Keys", "type": "string" } } }, - "relational.SystemComponent": { + "workflows.WorkflowExecutionListResponse": { "type": "object", "properties": { - "description": { - "type": "string" - }, - "evidence": { + "data": { "type": "array", "items": { - "$ref": "#/definitions/relational.Evidence" + "$ref": "#/definitions/workflows.WorkflowExecution" } + } + } + }, + "workflows.WorkflowExecutionMetricsResponse": { + "type": "object", + "properties": { + "data": { + "$ref": "#/definitions/workflow.ExecutionMetrics" + } + } + }, + "workflows.WorkflowExecutionResponse": { + "type": "object", + "properties": { + "data": { + "$ref": "#/definitions/workflows.WorkflowExecution" + } + } + }, + "workflows.WorkflowExecutionStatusResponse": { + "type": "object", + "properties": { + "data": { + "$ref": "#/definitions/workflow.ExecutionStatus" + } + } + }, + "workflows.WorkflowInstance": { + "type": "object", + "properties": { + "cadence": { + "description": "Instance Configuration", + "type": "string" }, - "filters": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.Filter" - } + "created-at": { + "type": "string" }, - "id": { + "created_by_id": { + "description": "Audit Fields", "type": "string" }, - "links": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.Link" - } + "deleted_at": { + "$ref": "#/definitions/gorm.DeletedAt" }, - "props": { - "type": "array", - "items": { - "$ref": "#/definitions/relational.Prop" - } + "description": { + "type": "string" }, - "protocols": { + "executions": { "type": "array", "items": { - "$ref": "#/definitions/relational.Protocol" + "$ref": "#/definitions/workflows.WorkflowExecution" } }, - "purpose": { + "grace-period-days": { + "description": "Override definition/global default if set", + "type": "integer" + }, + "id": { "type": "string" }, - "remarks": { + "is_active": { + "type": "boolean" + }, + "last-executed-at": { "type": "string" }, - "responsible-roles": { + "name": { + "description": "Basic Information", + "type": "string" + }, + "next-scheduled-at": { + "description": "Scheduling", + "type": "string" + }, + "role_assignments": { "type": "array", "items": { - "$ref": "#/definitions/relational.ResponsibleRole" + "$ref": "#/definitions/workflows.RoleAssignment" } }, - "status": { - "$ref": "#/definitions/datatypes.JSONType-relational_SystemComponentStatus" + "system_id": { + "type": "string" }, - "systemImplementationId": { + "system_security_plan": { + "description": "Relationships", + "allOf": [ + { + "$ref": "#/definitions/relational.SystemSecurityPlan" + } + ] + }, + "updated-at": { "type": "string" }, - "title": { + "updated_by_id": { "type": "string" }, - "type": { + "workflow_definition": { + "$ref": "#/definitions/workflows.WorkflowDefinition" + }, + "workflow_definition_id": { + "description": "Foreign Keys", "type": "string" } } }, - "relational.TelephoneNumber": { + "workflows.WorkflowInstanceListResponse": { "type": "object", "properties": { - "number": { - "type": "string" - }, - "type": { - "$ref": "#/definitions/relational.TelephoneNumberType" + "data": { + "type": "array", + "items": { + "$ref": "#/definitions/workflows.WorkflowInstance" + } } } }, - "relational.TelephoneNumberType": { - "type": "string", - "enum": [ - "home", - "office", - "mobile" - ], - "x-enum-varnames": [ - "TelephoneNumberTypeHome", - "TelephoneNumberTypeOffice", - "TelephoneNumberTypeMobile" - ] + "workflows.WorkflowInstanceResponse": { + "type": "object", + "properties": { + "data": { + "$ref": "#/definitions/workflows.WorkflowInstance" + } + } }, - "relational.User": { + "workflows.WorkflowStepDefinition": { "type": "object", "properties": { - "authMethod": { + "created-at": { "type": "string" }, - "createdAt": { - "type": "string" + "deleted_at": { + "$ref": "#/definitions/gorm.DeletedAt" }, - "deletedAt": { - "description": "Soft delete", - "allOf": [ - { - "$ref": "#/definitions/gorm.DeletedAt" - } - ] + "dependent_steps": { + "type": "array", + "items": { + "$ref": "#/definitions/workflows.StepDependency" + } }, - "digestSubscribed": { - "description": "DigestSubscribed indicates if the user wants to receive evidence digest emails", - "type": "boolean" + "depends_on": { + "type": "array", + "items": { + "$ref": "#/definitions/workflows.StepDependency" + } }, - "email": { + "description": { "type": "string" }, - "failedLogins": { + "estimated_duration": { + "description": "Estimated duration in minutes", "type": "integer" }, - "firstName": { - "type": "string" + "evidence_required": { + "description": "JSON array of required evidence types", + "type": "array", + "items": { + "$ref": "#/definitions/workflows.EvidenceRequirement" + } + }, + "grace-period-days": { + "description": "Override default grace for this specific step", + "type": "integer" }, "id": { "type": "string" }, - "isActive": { - "type": "boolean" + "name": { + "description": "Basic Information", + "type": "string" }, - "isLocked": { - "type": "boolean" + "order": { + "description": "Step Configuration", + "type": "integer" }, - "lastLogin": { + "responsible_role": { + "description": "Role responsible for this step", "type": "string" }, - "lastName": { - "type": "string" + "step_executions": { + "type": "array", + "items": { + "$ref": "#/definitions/workflows.StepExecution" + } }, - "updatedAt": { + "triggers": { + "type": "array", + "items": { + "$ref": "#/definitions/workflows.StepTrigger" + } + }, + "updated-at": { "type": "string" }, - "userAttributes": { + "workflow_definition": { + "description": "Relationships", + "allOf": [ + { + "$ref": "#/definitions/workflows.WorkflowDefinition" + } + ] + }, + "workflow_definition_id": { + "description": "Foreign Keys", "type": "string" } } + }, + "workflows.WorkflowStepDefinitionListResponse": { + "type": "object", + "properties": { + "data": { + "type": "array", + "items": { + "$ref": "#/definitions/workflows.WorkflowStepDefinition" + } + } + } + }, + "workflows.WorkflowStepDefinitionResponse": { + "type": "object", + "properties": { + "data": { + "$ref": "#/definitions/workflows.WorkflowStepDefinition" + } + } } }, "securityDefinitions": { diff --git a/docs/swagger.yaml b/docs/swagger.yaml index d39a9303..db90ea5e 100644 --- a/docs/swagger.yaml +++ b/docs/swagger.yaml @@ -35,14 +35,26 @@ definitions: type: object datatypes.JSONType-relational_Citation: type: object + datatypes.JSONType-relational_CombinationRule: + type: object + datatypes.JSONType-relational_FlatWithoutGrouping: + type: object datatypes.JSONType-relational_ImplementationStatus: type: object + datatypes.JSONType-relational_ImportProfile: + type: object datatypes.JSONType-relational_IncludeAll: type: object datatypes.JSONType-relational_ParameterSelection: type: object + datatypes.JSONType-relational_SecurityImpactLevel: + type: object + datatypes.JSONType-relational_Status: + type: object datatypes.JSONType-relational_SystemComponentStatus: type: object + datatypes.JSONType-relational_SystemInformation: + type: object digest.EvidenceItem: properties: description: @@ -90,6 +102,13 @@ definitions: format: int64 type: integer type: object + evidence.StatusCount: + properties: + count: + type: integer + status: + type: string + type: object gorm.DeletedAt: properties: time: @@ -98,13 +117,6 @@ definitions: description: Valid is true if Time is not NULL type: boolean type: object - handler.ComplianceByControl.StatusCount: - properties: - count: - type: integer - status: - type: string - type: object handler.EvidenceActivity: properties: description: @@ -394,12 +406,12 @@ definitions: type: array type: array type: object - handler.GenericDataListResponse-handler_ComplianceByControl_StatusCount: + handler.GenericDataListResponse-evidence_StatusCount: properties: data: description: Items from the list response items: - $ref: '#/definitions/handler.ComplianceByControl.StatusCount' + $ref: '#/definitions/evidence.StatusCount' type: array type: object handler.GenericDataListResponse-handler_FilterWithAssociations: @@ -434,6 +446,22 @@ definitions: $ref: '#/definitions/handler.StatusInterval' type: array type: object + handler.GenericDataListResponse-handler_milestoneResponse: + properties: + data: + description: Items from the list response + items: + $ref: '#/definitions/handler.milestoneResponse' + type: array + type: object + handler.GenericDataListResponse-handler_poamItemResponse: + properties: + data: + description: Items from the list response + items: + $ref: '#/definitions/handler.poamItemResponse' + type: array + type: object handler.GenericDataListResponse-oscal_InventoryItemWithSource: properties: data: @@ -698,20 +726,36 @@ definitions: $ref: '#/definitions/oscalTypes_1_1_3.SystemUser' type: array type: object - handler.GenericDataListResponse-relational_CcfPoamItem: + handler.GenericDataListResponse-poam_PoamItemControlLink: + properties: + data: + description: Items from the list response + items: + $ref: '#/definitions/poam.PoamItemControlLink' + type: array + type: object + handler.GenericDataListResponse-poam_PoamItemEvidenceLink: + properties: + data: + description: Items from the list response + items: + $ref: '#/definitions/poam.PoamItemEvidenceLink' + type: array + type: object + handler.GenericDataListResponse-poam_PoamItemFindingLink: properties: data: description: Items from the list response items: - $ref: '#/definitions/relational.CcfPoamItem' + $ref: '#/definitions/poam.PoamItemFindingLink' type: array type: object - handler.GenericDataListResponse-relational_CcfPoamItemMilestone: + handler.GenericDataListResponse-poam_PoamItemRiskLink: properties: data: description: Items from the list response items: - $ref: '#/definitions/relational.CcfPoamItemMilestone' + $ref: '#/definitions/poam.PoamItemRiskLink' type: array type: object handler.GenericDataListResponse-relational_Evidence: @@ -722,6 +766,14 @@ definitions: $ref: '#/definitions/relational.Evidence' type: array type: object + handler.GenericDataListResponse-relational_SystemComponentSuggestion: + properties: + data: + description: Items from the list response + items: + $ref: '#/definitions/relational.SystemComponentSuggestion' + type: array + type: object handler.GenericDataListResponse-relational_User: properties: data: @@ -789,18 +841,32 @@ definitions: - $ref: '#/definitions/handler.OscalLikeEvidence' description: Items from the list response type: object - handler.GenericDataResponse-handler_PoamItemWithLinksResponse: + handler.GenericDataResponse-handler_SubscriptionsResponse: properties: data: allOf: - - $ref: '#/definitions/handler.PoamItemWithLinksResponse' + - $ref: '#/definitions/handler.SubscriptionsResponse' description: Items from the list response type: object - handler.GenericDataResponse-handler_UserHandler: + handler.GenericDataResponse-handler_milestoneResponse: properties: data: allOf: - - $ref: '#/definitions/handler.UserHandler' + - $ref: '#/definitions/handler.milestoneResponse' + description: Items from the list response + type: object + handler.GenericDataResponse-handler_poamItemResponse: + properties: + data: + allOf: + - $ref: '#/definitions/handler.poamItemResponse' + description: Items from the list response + type: object + handler.GenericDataResponse-handler_riskResponse: + properties: + data: + allOf: + - $ref: '#/definitions/handler.riskResponse' description: Items from the list response type: object handler.GenericDataResponse-oscal_BuildByPropsResponse: @@ -824,6 +890,13 @@ definitions: - $ref: '#/definitions/oscal.InventoryItemWithSource' description: Items from the list response type: object + handler.GenericDataResponse-oscal_ProfileComplianceProgress: + properties: + data: + allOf: + - $ref: '#/definitions/oscal.ProfileComplianceProgress' + description: Items from the list response + type: object handler.GenericDataResponse-oscal_ProfileHandler: properties: data: @@ -1188,18 +1261,32 @@ definitions: - $ref: '#/definitions/oscalTypes_1_1_3.Task' description: Items from the list response type: object - handler.GenericDataResponse-relational_CcfPoamItem: + handler.GenericDataResponse-poam_PoamItemControlLink: + properties: + data: + allOf: + - $ref: '#/definitions/poam.PoamItemControlLink' + description: Items from the list response + type: object + handler.GenericDataResponse-poam_PoamItemEvidenceLink: + properties: + data: + allOf: + - $ref: '#/definitions/poam.PoamItemEvidenceLink' + description: Items from the list response + type: object + handler.GenericDataResponse-poam_PoamItemFindingLink: properties: data: allOf: - - $ref: '#/definitions/relational.CcfPoamItem' + - $ref: '#/definitions/poam.PoamItemFindingLink' description: Items from the list response type: object - handler.GenericDataResponse-relational_CcfPoamItemMilestone: + handler.GenericDataResponse-poam_PoamItemRiskLink: properties: data: allOf: - - $ref: '#/definitions/relational.CcfPoamItemMilestone' + - $ref: '#/definitions/poam.PoamItemRiskLink' description: Items from the list response type: object handler.GenericDataResponse-relational_Evidence: @@ -1223,6 +1310,34 @@ definitions: - $ref: '#/definitions/relational.User' description: Items from the list response type: object + handler.GenericDataResponse-risks_RiskComponentLink: + properties: + data: + allOf: + - $ref: '#/definitions/risks.RiskComponentLink' + description: Items from the list response + type: object + handler.GenericDataResponse-risks_RiskControlLink: + properties: + data: + allOf: + - $ref: '#/definitions/risks.RiskControlLink' + description: Items from the list response + type: object + handler.GenericDataResponse-risks_RiskEvidenceLink: + properties: + data: + allOf: + - $ref: '#/definitions/risks.RiskEvidenceLink' + description: Items from the list response + type: object + handler.GenericDataResponse-risks_RiskSubjectLink: + properties: + data: + allOf: + - $ref: '#/definitions/risks.RiskSubjectLink' + description: Items from the list response + type: object handler.GenericDataResponse-string: properties: data: @@ -1308,32 +1423,81 @@ definitions: total: type: integer type: object - handler.PoamItemWithLinksResponse: + handler.StatusInterval: properties: - item: - $ref: '#/definitions/relational.CcfPoamItem' - riskLinks: + interval: + type: string + statuses: items: - $ref: '#/definitions/relational.CcfPoamItemRiskLink' + $ref: '#/definitions/evidence.StatusCount' type: array type: object - handler.StatusCount: + handler.SubscriptionsResponse: properties: - count: - type: integer - status: + subscribed: + type: boolean + taskAvailableEmailSubscribed: + type: boolean + taskDailyDigestSubscribed: + type: boolean + type: object + handler.UpdateSubscriptionsRequest: + properties: + subscribed: + type: boolean + taskAvailableEmailSubscribed: + type: boolean + taskDailyDigestSubscribed: + type: boolean + type: object + handler.UserHandler: + type: object + handler.acceptRiskRequest: + properties: + justification: + type: string + reviewDeadline: type: string type: object - handler.StatusInterval: + handler.addComponentLinkRequest: properties: - interval: + componentId: type: string - statuses: - items: - $ref: '#/definitions/handler.StatusCount' - type: array type: object - handler.UserHandler: + handler.addControlLinkRequest: + properties: + catalogId: + type: string + controlId: + type: string + type: object + handler.addEvidenceLinkRequest: + properties: + evidenceId: + type: string + type: object + handler.addLinkRequest: + properties: + id: + type: string + required: + - id + type: object + handler.addSubjectLinkRequest: + properties: + subjectId: + type: string + type: object + handler.controlLinkResponse: + properties: + catalogId: + type: string + controlId: + type: string + createdAt: + type: string + poamItemId: + type: string type: object handler.createFilterRequest: properties: @@ -1353,495 +1517,495 @@ definitions: - filter - name type: object - handler.createMilestone: + handler.createMilestoneRequest: properties: description: type: string - dueDate: + orderIndex: + type: integer + scheduledCompletionDate: type: string status: type: string title: type: string + required: + - title type: object - handler.createPoam: + handler.createPoamItemRequest: properties: - deadline: + acceptanceRationale: + type: string + controlRefs: + items: + $ref: '#/definitions/handler.poamControlRefRequest' + type: array + createdFromRiskId: type: string description: type: string + evidenceIds: + items: + type: string + type: array + findingIds: + items: + type: string + type: array milestones: items: - $ref: '#/definitions/handler.createMilestone' + $ref: '#/definitions/handler.createMilestoneRequest' type: array - pocEmail: - type: string - pocName: + plannedCompletionDate: type: string - pocPhone: - type: string - remarks: - type: string - resourceRequired: + primaryOwnerUserId: type: string riskIds: items: type: string type: array + sourceType: + type: string sspId: type: string status: type: string title: type: string + required: + - sspId + - title type: object - labelfilter.Condition: + handler.createRiskRequest: properties: - label: - description: Label name (e.g., "type", "group", "app"). + acceptanceJustification: type: string - operator: - description: Operator (e.g., "=", "!=", etc.). + description: type: string - value: - description: Value for the condition (e.g., "ssh", "prod"). + impact: type: string - type: object - labelfilter.Filter: - properties: - scope: - $ref: '#/definitions/labelfilter.Scope' - type: object - labelfilter.Query: - properties: - operator: - description: Logical operator (e.g., "AND", "OR"). + lastReviewedAt: type: string - scopes: - description: Scopes can be either `Condition` or nested `Query`. + likelihood: + type: string + ownerAssignments: items: - $ref: '#/definitions/labelfilter.Scope' + $ref: '#/definitions/handler.riskOwnerAssignmentRequest' type: array - type: object - labelfilter.Scope: - properties: - condition: - $ref: '#/definitions/labelfilter.Condition' - query: - $ref: '#/definitions/labelfilter.Query' - type: object - oscal.BuildByPropsRequest: - properties: - catalogId: + primaryOwnerUserId: type: string - matchStrategy: - description: all | any + reviewDeadline: type: string - rules: - items: - $ref: '#/definitions/oscal.rule' - type: array - title: + riskTemplateId: type: string - version: + sspId: + type: string + status: + type: string + title: type: string type: object - oscal.BuildByPropsResponse: + handler.evidenceLinkResponse: properties: - controlIds: - items: - type: string - type: array - profile: - $ref: '#/definitions/oscalTypes_1_1_3.Profile' - profileId: + createdAt: + type: string + evidenceId: + type: string + poamItemId: type: string type: object - oscal.CreateInventoryItemRequest: + handler.findingLinkResponse: properties: - destination: - description: '"ssp", "poam", or "unattached"' + createdAt: type: string - destination_id: + findingId: + type: string + poamItemId: type: string - inventory_item: - $ref: '#/definitions/oscalTypes_1_1_3.InventoryItem' type: object - oscal.ImportFileResult: + handler.milestoneResponse: properties: - filename: + completionDate: type: string - message: + createdAt: + type: string + description: + type: string + id: + type: string + orderIndex: + type: integer + poamItemId: + type: string + scheduledCompletionDate: + type: string + status: type: string - success: - type: boolean title: type: string - type: + updatedAt: type: string type: object - oscal.ImportResponse: + handler.poamControlRefRequest: properties: - failed_count: - type: integer - results: + catalogId: + type: string + controlId: + type: string + required: + - catalogId + - controlId + type: object + handler.poamItemResponse: + properties: + acceptanceRationale: + type: string + completedAt: + type: string + controlLinks: items: - $ref: '#/definitions/oscal.ImportFileResult' + $ref: '#/definitions/handler.controlLinkResponse' type: array - successful_count: - type: integer - total_files: - type: integer - type: object - oscal.InventoryItemWithSource: - properties: + createdAt: + type: string + createdFromRiskId: + type: string description: type: string - implemented-components: + evidenceLinks: items: - $ref: '#/definitions/oscalTypes_1_1_3.ImplementedComponent' + $ref: '#/definitions/handler.evidenceLinkResponse' type: array - links: + findingLinks: items: - $ref: '#/definitions/oscalTypes_1_1_3.Link' + $ref: '#/definitions/handler.findingLinkResponse' type: array - props: + id: + type: string + lastStatusChangeAt: + type: string + milestones: items: - $ref: '#/definitions/oscalTypes_1_1_3.Property' + $ref: '#/definitions/handler.milestoneResponse' type: array - remarks: + plannedCompletionDate: type: string - responsible-parties: + primaryOwnerUserId: + type: string + riskLinks: items: - $ref: '#/definitions/oscalTypes_1_1_3.ResponsibleParty' + $ref: '#/definitions/handler.riskLinkResponse' type: array - source: + sourceType: type: string - source_id: + sspId: type: string - source_type: + status: type: string - uuid: + title: + type: string + updatedAt: type: string type: object - oscal.ProfileHandler: - type: object - oscal.rule: + handler.reviewRiskRequest: properties: - name: + decision: type: string - ns: + nextReviewDeadline: type: string - operator: - description: equals | contains | regex | in + notes: type: string - value: + reviewedAt: type: string type: object - oscalTypes_1_1_3.Action: + handler.riskControlLinkResponse: properties: - date: + catalogId: type: string - links: - items: - $ref: '#/definitions/oscalTypes_1_1_3.Link' - type: array - props: - items: - $ref: '#/definitions/oscalTypes_1_1_3.Property' - type: array - remarks: + controlId: type: string - responsible-parties: - items: - $ref: '#/definitions/oscalTypes_1_1_3.ResponsibleParty' - type: array - system: + type: object + handler.riskLinkResponse: + properties: + createdAt: type: string - type: + poamItemId: type: string - uuid: + riskId: type: string type: object - oscalTypes_1_1_3.Activity: + handler.riskOwnerAssignmentRequest: properties: - description: + isPrimary: + type: boolean + ownerKind: type: string - links: - items: - $ref: '#/definitions/oscalTypes_1_1_3.Link' - type: array - props: - items: - $ref: '#/definitions/oscalTypes_1_1_3.Property' - type: array - related-controls: - $ref: '#/definitions/oscalTypes_1_1_3.ReviewedControls' - remarks: + ownerRef: type: string - responsible-roles: - items: - $ref: '#/definitions/oscalTypes_1_1_3.ResponsibleRole' - type: array - steps: - items: - $ref: '#/definitions/oscalTypes_1_1_3.Step' - type: array - title: + type: object + handler.riskOwnerAssignmentResponse: + properties: + isPrimary: + type: boolean + ownerKind: type: string - uuid: + ownerRef: type: string type: object - oscalTypes_1_1_3.Addition: + handler.riskResponse: properties: - by-id: + acceptanceJustification: type: string - links: - items: - $ref: '#/definitions/oscalTypes_1_1_3.Link' - type: array - params: + componentIds: items: - $ref: '#/definitions/oscalTypes_1_1_3.Parameter' + type: string type: array - parts: + controlLinks: items: - $ref: '#/definitions/oscalTypes_1_1_3.Part' + $ref: '#/definitions/handler.riskControlLinkResponse' type: array - position: + createdAt: type: string - props: - items: - $ref: '#/definitions/oscalTypes_1_1_3.Property' - type: array - title: + dedupeKey: type: string - type: object - oscalTypes_1_1_3.Address: - properties: - addr-lines: + description: + type: string + evidenceIds: items: type: string type: array - city: + firstSeenAt: type: string - country: + id: type: string - postal-code: + impact: type: string - state: + lastReviewedAt: type: string - type: + lastSeenAt: type: string - type: object - oscalTypes_1_1_3.Alteration: - properties: - adds: + likelihood: + type: string + ownerAssignments: items: - $ref: '#/definitions/oscalTypes_1_1_3.Addition' + $ref: '#/definitions/handler.riskOwnerAssignmentResponse' type: array - control-id: + primaryOwnerUserId: type: string - removes: + reviewDeadline: + type: string + riskTemplateId: + type: string + sourceType: + type: string + sspId: + type: string + status: + type: string + subjectIds: items: - $ref: '#/definitions/oscalTypes_1_1_3.Removal' + type: string type: array + title: + type: string + updatedAt: + type: string type: object - oscalTypes_1_1_3.AssessedControls: + handler.updateMilestoneRequest: properties: description: type: string - exclude-controls: - items: - $ref: '#/definitions/oscalTypes_1_1_3.AssessedControlsSelectControlById' - type: array - include-all: - $ref: '#/definitions/oscalTypes_1_1_3.IncludeAll' - include-controls: - items: - $ref: '#/definitions/oscalTypes_1_1_3.AssessedControlsSelectControlById' - type: array - links: - items: - $ref: '#/definitions/oscalTypes_1_1_3.Link' - type: array - props: - items: - $ref: '#/definitions/oscalTypes_1_1_3.Property' - type: array - remarks: + orderIndex: + type: integer + scheduledCompletionDate: + type: string + status: + type: string + title: type: string type: object - oscalTypes_1_1_3.AssessedControlsSelectControlById: + handler.updatePoamItemRequest: properties: - control-id: + acceptanceRationale: type: string - statement-ids: + addControlRefs: items: - type: string + $ref: '#/definitions/handler.poamControlRefRequest' type: array - type: object - oscalTypes_1_1_3.AssessmentAssets: - properties: - assessment-platforms: + addEvidenceIds: items: - $ref: '#/definitions/oscalTypes_1_1_3.AssessmentPlatform' + type: string type: array - components: + addFindingIds: items: - $ref: '#/definitions/oscalTypes_1_1_3.SystemComponent' + type: string type: array - type: object - oscalTypes_1_1_3.AssessmentLog: - properties: - entries: + addRiskIds: + description: Link management — add/remove in the same call as scalar updates. items: - $ref: '#/definitions/oscalTypes_1_1_3.AssessmentLogEntry' + type: string type: array - type: object - oscalTypes_1_1_3.AssessmentLogEntry: - properties: description: type: string - end: + plannedCompletionDate: type: string - links: + primaryOwnerUserId: + type: string + removeControlRefs: items: - $ref: '#/definitions/oscalTypes_1_1_3.Link' + $ref: '#/definitions/handler.poamControlRefRequest' type: array - logged-by: + removeEvidenceIds: items: - $ref: '#/definitions/oscalTypes_1_1_3.LoggedBy' + type: string type: array - props: + removeFindingIds: items: - $ref: '#/definitions/oscalTypes_1_1_3.Property' + type: string type: array - related-tasks: + removeRiskIds: items: - $ref: '#/definitions/oscalTypes_1_1_3.RelatedTask' + type: string type: array - remarks: - type: string - start: + status: type: string title: type: string - uuid: - type: string type: object - oscalTypes_1_1_3.AssessmentPart: + handler.updateRiskRequest: properties: - class: + acceptanceJustification: type: string - links: - items: - $ref: '#/definitions/oscalTypes_1_1_3.Link' - type: array - name: + description: type: string - ns: + impact: type: string - parts: - items: - $ref: '#/definitions/oscalTypes_1_1_3.AssessmentPart' - type: array - props: + lastReviewedAt: + type: string + likelihood: + type: string + ownerAssignments: items: - $ref: '#/definitions/oscalTypes_1_1_3.Property' + $ref: '#/definitions/handler.riskOwnerAssignmentRequest' type: array - prose: + primaryOwnerUserId: + type: string + reviewDeadline: + type: string + reviewJustification: + type: string + riskTemplateId: + type: string + status: type: string title: type: string - uuid: + type: object + labelfilter.Condition: + properties: + label: + description: Label name (e.g., "type", "group", "app"). + type: string + operator: + description: Operator (e.g., "=", "!=", etc.). + type: string + value: + description: Value for the condition (e.g., "ssh", "prod"). type: string type: object - oscalTypes_1_1_3.AssessmentPlan: + labelfilter.Filter: properties: - assessment-assets: - $ref: '#/definitions/oscalTypes_1_1_3.AssessmentAssets' - assessment-subjects: - items: - $ref: '#/definitions/oscalTypes_1_1_3.AssessmentSubject' - type: array - back-matter: - $ref: '#/definitions/oscalTypes_1_1_3.BackMatter' - import-ssp: - $ref: '#/definitions/oscalTypes_1_1_3.ImportSsp' - local-definitions: - $ref: '#/definitions/oscalTypes_1_1_3.LocalDefinitions' - metadata: - $ref: '#/definitions/oscalTypes_1_1_3.Metadata' - reviewed-controls: - $ref: '#/definitions/oscalTypes_1_1_3.ReviewedControls' - tasks: - items: - $ref: '#/definitions/oscalTypes_1_1_3.Task' - type: array - terms-and-conditions: - $ref: '#/definitions/oscalTypes_1_1_3.AssessmentPlanTermsAndConditions' - uuid: - type: string + scope: + $ref: '#/definitions/labelfilter.Scope' type: object - oscalTypes_1_1_3.AssessmentPlanTermsAndConditions: + labelfilter.Query: properties: - parts: + operator: + description: Logical operator (e.g., "AND", "OR"). + type: string + scopes: + description: Scopes can be either `Condition` or nested `Query`. items: - $ref: '#/definitions/oscalTypes_1_1_3.AssessmentPart' + $ref: '#/definitions/labelfilter.Scope' type: array type: object - oscalTypes_1_1_3.AssessmentPlatform: + labelfilter.Scope: properties: - links: + condition: + $ref: '#/definitions/labelfilter.Condition' + query: + $ref: '#/definitions/labelfilter.Query' + type: object + oscal.BuildByPropsRequest: + properties: + catalogId: + type: string + matchStrategy: + description: all | any + type: string + rules: items: - $ref: '#/definitions/oscalTypes_1_1_3.Link' + $ref: '#/definitions/oscal.rule' type: array - props: + title: + type: string + version: + type: string + type: object + oscal.BuildByPropsResponse: + properties: + controlIds: items: - $ref: '#/definitions/oscalTypes_1_1_3.Property' + type: string type: array - remarks: + profile: + $ref: '#/definitions/oscalTypes_1_1_3.Profile' + profileId: + type: string + type: object + oscal.CreateInventoryItemRequest: + properties: + destination: + description: '"ssp", "poam", or "unattached"' + type: string + destination_id: + type: string + inventory_item: + $ref: '#/definitions/oscalTypes_1_1_3.InventoryItem' + type: object + oscal.ImportFileResult: + properties: + filename: + type: string + message: type: string + success: + type: boolean title: type: string - uses-components: - items: - $ref: '#/definitions/oscalTypes_1_1_3.UsesComponent' - type: array - uuid: + type: type: string type: object - oscalTypes_1_1_3.AssessmentResults: + oscal.ImportResponse: properties: - back-matter: - $ref: '#/definitions/oscalTypes_1_1_3.BackMatter' - import-ap: - $ref: '#/definitions/oscalTypes_1_1_3.ImportAp' - local-definitions: - $ref: '#/definitions/oscalTypes_1_1_3.LocalDefinitions' - metadata: - $ref: '#/definitions/oscalTypes_1_1_3.Metadata' + failed_count: + type: integer results: items: - $ref: '#/definitions/oscalTypes_1_1_3.Result' + $ref: '#/definitions/oscal.ImportFileResult' type: array - uuid: - type: string + successful_count: + type: integer + total_files: + type: integer type: object - oscalTypes_1_1_3.AssessmentSubject: + oscal.InventoryItemWithSource: properties: description: type: string - exclude-subjects: - items: - $ref: '#/definitions/oscalTypes_1_1_3.SelectSubjectById' - type: array - include-all: - $ref: '#/definitions/oscalTypes_1_1_3.IncludeAll' - include-subjects: + implemented-components: items: - $ref: '#/definitions/oscalTypes_1_1_3.SelectSubjectById' + $ref: '#/definitions/oscalTypes_1_1_3.ImplementedComponent' type: array links: items: @@ -1853,108 +2017,124 @@ definitions: type: array remarks: type: string - type: + responsible-parties: + items: + $ref: '#/definitions/oscalTypes_1_1_3.ResponsibleParty' + type: array + source: + type: string + source_id: + type: string + source_type: + type: string + uuid: type: string type: object - oscalTypes_1_1_3.AssociatedActivity: + oscal.ProfileComplianceControl: properties: - activity-uuid: + catalogId: type: string - links: - items: - $ref: '#/definitions/oscalTypes_1_1_3.Link' - type: array - props: - items: - $ref: '#/definitions/oscalTypes_1_1_3.Property' - type: array - remarks: + computedStatus: type: string - responsible-roles: - items: - $ref: '#/definitions/oscalTypes_1_1_3.ResponsibleRole' - type: array - subjects: + controlId: + type: string + groupId: + type: string + groupTitle: + type: string + implemented: + type: boolean + statusCounts: items: - $ref: '#/definitions/oscalTypes_1_1_3.AssessmentSubject' + $ref: '#/definitions/oscal.ProfileComplianceStatusCount' type: array + title: + type: string type: object - oscalTypes_1_1_3.AssociatedRisk: + oscal.ProfileComplianceGroup: properties: - risk-uuid: + compliancePercent: + type: integer + id: + type: string + notSatisfied: + type: integer + satisfied: + type: integer + title: type: string + totalControls: + type: integer + unknown: + type: integer type: object - oscalTypes_1_1_3.AttestationStatements: + oscal.ProfileComplianceImplementation: properties: - parts: - items: - $ref: '#/definitions/oscalTypes_1_1_3.AssessmentPart' - type: array - responsible-parties: - items: - $ref: '#/definitions/oscalTypes_1_1_3.ResponsibleParty' - type: array + implementationPercent: + type: integer + implementedControls: + type: integer + unimplementedControls: + type: integer type: object - oscalTypes_1_1_3.AuthorizationBoundary: + oscal.ProfileComplianceProgress: properties: - description: - type: string - diagrams: - items: - $ref: '#/definitions/oscalTypes_1_1_3.Diagram' - type: array - links: + controls: items: - $ref: '#/definitions/oscalTypes_1_1_3.Link' + $ref: '#/definitions/oscal.ProfileComplianceControl' type: array - props: + groups: items: - $ref: '#/definitions/oscalTypes_1_1_3.Property' + $ref: '#/definitions/oscal.ProfileComplianceGroup' type: array - remarks: - type: string + implementation: + $ref: '#/definitions/oscal.ProfileComplianceImplementation' + scope: + $ref: '#/definitions/oscal.ProfileComplianceScope' + summary: + $ref: '#/definitions/oscal.ProfileComplianceSummary' type: object - oscalTypes_1_1_3.AuthorizedPrivilege: + oscal.ProfileComplianceScope: properties: - description: + id: type: string - functions-performed: - items: - type: string - type: array title: type: string + type: + type: string type: object - oscalTypes_1_1_3.BackMatter: + oscal.ProfileComplianceStatusCount: properties: - resources: - items: - $ref: '#/definitions/oscalTypes_1_1_3.Resource' - type: array + count: + type: integer + status: + type: string type: object - oscalTypes_1_1_3.Base64: + oscal.ProfileComplianceSummary: properties: - filename: - type: string - media-type: - type: string - value: - type: string + assessedPercent: + type: integer + compliancePercent: + type: integer + implementedControls: + type: integer + notSatisfied: + type: integer + satisfied: + type: integer + totalControls: + type: integer + unknown: + type: integer type: object - oscalTypes_1_1_3.ByComponent: + oscal.ProfileHandler: + type: object + oscal.SystemComponentRequest: properties: - component-uuid: + definedComponentId: type: string description: type: string - export: - $ref: '#/definitions/oscalTypes_1_1_3.Export' - implementation-status: - $ref: '#/definitions/oscalTypes_1_1_3.ImplementationStatus' - inherited: - items: - $ref: '#/definitions/oscalTypes_1_1_3.InheritedControlImplementation' - type: array links: items: $ref: '#/definitions/oscalTypes_1_1_3.Link' @@ -1963,90 +2143,68 @@ definitions: items: $ref: '#/definitions/oscalTypes_1_1_3.Property' type: array + protocols: + items: + $ref: '#/definitions/oscalTypes_1_1_3.Protocol' + type: array + purpose: + type: string remarks: type: string responsible-roles: items: $ref: '#/definitions/oscalTypes_1_1_3.ResponsibleRole' type: array - satisfied: - items: - $ref: '#/definitions/oscalTypes_1_1_3.SatisfiedControlImplementationResponsibility' - type: array - set-parameters: - items: - $ref: '#/definitions/oscalTypes_1_1_3.SetParameter' - type: array + status: + $ref: '#/definitions/oscalTypes_1_1_3.SystemComponentStatus' + title: + type: string + type: + type: string uuid: type: string type: object - oscalTypes_1_1_3.Capability: + oscal.rule: properties: - control-implementations: - items: - $ref: '#/definitions/oscalTypes_1_1_3.ControlImplementationSet' - type: array - description: - type: string - incorporates-components: - items: - $ref: '#/definitions/oscalTypes_1_1_3.IncorporatesComponent' - type: array - links: - items: - $ref: '#/definitions/oscalTypes_1_1_3.Link' - type: array name: type: string - props: - items: - $ref: '#/definitions/oscalTypes_1_1_3.Property' - type: array - remarks: + ns: type: string - uuid: + operator: + description: equals | contains | regex | in type: string - type: object - oscalTypes_1_1_3.Catalog: - properties: - back-matter: - $ref: '#/definitions/oscalTypes_1_1_3.BackMatter' - controls: - items: - $ref: '#/definitions/oscalTypes_1_1_3.Control' - type: array - groups: - items: - $ref: '#/definitions/oscalTypes_1_1_3.Group' - type: array - metadata: - $ref: '#/definitions/oscalTypes_1_1_3.Metadata' - params: - items: - $ref: '#/definitions/oscalTypes_1_1_3.Parameter' - type: array - uuid: + value: type: string type: object - oscalTypes_1_1_3.Characterization: + oscalTypes_1_1_3.Action: properties: - facets: - items: - $ref: '#/definitions/oscalTypes_1_1_3.Facet' - type: array + date: + type: string links: items: $ref: '#/definitions/oscalTypes_1_1_3.Link' type: array - origin: - $ref: '#/definitions/oscalTypes_1_1_3.Origin' props: items: $ref: '#/definitions/oscalTypes_1_1_3.Property' type: array + remarks: + type: string + responsible-parties: + items: + $ref: '#/definitions/oscalTypes_1_1_3.ResponsibleParty' + type: array + system: + type: string + type: + type: string + uuid: + type: string type: object - oscalTypes_1_1_3.Citation: + oscalTypes_1_1_3.Activity: properties: + description: + type: string links: items: $ref: '#/definitions/oscalTypes_1_1_3.Link' @@ -2055,51 +2213,26 @@ definitions: items: $ref: '#/definitions/oscalTypes_1_1_3.Property' type: array - text: - type: string - type: object - oscalTypes_1_1_3.CombinationRule: - properties: - method: + related-controls: + $ref: '#/definitions/oscalTypes_1_1_3.ReviewedControls' + remarks: type: string - type: object - oscalTypes_1_1_3.ComponentDefinition: - properties: - back-matter: - $ref: '#/definitions/oscalTypes_1_1_3.BackMatter' - capabilities: - items: - $ref: '#/definitions/oscalTypes_1_1_3.Capability' - type: array - components: + responsible-roles: items: - $ref: '#/definitions/oscalTypes_1_1_3.DefinedComponent' + $ref: '#/definitions/oscalTypes_1_1_3.ResponsibleRole' type: array - import-component-definitions: + steps: items: - $ref: '#/definitions/oscalTypes_1_1_3.ImportComponentDefinition' + $ref: '#/definitions/oscalTypes_1_1_3.Step' type: array - metadata: - $ref: '#/definitions/oscalTypes_1_1_3.Metadata' - uuid: - type: string - type: object - oscalTypes_1_1_3.ConstraintTest: - properties: - expression: + title: type: string - remarks: + uuid: type: string type: object - oscalTypes_1_1_3.Control: + oscalTypes_1_1_3.Addition: properties: - class: - type: string - controls: - items: - $ref: '#/definitions/oscalTypes_1_1_3.Control' - type: array - id: + by-id: type: string links: items: @@ -2113,6 +2246,8 @@ definitions: items: $ref: '#/definitions/oscalTypes_1_1_3.Part' type: array + position: + type: string props: items: $ref: '#/definitions/oscalTypes_1_1_3.Property' @@ -2120,23 +2255,50 @@ definitions: title: type: string type: object - oscalTypes_1_1_3.ControlImplementation: + oscalTypes_1_1_3.Address: properties: - description: + addr-lines: + items: + type: string + type: array + city: type: string - implemented-requirements: + country: + type: string + postal-code: + type: string + state: + type: string + type: + type: string + type: object + oscalTypes_1_1_3.Alteration: + properties: + adds: items: - $ref: '#/definitions/oscalTypes_1_1_3.ImplementedRequirement' + $ref: '#/definitions/oscalTypes_1_1_3.Addition' type: array - set-parameters: + control-id: + type: string + removes: items: - $ref: '#/definitions/oscalTypes_1_1_3.SetParameter' + $ref: '#/definitions/oscalTypes_1_1_3.Removal' type: array type: object - oscalTypes_1_1_3.ControlImplementationResponsibility: + oscalTypes_1_1_3.AssessedControls: properties: description: type: string + exclude-controls: + items: + $ref: '#/definitions/oscalTypes_1_1_3.AssessedControlsSelectControlById' + type: array + include-all: + $ref: '#/definitions/oscalTypes_1_1_3.IncludeAll' + include-controls: + items: + $ref: '#/definitions/oscalTypes_1_1_3.AssessedControlsSelectControlById' + type: array links: items: $ref: '#/definitions/oscalTypes_1_1_3.Link' @@ -2145,117 +2307,130 @@ definitions: items: $ref: '#/definitions/oscalTypes_1_1_3.Property' type: array - provided-uuid: - type: string remarks: type: string - responsible-roles: - items: - $ref: '#/definitions/oscalTypes_1_1_3.ResponsibleRole' - type: array - uuid: - type: string type: object - oscalTypes_1_1_3.ControlImplementationSet: + oscalTypes_1_1_3.AssessedControlsSelectControlById: properties: - description: + control-id: type: string - implemented-requirements: + statement-ids: items: - $ref: '#/definitions/oscalTypes_1_1_3.ImplementedRequirementControlImplementation' + type: string type: array - links: + type: object + oscalTypes_1_1_3.AssessmentAssets: + properties: + assessment-platforms: items: - $ref: '#/definitions/oscalTypes_1_1_3.Link' + $ref: '#/definitions/oscalTypes_1_1_3.AssessmentPlatform' type: array - props: + components: items: - $ref: '#/definitions/oscalTypes_1_1_3.Property' + $ref: '#/definitions/oscalTypes_1_1_3.SystemComponent' type: array - set-parameters: + type: object + oscalTypes_1_1_3.AssessmentLog: + properties: + entries: items: - $ref: '#/definitions/oscalTypes_1_1_3.SetParameter' + $ref: '#/definitions/oscalTypes_1_1_3.AssessmentLogEntry' type: array - source: - type: string - uuid: - type: string type: object - oscalTypes_1_1_3.ControlStatementImplementation: + oscalTypes_1_1_3.AssessmentLogEntry: properties: description: type: string + end: + type: string links: items: $ref: '#/definitions/oscalTypes_1_1_3.Link' type: array + logged-by: + items: + $ref: '#/definitions/oscalTypes_1_1_3.LoggedBy' + type: array props: items: $ref: '#/definitions/oscalTypes_1_1_3.Property' type: array - remarks: - type: string - responsible-roles: + related-tasks: items: - $ref: '#/definitions/oscalTypes_1_1_3.ResponsibleRole' + $ref: '#/definitions/oscalTypes_1_1_3.RelatedTask' type: array - statement-id: + remarks: + type: string + start: + type: string + title: type: string uuid: type: string type: object - oscalTypes_1_1_3.CustomGrouping: - properties: - groups: - items: - $ref: '#/definitions/oscalTypes_1_1_3.CustomGroupingGroup' - type: array - insert-controls: - items: - $ref: '#/definitions/oscalTypes_1_1_3.InsertControls' - type: array - type: object - oscalTypes_1_1_3.CustomGroupingGroup: + oscalTypes_1_1_3.AssessmentPart: properties: class: type: string - groups: - items: - $ref: '#/definitions/oscalTypes_1_1_3.CustomGroupingGroup' - type: array - id: - type: string - insert-controls: - items: - $ref: '#/definitions/oscalTypes_1_1_3.InsertControls' - type: array links: items: $ref: '#/definitions/oscalTypes_1_1_3.Link' type: array - params: - items: - $ref: '#/definitions/oscalTypes_1_1_3.Parameter' - type: array + name: + type: string + ns: + type: string parts: items: - $ref: '#/definitions/oscalTypes_1_1_3.Part' + $ref: '#/definitions/oscalTypes_1_1_3.AssessmentPart' type: array props: items: $ref: '#/definitions/oscalTypes_1_1_3.Property' type: array + prose: + type: string title: type: string - type: object - oscalTypes_1_1_3.DataFlow: + uuid: + type: string + type: object + oscalTypes_1_1_3.AssessmentPlan: properties: - description: + assessment-assets: + $ref: '#/definitions/oscalTypes_1_1_3.AssessmentAssets' + assessment-subjects: + items: + $ref: '#/definitions/oscalTypes_1_1_3.AssessmentSubject' + type: array + back-matter: + $ref: '#/definitions/oscalTypes_1_1_3.BackMatter' + import-ssp: + $ref: '#/definitions/oscalTypes_1_1_3.ImportSsp' + local-definitions: + $ref: '#/definitions/oscalTypes_1_1_3.LocalDefinitions' + metadata: + $ref: '#/definitions/oscalTypes_1_1_3.Metadata' + reviewed-controls: + $ref: '#/definitions/oscalTypes_1_1_3.ReviewedControls' + tasks: + items: + $ref: '#/definitions/oscalTypes_1_1_3.Task' + type: array + terms-and-conditions: + $ref: '#/definitions/oscalTypes_1_1_3.AssessmentPlanTermsAndConditions' + uuid: type: string - diagrams: + type: object + oscalTypes_1_1_3.AssessmentPlanTermsAndConditions: + properties: + parts: items: - $ref: '#/definitions/oscalTypes_1_1_3.Diagram' + $ref: '#/definitions/oscalTypes_1_1_3.AssessmentPart' type: array + type: object + oscalTypes_1_1_3.AssessmentPlatform: + properties: links: items: $ref: '#/definitions/oscalTypes_1_1_3.Link' @@ -2266,15 +2441,46 @@ definitions: type: array remarks: type: string + title: + type: string + uses-components: + items: + $ref: '#/definitions/oscalTypes_1_1_3.UsesComponent' + type: array + uuid: + type: string type: object - oscalTypes_1_1_3.DefinedComponent: + oscalTypes_1_1_3.AssessmentResults: properties: - control-implementations: + back-matter: + $ref: '#/definitions/oscalTypes_1_1_3.BackMatter' + import-ap: + $ref: '#/definitions/oscalTypes_1_1_3.ImportAp' + local-definitions: + $ref: '#/definitions/oscalTypes_1_1_3.LocalDefinitions' + metadata: + $ref: '#/definitions/oscalTypes_1_1_3.Metadata' + results: items: - $ref: '#/definitions/oscalTypes_1_1_3.ControlImplementationSet' + $ref: '#/definitions/oscalTypes_1_1_3.Result' type: array + uuid: + type: string + type: object + oscalTypes_1_1_3.AssessmentSubject: + properties: description: type: string + exclude-subjects: + items: + $ref: '#/definitions/oscalTypes_1_1_3.SelectSubjectById' + type: array + include-all: + $ref: '#/definitions/oscalTypes_1_1_3.IncludeAll' + include-subjects: + items: + $ref: '#/definitions/oscalTypes_1_1_3.SelectSubjectById' + type: array links: items: $ref: '#/definitions/oscalTypes_1_1_3.Link' @@ -2283,30 +2489,14 @@ definitions: items: $ref: '#/definitions/oscalTypes_1_1_3.Property' type: array - protocols: - items: - $ref: '#/definitions/oscalTypes_1_1_3.Protocol' - type: array - purpose: - type: string remarks: type: string - responsible-roles: - items: - $ref: '#/definitions/oscalTypes_1_1_3.ResponsibleRole' - type: array - title: - type: string type: type: string - uuid: - type: string type: object - oscalTypes_1_1_3.Diagram: + oscalTypes_1_1_3.AssociatedActivity: properties: - caption: - type: string - description: + activity-uuid: type: string links: items: @@ -2318,29 +2508,39 @@ definitions: type: array remarks: type: string - uuid: - type: string + responsible-roles: + items: + $ref: '#/definitions/oscalTypes_1_1_3.ResponsibleRole' + type: array + subjects: + items: + $ref: '#/definitions/oscalTypes_1_1_3.AssessmentSubject' + type: array type: object - oscalTypes_1_1_3.DocumentId: + oscalTypes_1_1_3.AssociatedRisk: properties: - identifier: - type: string - scheme: + risk-uuid: type: string type: object - oscalTypes_1_1_3.EventTiming: + oscalTypes_1_1_3.AttestationStatements: properties: - at-frequency: - $ref: '#/definitions/oscalTypes_1_1_3.FrequencyCondition' - on-date: - $ref: '#/definitions/oscalTypes_1_1_3.OnDateCondition' - within-date-range: - $ref: '#/definitions/oscalTypes_1_1_3.OnDateRangeCondition' + parts: + items: + $ref: '#/definitions/oscalTypes_1_1_3.AssessmentPart' + type: array + responsible-parties: + items: + $ref: '#/definitions/oscalTypes_1_1_3.ResponsibleParty' + type: array type: object - oscalTypes_1_1_3.Export: + oscalTypes_1_1_3.AuthorizationBoundary: properties: description: type: string + diagrams: + items: + $ref: '#/definitions/oscalTypes_1_1_3.Diagram' + type: array links: items: $ref: '#/definitions/oscalTypes_1_1_3.Link' @@ -2349,110 +2549,106 @@ definitions: items: $ref: '#/definitions/oscalTypes_1_1_3.Property' type: array - provided: - items: - $ref: '#/definitions/oscalTypes_1_1_3.ProvidedControlImplementation' - type: array remarks: type: string - responsibilities: - items: - $ref: '#/definitions/oscalTypes_1_1_3.ControlImplementationResponsibility' - type: array type: object - oscalTypes_1_1_3.Facet: + oscalTypes_1_1_3.AuthorizedPrivilege: properties: - links: + description: + type: string + functions-performed: items: - $ref: '#/definitions/oscalTypes_1_1_3.Link' + type: string type: array - name: + title: type: string - props: + type: object + oscalTypes_1_1_3.BackMatter: + properties: + resources: items: - $ref: '#/definitions/oscalTypes_1_1_3.Property' + $ref: '#/definitions/oscalTypes_1_1_3.Resource' type: array - remarks: + type: object + oscalTypes_1_1_3.Base64: + properties: + filename: type: string - system: + media-type: type: string value: type: string type: object - oscalTypes_1_1_3.Finding: + oscalTypes_1_1_3.ByComponent: properties: - description: + component-uuid: type: string - implementation-statement-uuid: + description: type: string - links: + export: + $ref: '#/definitions/oscalTypes_1_1_3.Export' + implementation-status: + $ref: '#/definitions/oscalTypes_1_1_3.ImplementationStatus' + inherited: items: - $ref: '#/definitions/oscalTypes_1_1_3.Link' + $ref: '#/definitions/oscalTypes_1_1_3.InheritedControlImplementation' type: array - origins: + links: items: - $ref: '#/definitions/oscalTypes_1_1_3.Origin' + $ref: '#/definitions/oscalTypes_1_1_3.Link' type: array props: items: $ref: '#/definitions/oscalTypes_1_1_3.Property' type: array - related-observations: + remarks: + type: string + responsible-roles: items: - $ref: '#/definitions/oscalTypes_1_1_3.RelatedObservation' + $ref: '#/definitions/oscalTypes_1_1_3.ResponsibleRole' type: array - related-risks: + satisfied: items: - $ref: '#/definitions/oscalTypes_1_1_3.AssociatedRisk' + $ref: '#/definitions/oscalTypes_1_1_3.SatisfiedControlImplementationResponsibility' + type: array + set-parameters: + items: + $ref: '#/definitions/oscalTypes_1_1_3.SetParameter' type: array - remarks: - type: string - target: - $ref: '#/definitions/oscalTypes_1_1_3.FindingTarget' - title: - type: string uuid: type: string type: object - oscalTypes_1_1_3.FindingTarget: + oscalTypes_1_1_3.Capability: properties: + control-implementations: + items: + $ref: '#/definitions/oscalTypes_1_1_3.ControlImplementationSet' + type: array description: type: string - implementation-status: - $ref: '#/definitions/oscalTypes_1_1_3.ImplementationStatus' + incorporates-components: + items: + $ref: '#/definitions/oscalTypes_1_1_3.IncorporatesComponent' + type: array links: items: $ref: '#/definitions/oscalTypes_1_1_3.Link' type: array + name: + type: string props: items: $ref: '#/definitions/oscalTypes_1_1_3.Property' type: array remarks: type: string - status: - $ref: '#/definitions/oscalTypes_1_1_3.ObjectiveStatus' - target-id: - type: string - title: - type: string - type: - type: string - type: object - oscalTypes_1_1_3.FlatWithoutGrouping: - additionalProperties: true - type: object - oscalTypes_1_1_3.FrequencyCondition: - properties: - period: - type: integer - unit: + uuid: type: string type: object - oscalTypes_1_1_3.Group: + oscalTypes_1_1_3.Catalog: properties: - class: - type: string + back-matter: + $ref: '#/definitions/oscalTypes_1_1_3.BackMatter' controls: items: $ref: '#/definitions/oscalTypes_1_1_3.Control' @@ -2461,49 +2657,34 @@ definitions: items: $ref: '#/definitions/oscalTypes_1_1_3.Group' type: array - id: - type: string - links: - items: - $ref: '#/definitions/oscalTypes_1_1_3.Link' - type: array + metadata: + $ref: '#/definitions/oscalTypes_1_1_3.Metadata' params: items: $ref: '#/definitions/oscalTypes_1_1_3.Parameter' type: array - parts: - items: - $ref: '#/definitions/oscalTypes_1_1_3.Part' - type: array - props: - items: - $ref: '#/definitions/oscalTypes_1_1_3.Property' - type: array - title: - type: string - type: object - oscalTypes_1_1_3.Hash: - properties: - algorithm: - type: string - value: + uuid: type: string type: object - oscalTypes_1_1_3.IdentifiedSubject: + oscalTypes_1_1_3.Characterization: properties: - subject-placeholder-uuid: - type: string - subjects: + facets: items: - $ref: '#/definitions/oscalTypes_1_1_3.AssessmentSubject' + $ref: '#/definitions/oscalTypes_1_1_3.Facet' + type: array + links: + items: + $ref: '#/definitions/oscalTypes_1_1_3.Link' + type: array + origin: + $ref: '#/definitions/oscalTypes_1_1_3.Origin' + props: + items: + $ref: '#/definitions/oscalTypes_1_1_3.Property' type: array type: object - oscalTypes_1_1_3.Impact: + oscalTypes_1_1_3.Citation: properties: - adjustment-justification: - type: string - base: - type: string links: items: $ref: '#/definitions/oscalTypes_1_1_3.Link' @@ -2512,72 +2693,86 @@ definitions: items: $ref: '#/definitions/oscalTypes_1_1_3.Property' type: array - selected: + text: type: string type: object - oscalTypes_1_1_3.ImplementationStatus: + oscalTypes_1_1_3.CombinationRule: properties: - remarks: - type: string - state: + method: type: string type: object - oscalTypes_1_1_3.ImplementedComponent: + oscalTypes_1_1_3.ComponentDefinition: properties: - component-uuid: - type: string - links: + back-matter: + $ref: '#/definitions/oscalTypes_1_1_3.BackMatter' + capabilities: items: - $ref: '#/definitions/oscalTypes_1_1_3.Link' + $ref: '#/definitions/oscalTypes_1_1_3.Capability' type: array - props: + components: items: - $ref: '#/definitions/oscalTypes_1_1_3.Property' + $ref: '#/definitions/oscalTypes_1_1_3.DefinedComponent' type: array - remarks: - type: string - responsible-parties: + import-component-definitions: items: - $ref: '#/definitions/oscalTypes_1_1_3.ResponsibleParty' + $ref: '#/definitions/oscalTypes_1_1_3.ImportComponentDefinition' type: array + metadata: + $ref: '#/definitions/oscalTypes_1_1_3.Metadata' + uuid: + type: string type: object - oscalTypes_1_1_3.ImplementedRequirement: + oscalTypes_1_1_3.ConstraintTest: properties: - by-components: + expression: + type: string + remarks: + type: string + type: object + oscalTypes_1_1_3.Control: + properties: + class: + type: string + controls: items: - $ref: '#/definitions/oscalTypes_1_1_3.ByComponent' + $ref: '#/definitions/oscalTypes_1_1_3.Control' type: array - control-id: + id: type: string links: items: $ref: '#/definitions/oscalTypes_1_1_3.Link' type: array + params: + items: + $ref: '#/definitions/oscalTypes_1_1_3.Parameter' + type: array + parts: + items: + $ref: '#/definitions/oscalTypes_1_1_3.Part' + type: array props: items: $ref: '#/definitions/oscalTypes_1_1_3.Property' type: array - remarks: + title: type: string - responsible-roles: + type: object + oscalTypes_1_1_3.ControlImplementation: + properties: + description: + type: string + implemented-requirements: items: - $ref: '#/definitions/oscalTypes_1_1_3.ResponsibleRole' + $ref: '#/definitions/oscalTypes_1_1_3.ImplementedRequirement' type: array set-parameters: items: $ref: '#/definitions/oscalTypes_1_1_3.SetParameter' type: array - statements: - items: - $ref: '#/definitions/oscalTypes_1_1_3.Statement' - type: array - uuid: - type: string type: object - oscalTypes_1_1_3.ImplementedRequirementControlImplementation: + oscalTypes_1_1_3.ControlImplementationResponsibility: properties: - control-id: - type: string description: type: string links: @@ -2588,88 +2783,25 @@ definitions: items: $ref: '#/definitions/oscalTypes_1_1_3.Property' type: array + provided-uuid: + type: string remarks: type: string responsible-roles: items: $ref: '#/definitions/oscalTypes_1_1_3.ResponsibleRole' type: array - set-parameters: - items: - $ref: '#/definitions/oscalTypes_1_1_3.SetParameter' - type: array - statements: - items: - $ref: '#/definitions/oscalTypes_1_1_3.ControlStatementImplementation' - type: array uuid: type: string type: object - oscalTypes_1_1_3.Import: - properties: - exclude-controls: - items: - $ref: '#/definitions/oscalTypes_1_1_3.SelectControlById' - type: array - href: - type: string - include-all: - $ref: '#/definitions/oscalTypes_1_1_3.IncludeAll' - include-controls: - items: - $ref: '#/definitions/oscalTypes_1_1_3.SelectControlById' - type: array - type: object - oscalTypes_1_1_3.ImportAp: - properties: - href: - type: string - remarks: - type: string - type: object - oscalTypes_1_1_3.ImportComponentDefinition: - properties: - href: - type: string - type: object - oscalTypes_1_1_3.ImportProfile: - properties: - href: - type: string - remarks: - type: string - type: object - oscalTypes_1_1_3.ImportSsp: - properties: - href: - type: string - remarks: - type: string - type: object - oscalTypes_1_1_3.IncludeAll: - additionalProperties: true - type: object - oscalTypes_1_1_3.IncorporatesComponent: + oscalTypes_1_1_3.ControlImplementationSet: properties: - component-uuid: - type: string description: type: string - type: object - oscalTypes_1_1_3.InformationType: - properties: - availability-impact: - $ref: '#/definitions/oscalTypes_1_1_3.Impact' - categorizations: + implemented-requirements: items: - $ref: '#/definitions/oscalTypes_1_1_3.InformationTypeCategorization' + $ref: '#/definitions/oscalTypes_1_1_3.ImplementedRequirementControlImplementation' type: array - confidentiality-impact: - $ref: '#/definitions/oscalTypes_1_1_3.Impact' - description: - type: string - integrity-impact: - $ref: '#/definitions/oscalTypes_1_1_3.Impact' links: items: $ref: '#/definitions/oscalTypes_1_1_3.Link' @@ -2678,21 +2810,16 @@ definitions: items: $ref: '#/definitions/oscalTypes_1_1_3.Property' type: array - title: - type: string - uuid: - type: string - type: object - oscalTypes_1_1_3.InformationTypeCategorization: - properties: - information-type-ids: + set-parameters: items: - type: string + $ref: '#/definitions/oscalTypes_1_1_3.SetParameter' type: array - system: + source: + type: string + uuid: type: string type: object - oscalTypes_1_1_3.InheritedControlImplementation: + oscalTypes_1_1_3.ControlStatementImplementation: properties: description: type: string @@ -2704,117 +2831,118 @@ definitions: items: $ref: '#/definitions/oscalTypes_1_1_3.Property' type: array - provided-uuid: + remarks: type: string responsible-roles: items: $ref: '#/definitions/oscalTypes_1_1_3.ResponsibleRole' type: array + statement-id: + type: string uuid: type: string type: object - oscalTypes_1_1_3.InsertControls: + oscalTypes_1_1_3.CustomGrouping: properties: - exclude-controls: + groups: items: - $ref: '#/definitions/oscalTypes_1_1_3.SelectControlById' + $ref: '#/definitions/oscalTypes_1_1_3.CustomGroupingGroup' type: array - include-all: - $ref: '#/definitions/oscalTypes_1_1_3.IncludeAll' - include-controls: + insert-controls: items: - $ref: '#/definitions/oscalTypes_1_1_3.SelectControlById' + $ref: '#/definitions/oscalTypes_1_1_3.InsertControls' type: array - order: - type: string type: object - oscalTypes_1_1_3.InventoryItem: + oscalTypes_1_1_3.CustomGroupingGroup: properties: - description: + class: type: string - implemented-components: + groups: items: - $ref: '#/definitions/oscalTypes_1_1_3.ImplementedComponent' + $ref: '#/definitions/oscalTypes_1_1_3.CustomGroupingGroup' + type: array + id: + type: string + insert-controls: + items: + $ref: '#/definitions/oscalTypes_1_1_3.InsertControls' type: array links: items: $ref: '#/definitions/oscalTypes_1_1_3.Link' type: array - props: + params: items: - $ref: '#/definitions/oscalTypes_1_1_3.Property' + $ref: '#/definitions/oscalTypes_1_1_3.Parameter' type: array - remarks: - type: string - responsible-parties: + parts: items: - $ref: '#/definitions/oscalTypes_1_1_3.ResponsibleParty' + $ref: '#/definitions/oscalTypes_1_1_3.Part' type: array - uuid: + props: + items: + $ref: '#/definitions/oscalTypes_1_1_3.Property' + type: array + title: type: string type: object - oscalTypes_1_1_3.LeveragedAuthorization: + oscalTypes_1_1_3.DataFlow: properties: - date-authorized: + description: type: string - links: + diagrams: + items: + $ref: '#/definitions/oscalTypes_1_1_3.Diagram' + type: array + links: items: $ref: '#/definitions/oscalTypes_1_1_3.Link' type: array - party-uuid: - type: string props: items: $ref: '#/definitions/oscalTypes_1_1_3.Property' type: array remarks: type: string - title: - type: string - uuid: - type: string - type: object - oscalTypes_1_1_3.Link: - properties: - href: - type: string - media-type: - type: string - rel: - type: string - resource-fragment: - type: string - text: - type: string type: object - oscalTypes_1_1_3.LocalDefinitions: + oscalTypes_1_1_3.DefinedComponent: properties: - activities: + control-implementations: items: - $ref: '#/definitions/oscalTypes_1_1_3.Activity' + $ref: '#/definitions/oscalTypes_1_1_3.ControlImplementationSet' type: array - components: + description: + type: string + links: items: - $ref: '#/definitions/oscalTypes_1_1_3.SystemComponent' + $ref: '#/definitions/oscalTypes_1_1_3.Link' type: array - inventory-items: + props: items: - $ref: '#/definitions/oscalTypes_1_1_3.InventoryItem' + $ref: '#/definitions/oscalTypes_1_1_3.Property' type: array - objectives-and-methods: + protocols: items: - $ref: '#/definitions/oscalTypes_1_1_3.LocalObjective' + $ref: '#/definitions/oscalTypes_1_1_3.Protocol' type: array + purpose: + type: string remarks: type: string - users: + responsible-roles: items: - $ref: '#/definitions/oscalTypes_1_1_3.SystemUser' + $ref: '#/definitions/oscalTypes_1_1_3.ResponsibleRole' type: array + title: + type: string + type: + type: string + uuid: + type: string type: object - oscalTypes_1_1_3.LocalObjective: + oscalTypes_1_1_3.Diagram: properties: - control-id: + caption: type: string description: type: string @@ -2822,25 +2950,35 @@ definitions: items: $ref: '#/definitions/oscalTypes_1_1_3.Link' type: array - parts: - items: - $ref: '#/definitions/oscalTypes_1_1_3.Part' - type: array props: items: $ref: '#/definitions/oscalTypes_1_1_3.Property' type: array remarks: type: string + uuid: + type: string type: object - oscalTypes_1_1_3.Location: + oscalTypes_1_1_3.DocumentId: properties: - address: - $ref: '#/definitions/oscalTypes_1_1_3.Address' - email-addresses: - items: - type: string - type: array + identifier: + type: string + scheme: + type: string + type: object + oscalTypes_1_1_3.EventTiming: + properties: + at-frequency: + $ref: '#/definitions/oscalTypes_1_1_3.FrequencyCondition' + on-date: + $ref: '#/definitions/oscalTypes_1_1_3.OnDateCondition' + within-date-range: + $ref: '#/definitions/oscalTypes_1_1_3.OnDateRangeCondition' + type: object + oscalTypes_1_1_3.Export: + properties: + description: + type: string links: items: $ref: '#/definitions/oscalTypes_1_1_3.Link' @@ -2849,135 +2987,77 @@ definitions: items: $ref: '#/definitions/oscalTypes_1_1_3.Property' type: array - remarks: - type: string - telephone-numbers: + provided: items: - $ref: '#/definitions/oscalTypes_1_1_3.TelephoneNumber' + $ref: '#/definitions/oscalTypes_1_1_3.ProvidedControlImplementation' type: array - title: + remarks: type: string - urls: + responsibilities: items: - type: string + $ref: '#/definitions/oscalTypes_1_1_3.ControlImplementationResponsibility' type: array - uuid: - type: string - type: object - oscalTypes_1_1_3.LoggedBy: - properties: - party-uuid: - type: string - role-id: - type: string - type: object - oscalTypes_1_1_3.Matching: - properties: - pattern: - type: string - type: object - oscalTypes_1_1_3.Merge: - properties: - as-is: - type: boolean - combine: - $ref: '#/definitions/oscalTypes_1_1_3.CombinationRule' - custom: - $ref: '#/definitions/oscalTypes_1_1_3.CustomGrouping' - flat: - $ref: '#/definitions/oscalTypes_1_1_3.FlatWithoutGrouping' type: object - oscalTypes_1_1_3.Metadata: + oscalTypes_1_1_3.Facet: properties: - actions: - items: - $ref: '#/definitions/oscalTypes_1_1_3.Action' - type: array - document-ids: - items: - $ref: '#/definitions/oscalTypes_1_1_3.DocumentId' - type: array - last-modified: - type: string links: items: $ref: '#/definitions/oscalTypes_1_1_3.Link' type: array - locations: - items: - $ref: '#/definitions/oscalTypes_1_1_3.Location' - type: array - oscal-version: + name: type: string - parties: - items: - $ref: '#/definitions/oscalTypes_1_1_3.Party' - type: array props: items: $ref: '#/definitions/oscalTypes_1_1_3.Property' type: array - published: - type: string remarks: type: string - responsible-parties: - items: - $ref: '#/definitions/oscalTypes_1_1_3.ResponsibleParty' - type: array - revisions: - items: - $ref: '#/definitions/oscalTypes_1_1_3.RevisionHistoryEntry' - type: array - roles: - items: - $ref: '#/definitions/oscalTypes_1_1_3.Role' - type: array - title: + system: type: string - version: + value: type: string type: object - oscalTypes_1_1_3.MitigatingFactor: + oscalTypes_1_1_3.Finding: properties: description: type: string - implementation-uuid: + implementation-statement-uuid: type: string links: items: $ref: '#/definitions/oscalTypes_1_1_3.Link' type: array - props: + origins: items: - $ref: '#/definitions/oscalTypes_1_1_3.Property' + $ref: '#/definitions/oscalTypes_1_1_3.Origin' type: array - subjects: + props: items: - $ref: '#/definitions/oscalTypes_1_1_3.SubjectReference' + $ref: '#/definitions/oscalTypes_1_1_3.Property' type: array - uuid: - type: string - type: object - oscalTypes_1_1_3.Modify: - properties: - alters: + related-observations: items: - $ref: '#/definitions/oscalTypes_1_1_3.Alteration' + $ref: '#/definitions/oscalTypes_1_1_3.RelatedObservation' type: array - set-parameters: + related-risks: items: - $ref: '#/definitions/oscalTypes_1_1_3.ParameterSetting' + $ref: '#/definitions/oscalTypes_1_1_3.AssociatedRisk' type: array + remarks: + type: string + target: + $ref: '#/definitions/oscalTypes_1_1_3.FindingTarget' + title: + type: string + uuid: + type: string type: object - oscalTypes_1_1_3.NetworkArchitecture: + oscalTypes_1_1_3.FindingTarget: properties: description: type: string - diagrams: - items: - $ref: '#/definitions/oscalTypes_1_1_3.Diagram' - type: array + implementation-status: + $ref: '#/definitions/oscalTypes_1_1_3.ImplementationStatus' links: items: $ref: '#/definitions/oscalTypes_1_1_3.Link' @@ -2988,85 +3068,101 @@ definitions: type: array remarks: type: string - type: object - oscalTypes_1_1_3.ObjectiveStatus: - properties: - reason: + status: + $ref: '#/definitions/oscalTypes_1_1_3.ObjectiveStatus' + target-id: type: string - remarks: + title: type: string - state: + type: type: string type: object - oscalTypes_1_1_3.Observation: + oscalTypes_1_1_3.FlatWithoutGrouping: + additionalProperties: true + type: object + oscalTypes_1_1_3.FrequencyCondition: properties: - collected: + period: + type: integer + unit: type: string - description: + type: object + oscalTypes_1_1_3.Group: + properties: + class: type: string - expires: + controls: + items: + $ref: '#/definitions/oscalTypes_1_1_3.Control' + type: array + groups: + items: + $ref: '#/definitions/oscalTypes_1_1_3.Group' + type: array + id: type: string links: items: $ref: '#/definitions/oscalTypes_1_1_3.Link' type: array - methods: + params: items: - type: string + $ref: '#/definitions/oscalTypes_1_1_3.Parameter' type: array - origins: + parts: items: - $ref: '#/definitions/oscalTypes_1_1_3.Origin' + $ref: '#/definitions/oscalTypes_1_1_3.Part' type: array props: items: $ref: '#/definitions/oscalTypes_1_1_3.Property' type: array - relevant-evidence: - items: - $ref: '#/definitions/oscalTypes_1_1_3.RelevantEvidence' - type: array - remarks: - type: string - subjects: - items: - $ref: '#/definitions/oscalTypes_1_1_3.SubjectReference' - type: array title: type: string - types: - items: - type: string - type: array - uuid: - type: string type: object - oscalTypes_1_1_3.OnDateCondition: + oscalTypes_1_1_3.Hash: properties: - date: + algorithm: + type: string + value: type: string type: object - oscalTypes_1_1_3.OnDateRangeCondition: + oscalTypes_1_1_3.IdentifiedSubject: properties: - end: - type: string - start: + subject-placeholder-uuid: type: string + subjects: + items: + $ref: '#/definitions/oscalTypes_1_1_3.AssessmentSubject' + type: array type: object - oscalTypes_1_1_3.Origin: + oscalTypes_1_1_3.Impact: properties: - actors: + adjustment-justification: + type: string + base: + type: string + links: items: - $ref: '#/definitions/oscalTypes_1_1_3.OriginActor' + $ref: '#/definitions/oscalTypes_1_1_3.Link' type: array - related-tasks: + props: items: - $ref: '#/definitions/oscalTypes_1_1_3.RelatedTask' + $ref: '#/definitions/oscalTypes_1_1_3.Property' type: array + selected: + type: string type: object - oscalTypes_1_1_3.OriginActor: + oscalTypes_1_1_3.ImplementationStatus: properties: - actor-uuid: + remarks: + type: string + state: + type: string + type: object + oscalTypes_1_1_3.ImplementedComponent: + properties: + component-uuid: type: string links: items: @@ -3076,28 +3172,51 @@ definitions: items: $ref: '#/definitions/oscalTypes_1_1_3.Property' type: array - role-id: - type: string - type: + remarks: type: string + responsible-parties: + items: + $ref: '#/definitions/oscalTypes_1_1_3.ResponsibleParty' + type: array type: object - oscalTypes_1_1_3.Parameter: + oscalTypes_1_1_3.ImplementedRequirement: properties: - class: + by-components: + items: + $ref: '#/definitions/oscalTypes_1_1_3.ByComponent' + type: array + control-id: type: string - constraints: + links: items: - $ref: '#/definitions/oscalTypes_1_1_3.ParameterConstraint' + $ref: '#/definitions/oscalTypes_1_1_3.Link' type: array - depends-on: + props: + items: + $ref: '#/definitions/oscalTypes_1_1_3.Property' + type: array + remarks: type: string - guidelines: + responsible-roles: items: - $ref: '#/definitions/oscalTypes_1_1_3.ParameterGuideline' + $ref: '#/definitions/oscalTypes_1_1_3.ResponsibleRole' type: array - id: + set-parameters: + items: + $ref: '#/definitions/oscalTypes_1_1_3.SetParameter' + type: array + statements: + items: + $ref: '#/definitions/oscalTypes_1_1_3.Statement' + type: array + uuid: type: string - label: + type: object + oscalTypes_1_1_3.ImplementedRequirementControlImplementation: + properties: + control-id: + type: string + description: type: string links: items: @@ -3109,127 +3228,178 @@ definitions: type: array remarks: type: string - select: - $ref: '#/definitions/oscalTypes_1_1_3.ParameterSelection' - usage: - type: string - values: + responsible-roles: items: - type: string + $ref: '#/definitions/oscalTypes_1_1_3.ResponsibleRole' + type: array + set-parameters: + items: + $ref: '#/definitions/oscalTypes_1_1_3.SetParameter' + type: array + statements: + items: + $ref: '#/definitions/oscalTypes_1_1_3.ControlStatementImplementation' type: array + uuid: + type: string type: object - oscalTypes_1_1_3.ParameterConstraint: + oscalTypes_1_1_3.Import: properties: - description: + exclude-controls: + items: + $ref: '#/definitions/oscalTypes_1_1_3.SelectControlById' + type: array + href: type: string - tests: + include-all: + $ref: '#/definitions/oscalTypes_1_1_3.IncludeAll' + include-controls: items: - $ref: '#/definitions/oscalTypes_1_1_3.ConstraintTest' + $ref: '#/definitions/oscalTypes_1_1_3.SelectControlById' type: array type: object - oscalTypes_1_1_3.ParameterGuideline: + oscalTypes_1_1_3.ImportAp: properties: - prose: + href: + type: string + remarks: type: string type: object - oscalTypes_1_1_3.ParameterSelection: + oscalTypes_1_1_3.ImportComponentDefinition: properties: - choice: - items: - type: string - type: array - how-many: + href: type: string type: object - oscalTypes_1_1_3.ParameterSetting: + oscalTypes_1_1_3.ImportProfile: properties: - class: + href: type: string - constraints: - items: - $ref: '#/definitions/oscalTypes_1_1_3.ParameterConstraint' - type: array - depends-on: + remarks: type: string - guidelines: + type: object + oscalTypes_1_1_3.ImportSsp: + properties: + href: + type: string + remarks: + type: string + type: object + oscalTypes_1_1_3.IncludeAll: + additionalProperties: true + type: object + oscalTypes_1_1_3.IncorporatesComponent: + properties: + component-uuid: + type: string + description: + type: string + type: object + oscalTypes_1_1_3.InformationType: + properties: + availability-impact: + $ref: '#/definitions/oscalTypes_1_1_3.Impact' + categorizations: items: - $ref: '#/definitions/oscalTypes_1_1_3.ParameterGuideline' + $ref: '#/definitions/oscalTypes_1_1_3.InformationTypeCategorization' type: array - label: + confidentiality-impact: + $ref: '#/definitions/oscalTypes_1_1_3.Impact' + description: type: string + integrity-impact: + $ref: '#/definitions/oscalTypes_1_1_3.Impact' links: items: $ref: '#/definitions/oscalTypes_1_1_3.Link' type: array - param-id: - type: string props: items: $ref: '#/definitions/oscalTypes_1_1_3.Property' type: array - select: - $ref: '#/definitions/oscalTypes_1_1_3.ParameterSelection' - usage: + title: type: string - values: + uuid: + type: string + type: object + oscalTypes_1_1_3.InformationTypeCategorization: + properties: + information-type-ids: items: type: string type: array + system: + type: string type: object - oscalTypes_1_1_3.Part: + oscalTypes_1_1_3.InheritedControlImplementation: properties: - class: - type: string - id: + description: type: string links: items: $ref: '#/definitions/oscalTypes_1_1_3.Link' type: array - name: - type: string - ns: - type: string - parts: - items: - $ref: '#/definitions/oscalTypes_1_1_3.Part' - type: array props: items: $ref: '#/definitions/oscalTypes_1_1_3.Property' type: array - prose: + provided-uuid: type: string - title: + responsible-roles: + items: + $ref: '#/definitions/oscalTypes_1_1_3.ResponsibleRole' + type: array + uuid: type: string type: object - oscalTypes_1_1_3.Party: + oscalTypes_1_1_3.InsertControls: properties: - addresses: + exclude-controls: items: - $ref: '#/definitions/oscalTypes_1_1_3.Address' + $ref: '#/definitions/oscalTypes_1_1_3.SelectControlById' type: array - email-addresses: + include-all: + $ref: '#/definitions/oscalTypes_1_1_3.IncludeAll' + include-controls: items: - type: string + $ref: '#/definitions/oscalTypes_1_1_3.SelectControlById' type: array - external-ids: + order: + type: string + type: object + oscalTypes_1_1_3.InventoryItem: + properties: + description: + type: string + implemented-components: items: - $ref: '#/definitions/oscalTypes_1_1_3.PartyExternalIdentifier' + $ref: '#/definitions/oscalTypes_1_1_3.ImplementedComponent' type: array links: items: $ref: '#/definitions/oscalTypes_1_1_3.Link' type: array - location-uuids: + props: items: - type: string + $ref: '#/definitions/oscalTypes_1_1_3.Property' type: array - member-of-organizations: + remarks: + type: string + responsible-parties: items: - type: string + $ref: '#/definitions/oscalTypes_1_1_3.ResponsibleParty' type: array - name: + uuid: + type: string + type: object + oscalTypes_1_1_3.LeveragedAuthorization: + properties: + date-authorized: + type: string + links: + items: + $ref: '#/definitions/oscalTypes_1_1_3.Link' + type: array + party-uuid: type: string props: items: @@ -3237,59 +3407,30 @@ definitions: type: array remarks: type: string - short-name: - type: string - telephone-numbers: - items: - $ref: '#/definitions/oscalTypes_1_1_3.TelephoneNumber' - type: array - type: + title: type: string uuid: type: string type: object - oscalTypes_1_1_3.PartyExternalIdentifier: + oscalTypes_1_1_3.Link: properties: - id: + href: type: string - scheme: + media-type: + type: string + rel: + type: string + resource-fragment: + type: string + text: type: string type: object - oscalTypes_1_1_3.PlanOfActionAndMilestones: + oscalTypes_1_1_3.LocalDefinitions: properties: - back-matter: - $ref: '#/definitions/oscalTypes_1_1_3.BackMatter' - findings: - items: - $ref: '#/definitions/oscalTypes_1_1_3.Finding' - type: array - import-ssp: - $ref: '#/definitions/oscalTypes_1_1_3.ImportSsp' - local-definitions: - $ref: '#/definitions/oscalTypes_1_1_3.PlanOfActionAndMilestonesLocalDefinitions' - metadata: - $ref: '#/definitions/oscalTypes_1_1_3.Metadata' - observations: - items: - $ref: '#/definitions/oscalTypes_1_1_3.Observation' - type: array - poam-items: - items: - $ref: '#/definitions/oscalTypes_1_1_3.PoamItem' - type: array - risks: + activities: items: - $ref: '#/definitions/oscalTypes_1_1_3.Risk' + $ref: '#/definitions/oscalTypes_1_1_3.Activity' type: array - system-id: - $ref: '#/definitions/oscalTypes_1_1_3.SystemId' - uuid: - type: string - type: object - oscalTypes_1_1_3.PlanOfActionAndMilestonesLocalDefinitions: - properties: - assessment-assets: - $ref: '#/definitions/oscalTypes_1_1_3.AssessmentAssets' components: items: $ref: '#/definitions/oscalTypes_1_1_3.SystemComponent' @@ -3298,111 +3439,149 @@ definitions: items: $ref: '#/definitions/oscalTypes_1_1_3.InventoryItem' type: array + objectives-and-methods: + items: + $ref: '#/definitions/oscalTypes_1_1_3.LocalObjective' + type: array remarks: type: string + users: + items: + $ref: '#/definitions/oscalTypes_1_1_3.SystemUser' + type: array type: object - oscalTypes_1_1_3.PoamItem: + oscalTypes_1_1_3.LocalObjective: properties: + control-id: + type: string description: type: string links: items: $ref: '#/definitions/oscalTypes_1_1_3.Link' type: array - origins: + parts: items: - $ref: '#/definitions/oscalTypes_1_1_3.PoamItemOrigin' + $ref: '#/definitions/oscalTypes_1_1_3.Part' type: array props: items: $ref: '#/definitions/oscalTypes_1_1_3.Property' type: array - related-findings: + remarks: + type: string + type: object + oscalTypes_1_1_3.Location: + properties: + address: + $ref: '#/definitions/oscalTypes_1_1_3.Address' + email-addresses: items: - $ref: '#/definitions/oscalTypes_1_1_3.RelatedFinding' + type: string type: array - related-observations: + links: items: - $ref: '#/definitions/oscalTypes_1_1_3.RelatedObservation' + $ref: '#/definitions/oscalTypes_1_1_3.Link' type: array - related-risks: + props: items: - $ref: '#/definitions/oscalTypes_1_1_3.AssociatedRisk' + $ref: '#/definitions/oscalTypes_1_1_3.Property' type: array remarks: type: string + telephone-numbers: + items: + $ref: '#/definitions/oscalTypes_1_1_3.TelephoneNumber' + type: array title: type: string + urls: + items: + type: string + type: array uuid: type: string type: object - oscalTypes_1_1_3.PoamItemOrigin: + oscalTypes_1_1_3.LoggedBy: properties: - actors: - items: - $ref: '#/definitions/oscalTypes_1_1_3.OriginActor' - type: array + party-uuid: + type: string + role-id: + type: string type: object - oscalTypes_1_1_3.PortRange: + oscalTypes_1_1_3.Matching: properties: - end: - type: integer - start: - type: integer - transport: + pattern: type: string type: object - oscalTypes_1_1_3.Profile: + oscalTypes_1_1_3.Merge: properties: - back-matter: - $ref: '#/definitions/oscalTypes_1_1_3.BackMatter' - imports: - items: - $ref: '#/definitions/oscalTypes_1_1_3.Import' - type: array - merge: - $ref: '#/definitions/oscalTypes_1_1_3.Merge' - metadata: - $ref: '#/definitions/oscalTypes_1_1_3.Metadata' - modify: - $ref: '#/definitions/oscalTypes_1_1_3.Modify' - uuid: - type: string + as-is: + type: boolean + combine: + $ref: '#/definitions/oscalTypes_1_1_3.CombinationRule' + custom: + $ref: '#/definitions/oscalTypes_1_1_3.CustomGrouping' + flat: + $ref: '#/definitions/oscalTypes_1_1_3.FlatWithoutGrouping' type: object - oscalTypes_1_1_3.Property: + oscalTypes_1_1_3.Metadata: properties: - class: - type: string - group: + actions: + items: + $ref: '#/definitions/oscalTypes_1_1_3.Action' + type: array + document-ids: + items: + $ref: '#/definitions/oscalTypes_1_1_3.DocumentId' + type: array + last-modified: type: string - name: + links: + items: + $ref: '#/definitions/oscalTypes_1_1_3.Link' + type: array + locations: + items: + $ref: '#/definitions/oscalTypes_1_1_3.Location' + type: array + oscal-version: type: string - ns: + parties: + items: + $ref: '#/definitions/oscalTypes_1_1_3.Party' + type: array + props: + items: + $ref: '#/definitions/oscalTypes_1_1_3.Property' + type: array + published: type: string remarks: type: string - uuid: - type: string - value: - type: string - type: object - oscalTypes_1_1_3.Protocol: - properties: - name: - type: string - port-ranges: + responsible-parties: items: - $ref: '#/definitions/oscalTypes_1_1_3.PortRange' + $ref: '#/definitions/oscalTypes_1_1_3.ResponsibleParty' + type: array + revisions: + items: + $ref: '#/definitions/oscalTypes_1_1_3.RevisionHistoryEntry' + type: array + roles: + items: + $ref: '#/definitions/oscalTypes_1_1_3.Role' type: array title: type: string - uuid: + version: type: string type: object - oscalTypes_1_1_3.ProvidedControlImplementation: + oscalTypes_1_1_3.MitigatingFactor: properties: description: type: string + implementation-uuid: + type: string links: items: $ref: '#/definitions/oscalTypes_1_1_3.Link' @@ -3411,28 +3590,31 @@ definitions: items: $ref: '#/definitions/oscalTypes_1_1_3.Property' type: array - remarks: - type: string - responsible-roles: + subjects: items: - $ref: '#/definitions/oscalTypes_1_1_3.ResponsibleRole' + $ref: '#/definitions/oscalTypes_1_1_3.SubjectReference' type: array uuid: type: string type: object - oscalTypes_1_1_3.ReferencedControlObjectives: + oscalTypes_1_1_3.Modify: properties: - description: - type: string - exclude-objectives: + alters: items: - $ref: '#/definitions/oscalTypes_1_1_3.SelectObjectiveById' + $ref: '#/definitions/oscalTypes_1_1_3.Alteration' type: array - include-all: - $ref: '#/definitions/oscalTypes_1_1_3.IncludeAll' - include-objectives: + set-parameters: items: - $ref: '#/definitions/oscalTypes_1_1_3.SelectObjectiveById' + $ref: '#/definitions/oscalTypes_1_1_3.ParameterSetting' + type: array + type: object + oscalTypes_1_1_3.NetworkArchitecture: + properties: + description: + type: string + diagrams: + items: + $ref: '#/definitions/oscalTypes_1_1_3.Diagram' type: array links: items: @@ -3445,46 +3627,84 @@ definitions: remarks: type: string type: object - oscalTypes_1_1_3.RelatedFinding: + oscalTypes_1_1_3.ObjectiveStatus: properties: - finding-uuid: + reason: + type: string + remarks: + type: string + state: type: string type: object - oscalTypes_1_1_3.RelatedObservation: + oscalTypes_1_1_3.Observation: properties: - observation-uuid: + collected: + type: string + description: + type: string + expires: type: string - type: object - oscalTypes_1_1_3.RelatedTask: - properties: - identified-subject: - $ref: '#/definitions/oscalTypes_1_1_3.IdentifiedSubject' links: items: $ref: '#/definitions/oscalTypes_1_1_3.Link' type: array + methods: + items: + type: string + type: array + origins: + items: + $ref: '#/definitions/oscalTypes_1_1_3.Origin' + type: array props: items: $ref: '#/definitions/oscalTypes_1_1_3.Property' type: array + relevant-evidence: + items: + $ref: '#/definitions/oscalTypes_1_1_3.RelevantEvidence' + type: array remarks: type: string - responsible-parties: + subjects: items: - $ref: '#/definitions/oscalTypes_1_1_3.ResponsibleParty' + $ref: '#/definitions/oscalTypes_1_1_3.SubjectReference' type: array - subjects: + title: + type: string + types: items: - $ref: '#/definitions/oscalTypes_1_1_3.AssessmentSubject' + type: string type: array - task-uuid: + uuid: type: string type: object - oscalTypes_1_1_3.RelevantEvidence: + oscalTypes_1_1_3.OnDateCondition: properties: - description: + date: type: string - href: + type: object + oscalTypes_1_1_3.OnDateRangeCondition: + properties: + end: + type: string + start: + type: string + type: object + oscalTypes_1_1_3.Origin: + properties: + actors: + items: + $ref: '#/definitions/oscalTypes_1_1_3.OriginActor' + type: array + related-tasks: + items: + $ref: '#/definitions/oscalTypes_1_1_3.RelatedTask' + type: array + type: object + oscalTypes_1_1_3.OriginActor: + properties: + actor-uuid: type: string links: items: @@ -3494,25 +3714,28 @@ definitions: items: $ref: '#/definitions/oscalTypes_1_1_3.Property' type: array - remarks: + role-id: + type: string + type: type: string type: object - oscalTypes_1_1_3.Removal: + oscalTypes_1_1_3.Parameter: properties: - by-class: - type: string - by-id: - type: string - by-item-name: + class: type: string - by-name: + constraints: + items: + $ref: '#/definitions/oscalTypes_1_1_3.ParameterConstraint' + type: array + depends-on: type: string - by-ns: + guidelines: + items: + $ref: '#/definitions/oscalTypes_1_1_3.ParameterGuideline' + type: array + id: type: string - type: object - oscalTypes_1_1_3.RequiredAsset: - properties: - description: + label: type: string links: items: @@ -3524,306 +3747,300 @@ definitions: type: array remarks: type: string - subjects: + select: + $ref: '#/definitions/oscalTypes_1_1_3.ParameterSelection' + usage: + type: string + values: items: - $ref: '#/definitions/oscalTypes_1_1_3.SubjectReference' + type: string type: array - title: - type: string - uuid: - type: string type: object - oscalTypes_1_1_3.Resource: + oscalTypes_1_1_3.ParameterConstraint: properties: - base64: - $ref: '#/definitions/oscalTypes_1_1_3.Base64' - citation: - $ref: '#/definitions/oscalTypes_1_1_3.Citation' description: type: string - document-ids: - items: - $ref: '#/definitions/oscalTypes_1_1_3.DocumentId' - type: array - props: - items: - $ref: '#/definitions/oscalTypes_1_1_3.Property' - type: array - remarks: - type: string - rlinks: + tests: items: - $ref: '#/definitions/oscalTypes_1_1_3.ResourceLink' + $ref: '#/definitions/oscalTypes_1_1_3.ConstraintTest' type: array - title: - type: string - uuid: + type: object + oscalTypes_1_1_3.ParameterGuideline: + properties: + prose: type: string type: object - oscalTypes_1_1_3.ResourceLink: + oscalTypes_1_1_3.ParameterSelection: properties: - hashes: + choice: items: - $ref: '#/definitions/oscalTypes_1_1_3.Hash' + type: string type: array - href: - type: string - media-type: + how-many: type: string type: object - oscalTypes_1_1_3.Response: + oscalTypes_1_1_3.ParameterSetting: properties: - description: - type: string - lifecycle: + class: type: string - links: - items: - $ref: '#/definitions/oscalTypes_1_1_3.Link' - type: array - origins: - items: - $ref: '#/definitions/oscalTypes_1_1_3.Origin' - type: array - props: + constraints: items: - $ref: '#/definitions/oscalTypes_1_1_3.Property' + $ref: '#/definitions/oscalTypes_1_1_3.ParameterConstraint' type: array - remarks: + depends-on: type: string - required-assets: - items: - $ref: '#/definitions/oscalTypes_1_1_3.RequiredAsset' - type: array - tasks: + guidelines: items: - $ref: '#/definitions/oscalTypes_1_1_3.Task' + $ref: '#/definitions/oscalTypes_1_1_3.ParameterGuideline' type: array - title: - type: string - uuid: + label: type: string - type: object - oscalTypes_1_1_3.ResponsibleParty: - properties: links: items: $ref: '#/definitions/oscalTypes_1_1_3.Link' type: array - party-uuids: - items: - type: string - type: array + param-id: + type: string props: items: $ref: '#/definitions/oscalTypes_1_1_3.Property' type: array - remarks: - type: string - role-id: + select: + $ref: '#/definitions/oscalTypes_1_1_3.ParameterSelection' + usage: type: string + values: + items: + type: string + type: array type: object - oscalTypes_1_1_3.ResponsibleRole: + oscalTypes_1_1_3.Part: properties: + class: + type: string + id: + type: string links: items: $ref: '#/definitions/oscalTypes_1_1_3.Link' type: array - party-uuids: + name: + type: string + ns: + type: string + parts: items: - type: string + $ref: '#/definitions/oscalTypes_1_1_3.Part' type: array props: items: $ref: '#/definitions/oscalTypes_1_1_3.Property' type: array - remarks: + prose: type: string - role-id: + title: type: string type: object - oscalTypes_1_1_3.Result: + oscalTypes_1_1_3.Party: properties: - assessment-log: - $ref: '#/definitions/oscalTypes_1_1_3.AssessmentLog' - attestations: + addresses: items: - $ref: '#/definitions/oscalTypes_1_1_3.AttestationStatements' + $ref: '#/definitions/oscalTypes_1_1_3.Address' type: array - description: - type: string - end: - type: string - findings: + email-addresses: items: - $ref: '#/definitions/oscalTypes_1_1_3.Finding' + type: string + type: array + external-ids: + items: + $ref: '#/definitions/oscalTypes_1_1_3.PartyExternalIdentifier' type: array links: items: $ref: '#/definitions/oscalTypes_1_1_3.Link' type: array - local-definitions: - $ref: '#/definitions/oscalTypes_1_1_3.LocalDefinitions' - observations: + location-uuids: items: - $ref: '#/definitions/oscalTypes_1_1_3.Observation' + type: string + type: array + member-of-organizations: + items: + type: string type: array + name: + type: string props: items: $ref: '#/definitions/oscalTypes_1_1_3.Property' type: array remarks: type: string - reviewed-controls: - $ref: '#/definitions/oscalTypes_1_1_3.ReviewedControls' - risks: + short-name: + type: string + telephone-numbers: items: - $ref: '#/definitions/oscalTypes_1_1_3.Risk' + $ref: '#/definitions/oscalTypes_1_1_3.TelephoneNumber' type: array - start: - type: string - title: + type: type: string uuid: type: string type: object - oscalTypes_1_1_3.ReviewedControls: + oscalTypes_1_1_3.PartyExternalIdentifier: properties: - control-objective-selections: + id: + type: string + scheme: + type: string + type: object + oscalTypes_1_1_3.PlanOfActionAndMilestones: + properties: + back-matter: + $ref: '#/definitions/oscalTypes_1_1_3.BackMatter' + findings: items: - $ref: '#/definitions/oscalTypes_1_1_3.ReferencedControlObjectives' + $ref: '#/definitions/oscalTypes_1_1_3.Finding' type: array - control-selections: + import-ssp: + $ref: '#/definitions/oscalTypes_1_1_3.ImportSsp' + local-definitions: + $ref: '#/definitions/oscalTypes_1_1_3.PlanOfActionAndMilestonesLocalDefinitions' + metadata: + $ref: '#/definitions/oscalTypes_1_1_3.Metadata' + observations: items: - $ref: '#/definitions/oscalTypes_1_1_3.AssessedControls' + $ref: '#/definitions/oscalTypes_1_1_3.Observation' type: array - description: - type: string - links: + poam-items: items: - $ref: '#/definitions/oscalTypes_1_1_3.Link' + $ref: '#/definitions/oscalTypes_1_1_3.PoamItem' type: array - props: + risks: items: - $ref: '#/definitions/oscalTypes_1_1_3.Property' + $ref: '#/definitions/oscalTypes_1_1_3.Risk' type: array - remarks: + system-id: + $ref: '#/definitions/oscalTypes_1_1_3.SystemId' + uuid: type: string type: object - oscalTypes_1_1_3.RevisionHistoryEntry: + oscalTypes_1_1_3.PlanOfActionAndMilestonesLocalDefinitions: properties: - last-modified: - type: string - links: + assessment-assets: + $ref: '#/definitions/oscalTypes_1_1_3.AssessmentAssets' + components: items: - $ref: '#/definitions/oscalTypes_1_1_3.Link' + $ref: '#/definitions/oscalTypes_1_1_3.SystemComponent' type: array - oscal-version: - type: string - props: + inventory-items: items: - $ref: '#/definitions/oscalTypes_1_1_3.Property' + $ref: '#/definitions/oscalTypes_1_1_3.InventoryItem' type: array - published: - type: string remarks: type: string - title: - type: string - version: - type: string type: object - oscalTypes_1_1_3.Risk: + oscalTypes_1_1_3.PoamItem: properties: - characterizations: - items: - $ref: '#/definitions/oscalTypes_1_1_3.Characterization' - type: array - deadline: - type: string description: type: string links: items: $ref: '#/definitions/oscalTypes_1_1_3.Link' type: array - mitigating-factors: - items: - $ref: '#/definitions/oscalTypes_1_1_3.MitigatingFactor' - type: array origins: items: - $ref: '#/definitions/oscalTypes_1_1_3.Origin' + $ref: '#/definitions/oscalTypes_1_1_3.PoamItemOrigin' type: array props: items: $ref: '#/definitions/oscalTypes_1_1_3.Property' type: array + related-findings: + items: + $ref: '#/definitions/oscalTypes_1_1_3.RelatedFinding' + type: array related-observations: items: $ref: '#/definitions/oscalTypes_1_1_3.RelatedObservation' type: array - remediations: + related-risks: items: - $ref: '#/definitions/oscalTypes_1_1_3.Response' + $ref: '#/definitions/oscalTypes_1_1_3.AssociatedRisk' type: array - risk-log: - $ref: '#/definitions/oscalTypes_1_1_3.RiskLog' - statement: - type: string - status: + remarks: type: string - threat-ids: - items: - $ref: '#/definitions/oscalTypes_1_1_3.ThreatId' - type: array title: type: string uuid: type: string type: object - oscalTypes_1_1_3.RiskLog: + oscalTypes_1_1_3.PoamItemOrigin: properties: - entries: + actors: items: - $ref: '#/definitions/oscalTypes_1_1_3.RiskLogEntry' + $ref: '#/definitions/oscalTypes_1_1_3.OriginActor' type: array type: object - oscalTypes_1_1_3.RiskLogEntry: + oscalTypes_1_1_3.PortRange: properties: - description: - type: string end: + type: integer + start: + type: integer + transport: type: string - links: - items: - $ref: '#/definitions/oscalTypes_1_1_3.Link' - type: array - logged-by: - items: - $ref: '#/definitions/oscalTypes_1_1_3.LoggedBy' - type: array - props: - items: - $ref: '#/definitions/oscalTypes_1_1_3.Property' - type: array - related-responses: + type: object + oscalTypes_1_1_3.Profile: + properties: + back-matter: + $ref: '#/definitions/oscalTypes_1_1_3.BackMatter' + imports: items: - $ref: '#/definitions/oscalTypes_1_1_3.RiskResponseReference' + $ref: '#/definitions/oscalTypes_1_1_3.Import' type: array + merge: + $ref: '#/definitions/oscalTypes_1_1_3.Merge' + metadata: + $ref: '#/definitions/oscalTypes_1_1_3.Metadata' + modify: + $ref: '#/definitions/oscalTypes_1_1_3.Modify' + uuid: + type: string + type: object + oscalTypes_1_1_3.Property: + properties: + class: + type: string + group: + type: string + name: + type: string + ns: + type: string remarks: type: string - start: + uuid: type: string - status-change: + value: + type: string + type: object + oscalTypes_1_1_3.Protocol: + properties: + name: type: string + port-ranges: + items: + $ref: '#/definitions/oscalTypes_1_1_3.PortRange' + type: array title: type: string uuid: type: string type: object - oscalTypes_1_1_3.RiskResponseReference: + oscalTypes_1_1_3.ProvidedControlImplementation: properties: + description: + type: string links: items: $ref: '#/definitions/oscalTypes_1_1_3.Link' @@ -3832,21 +4049,29 @@ definitions: items: $ref: '#/definitions/oscalTypes_1_1_3.Property' type: array - related-tasks: - items: - $ref: '#/definitions/oscalTypes_1_1_3.RelatedTask' - type: array remarks: type: string - response-uuid: + responsible-roles: + items: + $ref: '#/definitions/oscalTypes_1_1_3.ResponsibleRole' + type: array + uuid: type: string type: object - oscalTypes_1_1_3.Role: + oscalTypes_1_1_3.ReferencedControlObjectives: properties: description: type: string - id: - type: string + exclude-objectives: + items: + $ref: '#/definitions/oscalTypes_1_1_3.SelectObjectiveById' + type: array + include-all: + $ref: '#/definitions/oscalTypes_1_1_3.IncludeAll' + include-objectives: + items: + $ref: '#/definitions/oscalTypes_1_1_3.SelectObjectiveById' + type: array links: items: $ref: '#/definitions/oscalTypes_1_1_3.Link' @@ -3857,15 +4082,21 @@ definitions: type: array remarks: type: string - short-name: - type: string - title: + type: object + oscalTypes_1_1_3.RelatedFinding: + properties: + finding-uuid: type: string type: object - oscalTypes_1_1_3.SatisfiedControlImplementationResponsibility: + oscalTypes_1_1_3.RelatedObservation: properties: - description: + observation-uuid: type: string + type: object + oscalTypes_1_1_3.RelatedTask: + properties: + identified-subject: + $ref: '#/definitions/oscalTypes_1_1_3.IdentifiedSubject' links: items: $ref: '#/definitions/oscalTypes_1_1_3.Link' @@ -3876,44 +4107,51 @@ definitions: type: array remarks: type: string - responsibility-uuid: - type: string - responsible-roles: + responsible-parties: items: - $ref: '#/definitions/oscalTypes_1_1_3.ResponsibleRole' + $ref: '#/definitions/oscalTypes_1_1_3.ResponsibleParty' type: array - uuid: + subjects: + items: + $ref: '#/definitions/oscalTypes_1_1_3.AssessmentSubject' + type: array + task-uuid: type: string type: object - oscalTypes_1_1_3.SecurityImpactLevel: + oscalTypes_1_1_3.RelevantEvidence: properties: - security-objective-availability: - type: string - security-objective-confidentiality: + description: type: string - security-objective-integrity: + href: type: string - type: object - oscalTypes_1_1_3.SelectControlById: - properties: - matching: + links: items: - $ref: '#/definitions/oscalTypes_1_1_3.Matching' + $ref: '#/definitions/oscalTypes_1_1_3.Link' type: array - with-child-controls: - type: string - with-ids: + props: items: - type: string + $ref: '#/definitions/oscalTypes_1_1_3.Property' type: array + remarks: + type: string type: object - oscalTypes_1_1_3.SelectObjectiveById: + oscalTypes_1_1_3.Removal: properties: - objective-id: + by-class: + type: string + by-id: + type: string + by-item-name: + type: string + by-name: + type: string + by-ns: type: string type: object - oscalTypes_1_1_3.SelectSubjectById: + oscalTypes_1_1_3.RequiredAsset: properties: + description: + type: string links: items: $ref: '#/definitions/oscalTypes_1_1_3.Link' @@ -3924,31 +4162,26 @@ definitions: type: array remarks: type: string - subject-uuid: - type: string - type: - type: string - type: object - oscalTypes_1_1_3.SetParameter: - properties: - param-id: - type: string - remarks: - type: string - values: + subjects: items: - type: string + $ref: '#/definitions/oscalTypes_1_1_3.SubjectReference' type: array + title: + type: string + uuid: + type: string type: object - oscalTypes_1_1_3.Statement: + oscalTypes_1_1_3.Resource: properties: - by-components: - items: - $ref: '#/definitions/oscalTypes_1_1_3.ByComponent' - type: array - links: + base64: + $ref: '#/definitions/oscalTypes_1_1_3.Base64' + citation: + $ref: '#/definitions/oscalTypes_1_1_3.Citation' + description: + type: string + document-ids: items: - $ref: '#/definitions/oscalTypes_1_1_3.Link' + $ref: '#/definitions/oscalTypes_1_1_3.DocumentId' type: array props: items: @@ -3956,170 +4189,154 @@ definitions: type: array remarks: type: string - responsible-roles: + rlinks: items: - $ref: '#/definitions/oscalTypes_1_1_3.ResponsibleRole' + $ref: '#/definitions/oscalTypes_1_1_3.ResourceLink' type: array - statement-id: + title: type: string uuid: type: string type: object - oscalTypes_1_1_3.Status: + oscalTypes_1_1_3.ResourceLink: properties: - remarks: + hashes: + items: + $ref: '#/definitions/oscalTypes_1_1_3.Hash' + type: array + href: type: string - state: + media-type: type: string type: object - oscalTypes_1_1_3.Step: + oscalTypes_1_1_3.Response: properties: description: type: string + lifecycle: + type: string links: items: $ref: '#/definitions/oscalTypes_1_1_3.Link' type: array + origins: + items: + $ref: '#/definitions/oscalTypes_1_1_3.Origin' + type: array props: items: $ref: '#/definitions/oscalTypes_1_1_3.Property' type: array remarks: type: string - responsible-roles: + required-assets: items: - $ref: '#/definitions/oscalTypes_1_1_3.ResponsibleRole' + $ref: '#/definitions/oscalTypes_1_1_3.RequiredAsset' + type: array + tasks: + items: + $ref: '#/definitions/oscalTypes_1_1_3.Task' type: array - reviewed-controls: - $ref: '#/definitions/oscalTypes_1_1_3.ReviewedControls' title: type: string uuid: type: string type: object - oscalTypes_1_1_3.SubjectReference: + oscalTypes_1_1_3.ResponsibleParty: properties: links: items: $ref: '#/definitions/oscalTypes_1_1_3.Link' type: array + party-uuids: + items: + type: string + type: array props: items: $ref: '#/definitions/oscalTypes_1_1_3.Property' type: array remarks: type: string - subject-uuid: - type: string - title: - type: string - type: + role-id: type: string type: object - oscalTypes_1_1_3.SystemCharacteristics: + oscalTypes_1_1_3.ResponsibleRole: properties: - authorization-boundary: - $ref: '#/definitions/oscalTypes_1_1_3.AuthorizationBoundary' - data-flow: - $ref: '#/definitions/oscalTypes_1_1_3.DataFlow' - date-authorized: - type: string - description: - type: string links: items: $ref: '#/definitions/oscalTypes_1_1_3.Link' type: array - network-architecture: - $ref: '#/definitions/oscalTypes_1_1_3.NetworkArchitecture' + party-uuids: + items: + type: string + type: array props: items: $ref: '#/definitions/oscalTypes_1_1_3.Property' type: array remarks: type: string - responsible-parties: - items: - $ref: '#/definitions/oscalTypes_1_1_3.ResponsibleParty' - type: array - security-impact-level: - $ref: '#/definitions/oscalTypes_1_1_3.SecurityImpactLevel' - security-sensitivity-level: - type: string - status: - $ref: '#/definitions/oscalTypes_1_1_3.Status' - system-ids: - items: - $ref: '#/definitions/oscalTypes_1_1_3.SystemId' - type: array - system-information: - $ref: '#/definitions/oscalTypes_1_1_3.SystemInformation' - system-name: - type: string - system-name-short: + role-id: type: string type: object - oscalTypes_1_1_3.SystemComponent: + oscalTypes_1_1_3.Result: properties: + assessment-log: + $ref: '#/definitions/oscalTypes_1_1_3.AssessmentLog' + attestations: + items: + $ref: '#/definitions/oscalTypes_1_1_3.AttestationStatements' + type: array description: type: string + end: + type: string + findings: + items: + $ref: '#/definitions/oscalTypes_1_1_3.Finding' + type: array links: items: $ref: '#/definitions/oscalTypes_1_1_3.Link' type: array - props: + local-definitions: + $ref: '#/definitions/oscalTypes_1_1_3.LocalDefinitions' + observations: items: - $ref: '#/definitions/oscalTypes_1_1_3.Property' + $ref: '#/definitions/oscalTypes_1_1_3.Observation' type: array - protocols: + props: items: - $ref: '#/definitions/oscalTypes_1_1_3.Protocol' + $ref: '#/definitions/oscalTypes_1_1_3.Property' type: array - purpose: - type: string remarks: type: string - responsible-roles: + reviewed-controls: + $ref: '#/definitions/oscalTypes_1_1_3.ReviewedControls' + risks: items: - $ref: '#/definitions/oscalTypes_1_1_3.ResponsibleRole' + $ref: '#/definitions/oscalTypes_1_1_3.Risk' type: array - status: - $ref: '#/definitions/oscalTypes_1_1_3.SystemComponentStatus' - title: + start: type: string - type: + title: type: string uuid: type: string type: object - oscalTypes_1_1_3.SystemComponentStatus: - properties: - remarks: - type: string - state: - type: string - type: object - oscalTypes_1_1_3.SystemId: - properties: - id: - type: string - identifier-type: - type: string - type: object - oscalTypes_1_1_3.SystemImplementation: + oscalTypes_1_1_3.ReviewedControls: properties: - components: - items: - $ref: '#/definitions/oscalTypes_1_1_3.SystemComponent' - type: array - inventory-items: + control-objective-selections: items: - $ref: '#/definitions/oscalTypes_1_1_3.InventoryItem' + $ref: '#/definitions/oscalTypes_1_1_3.ReferencedControlObjectives' type: array - leveraged-authorizations: + control-selections: items: - $ref: '#/definitions/oscalTypes_1_1_3.LeveragedAuthorization' + $ref: '#/definitions/oscalTypes_1_1_3.AssessedControls' type: array + description: + type: string links: items: $ref: '#/definitions/oscalTypes_1_1_3.Link' @@ -4130,142 +4347,121 @@ definitions: type: array remarks: type: string - users: - items: - $ref: '#/definitions/oscalTypes_1_1_3.SystemUser' - type: array type: object - oscalTypes_1_1_3.SystemInformation: + oscalTypes_1_1_3.RevisionHistoryEntry: properties: - information-types: - items: - $ref: '#/definitions/oscalTypes_1_1_3.InformationType' - type: array + last-modified: + type: string links: items: $ref: '#/definitions/oscalTypes_1_1_3.Link' type: array + oscal-version: + type: string props: items: $ref: '#/definitions/oscalTypes_1_1_3.Property' type: array - type: object - oscalTypes_1_1_3.SystemSecurityPlan: - properties: - back-matter: - $ref: '#/definitions/oscalTypes_1_1_3.BackMatter' - control-implementation: - $ref: '#/definitions/oscalTypes_1_1_3.ControlImplementation' - import-profile: - $ref: '#/definitions/oscalTypes_1_1_3.ImportProfile' - metadata: - $ref: '#/definitions/oscalTypes_1_1_3.Metadata' - system-characteristics: - $ref: '#/definitions/oscalTypes_1_1_3.SystemCharacteristics' - system-implementation: - $ref: '#/definitions/oscalTypes_1_1_3.SystemImplementation' - uuid: + published: + type: string + remarks: + type: string + title: + type: string + version: type: string type: object - oscalTypes_1_1_3.SystemUser: + oscalTypes_1_1_3.Risk: properties: - authorized-privileges: + characterizations: items: - $ref: '#/definitions/oscalTypes_1_1_3.AuthorizedPrivilege' + $ref: '#/definitions/oscalTypes_1_1_3.Characterization' type: array + deadline: + type: string description: type: string links: items: $ref: '#/definitions/oscalTypes_1_1_3.Link' type: array + mitigating-factors: + items: + $ref: '#/definitions/oscalTypes_1_1_3.MitigatingFactor' + type: array + origins: + items: + $ref: '#/definitions/oscalTypes_1_1_3.Origin' + type: array props: items: $ref: '#/definitions/oscalTypes_1_1_3.Property' type: array - remarks: - type: string - role-ids: + related-observations: items: - type: string + $ref: '#/definitions/oscalTypes_1_1_3.RelatedObservation' type: array - short-name: + remediations: + items: + $ref: '#/definitions/oscalTypes_1_1_3.Response' + type: array + risk-log: + $ref: '#/definitions/oscalTypes_1_1_3.RiskLog' + statement: + type: string + status: type: string + threat-ids: + items: + $ref: '#/definitions/oscalTypes_1_1_3.ThreatId' + type: array title: type: string uuid: type: string type: object - oscalTypes_1_1_3.Task: + oscalTypes_1_1_3.RiskLog: properties: - associated-activities: - items: - $ref: '#/definitions/oscalTypes_1_1_3.AssociatedActivity' - type: array - dependencies: + entries: items: - $ref: '#/definitions/oscalTypes_1_1_3.TaskDependency' + $ref: '#/definitions/oscalTypes_1_1_3.RiskLogEntry' type: array + type: object + oscalTypes_1_1_3.RiskLogEntry: + properties: description: type: string + end: + type: string links: items: $ref: '#/definitions/oscalTypes_1_1_3.Link' type: array - props: - items: - $ref: '#/definitions/oscalTypes_1_1_3.Property' - type: array - remarks: - type: string - responsible-roles: + logged-by: items: - $ref: '#/definitions/oscalTypes_1_1_3.ResponsibleRole' + $ref: '#/definitions/oscalTypes_1_1_3.LoggedBy' type: array - subjects: + props: items: - $ref: '#/definitions/oscalTypes_1_1_3.AssessmentSubject' + $ref: '#/definitions/oscalTypes_1_1_3.Property' type: array - tasks: + related-responses: items: - $ref: '#/definitions/oscalTypes_1_1_3.Task' + $ref: '#/definitions/oscalTypes_1_1_3.RiskResponseReference' type: array - timing: - $ref: '#/definitions/oscalTypes_1_1_3.EventTiming' - title: - type: string - type: - type: string - uuid: - type: string - type: object - oscalTypes_1_1_3.TaskDependency: - properties: remarks: type: string - task-uuid: - type: string - type: object - oscalTypes_1_1_3.TelephoneNumber: - properties: - number: - type: string - type: + start: type: string - type: object - oscalTypes_1_1_3.ThreatId: - properties: - href: + status-change: type: string - id: + title: type: string - system: + uuid: type: string type: object - oscalTypes_1_1_3.UsesComponent: + oscalTypes_1_1_3.RiskResponseReference: properties: - component-uuid: - type: string links: items: $ref: '#/definitions/oscalTypes_1_1_3.Link' @@ -4274,522 +4470,531 @@ definitions: items: $ref: '#/definitions/oscalTypes_1_1_3.Property' type: array - remarks: - type: string - responsible-parties: + related-tasks: items: - $ref: '#/definitions/oscalTypes_1_1_3.ResponsibleParty' + $ref: '#/definitions/oscalTypes_1_1_3.RelatedTask' type: array + remarks: + type: string + response-uuid: + type: string type: object - relational.Action: + oscalTypes_1_1_3.Role: properties: - date: + description: type: string id: type: string links: items: - $ref: '#/definitions/relational.Link' + $ref: '#/definitions/oscalTypes_1_1_3.Link' type: array - metadata-id: - description: Actions only exist on a metadata object. We'll link them straight - there with a BelongsTo relationship - type: string props: items: - $ref: '#/definitions/relational.Prop' + $ref: '#/definitions/oscalTypes_1_1_3.Property' type: array remarks: type: string - responsibleParties: - items: - $ref: '#/definitions/relational.ResponsibleParty' - type: array - system: - description: required + short-name: type: string - type: - description: required + title: type: string type: object - relational.Activity: + oscalTypes_1_1_3.SatisfiedControlImplementationResponsibility: properties: description: - description: required - type: string - id: type: string links: items: - $ref: '#/definitions/relational.Link' + $ref: '#/definitions/oscalTypes_1_1_3.Link' type: array props: items: - $ref: '#/definitions/relational.Prop' + $ref: '#/definitions/oscalTypes_1_1_3.Property' type: array - related-controls: - $ref: '#/definitions/relational.ReviewedControls' - relatedControlsID: - type: string remarks: - description: required + type: string + responsibility-uuid: type: string responsible-roles: items: - $ref: '#/definitions/relational.ResponsibleRole' - type: array - steps: - items: - $ref: '#/definitions/relational.Step' + $ref: '#/definitions/oscalTypes_1_1_3.ResponsibleRole' type: array - title: + uuid: type: string type: object - relational.Address: + oscalTypes_1_1_3.SecurityImpactLevel: properties: - city: - type: string - country: + security-objective-availability: type: string - lines: - items: - type: string - type: array - postal-code: + security-objective-confidentiality: type: string - state: + security-objective-integrity: type: string - type: - $ref: '#/definitions/relational.AddressType' type: object - relational.AddressType: - enum: - - work - - home - type: string - x-enum-varnames: - - AddressTypeWork - - AddressTypeHome - relational.AssessedControlsSelectControlById: + oscalTypes_1_1_3.SelectControlById: properties: - control: - $ref: '#/definitions/relational.Control' - controlID: - type: string - id: + matching: + items: + $ref: '#/definitions/oscalTypes_1_1_3.Matching' + type: array + with-child-controls: type: string - statements: + with-ids: items: - $ref: '#/definitions/relational.Statement' + type: string type: array type: object - relational.AssessmentSubject: + oscalTypes_1_1_3.SelectObjectiveById: properties: - description: + objective-id: type: string - evidence: + type: object + oscalTypes_1_1_3.SelectSubjectById: + properties: + links: items: - $ref: '#/definitions/relational.Evidence' + $ref: '#/definitions/oscalTypes_1_1_3.Link' type: array - excludeSubjects: + props: items: - $ref: '#/definitions/relational.SelectSubjectById' + $ref: '#/definitions/oscalTypes_1_1_3.Property' type: array - id: + remarks: type: string - includeAll: - $ref: '#/definitions/datatypes.JSONType-relational_IncludeAll' - includeSubjects: + subject-uuid: + type: string + type: + type: string + type: object + oscalTypes_1_1_3.SetParameter: + properties: + param-id: + type: string + remarks: + type: string + values: items: - $ref: '#/definitions/relational.SelectSubjectById' + type: string + type: array + type: object + oscalTypes_1_1_3.Statement: + properties: + by-components: + items: + $ref: '#/definitions/oscalTypes_1_1_3.ByComponent' type: array links: items: - $ref: '#/definitions/relational.Link' + $ref: '#/definitions/oscalTypes_1_1_3.Link' type: array props: items: - $ref: '#/definitions/relational.Prop' + $ref: '#/definitions/oscalTypes_1_1_3.Property' type: array remarks: type: string - type: - description: |- - Type represents a component, party, location, user, or inventory item. - It will likely be updated once we can map it correctly + responsible-roles: + items: + $ref: '#/definitions/oscalTypes_1_1_3.ResponsibleRole' + type: array + statement-id: + type: string + uuid: type: string type: object - relational.BackMatter: + oscalTypes_1_1_3.Status: properties: - id: - type: string - parentID: + remarks: type: string - parentType: + state: type: string - resources: - items: - $ref: '#/definitions/relational.BackMatterResource' - type: array type: object - relational.BackMatterResource: + oscalTypes_1_1_3.Step: properties: - backMatterID: - type: string - base64: - $ref: '#/definitions/datatypes.JSONType-relational_Base64' - citation: - $ref: '#/definitions/datatypes.JSONType-relational_Citation' description: type: string - document-ids: + links: items: - $ref: '#/definitions/relational.DocumentID' + $ref: '#/definitions/oscalTypes_1_1_3.Link' type: array - id: - description: required - type: string props: items: - $ref: '#/definitions/relational.Prop' + $ref: '#/definitions/oscalTypes_1_1_3.Property' type: array remarks: type: string - rlinks: + responsible-roles: items: - $ref: '#/definitions/relational.ResourceLink' + $ref: '#/definitions/oscalTypes_1_1_3.ResponsibleRole' type: array + reviewed-controls: + $ref: '#/definitions/oscalTypes_1_1_3.ReviewedControls' title: type: string + uuid: + type: string type: object - relational.ByComponent: + oscalTypes_1_1_3.SubjectReference: properties: - component-uuid: - type: string - description: - type: string - export: - $ref: '#/definitions/relational.Export' - id: - type: string - implementation-status: - $ref: '#/definitions/datatypes.JSONType-relational_ImplementationStatus' - inherited-control-implementations: + links: items: - $ref: '#/definitions/relational.InheritedControlImplementation' + $ref: '#/definitions/oscalTypes_1_1_3.Link' type: array - links: + props: items: - $ref: '#/definitions/relational.Link' + $ref: '#/definitions/oscalTypes_1_1_3.Property' type: array - parentID: - description: As ByComponent can be found in Implemented Requirements & Statements, - using GORM polymorphism to tell us where to attach + remarks: type: string - parentType: + subject-uuid: + type: string + title: + type: string + type: + type: string + type: object + oscalTypes_1_1_3.SystemCharacteristics: + properties: + authorization-boundary: + $ref: '#/definitions/oscalTypes_1_1_3.AuthorizationBoundary' + data-flow: + $ref: '#/definitions/oscalTypes_1_1_3.DataFlow' + date-authorized: + type: string + description: type: string + links: + items: + $ref: '#/definitions/oscalTypes_1_1_3.Link' + type: array + network-architecture: + $ref: '#/definitions/oscalTypes_1_1_3.NetworkArchitecture' props: items: - $ref: '#/definitions/relational.Prop' + $ref: '#/definitions/oscalTypes_1_1_3.Property' type: array remarks: type: string responsible-parties: items: - $ref: '#/definitions/relational.ResponsibleRole' - type: array - satisfied: - items: - $ref: '#/definitions/relational.SatisfiedControlImplementationResponsibility' + $ref: '#/definitions/oscalTypes_1_1_3.ResponsibleParty' type: array - set-parameters: + security-impact-level: + $ref: '#/definitions/oscalTypes_1_1_3.SecurityImpactLevel' + security-sensitivity-level: + type: string + status: + $ref: '#/definitions/oscalTypes_1_1_3.Status' + system-ids: items: - $ref: '#/definitions/relational.SetParameter' + $ref: '#/definitions/oscalTypes_1_1_3.SystemId' type: array + system-information: + $ref: '#/definitions/oscalTypes_1_1_3.SystemInformation' + system-name: + type: string + system-name-short: + type: string type: object - relational.Capability: + oscalTypes_1_1_3.SystemComponent: properties: - componentDefinition: - $ref: '#/definitions/relational.ComponentDefinition' - componentDefinitionId: - type: string - control-implementations: - items: - $ref: '#/definitions/relational.ControlImplementationSet' - type: array description: - description: required - type: string - id: type: string - incorporates-components: - items: - $ref: '#/definitions/relational.IncorporatesComponents' - type: array links: items: - $ref: '#/definitions/relational.Link' + $ref: '#/definitions/oscalTypes_1_1_3.Link' type: array - name: - description: required - type: string props: items: - $ref: '#/definitions/relational.Prop' + $ref: '#/definitions/oscalTypes_1_1_3.Property' type: array - remarks: - type: string - type: object - relational.CcfPoamItem: - properties: - createdAt: - type: string - deadline: - type: string - description: - type: string - id: - type: string - milestones: + protocols: items: - $ref: '#/definitions/relational.CcfPoamItemMilestone' + $ref: '#/definitions/oscalTypes_1_1_3.Protocol' type: array - pocEmail: - type: string - pocName: - type: string - pocPhone: + purpose: type: string remarks: type: string - resourceRequired: - type: string - sspID: - type: string + responsible-roles: + items: + $ref: '#/definitions/oscalTypes_1_1_3.ResponsibleRole' + type: array status: - type: string + $ref: '#/definitions/oscalTypes_1_1_3.SystemComponentStatus' title: type: string - updatedAt: + type: + type: string + uuid: type: string type: object - relational.CcfPoamItemMilestone: + oscalTypes_1_1_3.SystemComponentStatus: properties: - completedAt: - type: string - createdAt: - type: string - description: - type: string - dueDate: - type: string - id: - type: string - poamItemID: - type: string - status: - type: string - title: + remarks: type: string - updatedAt: + state: type: string type: object - relational.CcfPoamItemRiskLink: + oscalTypes_1_1_3.SystemId: properties: - poamItemID: + id: type: string - riskID: + identifier-type: type: string type: object - relational.ComponentDefinition: + oscalTypes_1_1_3.SystemImplementation: properties: - back-matter: - $ref: '#/definitions/relational.BackMatter' - capabilities: + components: items: - $ref: '#/definitions/relational.Capability' + $ref: '#/definitions/oscalTypes_1_1_3.SystemComponent' type: array - components: + inventory-items: items: - $ref: '#/definitions/relational.DefinedComponent' + $ref: '#/definitions/oscalTypes_1_1_3.InventoryItem' type: array - id: - type: string - import-component-definitions: + leveraged-authorizations: items: - $ref: '#/definitions/relational.ImportComponentDefinition' + $ref: '#/definitions/oscalTypes_1_1_3.LeveragedAuthorization' type: array - metadata: - allOf: - - $ref: '#/definitions/relational.Metadata' - description: required - type: object - relational.Control: - properties: - catalogID: - type: string - class: - type: string - controls: + links: items: - $ref: '#/definitions/relational.Control' + $ref: '#/definitions/oscalTypes_1_1_3.Link' type: array - filters: + props: items: - $ref: '#/definitions/relational.Filter' + $ref: '#/definitions/oscalTypes_1_1_3.Property' type: array - id: - description: required + remarks: type: string - links: + users: items: - $ref: '#/definitions/relational.Link' + $ref: '#/definitions/oscalTypes_1_1_3.SystemUser' type: array - params: + type: object + oscalTypes_1_1_3.SystemInformation: + properties: + information-types: items: - $ref: '#/definitions/relational.Parameter' + $ref: '#/definitions/oscalTypes_1_1_3.InformationType' type: array - parentID: - type: string - parentType: - type: string - parts: + links: items: - $ref: '#/definitions/relational.Part' + $ref: '#/definitions/oscalTypes_1_1_3.Link' type: array props: items: - $ref: '#/definitions/relational.Prop' + $ref: '#/definitions/oscalTypes_1_1_3.Property' type: array - title: - description: required + type: object + oscalTypes_1_1_3.SystemSecurityPlan: + properties: + back-matter: + $ref: '#/definitions/oscalTypes_1_1_3.BackMatter' + control-implementation: + $ref: '#/definitions/oscalTypes_1_1_3.ControlImplementation' + import-profile: + $ref: '#/definitions/oscalTypes_1_1_3.ImportProfile' + metadata: + $ref: '#/definitions/oscalTypes_1_1_3.Metadata' + system-characteristics: + $ref: '#/definitions/oscalTypes_1_1_3.SystemCharacteristics' + system-implementation: + $ref: '#/definitions/oscalTypes_1_1_3.SystemImplementation' + uuid: type: string type: object - relational.ControlImplementationResponsibility: + oscalTypes_1_1_3.SystemUser: properties: + authorized-privileges: + items: + $ref: '#/definitions/oscalTypes_1_1_3.AuthorizedPrivilege' + type: array description: - description: required - type: string - exportId: - type: string - id: type: string links: items: - $ref: '#/definitions/relational.Link' + $ref: '#/definitions/oscalTypes_1_1_3.Link' type: array props: items: - $ref: '#/definitions/relational.Prop' + $ref: '#/definitions/oscalTypes_1_1_3.Property' type: array - provided-uuid: - type: string remarks: type: string - responsible-roles: + role-ids: items: - $ref: '#/definitions/relational.ResponsibleRole' + type: string type: array - type: object - relational.ControlImplementationSet: - properties: - definedComponent: - $ref: '#/definitions/relational.DefinedComponent' - definedComponentID: + short-name: type: string - description: - description: required + title: type: string - id: + uuid: type: string - implemented-requirements: - description: required + type: object + oscalTypes_1_1_3.Task: + properties: + associated-activities: items: - $ref: '#/definitions/relational.ImplementedRequirementControlImplementation' + $ref: '#/definitions/oscalTypes_1_1_3.AssociatedActivity' type: array + dependencies: + items: + $ref: '#/definitions/oscalTypes_1_1_3.TaskDependency' + type: array + description: + type: string links: items: - $ref: '#/definitions/relational.Link' + $ref: '#/definitions/oscalTypes_1_1_3.Link' type: array props: items: - $ref: '#/definitions/relational.Prop' + $ref: '#/definitions/oscalTypes_1_1_3.Property' type: array - set-parameters: + remarks: + type: string + responsible-roles: items: - $ref: '#/definitions/relational.SetParameter' + $ref: '#/definitions/oscalTypes_1_1_3.ResponsibleRole' type: array - source: - description: required + subjects: + items: + $ref: '#/definitions/oscalTypes_1_1_3.AssessmentSubject' + type: array + tasks: + items: + $ref: '#/definitions/oscalTypes_1_1_3.Task' + type: array + timing: + $ref: '#/definitions/oscalTypes_1_1_3.EventTiming' + title: + type: string + type: + type: string + uuid: type: string type: object - relational.ControlObjectiveSelection: + oscalTypes_1_1_3.TaskDependency: properties: - description: + remarks: + type: string + task-uuid: + type: string + type: object + oscalTypes_1_1_3.TelephoneNumber: + properties: + number: + type: string + type: + type: string + type: object + oscalTypes_1_1_3.ThreatId: + properties: + href: type: string - excludeObjectives: - items: - $ref: '#/definitions/relational.SelectObjectiveById' - type: array id: type: string - includeAll: - $ref: '#/definitions/datatypes.JSONType-relational_IncludeAll' - includeObjectives: - items: - $ref: '#/definitions/relational.SelectObjectiveById' - type: array + system: + type: string + type: object + oscalTypes_1_1_3.UsesComponent: + properties: + component-uuid: + type: string links: items: - $ref: '#/definitions/relational.Link' + $ref: '#/definitions/oscalTypes_1_1_3.Link' type: array props: items: - $ref: '#/definitions/relational.Prop' + $ref: '#/definitions/oscalTypes_1_1_3.Property' type: array remarks: type: string - reviewedControlsID: + responsible-parties: + items: + $ref: '#/definitions/oscalTypes_1_1_3.ResponsibleParty' + type: array + type: object + poam.PoamItemControlLink: + properties: + catalogId: + type: string + controlId: + type: string + createdAt: + type: string + poamItemId: type: string type: object - relational.ControlSelection: + poam.PoamItemEvidenceLink: properties: - description: + createdAt: + type: string + evidenceId: + type: string + poamItemId: + type: string + type: object + poam.PoamItemFindingLink: + properties: + createdAt: + type: string + findingId: + type: string + poamItemId: + type: string + type: object + poam.PoamItemRiskLink: + properties: + createdAt: + type: string + poamItemId: + type: string + riskId: + type: string + type: object + relational.Action: + properties: + date: type: string - excludeControls: - items: - $ref: '#/definitions/relational.AssessedControlsSelectControlById' - type: array id: type: string - includeAll: - $ref: '#/definitions/datatypes.JSONType-relational_IncludeAll' - includeControls: - items: - $ref: '#/definitions/relational.AssessedControlsSelectControlById' - type: array links: items: $ref: '#/definitions/relational.Link' type: array + metadata-id: + description: Actions only exist on a metadata object. We'll link them straight + there with a BelongsTo relationship + type: string props: items: $ref: '#/definitions/relational.Prop' type: array remarks: type: string - reviewedControlsID: + responsibleParties: + items: + $ref: '#/definitions/relational.ResponsibleParty' + type: array + system: + description: required + type: string + type: + description: required type: string type: object - relational.ControlStatementImplementation: + relational.Activity: properties: description: description: required type: string id: type: string - implementedRequirementControlImplementationId: - type: string links: items: $ref: '#/definitions/relational.Link' @@ -4798,28 +5003,29 @@ definitions: items: $ref: '#/definitions/relational.Prop' type: array + related-controls: + $ref: '#/definitions/relational.ReviewedControls' + relatedControlsID: + type: string remarks: + description: required type: string responsible-roles: items: $ref: '#/definitions/relational.ResponsibleRole' type: array - statement-id: - description: required + steps: + items: + $ref: '#/definitions/relational.Step' + type: array + title: type: string type: object - relational.DefinedComponent: + relational.Addition: properties: - componentDefinition: - $ref: '#/definitions/relational.ComponentDefinition' - componentDefinitionID: + alterationID: type: string - control-implementations: - items: - $ref: '#/definitions/relational.ControlImplementationSet' - type: array - description: - description: required + by-id: type: string id: type: string @@ -4827,83 +5033,102 @@ definitions: items: $ref: '#/definitions/relational.Link' type: array - props: + params: items: - $ref: '#/definitions/relational.Prop' + $ref: '#/definitions/relational.Parameter' type: array - protocols: + parts: items: - $ref: '#/definitions/relational.Protocol' + $ref: '#/definitions/relational.Part' type: array - purpose: - type: string - remarks: + position: type: string - responsible-roles: + props: items: - $ref: '#/definitions/relational.ResponsibleRole' + $ref: '#/definitions/relational.Prop' type: array title: - description: required - type: string - type: - description: required type: string type: object - relational.DocumentID: + relational.Address: properties: - identifier: + city: type: string - scheme: - $ref: '#/definitions/relational.DocumentIDScheme' + country: + type: string + lines: + items: + type: string + type: array + postal-code: + type: string + state: + type: string + type: + $ref: '#/definitions/relational.AddressType' type: object - relational.DocumentIDScheme: + relational.AddressType: enum: - - http://www.doi.org/ + - work + - home type: string x-enum-varnames: - - DocumentIDSchemeDoi - relational.Evidence: + - AddressTypeWork + - AddressTypeHome + relational.Alteration: properties: - activities: - description: What steps did we take to create this evidence - items: - $ref: '#/definitions/relational.Activity' - type: array - back-matter: - $ref: '#/definitions/relational.BackMatter' - components: - description: Which components of the subject are being observed. A tool, user, - policy etc. + adds: items: - $ref: '#/definitions/relational.SystemComponent' + $ref: '#/definitions/relational.Addition' type: array - description: + control-id: + description: required type: string - end: + id: type: string - expires: + modify-id: + type: string + removes: + items: + $ref: '#/definitions/relational.Removal' + type: array + type: object + relational.AssessedControlsSelectControlById: + properties: + control: + $ref: '#/definitions/relational.Control' + controlID: type: string id: type: string - inventory-items: + statements: items: - $ref: '#/definitions/relational.InventoryItem' + $ref: '#/definitions/relational.Statement' type: array - labels: - description: Assigning labels to Evidence makes it searchable and easily usable - in the UI + type: object + relational.AssessmentSubject: + properties: + description: + type: string + evidence: items: - $ref: '#/definitions/relational.Labels' + $ref: '#/definitions/relational.Evidence' type: array - links: + excludeSubjects: items: - $ref: '#/definitions/relational.Link' + $ref: '#/definitions/relational.SelectSubjectById' type: array - origins: - description: Who or What is generating this evidence + id: + type: string + includeAll: + $ref: '#/definitions/datatypes.JSONType-relational_IncludeAll' + includeSubjects: items: - $ref: '#/definitions/relational.Origin' + $ref: '#/definitions/relational.SelectSubjectById' + type: array + links: + items: + $ref: '#/definitions/relational.Link' type: array props: items: @@ -4911,33 +5136,22 @@ definitions: type: array remarks: type: string - start: - description: When did we start collecting the evidence, and when did the process - end, and how long is it valid for ? - type: string - status: - allOf: - - $ref: '#/definitions/datatypes.JSONType-oscalTypes_1_1_3_ObjectiveStatus' - description: Did we satisfy what was being tested for, or did we fail ? - subjects: - description: Who or What are we providing evidence for. What's under test. - items: - $ref: '#/definitions/relational.AssessmentSubject' - type: array - title: + sspId: type: string - uuid: + type: description: |- - UUID needs to remain consistent when automation runs again, but unique for each subject. - It represents the "stream" of the same observation being made over time. + Type represents a component, party, location, user, or inventory item. + It will likely be updated once we can map it correctly type: string type: object - relational.Export: + relational.AuthorizationBoundary: properties: - byComponentId: - type: string description: type: string + diagrams: + items: + $ref: '#/definitions/relational.Diagram' + type: array id: type: string links: @@ -4948,220 +5162,235 @@ definitions: items: $ref: '#/definitions/relational.Prop' type: array - provided: - items: - $ref: '#/definitions/relational.ProvidedControlImplementation' - type: array remarks: type: string - responsibilities: - items: - $ref: '#/definitions/relational.ControlImplementationResponsibility' - type: array + systemCharacteristicsId: + type: string type: object - relational.Filter: + relational.AuthorizedPrivilege: properties: - components: - items: - $ref: '#/definitions/relational.SystemComponent' - type: array - controls: + description: + type: string + functions-performed: items: - $ref: '#/definitions/relational.Control' + type: string type: array - filter: - $ref: '#/definitions/datatypes.JSONType-labelfilter_Filter' id: type: string - name: + systemUserId: + type: string + title: type: string type: object - relational.Hash: + relational.BackMatter: properties: - algorithm: - allOf: - - $ref: '#/definitions/relational.HashAlgorithm' - description: required - value: - description: required + id: + type: string + parentID: + type: string + parentType: type: string + resources: + items: + $ref: '#/definitions/relational.BackMatterResource' + type: array type: object - relational.HashAlgorithm: - enum: - - SHA-224 - - SHA-256 - - SHA-384 - - SHA-512 - - SHA3-224 - - SHA3-256 - - SHA3-384 - - SHA3-512 - type: string - x-enum-varnames: - - HashAlgorithmSHA_224 - - HashAlgorithmSHA_256 - - HashAlgorithmSHA_384 - - HashAlgorithmSHA_512 - - HashAlgorithmSHA3_224 - - HashAlgorithmSHA3_256 - - HashAlgorithmSHA3_384 - - HashAlgorithmSHA3_512 - relational.ImplementedComponent: + relational.BackMatterResource: properties: - component: - $ref: '#/definitions/relational.DefinedComponent' - component-uuid: - type: string - id: + backMatterID: type: string - inventoryItemId: + base64: + $ref: '#/definitions/datatypes.JSONType-relational_Base64' + citation: + $ref: '#/definitions/datatypes.JSONType-relational_Citation' + description: type: string - links: + document-ids: items: - $ref: '#/definitions/relational.Link' + $ref: '#/definitions/relational.DocumentID' type: array + id: + description: required + type: string props: items: $ref: '#/definitions/relational.Prop' type: array remarks: type: string - responsible-parties: + rlinks: items: - $ref: '#/definitions/relational.ResponsibleParty' + $ref: '#/definitions/relational.ResourceLink' type: array + title: + type: string type: object - relational.ImplementedRequirementControlImplementation: + relational.ByComponent: properties: - control-id: - description: required - type: string - controlImplementationSetID: + component-uuid: type: string description: - description: required type: string + export: + $ref: '#/definitions/relational.Export' id: type: string + implementation-status: + $ref: '#/definitions/datatypes.JSONType-relational_ImplementationStatus' + inherited-control-implementations: + items: + $ref: '#/definitions/relational.InheritedControlImplementation' + type: array links: items: $ref: '#/definitions/relational.Link' type: array + parentID: + description: As ByComponent can be found in Implemented Requirements & Statements, + using GORM polymorphism to tell us where to attach + type: string + parentType: + type: string props: items: $ref: '#/definitions/relational.Prop' type: array remarks: type: string - responsible-roles: - description: required + responsible-parties: items: $ref: '#/definitions/relational.ResponsibleRole' type: array - set-parameters: + satisfied: items: - $ref: '#/definitions/relational.SetParameter' + $ref: '#/definitions/relational.SatisfiedControlImplementationResponsibility' type: array - statements: + set-parameters: items: - $ref: '#/definitions/relational.ControlStatementImplementation' + $ref: '#/definitions/relational.SetParameter' type: array type: object - relational.ImportComponentDefinition: - properties: - href: - type: string - type: object - relational.IncorporatesComponents: - properties: - component-uuid: - type: string - description: - type: string - type: object - relational.InheritedControlImplementation: + relational.Capability: properties: - byComponentId: + componentDefinition: + $ref: '#/definitions/relational.ComponentDefinition' + componentDefinitionId: type: string + control-implementations: + items: + $ref: '#/definitions/relational.ControlImplementationSet' + type: array description: description: required type: string id: type: string + incorporates-components: + items: + $ref: '#/definitions/relational.IncorporatesComponents' + type: array links: items: $ref: '#/definitions/relational.Link' type: array + name: + description: required + type: string props: items: $ref: '#/definitions/relational.Prop' type: array - provided-uuid: + remarks: type: string - responsible-roles: + type: object + relational.ComponentDefinition: + properties: + back-matter: + $ref: '#/definitions/relational.BackMatter' + capabilities: items: - $ref: '#/definitions/relational.ResponsibleRole' + $ref: '#/definitions/relational.Capability' + type: array + components: + items: + $ref: '#/definitions/relational.DefinedComponent' + type: array + id: + type: string + import-component-definitions: + items: + $ref: '#/definitions/relational.ImportComponentDefinition' type: array + metadata: + allOf: + - $ref: '#/definitions/relational.Metadata' + description: required type: object - relational.InventoryItem: + relational.Control: properties: - description: + catalogID: type: string - evidence: + class: + type: string + controls: items: - $ref: '#/definitions/relational.Evidence' + $ref: '#/definitions/relational.Control' type: array - id: - type: string - implemented-components: + filters: items: - $ref: '#/definitions/relational.ImplementedComponent' + $ref: '#/definitions/relational.Filter' type: array + id: + description: required + type: string links: items: $ref: '#/definitions/relational.Link' type: array - props: + params: items: - $ref: '#/definitions/relational.Prop' + $ref: '#/definitions/relational.Parameter' type: array - remarks: + parentID: type: string - responsible-parties: + parentType: + type: string + parts: items: - $ref: '#/definitions/relational.ResponsibleParty' + $ref: '#/definitions/relational.Part' type: array - systemImplementationId: - type: string - type: object - relational.Labels: - properties: - name: - type: string - value: + props: + items: + $ref: '#/definitions/relational.Prop' + type: array + title: + description: required type: string type: object - relational.Link: + relational.ControlImplementation: properties: - href: - type: string - media-type: - type: string - rel: + description: type: string - resource-fragment: + id: type: string - text: + implemented-requirements: + items: + $ref: '#/definitions/relational.ImplementedRequirement' + type: array + set-parameters: + items: + $ref: '#/definitions/relational.SetParameter' + type: array + systemSecurityPlanId: type: string type: object - relational.Location: + relational.ControlImplementationResponsibility: properties: - address: - $ref: '#/definitions/datatypes.JSONType-relational_Address' - email-addresses: - items: - type: string - type: array + description: + description: required + type: string + exportId: + type: string id: type: string links: @@ -5172,105 +5401,113 @@ definitions: items: $ref: '#/definitions/relational.Prop' type: array - remarks: + provided-uuid: type: string - telephone-numbers: - items: - $ref: '#/definitions/relational.TelephoneNumber' - type: array - title: + remarks: type: string - urls: + responsible-roles: items: - type: string + $ref: '#/definitions/relational.ResponsibleRole' type: array type: object - relational.Metadata: + relational.ControlImplementationSet: properties: - actions: - items: - $ref: '#/definitions/relational.Action' - type: array - document-ids: - description: -> DocumentID - items: - $ref: '#/definitions/relational.DocumentID' - type: array - id: + definedComponent: + $ref: '#/definitions/relational.DefinedComponent' + definedComponentID: type: string - last-modified: + description: + description: required type: string + id: + type: string + implemented-requirements: + description: required + items: + $ref: '#/definitions/relational.ImplementedRequirementControlImplementation' + type: array links: items: $ref: '#/definitions/relational.Link' type: array - locations: + props: items: - $ref: '#/definitions/relational.Location' + $ref: '#/definitions/relational.Prop' type: array - oscal-version: - type: string - parentID: - description: Metadata is shared across many resources, and so it mapped using - a polymorphic relationship - type: string - parentType: - type: string - parties: + set-parameters: items: - $ref: '#/definitions/relational.Party' + $ref: '#/definitions/relational.SetParameter' type: array - props: + source: + description: required + type: string + type: object + relational.ControlObjectiveSelection: + properties: + description: + type: string + excludeObjectives: items: - $ref: '#/definitions/relational.Prop' + $ref: '#/definitions/relational.SelectObjectiveById' type: array - published: - type: string - remarks: + id: type: string - responsibleParties: + includeAll: + $ref: '#/definitions/datatypes.JSONType-relational_IncludeAll' + includeObjectives: items: - $ref: '#/definitions/relational.ResponsibleParty' + $ref: '#/definitions/relational.SelectObjectiveById' type: array - revisions: + links: items: - $ref: '#/definitions/relational.Revision' + $ref: '#/definitions/relational.Link' type: array - roles: + props: items: - $ref: '#/definitions/relational.Role' + $ref: '#/definitions/relational.Prop' type: array - title: + remarks: type: string - version: + reviewedControlsID: type: string type: object - relational.Origin: + relational.ControlSelection: properties: - actors: + description: + type: string + excludeControls: items: - $ref: '#/definitions/oscalTypes_1_1_3.OriginActor' + $ref: '#/definitions/relational.AssessedControlsSelectControlById' type: array - related-tasks: + id: + type: string + includeAll: + $ref: '#/definitions/datatypes.JSONType-relational_IncludeAll' + includeControls: items: - $ref: '#/definitions/oscalTypes_1_1_3.RelatedTask' + $ref: '#/definitions/relational.AssessedControlsSelectControlById' type: array - type: object - relational.Parameter: - properties: - class: - type: string - constraints: + links: items: - $ref: '#/definitions/relational.ParameterConstraint' + $ref: '#/definitions/relational.Link' type: array - guidelines: + props: items: - $ref: '#/definitions/relational.ParameterGuideline' + $ref: '#/definitions/relational.Prop' type: array + remarks: + type: string + reviewedControlsID: + type: string + type: object + relational.ControlStatementImplementation: + properties: + description: + description: required + type: string id: type: string - label: + implementedRequirementControlImplementationId: type: string links: items: @@ -5282,168 +5519,189 @@ definitions: type: array remarks: type: string - select: - $ref: '#/definitions/datatypes.JSONType-relational_ParameterSelection' - usage: - type: string - values: + responsible-roles: items: - type: string + $ref: '#/definitions/relational.ResponsibleRole' type: array + statement-id: + description: required + type: string type: object - relational.ParameterConstraint: + relational.DataFlow: properties: description: type: string - tests: + diagrams: items: - $ref: '#/definitions/relational.ParameterConstraintTest' + $ref: '#/definitions/relational.Diagram' type: array - type: object - relational.ParameterConstraintTest: - properties: - expression: - type: string - remarks: - type: string - type: object - relational.ParameterGuideline: - properties: - prose: - type: string - type: object - relational.Part: - properties: - class: - type: string id: type: string links: items: $ref: '#/definitions/relational.Link' type: array - name: - type: string - ns: - type: string - part_id: - type: string - parts: - description: -> Part - items: - $ref: '#/definitions/relational.Part' - type: array props: items: $ref: '#/definitions/relational.Prop' type: array - prose: + remarks: type: string - title: + systemCharacteristicsId: type: string type: object - relational.Party: + relational.DefinedComponent: properties: - addresses: - items: - $ref: '#/definitions/relational.Address' - type: array - email-addresses: - items: - type: string - type: array - external-ids: + componentDefinition: + $ref: '#/definitions/relational.ComponentDefinition' + componentDefinitionID: + type: string + control-implementations: items: - $ref: '#/definitions/relational.PartyExternalID' + $ref: '#/definitions/relational.ControlImplementationSet' type: array + description: + description: required + type: string id: type: string links: items: $ref: '#/definitions/relational.Link' type: array - locations: + props: items: - $ref: '#/definitions/relational.Location' + $ref: '#/definitions/relational.Prop' type: array - member-of-organizations: - description: -> Party + protocols: items: - $ref: '#/definitions/relational.Party' + $ref: '#/definitions/relational.Protocol' type: array - name: + purpose: type: string - props: - items: - $ref: '#/definitions/relational.Prop' - type: array remarks: type: string - short-name: - type: string - telephone-numbers: + responsible-roles: items: - $ref: '#/definitions/relational.TelephoneNumber' + $ref: '#/definitions/relational.ResponsibleRole' type: array - type: - $ref: '#/definitions/relational.PartyType' + title: + description: required + type: string + type: + description: required + type: string type: object - relational.PartyExternalID: + relational.Diagram: properties: + caption: + type: string + description: + type: string id: type: string + links: + items: + $ref: '#/definitions/relational.Link' + type: array + parentID: + type: string + parentType: + type: string + props: + items: + $ref: '#/definitions/relational.Prop' + type: array + remarks: + type: string + type: object + relational.DocumentID: + properties: + identifier: + type: string scheme: - $ref: '#/definitions/relational.PartyExternalIDScheme' + $ref: '#/definitions/relational.DocumentIDScheme' type: object - relational.PartyExternalIDScheme: - enum: - - http://orcid.org/ - type: string - x-enum-varnames: - - PartyExternalIDSchemeOrchid - relational.PartyType: + relational.DocumentIDScheme: enum: - - person - - organization + - http://www.doi.org/ type: string x-enum-varnames: - - PartyTypePerson - - PartyTypeOrganization - relational.Prop: + - DocumentIDSchemeDoi + relational.Evidence: properties: - class: + activities: + description: What steps did we take to create this evidence + items: + $ref: '#/definitions/relational.Activity' + type: array + back-matter: + $ref: '#/definitions/relational.BackMatter' + components: + description: Which components of the subject are being observed. A tool, user, + policy etc. + items: + $ref: '#/definitions/relational.SystemComponent' + type: array + description: type: string - group: + end: type: string - name: + expires: type: string - ns: + id: type: string + inventory-items: + items: + $ref: '#/definitions/relational.InventoryItem' + type: array + labels: + description: Assigning labels to Evidence makes it searchable and easily usable + in the UI + items: + $ref: '#/definitions/relational.Labels' + type: array + links: + items: + $ref: '#/definitions/relational.Link' + type: array + origins: + description: Who or What is generating this evidence + items: + $ref: '#/definitions/relational.Origin' + type: array + props: + items: + $ref: '#/definitions/relational.Prop' + type: array remarks: type: string - uuid: - type: string - value: - type: string - type: object - relational.Protocol: - properties: - name: + start: + description: When did we start collecting the evidence, and when did the process + end, and how long is it valid for ? type: string - port-ranges: + status: + allOf: + - $ref: '#/definitions/datatypes.JSONType-oscalTypes_1_1_3_ObjectiveStatus' + description: Did we satisfy what was being tested for, or did we fail ? + subjects: + description: Who or What are we providing evidence for. What's under test. items: - $ref: '#/definitions/oscalTypes_1_1_3.PortRange' + $ref: '#/definitions/relational.AssessmentSubject' type: array title: type: string uuid: + description: |- + UUID needs to remain consistent when automation runs again, but unique for each subject. + It represents the "stream" of the same observation being made over time. type: string type: object - relational.ProvidedControlImplementation: + relational.Export: properties: - description: + byComponentId: type: string - exportId: + description: type: string id: type: string @@ -5455,102 +5713,133 @@ definitions: items: $ref: '#/definitions/relational.Prop' type: array + provided: + items: + $ref: '#/definitions/relational.ProvidedControlImplementation' + type: array remarks: type: string - responsible-roles: + responsibilities: items: - $ref: '#/definitions/relational.ResponsibleRole' + $ref: '#/definitions/relational.ControlImplementationResponsibility' type: array type: object - relational.ResourceLink: + relational.Filter: properties: - hashes: + components: items: - $ref: '#/definitions/relational.Hash' + $ref: '#/definitions/relational.SystemComponent' type: array - href: - description: required + controls: + items: + $ref: '#/definitions/relational.Control' + type: array + filter: + $ref: '#/definitions/datatypes.JSONType-labelfilter_Filter' + id: type: string - media-type: + name: type: string type: object - relational.ResponsibleParty: + relational.Hash: + properties: + algorithm: + allOf: + - $ref: '#/definitions/relational.HashAlgorithm' + description: required + value: + description: required + type: string + type: object + relational.HashAlgorithm: + enum: + - SHA-224 + - SHA-256 + - SHA-384 + - SHA-512 + - SHA3-224 + - SHA3-256 + - SHA3-384 + - SHA3-512 + type: string + x-enum-varnames: + - HashAlgorithmSHA_224 + - HashAlgorithmSHA_256 + - HashAlgorithmSHA_384 + - HashAlgorithmSHA_512 + - HashAlgorithmSHA3_224 + - HashAlgorithmSHA3_256 + - HashAlgorithmSHA3_384 + - HashAlgorithmSHA3_512 + relational.ImplementedComponent: properties: + component: + $ref: '#/definitions/relational.DefinedComponent' + component-uuid: + type: string id: type: string + inventoryItemId: + type: string links: items: $ref: '#/definitions/relational.Link' type: array - parentID: - description: Polymorphic relationship - allows ResponsibleParty to belong - to different parent types - type: string - parentType: - type: string - parties: - items: - $ref: '#/definitions/relational.ResponsiblePartyParties' - type: array props: items: $ref: '#/definitions/relational.Prop' type: array remarks: type: string - role: - $ref: '#/definitions/relational.Role' - role-id: - description: required - type: string + responsible-parties: + items: + $ref: '#/definitions/relational.ResponsibleParty' + type: array type: object - relational.ResponsiblePartyParties: + relational.ImplementedRequirement: properties: - partyID: + by-components: + items: + $ref: '#/definitions/relational.ByComponent' + type: array + control-id: type: string - responsiblePartyID: + controlImplementationId: type: string - type: object - relational.ResponsibleRole: - properties: id: type: string links: items: $ref: '#/definitions/relational.Link' type: array - parentID: - type: string - parentType: - type: string - parties: - items: - $ref: '#/definitions/relational.Party' - type: array props: items: $ref: '#/definitions/relational.Prop' type: array remarks: type: string - role: - $ref: '#/definitions/relational.Role' - role-id: - description: required - type: string - type: object - relational.ReviewedControls: - properties: - controlObjectiveSelections: + responsible-roles: items: - $ref: '#/definitions/relational.ControlObjectiveSelection' + $ref: '#/definitions/relational.ResponsibleRole' type: array - controlSelections: - description: required + set-parameters: items: - $ref: '#/definitions/relational.ControlSelection' + $ref: '#/definitions/relational.SetParameter' + type: array + statements: + items: + $ref: '#/definitions/relational.Statement' type: array + type: object + relational.ImplementedRequirementControlImplementation: + properties: + control-id: + description: required + type: string + controlImplementationSetID: + type: string description: + description: required type: string id: type: string @@ -5564,40 +5853,61 @@ definitions: type: array remarks: type: string - type: object - relational.Revision: - properties: - id: - type: string - last-modified: - type: string - links: + responsible-roles: + description: required items: - $ref: '#/definitions/relational.Link' + $ref: '#/definitions/relational.ResponsibleRole' type: array - metadata-id: - description: Revision only exist on a metadata object. We'll link them straight - there with a BelongsTo relationship + set-parameters: + items: + $ref: '#/definitions/relational.SetParameter' + type: array + statements: + items: + $ref: '#/definitions/relational.ControlStatementImplementation' + type: array + type: object + relational.Import: + properties: + exclude-controls: + items: + $ref: '#/definitions/relational.SelectControlById' + type: array + href: + description: |- + Href as per the OSCAL docs can be an absolute network path (potentially remote), relative or a URI fragment + for the moment to make the system's life easier, it should be a URI fragment to back-matter and try and resolve + back to an ingested catalog. type: string - oscal-version: + id: type: string - props: + include-all: + $ref: '#/definitions/datatypes.JSONType-relational_IncludeAll' + include-controls: items: - $ref: '#/definitions/relational.Prop' + $ref: '#/definitions/relational.SelectControlById' type: array - published: + profileID: type: string - remarks: + type: object + relational.ImportComponentDefinition: + properties: + href: type: string - title: + type: object + relational.IncorporatesComponents: + properties: + component-uuid: type: string - version: - description: required + description: type: string type: object - relational.Role: + relational.InheritedControlImplementation: properties: + byComponentId: + type: string description: + description: required type: string id: type: string @@ -5609,21 +5919,27 @@ definitions: items: $ref: '#/definitions/relational.Prop' type: array - remarks: - type: string - short-name: - type: string - title: + provided-uuid: type: string + responsible-roles: + items: + $ref: '#/definitions/relational.ResponsibleRole' + type: array type: object - relational.SatisfiedControlImplementationResponsibility: + relational.InventoryItem: properties: - by-component-id: - type: string description: type: string + evidence: + items: + $ref: '#/definitions/relational.Evidence' + type: array id: type: string + implemented-components: + items: + $ref: '#/definitions/relational.ImplementedComponent' + type: array links: items: $ref: '#/definitions/relational.Link' @@ -5634,28 +5950,23 @@ definitions: type: array remarks: type: string - responsibility-uuid: - type: string - responsible-roles: + responsible-parties: items: - $ref: '#/definitions/relational.ResponsibleRole' + $ref: '#/definitions/relational.ResponsibleParty' type: array + systemImplementationId: + type: string type: object - relational.SelectObjectiveById: + relational.Labels: properties: - id: - type: string - objective: - description: required - type: string - parentID: + name: type: string - parentType: + value: type: string type: object - relational.SelectSubjectById: + relational.LeveragedAuthorization: properties: - assessmentSubjectID: + date-authorized: type: string id: type: string @@ -5663,39 +5974,42 @@ definitions: items: $ref: '#/definitions/relational.Link' type: array + party-uuid: + type: string props: items: $ref: '#/definitions/relational.Prop' type: array remarks: type: string - subjectUUID: - description: |- - SubjectUUID technically represents a UUID of a component, party, location, user, or inventory item. - It will likely be updated once we can map it correctly + systemImplementationId: + type: string + title: type: string type: object - relational.SetParameter: + relational.Link: properties: - param-id: + href: type: string - remarks: + media-type: + type: string + rel: + type: string + resource-fragment: + type: string + text: type: string - values: - items: - type: string - type: array type: object - relational.Statement: + relational.Location: properties: - by-components: + address: + $ref: '#/definitions/datatypes.JSONType-relational_Address' + email-addresses: items: - $ref: '#/definitions/relational.ByComponent' + type: string type: array id: type: string - implementedRequirementId: - type: string links: items: $ref: '#/definitions/relational.Link' @@ -5706,54 +6020,117 @@ definitions: type: array remarks: type: string - responsible-roles: + telephone-numbers: items: - $ref: '#/definitions/relational.ResponsibleRole' + $ref: '#/definitions/relational.TelephoneNumber' type: array - statement-id: + title: type: string + urls: + items: + type: string + type: array type: object - relational.Step: + relational.Matching: properties: - activityID: + pattern: type: string - description: - description: required + type: object + relational.Merge: + properties: + as-is: + type: boolean + combine: + $ref: '#/definitions/datatypes.JSONType-relational_CombinationRule' + flat: + $ref: '#/definitions/datatypes.JSONType-relational_FlatWithoutGrouping' + id: + type: string + profileID: type: string + type: object + relational.Metadata: + properties: + actions: + items: + $ref: '#/definitions/relational.Action' + type: array + document-ids: + description: -> DocumentID + items: + $ref: '#/definitions/relational.DocumentID' + type: array id: type: string + last-modified: + type: string links: items: $ref: '#/definitions/relational.Link' type: array + locations: + items: + $ref: '#/definitions/relational.Location' + type: array + oscal-version: + type: string + parentID: + description: Metadata is shared across many resources, and so it mapped using + a polymorphic relationship + type: string + parentType: + type: string + parties: + items: + $ref: '#/definitions/relational.Party' + type: array props: items: $ref: '#/definitions/relational.Prop' type: array + published: + type: string remarks: type: string - responsible-roles: + responsibleParties: items: - $ref: '#/definitions/relational.ResponsibleRole' + $ref: '#/definitions/relational.ResponsibleParty' + type: array + revisions: + items: + $ref: '#/definitions/relational.Revision' + type: array + roles: + items: + $ref: '#/definitions/relational.Role' type: array - reviewed-controls: - $ref: '#/definitions/relational.ReviewedControls' - reviewedControlsID: - type: string title: type: string + version: + type: string type: object - relational.SystemComponent: + relational.Modify: properties: - description: + alters: + items: + $ref: '#/definitions/relational.Alteration' + type: array + id: type: string - evidence: + profileID: + type: string + set-parameters: items: - $ref: '#/definitions/relational.Evidence' + $ref: '#/definitions/relational.ParameterSetting' type: array - filters: + type: object + relational.NetworkArchitecture: + properties: + description: + type: string + diagrams: items: - $ref: '#/definitions/relational.Filter' + $ref: '#/definitions/relational.Diagram' type: array id: type: string @@ -5765,152 +6142,6036 @@ definitions: items: $ref: '#/definitions/relational.Prop' type: array - protocols: - items: - $ref: '#/definitions/relational.Protocol' - type: array - purpose: - type: string remarks: type: string - responsible-roles: + systemCharacteristicsId: + type: string + type: object + relational.Origin: + properties: + actors: items: - $ref: '#/definitions/relational.ResponsibleRole' + $ref: '#/definitions/oscalTypes_1_1_3.OriginActor' + type: array + related-tasks: + items: + $ref: '#/definitions/oscalTypes_1_1_3.RelatedTask' type: array - status: - $ref: '#/definitions/datatypes.JSONType-relational_SystemComponentStatus' - systemImplementationId: - type: string - title: - type: string - type: - type: string type: object - relational.TelephoneNumber: + relational.Parameter: properties: - number: + class: type: string - type: - $ref: '#/definitions/relational.TelephoneNumberType' - type: object - relational.TelephoneNumberType: - enum: - - home - - office - - mobile + constraints: + items: + $ref: '#/definitions/relational.ParameterConstraint' + type: array + guidelines: + items: + $ref: '#/definitions/relational.ParameterGuideline' + type: array + id: + type: string + label: + type: string + links: + items: + $ref: '#/definitions/relational.Link' + type: array + props: + items: + $ref: '#/definitions/relational.Prop' + type: array + remarks: + type: string + select: + $ref: '#/definitions/datatypes.JSONType-relational_ParameterSelection' + usage: + type: string + values: + items: + type: string + type: array + type: object + relational.ParameterConstraint: + properties: + description: + type: string + tests: + items: + $ref: '#/definitions/relational.ParameterConstraintTest' + type: array + type: object + relational.ParameterConstraintTest: + properties: + expression: + type: string + remarks: + type: string + type: object + relational.ParameterGuideline: + properties: + prose: + type: string + type: object + relational.ParameterSetting: + properties: + class: + type: string + constraints: + items: + $ref: '#/definitions/relational.ParameterConstraint' + type: array + depends-on: + type: string + guidelines: + items: + $ref: '#/definitions/relational.ParameterGuideline' + type: array + id: + type: string + label: + type: string + links: + items: + $ref: '#/definitions/relational.Link' + type: array + modifyID: + type: string + param-id: + description: required + type: string + props: + items: + $ref: '#/definitions/relational.Prop' + type: array + select: + $ref: '#/definitions/datatypes.JSONType-relational_ParameterSelection' + values: + items: + type: string + type: array + type: object + relational.Part: + properties: + class: + type: string + id: + type: string + links: + items: + $ref: '#/definitions/relational.Link' + type: array + name: + type: string + ns: + type: string + part_id: + type: string + parts: + description: -> Part + items: + $ref: '#/definitions/relational.Part' + type: array + props: + items: + $ref: '#/definitions/relational.Prop' + type: array + prose: + type: string + title: + type: string + type: object + relational.Party: + properties: + addresses: + items: + $ref: '#/definitions/relational.Address' + type: array + email-addresses: + items: + type: string + type: array + external-ids: + items: + $ref: '#/definitions/relational.PartyExternalID' + type: array + id: + type: string + links: + items: + $ref: '#/definitions/relational.Link' + type: array + locations: + items: + $ref: '#/definitions/relational.Location' + type: array + member-of-organizations: + description: -> Party + items: + $ref: '#/definitions/relational.Party' + type: array + name: + type: string + props: + items: + $ref: '#/definitions/relational.Prop' + type: array + remarks: + type: string + short-name: + type: string + telephone-numbers: + items: + $ref: '#/definitions/relational.TelephoneNumber' + type: array + type: + $ref: '#/definitions/relational.PartyType' + type: object + relational.PartyExternalID: + properties: + id: + type: string + scheme: + $ref: '#/definitions/relational.PartyExternalIDScheme' + type: object + relational.PartyExternalIDScheme: + enum: + - http://orcid.org/ type: string x-enum-varnames: - - TelephoneNumberTypeHome - - TelephoneNumberTypeOffice - - TelephoneNumberTypeMobile - relational.User: + - PartyExternalIDSchemeOrchid + relational.PartyType: + enum: + - person + - organization + type: string + x-enum-varnames: + - PartyTypePerson + - PartyTypeOrganization + relational.Profile: properties: - authMethod: + back-matter: + $ref: '#/definitions/relational.BackMatter' + controls: + items: + $ref: '#/definitions/relational.Control' + type: array + id: type: string - createdAt: + imports: + items: + $ref: '#/definitions/relational.Import' + type: array + merge: + $ref: '#/definitions/relational.Merge' + metadata: + $ref: '#/definitions/relational.Metadata' + modify: + $ref: '#/definitions/relational.Modify' + type: object + relational.Prop: + properties: + class: type: string - deletedAt: - allOf: - - $ref: '#/definitions/gorm.DeletedAt' - description: Soft delete - digestSubscribed: - description: DigestSubscribed indicates if the user wants to receive evidence - digest emails - type: boolean - email: + group: type: string - failedLogins: - type: integer - firstName: + name: type: string - id: + ns: type: string - isActive: - type: boolean - isLocked: - type: boolean - lastLogin: + remarks: type: string - lastName: + uuid: type: string - updatedAt: + value: + type: string + type: object + relational.Protocol: + properties: + name: + type: string + port-ranges: + items: + $ref: '#/definitions/oscalTypes_1_1_3.PortRange' + type: array + title: + type: string + uuid: + type: string + type: object + relational.ProvidedControlImplementation: + properties: + description: + type: string + exportId: + type: string + id: + type: string + links: + items: + $ref: '#/definitions/relational.Link' + type: array + props: + items: + $ref: '#/definitions/relational.Prop' + type: array + remarks: + type: string + responsible-roles: + items: + $ref: '#/definitions/relational.ResponsibleRole' + type: array + type: object + relational.Removal: + properties: + by-class: + type: string + by-id: + type: string + by-item-name: + type: string + by-name: + type: string + by-ns: + type: string + type: object + relational.ResourceLink: + properties: + hashes: + items: + $ref: '#/definitions/relational.Hash' + type: array + href: + description: required + type: string + media-type: + type: string + type: object + relational.ResponsibleParty: + properties: + id: + type: string + links: + items: + $ref: '#/definitions/relational.Link' + type: array + parentID: + description: Polymorphic relationship - allows ResponsibleParty to belong + to different parent types + type: string + parentType: + type: string + parties: + items: + $ref: '#/definitions/relational.ResponsiblePartyParties' + type: array + props: + items: + $ref: '#/definitions/relational.Prop' + type: array + remarks: + type: string + role: + $ref: '#/definitions/relational.Role' + role-id: + description: required + type: string + type: object + relational.ResponsiblePartyParties: + properties: + partyID: + type: string + responsiblePartyID: + type: string + type: object + relational.ResponsibleRole: + properties: + id: + type: string + links: + items: + $ref: '#/definitions/relational.Link' + type: array + parentID: + type: string + parentType: + type: string + parties: + items: + $ref: '#/definitions/relational.Party' + type: array + props: + items: + $ref: '#/definitions/relational.Prop' + type: array + remarks: + type: string + role: + $ref: '#/definitions/relational.Role' + role-id: + description: required + type: string + type: object + relational.ReviewedControls: + properties: + controlObjectiveSelections: + items: + $ref: '#/definitions/relational.ControlObjectiveSelection' + type: array + controlSelections: + description: required + items: + $ref: '#/definitions/relational.ControlSelection' + type: array + description: + type: string + id: + type: string + links: + items: + $ref: '#/definitions/relational.Link' + type: array + props: + items: + $ref: '#/definitions/relational.Prop' + type: array + remarks: + type: string + type: object + relational.Revision: + properties: + id: + type: string + last-modified: + type: string + links: + items: + $ref: '#/definitions/relational.Link' + type: array + metadata-id: + description: Revision only exist on a metadata object. We'll link them straight + there with a BelongsTo relationship + type: string + oscal-version: + type: string + props: + items: + $ref: '#/definitions/relational.Prop' + type: array + published: + type: string + remarks: + type: string + title: + type: string + version: + description: required + type: string + type: object + relational.Role: + properties: + description: + type: string + id: + type: string + links: + items: + $ref: '#/definitions/relational.Link' + type: array + props: + items: + $ref: '#/definitions/relational.Prop' + type: array + remarks: + type: string + short-name: + type: string + title: + type: string + type: object + relational.SatisfiedControlImplementationResponsibility: + properties: + by-component-id: + type: string + description: + type: string + id: + type: string + links: + items: + $ref: '#/definitions/relational.Link' + type: array + props: + items: + $ref: '#/definitions/relational.Prop' + type: array + remarks: + type: string + responsibility-uuid: + type: string + responsible-roles: + items: + $ref: '#/definitions/relational.ResponsibleRole' + type: array + type: object + relational.SelectControlById: + properties: + id: + type: string + matching: + items: + $ref: '#/definitions/relational.Matching' + type: array + parentID: + type: string + parentType: + type: string + with-child-controls: + type: string + with-ids: + items: + type: string + type: array + type: object + relational.SelectObjectiveById: + properties: + id: + type: string + objective: + description: required + type: string + parentID: + type: string + parentType: + type: string + type: object + relational.SelectSubjectById: + properties: + assessmentSubjectID: + type: string + id: + type: string + links: + items: + $ref: '#/definitions/relational.Link' + type: array + props: + items: + $ref: '#/definitions/relational.Prop' + type: array + remarks: + type: string + subjectUUID: + description: |- + SubjectUUID technically represents a UUID of a component, party, location, user, or inventory item. + It will likely be updated once we can map it correctly + type: string + type: object + relational.SetParameter: + properties: + param-id: + type: string + remarks: + type: string + values: + items: + type: string + type: array + type: object + relational.Statement: + properties: + by-components: + items: + $ref: '#/definitions/relational.ByComponent' + type: array + id: + type: string + implementedRequirementId: + type: string + links: + items: + $ref: '#/definitions/relational.Link' + type: array + props: + items: + $ref: '#/definitions/relational.Prop' + type: array + remarks: + type: string + responsible-roles: + items: + $ref: '#/definitions/relational.ResponsibleRole' + type: array + statement-id: + type: string + type: object + relational.Step: + properties: + activityID: + type: string + description: + description: required + type: string + id: + type: string + links: + items: + $ref: '#/definitions/relational.Link' + type: array + props: + items: + $ref: '#/definitions/relational.Prop' + type: array + remarks: + type: string + responsible-roles: + items: + $ref: '#/definitions/relational.ResponsibleRole' + type: array + reviewed-controls: + $ref: '#/definitions/relational.ReviewedControls' + reviewedControlsID: + type: string + title: + type: string + type: object + relational.SystemCharacteristics: + properties: + authorization-boundary: + $ref: '#/definitions/relational.AuthorizationBoundary' + dataFlow: + $ref: '#/definitions/relational.DataFlow' + date-authorized: + type: string + description: + type: string + id: + type: string + links: + items: + $ref: '#/definitions/relational.Link' + type: array + networkArchitecture: + $ref: '#/definitions/relational.NetworkArchitecture' + props: + items: + $ref: '#/definitions/relational.Prop' + type: array + remarks: + type: string + responsible-parties: + items: + $ref: '#/definitions/relational.ResponsibleParty' + type: array + security-impact-level: + $ref: '#/definitions/datatypes.JSONType-relational_SecurityImpactLevel' + security-sensitivity-level: + type: string + status: + $ref: '#/definitions/datatypes.JSONType-relational_Status' + system-ids: + items: + $ref: '#/definitions/relational.SystemId' + type: array + system-information: + $ref: '#/definitions/datatypes.JSONType-relational_SystemInformation' + system-name: + type: string + system-name-short: + type: string + systemSecurityPlanId: + type: string + type: object + relational.SystemComponent: + properties: + definedComponentId: + type: string + description: + type: string + evidence: + items: + $ref: '#/definitions/relational.Evidence' + type: array + filters: + items: + $ref: '#/definitions/relational.Filter' + type: array + id: + type: string + links: + items: + $ref: '#/definitions/relational.Link' + type: array + props: + items: + $ref: '#/definitions/relational.Prop' + type: array + protocols: + items: + $ref: '#/definitions/relational.Protocol' + type: array + purpose: + type: string + remarks: + type: string + responsible-roles: + items: + $ref: '#/definitions/relational.ResponsibleRole' + type: array + status: + $ref: '#/definitions/datatypes.JSONType-relational_SystemComponentStatus' + systemImplementationId: + type: string + title: + type: string + type: + type: string + type: object + relational.SystemComponentSuggestion: + properties: + componentDefinitionId: + type: string + definedComponentId: + type: string + description: + type: string + name: + type: string + purpose: + type: string + type: + type: string + type: object + relational.SystemId: + properties: + id: + type: string + identifier-type: + type: string + type: object + relational.SystemImplementation: + properties: + components: + items: + $ref: '#/definitions/relational.SystemComponent' + type: array + id: + type: string + inventory-items: + items: + $ref: '#/definitions/relational.InventoryItem' + type: array + leveraged-authorizations: + items: + $ref: '#/definitions/relational.LeveragedAuthorization' + type: array + links: + items: + $ref: '#/definitions/relational.Link' + type: array + props: + items: + $ref: '#/definitions/relational.Prop' + type: array + remarks: + type: string + systemSecurityPlanId: + type: string + users: + items: + $ref: '#/definitions/relational.SystemUser' + type: array + type: object + relational.SystemSecurityPlan: + properties: + back-matter: + $ref: '#/definitions/relational.BackMatter' + control-implementation: + $ref: '#/definitions/relational.ControlImplementation' + id: + type: string + import-profile: + $ref: '#/definitions/datatypes.JSONType-relational_ImportProfile' + metadata: + $ref: '#/definitions/relational.Metadata' + profile: + $ref: '#/definitions/relational.Profile' + profileID: + type: string + system-characteristics: + $ref: '#/definitions/relational.SystemCharacteristics' + system-implementation: + $ref: '#/definitions/relational.SystemImplementation' + type: object + relational.SystemUser: + properties: + authorized-privileges: + items: + $ref: '#/definitions/relational.AuthorizedPrivilege' + type: array + description: + type: string + id: + type: string + links: + items: + $ref: '#/definitions/relational.Link' + type: array + props: + items: + $ref: '#/definitions/relational.Prop' + type: array + remarks: + type: string + role-ids: + items: + type: string + type: array + short-name: + type: string + systemImplementationId: + type: string + title: + type: string + type: object + relational.TelephoneNumber: + properties: + number: + type: string + type: + $ref: '#/definitions/relational.TelephoneNumberType' + type: object + relational.TelephoneNumberType: + enum: + - home + - office + - mobile + type: string + x-enum-varnames: + - TelephoneNumberTypeHome + - TelephoneNumberTypeOffice + - TelephoneNumberTypeMobile + relational.User: + properties: + authMethod: + type: string + createdAt: + type: string + deletedAt: + allOf: + - $ref: '#/definitions/gorm.DeletedAt' + description: Soft delete + digestSubscribed: + description: DigestSubscribed indicates if the user wants to receive evidence + digest emails + type: boolean + email: + type: string + failedLogins: + type: integer + firstName: + type: string + id: + type: string + isActive: + type: boolean + isLocked: + type: boolean + lastLogin: + type: string + lastName: + type: string + taskAvailableEmailSubscribed: + description: TaskAvailableEmailSubscribed indicates if the user wants an email + when tasks become available + type: boolean + taskDailyDigestSubscribed: + description: TaskDailyDigestSubscribed indicates if the user wants to receive + a daily task digest email + type: boolean + updatedAt: + type: string + userAttributes: + type: string + type: object + risks.RiskComponentLink: + properties: + componentId: + type: string + createdAt: + type: string + createdById: + type: string + riskId: + type: string + type: object + risks.RiskControlLink: + properties: + catalogId: + type: string + controlId: + type: string + createdAt: + type: string + createdById: + type: string + riskId: + type: string + type: object + risks.RiskEvidenceLink: + properties: + createdAt: + type: string + createdById: + type: string + evidenceId: + description: EvidenceID stores the evidence stream UUID (evidences.uuid), + not a single evidence row ID. + type: string + riskId: + type: string + type: object + risks.RiskSubjectLink: + properties: + createdAt: + type: string + createdById: + type: string + riskId: + type: string + subjectId: + type: string + type: object + service.ListResponse-handler_riskResponse: + properties: + data: + items: + $ref: '#/definitions/handler.riskResponse' + type: array + limit: + type: integer + page: + type: integer + total: + type: integer + totalPages: + type: integer + type: object + service.ListResponse-risks_RiskComponentLink: + properties: + data: + items: + $ref: '#/definitions/risks.RiskComponentLink' + type: array + limit: + type: integer + page: + type: integer + total: + type: integer + totalPages: + type: integer + type: object + service.ListResponse-risks_RiskControlLink: + properties: + data: + items: + $ref: '#/definitions/risks.RiskControlLink' + type: array + limit: + type: integer + page: + type: integer + total: + type: integer + totalPages: + type: integer + type: object + service.ListResponse-risks_RiskSubjectLink: + properties: + data: + items: + $ref: '#/definitions/risks.RiskSubjectLink' + type: array + limit: + type: integer + page: + type: integer + total: + type: integer + totalPages: + type: integer + type: object + service.ListResponse-templates_evidenceTemplateResponse: + properties: + data: + items: + $ref: '#/definitions/templates.evidenceTemplateResponse' + type: array + limit: + type: integer + page: + type: integer + total: + type: integer + totalPages: + type: integer + type: object + service.ListResponse-templates_riskTemplateResponse: + properties: + data: + items: + $ref: '#/definitions/templates.riskTemplateResponse' + type: array + limit: + type: integer + page: + type: integer + total: + type: integer + totalPages: + type: integer + type: object + service.ListResponse-templates_subjectTemplateResponse: + properties: + data: + items: + $ref: '#/definitions/templates.subjectTemplateResponse' + type: array + limit: + type: integer + page: + type: integer + total: + type: integer + totalPages: + type: integer + type: object + service.ListResponse-uuid_UUID: + properties: + data: + items: + type: string + type: array + limit: + type: integer + page: + type: integer + total: + type: integer + totalPages: + type: integer + type: object + templates.evidenceTemplateDataResponse: + properties: + data: + $ref: '#/definitions/templates.evidenceTemplateResponse' + type: object + templates.evidenceTemplateLabelSchemaFieldRequest: + properties: + description: + type: string + key: + type: string + required: + type: boolean + type: object + templates.evidenceTemplateLabelSchemaFieldResponse: + properties: + description: + type: string + key: + type: string + required: + type: boolean + type: object + templates.evidenceTemplateResponse: + properties: + createdAt: + type: string + description: + type: string + id: + type: string + isActive: + type: boolean + labelSchema: + items: + $ref: '#/definitions/templates.evidenceTemplateLabelSchemaFieldResponse' + type: array + methods: + items: + type: string + type: array + pluginId: + type: string + policyPackage: + type: string + riskTemplateIds: + items: + type: string + type: array + selectorLabels: + items: + $ref: '#/definitions/templates.evidenceTemplateSelectorLabelResponse' + type: array + subjectTemplateIds: + items: + type: string + type: array + title: + type: string + updatedAt: + type: string + type: object + templates.evidenceTemplateSelectorLabelRequest: + properties: + key: + type: string + value: + type: string + type: object + templates.evidenceTemplateSelectorLabelResponse: + properties: + key: + type: string + value: + type: string + type: object + templates.remediationTaskRequest: + properties: + orderIndex: + type: integer + title: + type: string + type: object + templates.remediationTaskResponse: + properties: + id: + type: string + orderIndex: + type: integer + title: + type: string + type: object + templates.remediationTemplateRequest: + properties: + description: + type: string + tasks: + items: + $ref: '#/definitions/templates.remediationTaskRequest' + type: array + title: + type: string + type: object + templates.remediationTemplateResponse: + properties: + description: + type: string + id: + type: string + tasks: + items: + $ref: '#/definitions/templates.remediationTaskResponse' + type: array + title: + type: string + type: object + templates.riskTemplateDataResponse: + properties: + data: + $ref: '#/definitions/templates.riskTemplateResponse' + type: object + templates.riskTemplateResponse: + properties: + createdAt: + type: string + id: + type: string + impactHint: + type: string + isActive: + type: boolean + likelihoodHint: + type: string + name: + type: string + pluginId: + type: string + policyPackage: + type: string + remediationTemplate: + $ref: '#/definitions/templates.remediationTemplateResponse' + statement: + type: string + threatIds: + items: + $ref: '#/definitions/templates.threatIDResponse' + type: array + title: + type: string + updatedAt: + type: string + violationIds: + items: + type: string + type: array + type: object + templates.subjectTemplateDataResponse: + properties: + data: + $ref: '#/definitions/templates.subjectTemplateResponse' + type: object + templates.subjectTemplateLabelSchemaFieldRequest: + properties: + description: + type: string + key: + type: string + type: object + templates.subjectTemplateLabelSchemaFieldResponse: + properties: + description: + type: string + key: + type: string + type: object + templates.subjectTemplateResponse: + properties: + createdAt: + type: string + descriptionTemplate: + type: string + id: + type: string + identityLabelKeys: + items: + type: string + type: array + labelSchema: + items: + $ref: '#/definitions/templates.subjectTemplateLabelSchemaFieldResponse' + type: array + links: + items: + $ref: '#/definitions/relational.Link' + type: array + name: + type: string + props: + items: + $ref: '#/definitions/relational.Prop' + type: array + purposeTemplate: + type: string + remarksTemplate: + type: string + selectorLabels: + items: + $ref: '#/definitions/templates.subjectTemplateSelectorLabelResponse' + type: array + sourceMode: + type: string + titleTemplate: + type: string + type: + type: string + updatedAt: + type: string + type: object + templates.subjectTemplateSelectorLabelRequest: + properties: + key: + type: string + value: + type: string + type: object + templates.subjectTemplateSelectorLabelResponse: + properties: + key: + type: string + value: + type: string + type: object + templates.threatIDRequest: + properties: + id: + type: string + system: + type: string + title: + type: string + url: + type: string + type: object + templates.threatIDResponse: + properties: + id: + type: string + system: + type: string + title: + type: string + url: + type: string + type: object + templates.upsertEvidenceTemplateRequest: + properties: + description: + type: string + isActive: + type: boolean + labelSchema: + items: + $ref: '#/definitions/templates.evidenceTemplateLabelSchemaFieldRequest' + type: array + methods: + items: + type: string + type: array + pluginId: + type: string + policyPackage: + type: string + riskTemplateIds: + items: + type: string + type: array + selectorLabels: + items: + $ref: '#/definitions/templates.evidenceTemplateSelectorLabelRequest' + type: array + subjectTemplateIds: + items: + type: string + type: array + title: + type: string + type: object + templates.upsertRiskTemplateRequest: + properties: + impactHint: + type: string + isActive: + type: boolean + likelihoodHint: + type: string + name: + type: string + pluginId: + type: string + policyPackage: + type: string + remediationTemplate: + $ref: '#/definitions/templates.remediationTemplateRequest' + statement: + type: string + threatIds: + items: + $ref: '#/definitions/templates.threatIDRequest' + type: array + title: + type: string + violationIds: + items: + type: string + type: array + type: object + templates.upsertSubjectTemplateRequest: + properties: + descriptionTemplate: + type: string + identityLabelKeys: + items: + type: string + type: array + labelSchema: + items: + $ref: '#/definitions/templates.subjectTemplateLabelSchemaFieldRequest' + type: array + links: + items: + $ref: '#/definitions/relational.Link' + type: array + name: + type: string + props: + items: + $ref: '#/definitions/relational.Prop' + type: array + purposeTemplate: + type: string + remarksTemplate: + type: string + selectorLabels: + items: + $ref: '#/definitions/templates.subjectTemplateSelectorLabelRequest' + type: array + sourceMode: + type: string + titleTemplate: + type: string + type: + type: string + required: + - identityLabelKeys + - labelSchema + - name + - selectorLabels + - sourceMode + - type + type: object + time.Duration: + enum: + - -9223372036854775808 + - 9223372036854775807 + - 1 + - 1000 + - 1000000 + - 1000000000 + - 60000000000 + - 3600000000000 + format: int64 + type: integer + x-enum-varnames: + - minDuration + - maxDuration + - Nanosecond + - Microsecond + - Millisecond + - Second + - Minute + - Hour + workflow.EvidenceSubmission: + properties: + description: + type: string + evidence-id: + type: string + evidence-type: + type: string + file-content: + description: Base64 encoded file content + type: string + file-hash: + type: string + file-path: + type: string + file-size: + type: integer + media-type: + description: MIME type (e.g., "application/pdf", "image/png") + type: string + metadata: + type: string + name: + type: string + type: object + workflow.ExecutionMetrics: + properties: + averageStepDuration: + $ref: '#/definitions/time.Duration' + duration: + $ref: '#/definitions/time.Duration' + executionID: + type: string + longestStepDuration: + $ref: '#/definitions/time.Duration' + totalSteps: + type: integer + type: object + workflow.ExecutionStatus: + properties: + blockedSteps: + type: integer + cancelledSteps: + type: integer + completedAt: + type: string + completedSteps: + type: integer + executionID: + type: string + failedAt: + type: string + failedSteps: + type: integer + failureReason: + type: string + inProgressSteps: + type: integer + overdueSteps: + type: integer + pendingSteps: + type: integer + startedAt: + type: string + status: + type: string + totalSteps: + type: integer + type: object + workflows.BulkReassignRoleResponse: + properties: + data: + $ref: '#/definitions/workflows.BulkReassignRoleResponseData' + type: object + workflows.BulkReassignRoleResponseData: + properties: + execution-id: + type: string + reassigned-count: + type: integer + reassigned-step-execution-ids: + items: + type: string + type: array + role-name: + type: string + type: object + workflows.CancelWorkflowExecutionRequest: + properties: + reason: + type: string + type: object + workflows.ControlRelationship: + properties: + catalog_id: + description: Link to catalog if available + type: string + control_id: + description: Control Information + type: string + control_source: + description: e.g., "NIST 800-53 Rev 5", "ISO 27001" + type: string + created-at: + type: string + deleted_at: + $ref: '#/definitions/gorm.DeletedAt' + id: + type: string + is_active: + type: boolean + relationship_type: + description: Relationship Information + type: string + strength: + description: primary, secondary, supporting + type: string + updated-at: + type: string + workflow_definition: + allOf: + - $ref: '#/definitions/workflows.WorkflowDefinition' + description: Relationships + workflow_definition_id: + description: Foreign Keys + type: string + type: object + workflows.ControlRelationshipListResponse: + properties: + data: + items: + $ref: '#/definitions/workflows.ControlRelationship' + type: array + type: object + workflows.ControlRelationshipResponse: + properties: + data: + $ref: '#/definitions/workflows.ControlRelationship' + type: object + workflows.CreateControlRelationshipRequest: + properties: + catalog-id: + type: string + control-id: + type: string + description: + type: string + is-active: + type: boolean + relationship-type: + description: If not provided - 'satisfies' is used + type: string + strength: + description: If not provided - 'primary' is used + type: string + workflow-definition-id: + type: string + required: + - catalog-id + - control-id + - workflow-definition-id + type: object + workflows.CreateRoleAssignmentRequest: + properties: + assigned-to-id: + type: string + assigned-to-type: + type: string + is-active: + type: boolean + role-name: + type: string + workflow-instance-id: + type: string + required: + - assigned-to-id + - assigned-to-type + - role-name + - workflow-instance-id + type: object + workflows.CreateWorkflowDefinitionRequest: + properties: + description: + type: string + evidence-required: + type: string + grace-period-days: + type: integer + name: + type: string + suggested-cadence: + type: string + version: + type: string + required: + - name + type: object + workflows.CreateWorkflowInstanceRequest: + properties: + cadence: + type: string + description: + type: string + grace-period-days: + type: integer + is-active: + type: boolean + name: + type: string + system-id: + type: string + workflow-definition-id: + type: string + required: + - name + - system-id + - workflow-definition-id + type: object + workflows.CreateWorkflowStepDefinitionRequest: + properties: + depends-on: + description: Array of step IDs this step depends on + items: + type: string + type: array + description: + type: string + estimated-duration: + type: integer + evidence-required: + items: + $ref: '#/definitions/workflows.EvidenceRequirement' + type: array + grace-period-days: + type: integer + name: + type: string + responsible-role: + type: string + workflow-definition-id: + type: string + required: + - name + - responsible-role + - workflow-definition-id + type: object + workflows.EvidenceRequirement: + properties: + description: + type: string + required: + type: boolean + type: + type: string + type: object + workflows.FailStepRequest: + properties: + reason: + type: string + required: + - reason + type: object + workflows.MyAssignmentsResponse: + properties: + data: + items: + $ref: '#/definitions/workflows.StepExecution' + type: array + has-more: + type: boolean + limit: + type: integer + offset: + type: integer + total: + type: integer + type: object + workflows.ReassignRoleRequest: + properties: + new-assigned-to-id: + type: string + new-assigned-to-type: + enum: + - user + - group + - email + type: string + reason: + type: string + role-name: + type: string + required: + - new-assigned-to-id + - new-assigned-to-type + - role-name + type: object + workflows.ReassignStepRequest: + properties: + assigned-to-id: + type: string + assigned-to-type: + enum: + - user + - group + - email + type: string + reason: + type: string + required: + - assigned-to-id + - assigned-to-type + type: object + workflows.RoleAssignment: + properties: + assigned_to_id: + description: User ID, group ID, or email + type: string + assigned_to_type: + description: user, group, email + type: string + id: + type: string + is_active: + type: boolean + role_name: + type: string + workflow_instance: + allOf: + - $ref: '#/definitions/workflows.WorkflowInstance' + description: Relationships + workflow_instance_id: + type: string + type: object + workflows.RoleAssignmentListResponse: + properties: + data: + items: + $ref: '#/definitions/workflows.RoleAssignment' + type: array + type: object + workflows.RoleAssignmentResponse: + properties: + data: + $ref: '#/definitions/workflows.RoleAssignment' + type: object + workflows.StartWorkflowExecutionRequest: + properties: + triggered-by: + type: string + triggered-by-id: + type: string + workflow-instance-id: + type: string + required: + - triggered-by + - workflow-instance-id + type: object + workflows.StepDependency: + properties: + depends_on_step: + $ref: '#/definitions/workflows.WorkflowStepDefinition' + depends_on_step_id: + type: string + id: + type: string + workflow_step_definition: + allOf: + - $ref: '#/definitions/workflows.WorkflowStepDefinition' + description: Relationships + workflow_step_definition_id: + type: string + type: object + workflows.StepEvidence: + properties: + created-at: + type: string + deleted_at: + $ref: '#/definitions/gorm.DeletedAt' + description: + type: string + evidence: + $ref: '#/definitions/relational.Evidence' + evidence_id: + description: Link to main evidence table + type: string + evidence_type: + description: document, attestation, screenshot, log + type: string + file-size: + description: File size in bytes + type: integer + file_hash: + description: SHA-256 hash of file + type: string + file_path: + description: Path to stored file + type: string + id: + type: string + metadata: + description: JSON metadata + type: string + name: + description: Evidence Information + type: string + step_execution: + allOf: + - $ref: '#/definitions/workflows.StepExecution' + description: Relationships + step_execution_id: + description: Foreign Keys + type: string + updated-at: + type: string + type: object + workflows.StepExecution: + properties: + assigned-at: + type: string + assigned_to_id: + description: User ID, group ID, or email + type: string + assigned_to_type: + description: Assignment Information + type: string + completed-at: + type: string + created-at: + type: string + deleted_at: + $ref: '#/definitions/gorm.DeletedAt' + due_date: + type: string + failed-at: + type: string + failure_reason: + type: string + id: + type: string + overdue-at: + type: string + reassignment_history: + items: + $ref: '#/definitions/workflows.StepReassignmentHistory' + type: array + started-at: + type: string + status: + description: Execution Information + type: string + step_evidence: + items: + $ref: '#/definitions/workflows.StepEvidence' + type: array + updated-at: + type: string + workflow_execution: + allOf: + - $ref: '#/definitions/workflows.WorkflowExecution' + description: Relationships + workflow_execution_id: + description: Foreign Keys + type: string + workflow_step_definition: + $ref: '#/definitions/workflows.WorkflowStepDefinition' + workflow_step_definition_id: + type: string + type: object + workflows.StepExecutionListResponse: + properties: + data: + items: + $ref: '#/definitions/workflows.StepExecution' + type: array + type: object + workflows.StepExecutionResponse: + properties: + data: + $ref: '#/definitions/workflows.StepExecution' + type: object + workflows.StepReassignmentHistory: + properties: + created-at: + type: string + deleted_at: + $ref: '#/definitions/gorm.DeletedAt' + id: + type: string + new_assigned_to_id: + type: string + new_assigned_to_type: + type: string + previous_assigned_to_id: + type: string + previous_assigned_to_type: + type: string + reason: + type: string + reassigned_by_email: + type: string + reassigned_by_user_id: + type: string + step_execution: + $ref: '#/definitions/workflows.StepExecution' + step_execution_id: + type: string + updated-at: + type: string + workflow_execution_id: + type: string + type: object + workflows.StepTrigger: + properties: + id: + type: string + is_active: + type: boolean + trigger_condition: + description: JSON condition expression + type: string + trigger_type: + description: evidence_stream, time_based, external_event + type: string + workflow_step_definition: + allOf: + - $ref: '#/definitions/workflows.WorkflowStepDefinition' + description: Relationships + workflow_step_definition_id: + type: string + type: object + workflows.TransitionStepRequest: + properties: + evidence: + items: + $ref: '#/definitions/workflow.EvidenceSubmission' + type: array + notes: + type: string + status: + enum: + - in_progress + - completed + type: string + user-id: + type: string + user-type: + enum: + - user + - group + - email + type: string + required: + - status + - user-id + - user-type + type: object + workflows.UpdateControlRelationshipRequest: + properties: + description: + type: string + relationship-type: + type: string + strength: + type: string + type: object + workflows.UpdateRoleAssignmentRequest: + properties: + assigned-to-id: + type: string + assigned-to-type: + type: string + type: object + workflows.UpdateWorkflowDefinitionRequest: + properties: + description: + type: string + evidence-required: + type: string + grace-period-days: + type: integer + name: + type: string + suggested-cadence: + type: string + version: + type: string + type: object + workflows.UpdateWorkflowInstanceRequest: + properties: + cadence: + type: string + description: + type: string + grace-period-days: + type: integer + is-active: + type: boolean + name: + type: string + type: object + workflows.UpdateWorkflowStepDefinitionRequest: + properties: + depends-on: + items: + type: string + type: array + description: + type: string + estimated-duration: + type: integer + evidence-required: + items: + $ref: '#/definitions/workflows.EvidenceRequirement' + type: array + grace-period-days: + type: integer + name: + type: string + responsible-role: + type: string + type: object + workflows.WorkflowDefinition: + properties: + control_relationships: + items: + $ref: '#/definitions/workflows.ControlRelationship' + type: array + created-at: + type: string + created_by_id: + description: Audit Fields + type: string + deleted_at: + $ref: '#/definitions/gorm.DeletedAt' + description: + type: string + evidence_required: + description: JSON array of required evidence types + type: string + grace-period-days: + description: Override global default if set + type: integer + id: + type: string + instances: + items: + $ref: '#/definitions/workflows.WorkflowInstance' + type: array + name: + description: Basic Information + type: string + steps: + description: Relationships + items: + $ref: '#/definitions/workflows.WorkflowStepDefinition' + type: array + suggested_cadence: + description: Workflow Configuration + type: string + updated-at: + type: string + updated_by_id: + type: string + version: + type: string + type: object + workflows.WorkflowDefinitionListResponse: + properties: + data: + items: + $ref: '#/definitions/workflows.WorkflowDefinition' + type: array + type: object + workflows.WorkflowDefinitionResponse: + properties: + data: + $ref: '#/definitions/workflows.WorkflowDefinition' + type: object + workflows.WorkflowExecution: + properties: + completed-at: + type: string + created-at: + type: string + created_by_id: + description: Audit Fields + type: string + deleted_at: + $ref: '#/definitions/gorm.DeletedAt' + due_date: + type: string + failed-at: + type: string + failure_reason: + type: string + id: + type: string + overdue-at: + type: string + period_label: + description: Scheduling Context + type: string + started-at: + type: string + status: + description: Execution Information + type: string + step_executions: + items: + $ref: '#/definitions/workflows.StepExecution' + type: array + triggered_by: + description: Execution Context + type: string + triggered_by_id: + description: User ID or system identifier + type: string + updated-at: + type: string + updated_by_id: + type: string + workflow_instance: + allOf: + - $ref: '#/definitions/workflows.WorkflowInstance' + description: Relationships + workflow_instance_id: + description: Foreign Keys + type: string + type: object + workflows.WorkflowExecutionListResponse: + properties: + data: + items: + $ref: '#/definitions/workflows.WorkflowExecution' + type: array + type: object + workflows.WorkflowExecutionMetricsResponse: + properties: + data: + $ref: '#/definitions/workflow.ExecutionMetrics' + type: object + workflows.WorkflowExecutionResponse: + properties: + data: + $ref: '#/definitions/workflows.WorkflowExecution' + type: object + workflows.WorkflowExecutionStatusResponse: + properties: + data: + $ref: '#/definitions/workflow.ExecutionStatus' + type: object + workflows.WorkflowInstance: + properties: + cadence: + description: Instance Configuration + type: string + created-at: + type: string + created_by_id: + description: Audit Fields + type: string + deleted_at: + $ref: '#/definitions/gorm.DeletedAt' + description: + type: string + executions: + items: + $ref: '#/definitions/workflows.WorkflowExecution' + type: array + grace-period-days: + description: Override definition/global default if set + type: integer + id: + type: string + is_active: + type: boolean + last-executed-at: + type: string + name: + description: Basic Information + type: string + next-scheduled-at: + description: Scheduling + type: string + role_assignments: + items: + $ref: '#/definitions/workflows.RoleAssignment' + type: array + system_id: + type: string + system_security_plan: + allOf: + - $ref: '#/definitions/relational.SystemSecurityPlan' + description: Relationships + updated-at: + type: string + updated_by_id: + type: string + workflow_definition: + $ref: '#/definitions/workflows.WorkflowDefinition' + workflow_definition_id: + description: Foreign Keys + type: string + type: object + workflows.WorkflowInstanceListResponse: + properties: + data: + items: + $ref: '#/definitions/workflows.WorkflowInstance' + type: array + type: object + workflows.WorkflowInstanceResponse: + properties: + data: + $ref: '#/definitions/workflows.WorkflowInstance' + type: object + workflows.WorkflowStepDefinition: + properties: + created-at: + type: string + deleted_at: + $ref: '#/definitions/gorm.DeletedAt' + dependent_steps: + items: + $ref: '#/definitions/workflows.StepDependency' + type: array + depends_on: + items: + $ref: '#/definitions/workflows.StepDependency' + type: array + description: + type: string + estimated_duration: + description: Estimated duration in minutes + type: integer + evidence_required: + description: JSON array of required evidence types + items: + $ref: '#/definitions/workflows.EvidenceRequirement' + type: array + grace-period-days: + description: Override default grace for this specific step + type: integer + id: + type: string + name: + description: Basic Information + type: string + order: + description: Step Configuration + type: integer + responsible_role: + description: Role responsible for this step + type: string + step_executions: + items: + $ref: '#/definitions/workflows.StepExecution' + type: array + triggers: + items: + $ref: '#/definitions/workflows.StepTrigger' + type: array + updated-at: + type: string + workflow_definition: + allOf: + - $ref: '#/definitions/workflows.WorkflowDefinition' + description: Relationships + workflow_definition_id: + description: Foreign Keys + type: string + type: object + workflows.WorkflowStepDefinitionListResponse: + properties: + data: + items: + $ref: '#/definitions/workflows.WorkflowStepDefinition' + type: array + type: object + workflows.WorkflowStepDefinitionResponse: + properties: + data: + $ref: '#/definitions/workflows.WorkflowStepDefinition' + type: object +externalDocs: + description: OpenAPI + url: https://swagger.io/resources/open-api/ +host: localhost:8080 +info: + contact: {} + description: This is the API for the Continuous Compliance Framework. + title: Continuous Compliance Framework API + version: "1" +paths: + /admin/digest/preview: + get: + description: Returns the current evidence summary that would be included in + a digest email + produces: + - application/json + responses: + "200": + description: OK + schema: + $ref: '#/definitions/handler.GenericDataResponse-digest_EvidenceSummary' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/api.Error' + security: + - OAuth2Password: [] + summary: Preview evidence digest + tags: + - Digest + /admin/digest/trigger: + post: + description: Manually triggers the evidence digest job to send emails to all + users + parameters: + - description: 'Job name to trigger (default: global-evidence-digest)' + in: query + name: job + type: string + produces: + - application/json + responses: + "200": + description: OK + schema: + additionalProperties: + type: string + type: object + "400": + description: Bad Request + schema: + $ref: '#/definitions/api.Error' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/api.Error' + security: + - OAuth2Password: [] + summary: Trigger evidence digest + tags: + - Digest + /admin/users: + get: + description: Lists all users in the system + produces: + - application/json + responses: + "200": + description: OK + schema: + $ref: '#/definitions/handler.GenericDataListResponse-relational_User' + "401": + description: Unauthorized + schema: + $ref: '#/definitions/api.Error' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/api.Error' + security: + - OAuth2Password: [] + summary: List all users + tags: + - Users + post: + consumes: + - application/json + description: Creates a new user in the system + parameters: + - description: User details + in: body + name: user + required: true + schema: + $ref: '#/definitions/handler.UserHandler' + produces: + - application/json + responses: + "201": + description: Created + schema: + $ref: '#/definitions/handler.GenericDataResponse-relational_User' + "400": + description: Bad Request + schema: + $ref: '#/definitions/api.Error' + "401": + description: Unauthorized + schema: + $ref: '#/definitions/api.Error' + "409": + description: Conflict + schema: + $ref: '#/definitions/api.Error' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/api.Error' + security: + - OAuth2Password: [] + summary: Create a new user + tags: + - Users + /admin/users/{id}: + delete: + description: Deletes a user from the system + parameters: + - description: User ID + in: path + name: id + required: true + type: string + responses: + "204": + description: No Content + "400": + description: Bad Request + schema: + $ref: '#/definitions/api.Error' + "401": + description: Unauthorized + schema: + $ref: '#/definitions/api.Error' + "404": + description: Not Found + schema: + $ref: '#/definitions/api.Error' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/api.Error' + security: + - OAuth2Password: [] + summary: Delete a user + tags: + - Users + get: + description: Get user details by user ID + parameters: + - description: User ID + in: path + name: id + required: true + type: string + produces: + - application/json + responses: + "200": + description: OK + schema: + $ref: '#/definitions/handler.GenericDataResponse-relational_User' + "400": + description: Bad Request + schema: + $ref: '#/definitions/api.Error' + "401": + description: Unauthorized + schema: + $ref: '#/definitions/api.Error' + "404": + description: Not Found + schema: + $ref: '#/definitions/api.Error' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/api.Error' + security: + - OAuth2Password: [] + summary: Get user by ID + tags: + - Users + put: + consumes: + - application/json + description: Updates the details of an existing user + parameters: + - description: User ID + in: path + name: id + required: true + type: string + - description: User details + in: body + name: user + required: true + schema: + $ref: '#/definitions/handler.UserHandler' + produces: + - application/json + responses: + "200": + description: OK + schema: + $ref: '#/definitions/handler.GenericDataResponse-relational_User' + "400": + description: Bad Request + schema: + $ref: '#/definitions/api.Error' + "401": + description: Unauthorized + schema: + $ref: '#/definitions/api.Error' + "404": + description: Not Found + schema: + $ref: '#/definitions/api.Error' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/api.Error' + security: + - OAuth2Password: [] + summary: Update user details + tags: + - Users + /agent/heartbeat: + post: + consumes: + - application/json + description: Creates a new heartbeat record for monitoring. + parameters: + - description: Heartbeat payload + in: body + name: heartbeat + required: true + schema: + $ref: '#/definitions/handler.HeartbeatCreateRequest' + produces: + - application/json + responses: + "201": + description: Created + "400": + description: Bad Request + schema: + $ref: '#/definitions/api.Error' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/api.Error' + summary: Create Heartbeat + tags: + - Heartbeat + /agent/heartbeat/over-time: + get: + description: Retrieves heartbeat counts aggregated by 2-minute intervals. + produces: + - application/json + responses: + "200": + description: OK + schema: + $ref: '#/definitions/handler.GenericDataListResponse-handler_OverTime_HeartbeatInterval' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/api.Error' + summary: Get Heartbeat Metrics Over Time + tags: + - Heartbeat + /auth/forgot-password: + post: + consumes: + - application/json + description: Sends a password reset email to users with authMethod=password + parameters: + - description: Email + in: body + name: request + required: true + schema: + $ref: '#/definitions/auth.AuthHandler' + produces: + - application/json + responses: + "200": + description: OK + schema: + $ref: '#/definitions/handler.GenericDataResponse-string' + "400": + description: Bad Request + schema: + $ref: '#/definitions/api.Error' + "404": + description: Not Found + schema: + $ref: '#/definitions/api.Error' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/api.Error' + summary: Forgot password + tags: + - Auth + /auth/login: + post: + consumes: + - application/json + description: Login user and returns a JWT token and sets a cookie with the token + parameters: + - description: Login Data + in: body + name: loginRequest + required: true + schema: + $ref: '#/definitions/auth.AuthHandler' + produces: + - application/json + responses: + "200": + description: OK + schema: + $ref: '#/definitions/handler.GenericDataResponse-auth_AuthHandler' + "400": + description: Bad Request + schema: + $ref: '#/definitions/api.Error' + "401": + description: Unauthorized + schema: + $ref: '#/definitions/handler.GenericDataResponse-auth_AuthHandler' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/api.Error' + summary: Login user + tags: + - Auth + /auth/password-reset: + post: + consumes: + - application/json + description: Resets password using a valid JWT token + parameters: + - description: Reset data + in: body + name: request + required: true + schema: + $ref: '#/definitions/auth.AuthHandler' + produces: + - application/json + responses: + "200": + description: OK + schema: + $ref: '#/definitions/handler.GenericDataResponse-string' + "400": + description: Bad Request + schema: + $ref: '#/definitions/api.Error' + "401": + description: Unauthorized + schema: + $ref: '#/definitions/api.Error' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/api.Error' + summary: Reset password + tags: + - Auth + /auth/publickey: + get: + consumes: + - application/json + description: Get JSON Web Key (JWK) representation of the JWT public key + produces: + - application/json + responses: + "200": + description: OK + schema: + $ref: '#/definitions/authn.JWK' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/api.Error' + summary: Get JWK + tags: + - Auth + /auth/token: + post: + consumes: + - application/x-www-form-urlencoded + description: Get OAuth2 token using username and password + parameters: + - description: Username (email) + in: formData + name: username + required: true + type: string + - description: Password + in: formData + name: password + required: true + type: string + produces: + - application/json + responses: + "200": + description: OK + schema: + $ref: '#/definitions/auth.AuthHandler' + "400": + description: Bad Request + schema: + $ref: '#/definitions/api.Error' + "401": + description: Unauthorized + schema: + $ref: '#/definitions/api.Error' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/api.Error' + summary: Get OAuth2 token + tags: + - Auth + /evidence: + post: + consumes: + - application/json + description: Creates a new Evidence record including activities, inventory items, + components, and subjects. + parameters: + - description: Evidence create request + in: body + name: evidence + required: true + schema: + $ref: '#/definitions/handler.EvidenceCreateRequest' + produces: + - application/json + responses: + "201": + description: Created + schema: + $ref: '#/definitions/handler.GenericDataResponse-relational_Evidence' + "400": + description: Bad Request + schema: + $ref: '#/definitions/api.Error' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/api.Error' + security: + - OAuth2Password: [] + summary: Create new Evidence + tags: + - Evidence + /evidence-templates: + get: + description: List evidence templates with optional filters and pagination. + parameters: + - description: Plugin ID + in: query + name: pluginId + type: string + - description: Policy package + in: query + name: policyPackage + type: string + - description: Active flag + in: query + name: isActive + type: boolean + - description: Page number + in: query + name: page + type: integer + - description: Page size + in: query + name: limit + type: integer + produces: + - application/json + responses: + "200": + description: OK + schema: + $ref: '#/definitions/service.ListResponse-templates_evidenceTemplateResponse' + "400": + description: Bad Request + schema: + $ref: '#/definitions/api.Error' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/api.Error' + security: + - OAuth2Password: [] + summary: List evidence templates + tags: + - Evidence Templates + post: + consumes: + - application/json + description: Create an evidence template with selector labels, label schema, + and linked risk/subject template IDs. + parameters: + - description: Evidence template payload + in: body + name: template + required: true + schema: + $ref: '#/definitions/templates.upsertEvidenceTemplateRequest' + produces: + - application/json + responses: + "201": + description: Created + schema: + $ref: '#/definitions/templates.evidenceTemplateDataResponse' + "400": + description: Bad Request + schema: + $ref: '#/definitions/api.Error' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/api.Error' + security: + - OAuth2Password: [] + summary: Create evidence template + tags: + - Evidence Templates + /evidence-templates/{id}: + delete: + description: Delete an evidence template and its associated selector labels, + label schema, and join rows. + parameters: + - description: Evidence Template ID + in: path + name: id + required: true + type: string + produces: + - application/json + responses: + "204": + description: No Content + "400": + description: Bad Request + schema: + $ref: '#/definitions/api.Error' + "404": + description: Not Found + schema: + $ref: '#/definitions/api.Error' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/api.Error' + security: + - OAuth2Password: [] + summary: Delete evidence template + tags: + - Evidence Templates + get: + description: Get an evidence template by ID. + parameters: + - description: Evidence Template ID + in: path + name: id + required: true + type: string + produces: + - application/json + responses: + "200": + description: OK + schema: + $ref: '#/definitions/templates.evidenceTemplateDataResponse' + "400": + description: Bad Request + schema: + $ref: '#/definitions/api.Error' + "404": + description: Not Found + schema: + $ref: '#/definitions/api.Error' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/api.Error' + security: + - OAuth2Password: [] + summary: Get evidence template + tags: + - Evidence Templates + put: + consumes: + - application/json + description: Update an evidence template and atomically replace selector labels, + label schema, and linked IDs. + parameters: + - description: Evidence Template ID + in: path + name: id + required: true + type: string + - description: Evidence template payload + in: body + name: template + required: true + schema: + $ref: '#/definitions/templates.upsertEvidenceTemplateRequest' + produces: + - application/json + responses: + "200": + description: OK + schema: + $ref: '#/definitions/templates.evidenceTemplateDataResponse' + "400": + description: Bad Request + schema: + $ref: '#/definitions/api.Error' + "404": + description: Not Found + schema: + $ref: '#/definitions/api.Error' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/api.Error' + security: + - OAuth2Password: [] + summary: Update evidence template + tags: + - Evidence Templates + /evidence/{id}: + get: + description: Retrieves a single Evidence record by its unique ID, including + associated activities, inventory items, components, subjects, and labels. + parameters: + - description: Evidence ID + in: path + name: id + required: true + type: string + produces: + - application/json + responses: + "200": + description: OK + schema: + $ref: '#/definitions/handler.GenericDataResponse-handler_OscalLikeEvidence' + "400": + description: Bad Request + schema: + $ref: '#/definitions/api.Error' + "404": + description: Not Found + schema: + $ref: '#/definitions/api.Error' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/api.Error' + summary: Get Evidence by ID + tags: + - Evidence + /evidence/compliance-by-control/{id}: + get: + description: Retrieves the count of evidence statuses for filters associated + with a specific Control ID. + parameters: + - description: Control ID + in: path + name: id + required: true + type: string + produces: + - application/json + responses: + "200": + description: OK + schema: + $ref: '#/definitions/handler.GenericDataListResponse-evidence_StatusCount' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/api.Error' + summary: Get compliance counts by control + tags: + - Evidence + /evidence/compliance-by-filter/{id}: + get: + description: Retrieves the count of evidence statuses for a specific filter/dashboard. + parameters: + - description: Filter/Dashboard ID (UUID) + in: path + name: id + required: true + type: string + produces: + - application/json + responses: + "200": + description: OK + schema: + $ref: '#/definitions/handler.GenericDataListResponse-evidence_StatusCount' + "400": + description: Invalid UUID + schema: + $ref: '#/definitions/api.Error' + "404": + description: Not Found + schema: + $ref: '#/definitions/api.Error' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/api.Error' + summary: Get compliance status counts by filter/dashboard ID + tags: + - Evidence + /evidence/for-control/{id}: + get: + description: Retrieves Evidence records associated with a specific Control ID, + including related activities, inventory items, components, subjects, and labels. + parameters: + - description: Control ID + in: path + name: id + required: true + type: string + produces: + - application/json + responses: + "200": + description: OK + schema: + $ref: '#/definitions/handler.ForControl.EvidenceDataListResponse' + "400": + description: Bad Request + schema: + $ref: '#/definitions/api.Error' + "404": + description: Not Found + schema: + $ref: '#/definitions/api.Error' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/api.Error' + summary: List Evidence for a Control + tags: + - Evidence + /evidence/history/{id}: + get: + description: Retrieves a the history for a Evidence record by its UUID, including + associated activities, inventory items, components, subjects, and labels. + parameters: + - description: Evidence ID + in: path + name: id + required: true + type: string + produces: + - application/json + responses: + "200": + description: OK + schema: + $ref: '#/definitions/handler.GenericDataListResponse-handler_OscalLikeEvidence' + "400": + description: Bad Request + schema: + $ref: '#/definitions/api.Error' + "404": + description: Not Found + schema: + $ref: '#/definitions/api.Error' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/api.Error' + summary: Get Evidence history by UUID + tags: + - Evidence + /evidence/search: + post: + consumes: + - application/json + description: Searches Evidence records by label filters. + parameters: + - description: Label filter + in: body + name: filter + required: true + schema: + $ref: '#/definitions/labelfilter.Filter' + produces: + - application/json + responses: + "200": + description: OK + schema: + $ref: '#/definitions/handler.GenericDataListResponse-relational_Evidence' + "422": + description: Unprocessable Entity + schema: + $ref: '#/definitions/api.Error' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/api.Error' + summary: Search Evidence + tags: + - Evidence + /evidence/status-over-time: + post: + consumes: + - application/json + description: Retrieves counts of evidence statuses at various time intervals + based on a label filter. + parameters: + - description: Label filter + in: body + name: filter + required: true + schema: + $ref: '#/definitions/labelfilter.Filter' + - description: Comma-separated list of duration intervals (e.g., '10m,1h,24h') + in: query + name: intervals + type: string + produces: + - application/json + responses: + "200": + description: OK + schema: + $ref: '#/definitions/handler.GenericDataListResponse-handler_StatusInterval' + "400": + description: Bad Request + schema: + $ref: '#/definitions/api.Error' + "422": + description: Unprocessable Entity + schema: + $ref: '#/definitions/api.Error' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/api.Error' + summary: Evidence status metrics over intervals + tags: + - Evidence + /evidence/status-over-time/{id}: + get: + description: Retrieves counts of evidence statuses at various time intervals + for a specific evidence stream identified by UUID. + parameters: + - description: Evidence UUID + in: path + name: id + required: true + type: string + - description: Comma-separated list of duration intervals (e.g., '10m,1h,24h') + in: query + name: intervals + type: string + produces: + - application/json + responses: + "200": + description: OK + schema: + $ref: '#/definitions/handler.GenericDataListResponse-handler_StatusInterval' + "400": + description: Bad Request + schema: + $ref: '#/definitions/api.Error' + "422": + description: Unprocessable Entity + schema: + $ref: '#/definitions/api.Error' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/api.Error' + summary: Evidence status metrics over intervals by UUID + tags: + - Evidence + /filters: + get: + description: Retrieves all filters, optionally filtered by controlId or componentId. + produces: + - application/json + responses: + "200": + description: OK + schema: + $ref: '#/definitions/handler.GenericDataListResponse-handler_FilterWithAssociations' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/api.Error' + summary: List filters + tags: + - Filters + post: + consumes: + - application/json + description: Creates a new filter. + parameters: + - description: Filter to add + in: body + name: filter + required: true + schema: + $ref: '#/definitions/handler.createFilterRequest' + produces: + - application/json + responses: + "201": + description: Created + schema: + $ref: '#/definitions/handler.GenericDataResponse-relational_Filter' + "400": + description: Bad Request + schema: + $ref: '#/definitions/api.Error' + "422": + description: Unprocessable Entity + schema: + $ref: '#/definitions/api.Error' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/api.Error' + summary: Create a new filter + tags: + - Filters + /filters/{id}: + delete: + description: Deletes a filter. + parameters: + - description: Filter ID + in: path + name: id + required: true + type: string + responses: + "204": + description: No Content + "400": + description: Bad Request + schema: + $ref: '#/definitions/api.Error' + "404": + description: Not Found + schema: + $ref: '#/definitions/api.Error' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/api.Error' + summary: Delete a filter + tags: + - Filters + get: + description: Retrieves a single filter by its unique ID. + parameters: + - description: Filter ID + in: path + name: id + required: true + type: string + produces: + - application/json + responses: + "200": + description: OK + schema: + $ref: '#/definitions/handler.GenericDataResponse-handler_FilterWithAssociations' + "400": + description: Bad Request + schema: + $ref: '#/definitions/api.Error' + "404": + description: Not Found + schema: + $ref: '#/definitions/api.Error' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/api.Error' + summary: Get a filter + tags: + - Filters + put: + consumes: + - application/json + description: Updates an existing filter. + parameters: + - description: Filter ID + in: path + name: id + required: true + type: string + - description: Filter to update + in: body + name: filter + required: true + schema: + $ref: '#/definitions/handler.createFilterRequest' + produces: + - application/json + responses: + "200": + description: OK + schema: + $ref: '#/definitions/handler.GenericDataResponse-relational_Filter' + "400": + description: Bad Request + schema: + $ref: '#/definitions/api.Error' + "404": + description: Not Found + schema: + $ref: '#/definitions/api.Error' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/api.Error' + summary: Update a filter + tags: + - Filters + /filters/import: + post: + consumes: + - multipart/form-data + description: Import multiple dashboard filter JSON files + parameters: + - description: Dashboard filter JSON files to import + in: formData + name: files + required: true + type: file + produces: + - application/json + responses: + "200": + description: OK + schema: + $ref: '#/definitions/handler.GenericDataResponse-handler_FilterImportResponse' + "400": + description: Bad Request + schema: + $ref: '#/definitions/api.Error' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/api.Error' + summary: Import dashboard filters + tags: + - Filters + /oscal/activities: + post: + consumes: + - application/json + description: Creates a new activity for us in other resources. + parameters: + - description: Activity object + in: body + name: activity + required: true + schema: + $ref: '#/definitions/oscalTypes_1_1_3.Activity' + produces: + - application/json + responses: + "201": + description: Created + schema: + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Activity' + "400": + description: Bad Request + schema: + $ref: '#/definitions/api.Error' + "404": + description: Not Found + schema: + $ref: '#/definitions/api.Error' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/api.Error' + security: + - OAuth2Password: [] + summary: Create an Activity + tags: + - Activities + /oscal/activities/{id}: + delete: + description: Deletes an activity + parameters: + - description: Activity ID + in: path + name: id + required: true + type: string + responses: + "204": + description: No Content + "400": + description: Bad Request + schema: + $ref: '#/definitions/api.Error' + "404": + description: Not Found + schema: + $ref: '#/definitions/api.Error' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/api.Error' + security: + - OAuth2Password: [] + summary: Delete Activity + tags: + - Activities + get: + consumes: + - application/json + description: Retrieves an Activity by its unique ID. + parameters: + - description: Activity ID + in: path + name: id + required: true + type: string + produces: + - application/json + responses: + "200": + description: OK + schema: + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Activity' + "400": + description: Bad Request + schema: + $ref: '#/definitions/api.Error' + "404": + description: Not Found + schema: + $ref: '#/definitions/api.Error' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/api.Error' + security: + - OAuth2Password: [] + summary: Retrieve an Activity + tags: + - Activities + put: + consumes: + - application/json + description: Updates properties of an existing Activity by its ID. + parameters: + - description: Activity ID + in: path + name: id + required: true + type: string + - description: Activity object + in: body + name: activity + required: true + schema: + $ref: '#/definitions/oscalTypes_1_1_3.Activity' + produces: + - application/json + responses: + "200": + description: OK + schema: + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Activity' + "400": + description: Bad Request + schema: + $ref: '#/definitions/api.Error' + "404": + description: Not Found + schema: + $ref: '#/definitions/api.Error' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/api.Error' + security: + - OAuth2Password: [] + summary: Update an Activity + tags: + - Activities + /oscal/assessment-plans: + get: + description: Retrieves all Assessment Plans. + produces: + - application/json + responses: + "200": + description: OK + schema: + $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_AssessmentPlan' + "400": + description: Bad Request + schema: + $ref: '#/definitions/api.Error' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/api.Error' + security: + - OAuth2Password: [] + summary: List Assessment Plans + tags: + - Assessment Plans + post: + consumes: + - application/json + description: Creates a new OSCAL Assessment Plan with comprehensive validation. + parameters: + - description: 'Assessment Plan object with required fields: UUID, metadata + (title, version), import-ssp' + in: body + name: plan + required: true + schema: + $ref: '#/definitions/oscalTypes_1_1_3.AssessmentPlan' + produces: + - application/json + responses: + "201": + description: Successfully created assessment plan + schema: + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_AssessmentPlan' + "400": + description: Bad request - validation errors or malformed input + schema: + $ref: '#/definitions/api.Error' + "401": + description: Unauthorized - invalid or missing JWT token + schema: + $ref: '#/definitions/api.Error' + "500": + description: Internal server error + schema: + $ref: '#/definitions/api.Error' + security: + - OAuth2Password: [] + summary: Create an Assessment Plan + tags: + - Assessment Plans + /oscal/assessment-plans/{id}: + delete: + description: Deletes an Assessment Plan by its unique ID. + parameters: + - description: Assessment Plan ID + in: path + name: id + required: true + type: string + responses: + "204": + description: No Content + "400": + description: Bad Request + schema: + $ref: '#/definitions/api.Error' + "404": + description: Not Found + schema: + $ref: '#/definitions/api.Error' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/api.Error' + security: + - OAuth2Password: [] + summary: Delete an Assessment Plan + tags: + - Assessment Plans + get: + description: Retrieves a single Assessment Plan by its unique ID. + parameters: + - description: Assessment Plan ID + in: path + name: id + required: true + type: string + produces: + - application/json + responses: + "200": + description: OK + schema: + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_AssessmentPlan' + "400": + description: Bad Request + schema: + $ref: '#/definitions/api.Error' + "404": + description: Not Found + schema: + $ref: '#/definitions/api.Error' + security: + - OAuth2Password: [] + summary: Get an Assessment Plan + tags: + - Assessment Plans + put: + consumes: + - application/json + description: Updates an existing Assessment Plan. + parameters: + - description: Assessment Plan ID + in: path + name: id + required: true + type: string + - description: Assessment Plan object + in: body + name: plan + required: true + schema: + $ref: '#/definitions/oscalTypes_1_1_3.AssessmentPlan' + produces: + - application/json + responses: + "200": + description: OK + schema: + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_AssessmentPlan' + "400": + description: Bad Request + schema: + $ref: '#/definitions/api.Error' + "404": + description: Not Found + schema: + $ref: '#/definitions/api.Error' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/api.Error' + security: + - OAuth2Password: [] + summary: Update an Assessment Plan + tags: + - Assessment Plans + /oscal/assessment-plans/{id}/assessment-assets: + get: + description: Retrieves all assessment assets for an Assessment Plan. + parameters: + - description: Assessment Plan ID + in: path + name: id + required: true + type: string + produces: + - application/json + responses: + "200": + description: OK + schema: + $ref: '#/definitions/handler.GenericDataResponse-array_oscalTypes_1_1_3_AssessmentAssets' + "400": + description: Bad Request + schema: + $ref: '#/definitions/api.Error' + "404": + description: Not Found + schema: + $ref: '#/definitions/api.Error' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/api.Error' + security: + - OAuth2Password: [] + summary: Get Assessment Plan Assets + tags: + - Assessment Plans + post: + consumes: + - application/json + description: Creates a new assessment asset for an Assessment Plan. + parameters: + - description: Assessment Plan ID + in: path + name: id + required: true + type: string + - description: Assessment Asset object + in: body + name: asset + required: true + schema: + $ref: '#/definitions/oscalTypes_1_1_3.AssessmentAssets' + produces: + - application/json + responses: + "201": + description: Created + schema: + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_AssessmentAssets' + "400": + description: Bad Request + schema: + $ref: '#/definitions/api.Error' + "404": + description: Not Found + schema: + $ref: '#/definitions/api.Error' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/api.Error' + security: + - OAuth2Password: [] + summary: Create Assessment Plan Asset + tags: + - Assessment Plans + /oscal/assessment-plans/{id}/assessment-assets/{assetId}: + delete: + description: Deletes an assessment asset from an Assessment Plan. + parameters: + - description: Assessment Plan ID + in: path + name: id + required: true + type: string + - description: Assessment Asset ID + in: path + name: assetId + required: true + type: string + responses: + "204": + description: No Content + "400": + description: Bad Request + schema: + $ref: '#/definitions/api.Error' + "404": + description: Not Found + schema: + $ref: '#/definitions/api.Error' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/api.Error' + security: + - OAuth2Password: [] + summary: Delete Assessment Plan Asset + tags: + - Assessment Plans + put: + consumes: + - application/json + description: Updates an existing assessment asset for an Assessment Plan. + parameters: + - description: Assessment Plan ID + in: path + name: id + required: true + type: string + - description: Assessment Asset ID + in: path + name: assetId + required: true + type: string + - description: Assessment Asset object + in: body + name: asset + required: true + schema: + $ref: '#/definitions/oscalTypes_1_1_3.AssessmentAssets' + produces: + - application/json + responses: + "200": + description: OK + schema: + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_AssessmentAssets' + "400": + description: Bad Request + schema: + $ref: '#/definitions/api.Error' + "404": + description: Not Found + schema: + $ref: '#/definitions/api.Error' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/api.Error' + security: + - OAuth2Password: [] + summary: Update Assessment Plan Asset + tags: + - Assessment Plans + /oscal/assessment-plans/{id}/assessment-subjects: + get: + description: Retrieves all assessment subjects for an Assessment Plan. + parameters: + - description: Assessment Plan ID + in: path + name: id + required: true + type: string + produces: + - application/json + responses: + "200": + description: OK + schema: + $ref: '#/definitions/handler.GenericDataResponse-array_oscalTypes_1_1_3_AssessmentSubject' + "400": + description: Bad Request + schema: + $ref: '#/definitions/api.Error' + "404": + description: Not Found + schema: + $ref: '#/definitions/api.Error' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/api.Error' + security: + - OAuth2Password: [] + summary: Get Assessment Plan Subjects + tags: + - Assessment Plans + post: + consumes: + - application/json + description: Creates a new assessment subject for an Assessment Plan. + parameters: + - description: Assessment Plan ID + in: path + name: id + required: true + type: string + - description: Assessment Subject object + in: body + name: subject + required: true + schema: + $ref: '#/definitions/oscalTypes_1_1_3.AssessmentSubject' + produces: + - application/json + responses: + "201": + description: Created + schema: + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_AssessmentSubject' + "400": + description: Bad Request + schema: + $ref: '#/definitions/api.Error' + "404": + description: Not Found + schema: + $ref: '#/definitions/api.Error' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/api.Error' + security: + - OAuth2Password: [] + summary: Create Assessment Plan Subject + tags: + - Assessment Plans + /oscal/assessment-plans/{id}/assessment-subjects/{subjectId}: + delete: + description: Deletes an assessment subject from an Assessment Plan. + parameters: + - description: Assessment Plan ID + in: path + name: id + required: true + type: string + - description: Assessment Subject ID + in: path + name: subjectId + required: true + type: string + responses: + "204": + description: No Content + "400": + description: Bad Request + schema: + $ref: '#/definitions/api.Error' + "404": + description: Not Found + schema: + $ref: '#/definitions/api.Error' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/api.Error' + security: + - OAuth2Password: [] + summary: Delete Assessment Plan Subject + tags: + - Assessment Plans + put: + consumes: + - application/json + description: Updates an existing assessment subject for an Assessment Plan. + parameters: + - description: Assessment Plan ID + in: path + name: id + required: true + type: string + - description: Assessment Subject ID + in: path + name: subjectId + required: true + type: string + - description: Assessment Subject object + in: body + name: subject + required: true + schema: + $ref: '#/definitions/oscalTypes_1_1_3.AssessmentSubject' + produces: + - application/json + responses: + "200": + description: OK + schema: + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_AssessmentSubject' + "400": + description: Bad Request + schema: + $ref: '#/definitions/api.Error' + "404": + description: Not Found + schema: + $ref: '#/definitions/api.Error' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/api.Error' + security: + - OAuth2Password: [] + summary: Update Assessment Plan Subject + tags: + - Assessment Plans + /oscal/assessment-plans/{id}/back-matter: + get: + description: Retrieves back matter for an Assessment Plan. + parameters: + - description: Assessment Plan ID + in: path + name: id + required: true + type: string + produces: + - application/json + responses: + "200": + description: OK + schema: + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_BackMatter' + "400": + description: Bad Request + schema: + $ref: '#/definitions/api.Error' + "404": + description: Not Found + schema: + $ref: '#/definitions/api.Error' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/api.Error' + security: + - OAuth2Password: [] + summary: Get Assessment Plan Back Matter + tags: + - Assessment Plans + /oscal/assessment-plans/{id}/full: + get: + description: Retrieves a single Assessment Plan by its unique ID with all related + data preloaded. + parameters: + - description: Assessment Plan ID + in: path + name: id + required: true + type: string + produces: + - application/json + responses: + "200": + description: OK + schema: + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_AssessmentPlan' + "400": + description: Bad Request + schema: + $ref: '#/definitions/api.Error' + "404": + description: Not Found + schema: + $ref: '#/definitions/api.Error' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/api.Error' + security: + - OAuth2Password: [] + summary: Get a full Assessment Plan + tags: + - Assessment Plans + /oscal/assessment-plans/{id}/import-ssp: + get: + description: Retrieves import SSP information for an Assessment Plan. + parameters: + - description: Assessment Plan ID + in: path + name: id + required: true + type: string + produces: + - application/json + responses: + "200": + description: OK + schema: + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_ImportSsp' + "400": + description: Bad Request + schema: + $ref: '#/definitions/api.Error' + "404": + description: Not Found + schema: + $ref: '#/definitions/api.Error' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/api.Error' + security: + - OAuth2Password: [] + summary: Get Assessment Plan Import SSP + tags: + - Assessment Plans + /oscal/assessment-plans/{id}/local-definitions: + get: + description: Retrieves local definitions for an Assessment Plan. + parameters: + - description: Assessment Plan ID + in: path + name: id + required: true + type: string + produces: + - application/json + responses: + "200": + description: OK + schema: + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_LocalDefinitions' + "400": + description: Bad Request + schema: + $ref: '#/definitions/api.Error' + "404": + description: Not Found + schema: + $ref: '#/definitions/api.Error' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/api.Error' + security: + - OAuth2Password: [] + summary: Get Assessment Plan Local Definitions + tags: + - Assessment Plans + /oscal/assessment-plans/{id}/metadata: + get: + description: Retrieves metadata for an Assessment Plan. + parameters: + - description: Assessment Plan ID + in: path + name: id + required: true + type: string + produces: + - application/json + responses: + "200": + description: OK + schema: + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Metadata' + "400": + description: Bad Request + schema: + $ref: '#/definitions/api.Error' + "404": + description: Not Found + schema: + $ref: '#/definitions/api.Error' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/api.Error' + security: + - OAuth2Password: [] + summary: Get Assessment Plan Metadata + tags: + - Assessment Plans + /oscal/assessment-plans/{id}/tasks: + get: + description: Retrieves all tasks for an Assessment Plan. + parameters: + - description: Assessment Plan ID + in: path + name: id + required: true + type: string + produces: + - application/json + responses: + "200": + description: OK + schema: + $ref: '#/definitions/handler.GenericDataResponse-array_oscalTypes_1_1_3_Task' + "400": + description: Bad Request + schema: + $ref: '#/definitions/api.Error' + "404": + description: Not Found + schema: + $ref: '#/definitions/api.Error' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/api.Error' + security: + - OAuth2Password: [] + summary: Get Assessment Plan Tasks + tags: + - Assessment Plans + post: + consumes: + - application/json + description: Creates a new task for an Assessment Plan. + parameters: + - description: Assessment Plan ID + in: path + name: id + required: true + type: string + - description: Task object + in: body + name: task + required: true + schema: + $ref: '#/definitions/oscalTypes_1_1_3.Task' + produces: + - application/json + responses: + "201": + description: Created + schema: + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Task' + "400": + description: Bad Request + schema: + $ref: '#/definitions/api.Error' + "404": + description: Not Found + schema: + $ref: '#/definitions/api.Error' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/api.Error' + security: + - OAuth2Password: [] + summary: Create Assessment Plan Task + tags: + - Assessment Plans + /oscal/assessment-plans/{id}/tasks/{taskId}: + delete: + description: Deletes a task from an Assessment Plan. + parameters: + - description: Assessment Plan ID + in: path + name: id + required: true + type: string + - description: Task ID + in: path + name: taskId + required: true + type: string + responses: + "204": + description: No Content + "400": + description: Bad Request + schema: + $ref: '#/definitions/api.Error' + "404": + description: Not Found + schema: + $ref: '#/definitions/api.Error' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/api.Error' + security: + - OAuth2Password: [] + summary: Delete Assessment Plan Task + tags: + - Assessment Plans + put: + consumes: + - application/json + description: Updates an existing task for an Assessment Plan. + parameters: + - description: Assessment Plan ID + in: path + name: id + required: true + type: string + - description: Task ID + in: path + name: taskId + required: true + type: string + - description: Task object + in: body + name: task + required: true + schema: + $ref: '#/definitions/oscalTypes_1_1_3.Task' + produces: + - application/json + responses: + "200": + description: OK + schema: + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Task' + "400": + description: Bad Request + schema: + $ref: '#/definitions/api.Error' + "404": + description: Not Found + schema: + $ref: '#/definitions/api.Error' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/api.Error' + security: + - OAuth2Password: [] + summary: Update Assessment Plan Task + tags: + - Assessment Plans + /oscal/assessment-plans/{id}/tasks/{taskId}/associated-activities: + get: + description: Retrieves all Activities associated with a specific Task in an + Assessment Plan. + parameters: + - description: Assessment Plan ID + in: path + name: id + required: true + type: string + - description: Task ID + in: path + name: taskId + required: true + type: string + produces: + - application/json + responses: + "200": + description: OK + schema: + $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_AssociatedActivity' + "400": + description: Bad Request + schema: + $ref: '#/definitions/api.Error' + "404": + description: Not Found + schema: + $ref: '#/definitions/api.Error' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/api.Error' + security: + - OAuth2Password: [] + summary: List Associated Activities for a Task + tags: + - Assessment Plans + /oscal/assessment-plans/{id}/tasks/{taskId}/associated-activities/{activityId}: + delete: + description: Removes an association of an Activity from a Task within an Assessment + Plan. + parameters: + - description: Assessment Plan ID + in: path + name: id + required: true + type: string + - description: Task ID + in: path + name: taskId + required: true + type: string + - description: Activity ID + in: path + name: activityId + required: true + type: string + responses: + "204": + description: No Content + "400": + description: Bad Request + schema: + $ref: '#/definitions/api.Error' + "404": + description: Not Found + schema: + $ref: '#/definitions/api.Error' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/api.Error' + security: + - OAuth2Password: [] + summary: Disassociate an Activity from a Task + tags: + - Assessment Plans + post: + description: Associates an existing Activity to a Task within an Assessment + Plan. + parameters: + - description: Assessment Plan ID + in: path + name: id + required: true + type: string + - description: Task ID + in: path + name: taskId + required: true + type: string + - description: Activity ID + in: path + name: activityId + required: true + type: string + produces: + - application/json + responses: + "200": + description: No Content + "400": + description: Bad Request + schema: + $ref: '#/definitions/api.Error' + "404": + description: Not Found + schema: + $ref: '#/definitions/api.Error' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/api.Error' + security: + - OAuth2Password: [] + summary: Associate an Activity with a Task + tags: + - Assessment Plans + /oscal/assessment-plans/{id}/terms-and-conditions: + get: + description: Retrieves terms and conditions for an Assessment Plan. + parameters: + - description: Assessment Plan ID + in: path + name: id + required: true + type: string + produces: + - application/json + responses: + "200": + description: OK + schema: + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_AssessmentPlanTermsAndConditions' + "400": + description: Bad Request + schema: + $ref: '#/definitions/api.Error' + "404": + description: Not Found + schema: + $ref: '#/definitions/api.Error' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/api.Error' + security: + - OAuth2Password: [] + summary: Get Assessment Plan Terms and Conditions + tags: + - Assessment Plans + /oscal/assessment-results: + get: + description: Retrieves all Assessment Results. + produces: + - application/json + responses: + "200": + description: OK + schema: + $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_AssessmentResults' + "400": + description: Bad Request + schema: + $ref: '#/definitions/api.Error' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/api.Error' + security: + - OAuth2Password: [] + summary: List Assessment Results + tags: + - Assessment Results + post: + consumes: + - application/json + description: Creates an Assessment Results from input. + parameters: + - description: Assessment Results data + in: body + name: ar + required: true + schema: + $ref: '#/definitions/oscalTypes_1_1_3.AssessmentResults' + produces: + - application/json + responses: + "201": + description: Created + schema: + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_AssessmentResults' + "400": + description: Bad Request + schema: + $ref: '#/definitions/api.Error' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/api.Error' + security: + - OAuth2Password: [] + summary: Create an Assessment Results + tags: + - Assessment Results + /oscal/assessment-results/{id}: + delete: + description: Deletes an Assessment Results by its ID. + parameters: + - description: Assessment Results ID + in: path + name: id + required: true + type: string + responses: + "204": + description: No Content + "400": + description: Bad Request + schema: + $ref: '#/definitions/api.Error' + "404": + description: Not Found + schema: + $ref: '#/definitions/api.Error' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/api.Error' + security: + - OAuth2Password: [] + summary: Delete an Assessment Results + tags: + - Assessment Results + get: + description: Retrieves a single Assessment Results by its unique ID. + parameters: + - description: Assessment Results ID + in: path + name: id + required: true + type: string + produces: + - application/json + responses: + "200": + description: OK + schema: + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_AssessmentResults' + "400": + description: Bad Request + schema: + $ref: '#/definitions/api.Error' + "404": + description: Not Found + schema: + $ref: '#/definitions/api.Error' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/api.Error' + security: + - OAuth2Password: [] + summary: Get an Assessment Results + tags: + - Assessment Results + put: + consumes: + - application/json + description: Updates an existing Assessment Results. + parameters: + - description: Assessment Results ID + in: path + name: id + required: true + type: string + - description: Updated Assessment Results object + in: body + name: ar + required: true + schema: + $ref: '#/definitions/oscalTypes_1_1_3.AssessmentResults' + produces: + - application/json + responses: + "200": + description: OK + schema: + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_AssessmentResults' + "400": + description: Bad Request + schema: + $ref: '#/definitions/api.Error' + "404": + description: Not Found + schema: + $ref: '#/definitions/api.Error' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/api.Error' + security: + - OAuth2Password: [] + summary: Update an Assessment Results + tags: + - Assessment Results + /oscal/assessment-results/{id}/available-controls: + get: + description: Retrieves controls that can be referenced in findings + parameters: + - description: Assessment Results ID + in: path + name: id + required: true + type: string + produces: + - application/json + responses: + "200": + description: OK + schema: + $ref: '#/definitions/handler.GenericDataListResponse-array_oscalTypes_1_1_3_Control' + "400": + description: Bad Request + schema: + $ref: '#/definitions/api.Error' + "404": + description: Not Found + schema: + $ref: '#/definitions/api.Error' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/api.Error' + security: + - OAuth2Password: [] + summary: Get available controls for findings + tags: + - Assessment Results + /oscal/assessment-results/{id}/back-matter: + delete: + description: Deletes the back matter for an Assessment Results. + parameters: + - description: Assessment Results ID + in: path + name: id + required: true + type: string + responses: + "204": + description: No Content + "400": + description: Bad Request + schema: + $ref: '#/definitions/api.Error' + "404": + description: Not Found + schema: + $ref: '#/definitions/api.Error' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/api.Error' + security: + - OAuth2Password: [] + summary: Delete back matter + tags: + - Assessment Results + get: + description: Retrieves the back matter for an Assessment Results. + parameters: + - description: Assessment Results ID + in: path + name: id + required: true + type: string + produces: + - application/json + responses: + "200": + description: OK + schema: + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_BackMatter' + "400": + description: Bad Request + schema: + $ref: '#/definitions/api.Error' + "404": + description: Not Found + schema: + $ref: '#/definitions/api.Error' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/api.Error' + security: + - OAuth2Password: [] + summary: Get back matter + tags: + - Assessment Results + post: + consumes: + - application/json + description: Creates or replaces the back matter for an Assessment Results. + parameters: + - description: Assessment Results ID + in: path + name: id + required: true + type: string + - description: Back Matter + in: body + name: backMatter + required: true + schema: + $ref: '#/definitions/oscalTypes_1_1_3.BackMatter' + produces: + - application/json + responses: + "201": + description: Created + schema: + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_BackMatter' + "400": + description: Bad Request + schema: + $ref: '#/definitions/api.Error' + "404": + description: Not Found + schema: + $ref: '#/definitions/api.Error' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/api.Error' + security: + - OAuth2Password: [] + summary: Create back matter + tags: + - Assessment Results + put: + consumes: + - application/json + description: Updates the back matter for an Assessment Results. + parameters: + - description: Assessment Results ID + in: path + name: id + required: true + type: string + - description: Back Matter + in: body + name: backMatter + required: true + schema: + $ref: '#/definitions/oscalTypes_1_1_3.BackMatter' + produces: + - application/json + responses: + "200": + description: OK + schema: + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_BackMatter' + "400": + description: Bad Request + schema: + $ref: '#/definitions/api.Error' + "404": + description: Not Found + schema: + $ref: '#/definitions/api.Error' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/api.Error' + security: + - OAuth2Password: [] + summary: Update back matter + tags: + - Assessment Results + /oscal/assessment-results/{id}/back-matter/resources: + get: + description: Retrieves all resources from the back matter for an Assessment + Results. + parameters: + - description: Assessment Results ID + in: path + name: id + required: true + type: string + produces: + - application/json + responses: + "200": + description: OK + schema: + $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_Resource' + "400": + description: Bad Request + schema: + $ref: '#/definitions/api.Error' + "404": + description: Not Found + schema: + $ref: '#/definitions/api.Error' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/api.Error' + security: + - OAuth2Password: [] + summary: Get back matter resources + tags: + - Assessment Results + post: + consumes: + - application/json + description: Creates a new resource in the back matter for an Assessment Results. + parameters: + - description: Assessment Results ID + in: path + name: id + required: true + type: string + - description: Resource + in: body + name: resource + required: true + schema: + $ref: '#/definitions/oscalTypes_1_1_3.Resource' + produces: + - application/json + responses: + "201": + description: Created + schema: + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Resource' + "400": + description: Bad Request + schema: + $ref: '#/definitions/api.Error' + "404": + description: Not Found + schema: + $ref: '#/definitions/api.Error' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/api.Error' + security: + - OAuth2Password: [] + summary: Create back matter resource + tags: + - Assessment Results + /oscal/assessment-results/{id}/back-matter/resources/{resourceId}: + delete: + description: Deletes a specific resource from the back matter for an Assessment + Results. + parameters: + - description: Assessment Results ID + in: path + name: id + required: true + type: string + - description: Resource ID + in: path + name: resourceId + required: true + type: string + responses: + "204": + description: No Content + "400": + description: Bad Request + schema: + $ref: '#/definitions/api.Error' + "404": + description: Not Found + schema: + $ref: '#/definitions/api.Error' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/api.Error' + security: + - OAuth2Password: [] + summary: Delete back matter resource + tags: + - Assessment Results + put: + consumes: + - application/json + description: Updates a specific resource in the back matter for an Assessment + Results. + parameters: + - description: Assessment Results ID + in: path + name: id + required: true + type: string + - description: Resource ID + in: path + name: resourceId + required: true + type: string + - description: Resource + in: body + name: resource + required: true + schema: + $ref: '#/definitions/oscalTypes_1_1_3.Resource' + produces: + - application/json + responses: + "200": + description: OK + schema: + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Resource' + "400": + description: Bad Request + schema: + $ref: '#/definitions/api.Error' + "404": + description: Not Found + schema: + $ref: '#/definitions/api.Error' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/api.Error' + security: + - OAuth2Password: [] + summary: Update back matter resource + tags: + - Assessment Results + /oscal/assessment-results/{id}/control/{controlId}: + get: + description: Retrieves a control with all its parts for reference in findings + parameters: + - description: Assessment Results ID + in: path + name: id + required: true + type: string + - description: Control ID + in: path + name: controlId + required: true + type: string + produces: + - application/json + responses: + "200": + description: OK + schema: + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Control' + "400": + description: Bad Request + schema: + $ref: '#/definitions/api.Error' + "404": + description: Not Found + schema: + $ref: '#/definitions/api.Error' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/api.Error' + security: + - OAuth2Password: [] + summary: Get control details with statements and objectives + tags: + - Assessment Results + /oscal/assessment-results/{id}/findings: + get: + description: Retrieves all findings in the system that can be associated with + results. + parameters: + - description: Assessment Results ID + in: path + name: id + required: true + type: string + produces: + - application/json + responses: + "200": + description: OK + schema: + $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_Finding' + "400": + description: Bad Request + schema: + $ref: '#/definitions/api.Error' + "404": + description: Not Found + schema: + $ref: '#/definitions/api.Error' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/api.Error' + security: + - OAuth2Password: [] + summary: List all findings available for association + tags: + - Assessment Results + /oscal/assessment-results/{id}/full: + get: + description: Retrieves a complete Assessment Results by its ID, including all + metadata and related objects. + parameters: + - description: Assessment Results ID + in: path + name: id + required: true + type: string + produces: + - application/json + responses: + "200": + description: OK + schema: + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_AssessmentResults' + "400": + description: Bad Request + schema: + $ref: '#/definitions/api.Error' + "404": + description: Not Found + schema: + $ref: '#/definitions/api.Error' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/api.Error' + security: + - OAuth2Password: [] + summary: Get a complete Assessment Results + tags: + - Assessment Results + /oscal/assessment-results/{id}/import-ap: + get: + description: Retrieves import-ap for a given Assessment Results. + parameters: + - description: Assessment Results ID + in: path + name: id + required: true + type: string + produces: + - application/json + responses: + "200": + description: OK + schema: + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_ImportAp' + "400": + description: Bad Request + schema: + $ref: '#/definitions/api.Error' + "404": + description: Not Found + schema: + $ref: '#/definitions/api.Error' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/api.Error' + security: + - OAuth2Password: [] + summary: Get Assessment Results import-ap + tags: + - Assessment Results + put: + consumes: + - application/json + description: Updates import-ap for a given Assessment Results. + parameters: + - description: Assessment Results ID + in: path + name: id + required: true + type: string + - description: Import AP data + in: body + name: importAp + required: true + schema: + $ref: '#/definitions/oscalTypes_1_1_3.ImportAp' + produces: + - application/json + responses: + "200": + description: OK + schema: + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_ImportAp' + "400": + description: Bad Request + schema: + $ref: '#/definitions/api.Error' + "404": + description: Not Found + schema: + $ref: '#/definitions/api.Error' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/api.Error' + security: + - OAuth2Password: [] + summary: Update Assessment Results import-ap + tags: + - Assessment Results + /oscal/assessment-results/{id}/local-definitions: + get: + description: Retrieves local-definitions for a given Assessment Results. + parameters: + - description: Assessment Results ID + in: path + name: id + required: true + type: string + produces: + - application/json + responses: + "200": + description: OK + schema: + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_LocalDefinitions' + "400": + description: Bad Request + schema: + $ref: '#/definitions/api.Error' + "404": + description: Not Found + schema: + $ref: '#/definitions/api.Error' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/api.Error' + security: + - OAuth2Password: [] + summary: Get Assessment Results local-definitions + tags: + - Assessment Results + put: + consumes: + - application/json + description: Updates local-definitions for a given Assessment Results. + parameters: + - description: Assessment Results ID + in: path + name: id + required: true + type: string + - description: Local definitions data + in: body + name: localDefinitions + required: true + schema: + $ref: '#/definitions/oscalTypes_1_1_3.LocalDefinitions' + produces: + - application/json + responses: + "200": + description: OK + schema: + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_LocalDefinitions' + "400": + description: Bad Request + schema: + $ref: '#/definitions/api.Error' + "404": + description: Not Found + schema: + $ref: '#/definitions/api.Error' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/api.Error' + security: + - OAuth2Password: [] + summary: Update Assessment Results local-definitions + tags: + - Assessment Results + /oscal/assessment-results/{id}/metadata: + get: + description: Retrieves metadata for a given Assessment Results. + parameters: + - description: Assessment Results ID + in: path + name: id + required: true + type: string + produces: + - application/json + responses: + "200": + description: OK + schema: + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Metadata' + "400": + description: Bad Request + schema: + $ref: '#/definitions/api.Error' + "404": + description: Not Found + schema: + $ref: '#/definitions/api.Error' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/api.Error' + security: + - OAuth2Password: [] + summary: Get Assessment Results metadata + tags: + - Assessment Results + put: + consumes: + - application/json + description: Updates metadata for a given Assessment Results. + parameters: + - description: Assessment Results ID + in: path + name: id + required: true + type: string + - description: Metadata data + in: body + name: metadata + required: true + schema: + $ref: '#/definitions/oscalTypes_1_1_3.Metadata' + produces: + - application/json + responses: + "200": + description: OK + schema: + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Metadata' + "400": + description: Bad Request + schema: + $ref: '#/definitions/api.Error' + "404": + description: Not Found + schema: + $ref: '#/definitions/api.Error' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/api.Error' + security: + - OAuth2Password: [] + summary: Update Assessment Results metadata + tags: + - Assessment Results + /oscal/assessment-results/{id}/observations: + get: + description: Retrieves all observations in the system that can be associated + with results. + parameters: + - description: Assessment Results ID + in: path + name: id + required: true + type: string + produces: + - application/json + responses: + "200": + description: OK + schema: + $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_Observation' + "400": + description: Bad Request + schema: + $ref: '#/definitions/api.Error' + "404": + description: Not Found + schema: + $ref: '#/definitions/api.Error' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/api.Error' + security: + - OAuth2Password: [] + summary: List all observations available for association + tags: + - Assessment Results + /oscal/assessment-results/{id}/results: + get: + description: Retrieves all results for a given Assessment Results. + parameters: + - description: Assessment Results ID + in: path + name: id + required: true + type: string + produces: + - application/json + responses: + "200": + description: OK + schema: + $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_Result' + "400": + description: Bad Request + schema: + $ref: '#/definitions/api.Error' + "404": + description: Not Found + schema: + $ref: '#/definitions/api.Error' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/api.Error' + security: + - OAuth2Password: [] + summary: Get results for an Assessment Results + tags: + - Assessment Results + post: + consumes: + - application/json + description: Creates a new result for a given Assessment Results. + parameters: + - description: Assessment Results ID + in: path + name: id + required: true + type: string + - description: Result data + in: body + name: result + required: true + schema: + $ref: '#/definitions/oscalTypes_1_1_3.Result' + produces: + - application/json + responses: + "201": + description: Created + schema: + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Result' + "400": + description: Bad Request + schema: + $ref: '#/definitions/api.Error' + "404": + description: Not Found + schema: + $ref: '#/definitions/api.Error' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/api.Error' + security: + - OAuth2Password: [] + summary: Create a result for an Assessment Results + tags: + - Assessment Results + /oscal/assessment-results/{id}/results/{resultId}: + delete: + description: Deletes a specific result from an Assessment Results. + parameters: + - description: Assessment Results ID + in: path + name: id + required: true + type: string + - description: Result ID + in: path + name: resultId + required: true + type: string + responses: + "204": + description: No Content + "400": + description: Bad Request + schema: + $ref: '#/definitions/api.Error' + "404": + description: Not Found + schema: + $ref: '#/definitions/api.Error' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/api.Error' + security: + - OAuth2Password: [] + summary: Delete a result + tags: + - Assessment Results + get: + description: Retrieves a specific result from an Assessment Results. + parameters: + - description: Assessment Results ID + in: path + name: id + required: true + type: string + - description: Result ID + in: path + name: resultId + required: true + type: string + produces: + - application/json + responses: + "200": + description: OK + schema: + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Result' + "400": + description: Bad Request + schema: + $ref: '#/definitions/api.Error' + "404": + description: Not Found + schema: + $ref: '#/definitions/api.Error' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/api.Error' + security: + - OAuth2Password: [] + summary: Get a specific result + tags: + - Assessment Results + put: + consumes: + - application/json + description: Updates a specific result in an Assessment Results. + parameters: + - description: Assessment Results ID + in: path + name: id + required: true + type: string + - description: Result ID + in: path + name: resultId + required: true + type: string + - description: Result data + in: body + name: result + required: true + schema: + $ref: '#/definitions/oscalTypes_1_1_3.Result' + produces: + - application/json + responses: + "200": + description: OK + schema: + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Result' + "400": + description: Bad Request + schema: + $ref: '#/definitions/api.Error' + "404": + description: Not Found + schema: + $ref: '#/definitions/api.Error' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/api.Error' + security: + - OAuth2Password: [] + summary: Update a result + tags: + - Assessment Results + /oscal/assessment-results/{id}/results/{resultId}/associated-findings: + get: + description: Retrieves all Findings associated with a specific Result in an + Assessment Results. + parameters: + - description: Assessment Results ID + in: path + name: id + required: true + type: string + - description: Result ID + in: path + name: resultId + required: true + type: string + produces: + - application/json + responses: + "200": + description: OK + schema: + $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_Finding' + "400": + description: Bad Request + schema: + $ref: '#/definitions/api.Error' + "404": + description: Not Found + schema: + $ref: '#/definitions/api.Error' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/api.Error' + security: + - OAuth2Password: [] + summary: List Associated Findings for a Result + tags: + - Assessment Results + /oscal/assessment-results/{id}/results/{resultId}/associated-findings/{findingId}: + delete: + description: Removes an association of a Finding from a Result within an Assessment + Results. + parameters: + - description: Assessment Results ID + in: path + name: id + required: true + type: string + - description: Result ID + in: path + name: resultId + required: true + type: string + - description: Finding ID + in: path + name: findingId + required: true + type: string + responses: + "204": + description: No Content + "400": + description: Bad Request + schema: + $ref: '#/definitions/api.Error' + "404": + description: Not Found + schema: + $ref: '#/definitions/api.Error' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/api.Error' + security: + - OAuth2Password: [] + summary: Disassociate a Finding from a Result + tags: + - Assessment Results + post: + description: Associates an existing Finding to a Result within an Assessment + Results. + parameters: + - description: Assessment Results ID + in: path + name: id + required: true + type: string + - description: Result ID + in: path + name: resultId + required: true + type: string + - description: Finding ID + in: path + name: findingId + required: true + type: string + produces: + - application/json + responses: + "200": + description: No Content + "400": + description: Bad Request + schema: + $ref: '#/definitions/api.Error' + "404": + description: Not Found + schema: + $ref: '#/definitions/api.Error' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/api.Error' + security: + - OAuth2Password: [] + summary: Associate a Finding with a Result + tags: + - Assessment Results + /oscal/assessment-results/{id}/results/{resultId}/associated-observations: + get: + description: Retrieves all Observations associated with a specific Result in + an Assessment Results. + parameters: + - description: Assessment Results ID + in: path + name: id + required: true + type: string + - description: Result ID + in: path + name: resultId + required: true + type: string + produces: + - application/json + responses: + "200": + description: OK + schema: + $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_Observation' + "400": + description: Bad Request + schema: + $ref: '#/definitions/api.Error' + "404": + description: Not Found + schema: + $ref: '#/definitions/api.Error' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/api.Error' + security: + - OAuth2Password: [] + summary: List Associated Observations for a Result + tags: + - Assessment Results + /oscal/assessment-results/{id}/results/{resultId}/associated-observations/{observationId}: + delete: + description: Removes an association of an Observation from a Result within an + Assessment Results. + parameters: + - description: Assessment Results ID + in: path + name: id + required: true + type: string + - description: Result ID + in: path + name: resultId + required: true + type: string + - description: Observation ID + in: path + name: observationId + required: true + type: string + responses: + "204": + description: No Content + "400": + description: Bad Request + schema: + $ref: '#/definitions/api.Error' + "404": + description: Not Found + schema: + $ref: '#/definitions/api.Error' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/api.Error' + security: + - OAuth2Password: [] + summary: Disassociate an Observation from a Result + tags: + - Assessment Results + post: + description: Associates an existing Observation to a Result within an Assessment + Results. + parameters: + - description: Assessment Results ID + in: path + name: id + required: true + type: string + - description: Result ID + in: path + name: resultId + required: true + type: string + - description: Observation ID + in: path + name: observationId + required: true + type: string + produces: + - application/json + responses: + "200": + description: No Content + "400": + description: Bad Request + schema: + $ref: '#/definitions/api.Error' + "404": + description: Not Found + schema: + $ref: '#/definitions/api.Error' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/api.Error' + security: + - OAuth2Password: [] + summary: Associate an Observation with a Result + tags: + - Assessment Results + /oscal/assessment-results/{id}/results/{resultId}/associated-risks: + get: + description: Retrieves all Risks associated with a specific Result in an Assessment + Results. + parameters: + - description: Assessment Results ID + in: path + name: id + required: true + type: string + - description: Result ID + in: path + name: resultId + required: true + type: string + produces: + - application/json + responses: + "200": + description: OK + schema: + $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_Risk' + "400": + description: Bad Request + schema: + $ref: '#/definitions/api.Error' + "404": + description: Not Found + schema: + $ref: '#/definitions/api.Error' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/api.Error' + security: + - OAuth2Password: [] + summary: List Associated Risks for a Result + tags: + - Assessment Results + /oscal/assessment-results/{id}/results/{resultId}/associated-risks/{riskId}: + delete: + description: Removes an association of a Risk from a Result within an Assessment + Results. + parameters: + - description: Assessment Results ID + in: path + name: id + required: true + type: string + - description: Result ID + in: path + name: resultId + required: true + type: string + - description: Risk ID + in: path + name: riskId + required: true + type: string + responses: + "204": + description: No Content + "400": + description: Bad Request + schema: + $ref: '#/definitions/api.Error' + "404": + description: Not Found + schema: + $ref: '#/definitions/api.Error' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/api.Error' + security: + - OAuth2Password: [] + summary: Disassociate a Risk from a Result + tags: + - Assessment Results + post: + description: Associates an existing Risk to a Result within an Assessment Results. + parameters: + - description: Assessment Results ID + in: path + name: id + required: true + type: string + - description: Result ID + in: path + name: resultId + required: true + type: string + - description: Risk ID + in: path + name: riskId + required: true + type: string + produces: + - application/json + responses: + "200": + description: No Content + "400": + description: Bad Request + schema: + $ref: '#/definitions/api.Error' + "404": + description: Not Found + schema: + $ref: '#/definitions/api.Error' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/api.Error' + security: + - OAuth2Password: [] + summary: Associate a Risk with a Result + tags: + - Assessment Results + /oscal/assessment-results/{id}/results/{resultId}/attestations: + get: + description: Retrieves all attestations for a given result. + parameters: + - description: Assessment Results ID + in: path + name: id + required: true type: string - userAttributes: + - description: Result ID + in: path + name: resultId + required: true type: string - type: object -externalDocs: - description: OpenAPI - url: https://swagger.io/resources/open-api/ -host: localhost:8080 -info: - contact: {} - description: This is the API for the Continuous Compliance Framework. - title: Continuous Compliance Framework API - version: "1" -paths: - /admin/digest/preview: - get: - description: Returns the current evidence summary that would be included in - a digest email produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-digest_EvidenceSummary' + $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_AttestationStatements' + "400": + description: Bad Request + schema: + $ref: '#/definitions/api.Error' + "404": + description: Not Found + schema: + $ref: '#/definitions/api.Error' "500": description: Internal Server Error schema: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Preview evidence digest + summary: Get attestations for a result tags: - - Digest - /admin/digest/trigger: + - Assessment Results post: - description: Manually triggers the evidence digest job to send emails to all - users + consumes: + - application/json + description: Creates a new attestation for a given result. parameters: - - description: 'Job name to trigger (default: global-evidence-digest)' - in: query - name: job + - description: Assessment Results ID + in: path + name: id + required: true + type: string + - description: Result ID + in: path + name: resultId + required: true + type: string + - description: Attestation data + in: body + name: attestation + required: true + schema: + $ref: '#/definitions/oscalTypes_1_1_3.AttestationStatements' + produces: + - application/json + responses: + "201": + description: Created + schema: + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_AttestationStatements' + "400": + description: Bad Request + schema: + $ref: '#/definitions/api.Error' + "404": + description: Not Found + schema: + $ref: '#/definitions/api.Error' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/api.Error' + security: + - OAuth2Password: [] + summary: Create an attestation for a result + tags: + - Assessment Results + /oscal/assessment-results/{id}/results/{resultId}/attestations/{attestationId}: + delete: + description: Deletes a specific attestation from a result. + parameters: + - description: Assessment Results ID + in: path + name: id + required: true + type: string + - description: Result ID + in: path + name: resultId + required: true + type: string + - description: Attestation ID + in: path + name: attestationId + required: true + type: string + responses: + "204": + description: No Content + "400": + description: Bad Request + schema: + $ref: '#/definitions/api.Error' + "404": + description: Not Found + schema: + $ref: '#/definitions/api.Error' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/api.Error' + security: + - OAuth2Password: [] + summary: Delete an attestation + tags: + - Assessment Results + put: + consumes: + - application/json + description: Updates a specific attestation in a result. + parameters: + - description: Assessment Results ID + in: path + name: id + required: true + type: string + - description: Result ID + in: path + name: resultId + required: true type: string + - description: Attestation ID + in: path + name: attestationId + required: true + type: string + - description: Attestation data + in: body + name: attestation + required: true + schema: + $ref: '#/definitions/oscalTypes_1_1_3.AttestationStatements' produces: - application/json responses: "200": description: OK schema: - additionalProperties: - type: string - type: object + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_AttestationStatements' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' + "404": + description: Not Found + schema: + $ref: '#/definitions/api.Error' "500": description: Internal Server Error schema: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Trigger evidence digest + summary: Update an attestation tags: - - Digest - /admin/users: + - Assessment Results + /oscal/assessment-results/{id}/results/{resultId}/findings: get: - description: Lists all users in the system + description: Retrieves all findings for a given result. + parameters: + - description: Assessment Results ID + in: path + name: id + required: true + type: string + - description: Result ID + in: path + name: resultId + required: true + type: string produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataListResponse-relational_User' - "401": - description: Unauthorized + $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_Finding' + "400": + description: Bad Request + schema: + $ref: '#/definitions/api.Error' + "404": + description: Not Found schema: $ref: '#/definitions/api.Error' "500": @@ -5919,37 +12180,43 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: List all users + summary: Get findings for a result tags: - - Users + - Assessment Results post: consumes: - application/json - description: Creates a new user in the system + description: Creates a new finding for a given result. parameters: - - description: User details + - description: Assessment Results ID + in: path + name: id + required: true + type: string + - description: Result ID + in: path + name: resultId + required: true + type: string + - description: Finding data in: body - name: user + name: finding required: true schema: - $ref: '#/definitions/handler.UserHandler' + $ref: '#/definitions/oscalTypes_1_1_3.Finding' produces: - application/json responses: "201": description: Created schema: - $ref: '#/definitions/handler.GenericDataResponse-relational_User' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Finding' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "401": - description: Unauthorized - schema: - $ref: '#/definitions/api.Error' - "409": - description: Conflict + "404": + description: Not Found schema: $ref: '#/definitions/api.Error' "500": @@ -5958,18 +12225,28 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Create a new user + summary: Create a finding for a result tags: - - Users - /admin/users/{id}: + - Assessment Results + /oscal/assessment-results/{id}/results/{resultId}/findings/{findingId}: delete: - description: Deletes a user from the system + description: Deletes a specific finding from a result. parameters: - - description: User ID + - description: Assessment Results ID in: path name: id required: true type: string + - description: Result ID + in: path + name: resultId + required: true + type: string + - description: Finding ID + in: path + name: findingId + required: true + type: string responses: "204": description: No Content @@ -5977,10 +12254,6 @@ paths: description: Bad Request schema: $ref: '#/definitions/api.Error' - "401": - description: Unauthorized - schema: - $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -5991,32 +12264,46 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Delete a user + summary: Delete a finding tags: - - Users - get: - description: Get user details by user ID + - Assessment Results + put: + consumes: + - application/json + description: Updates a specific finding in a result. parameters: - - description: User ID + - description: Assessment Results ID in: path name: id required: true type: string + - description: Result ID + in: path + name: resultId + required: true + type: string + - description: Finding ID + in: path + name: findingId + required: true + type: string + - description: Finding data + in: body + name: finding + required: true + schema: + $ref: '#/definitions/oscalTypes_1_1_3.Finding' produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-relational_User' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Finding' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "401": - description: Unauthorized - schema: - $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -6027,40 +12314,34 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Get user by ID + summary: Update a finding tags: - - Users - put: - consumes: - - application/json - description: Updates the details of an existing user + - Assessment Results + /oscal/assessment-results/{id}/results/{resultId}/observations: + get: + description: Retrieves all observations for a given result. parameters: - - description: User ID + - description: Assessment Results ID in: path name: id required: true type: string - - description: User details - in: body - name: user + - description: Result ID + in: path + name: resultId required: true - schema: - $ref: '#/definitions/handler.UserHandler' + type: string produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-relational_User' + $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_Observation' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "401": - description: Unauthorized - schema: - $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -6071,73 +12352,126 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Update user details + summary: Get observations for a result tags: - - Users - /agent/heartbeat: + - Assessment Results post: consumes: - application/json - description: Creates a new heartbeat record for monitoring. + description: Creates a new observation for a given result. parameters: - - description: Heartbeat payload + - description: Assessment Results ID + in: path + name: id + required: true + type: string + - description: Result ID + in: path + name: resultId + required: true + type: string + - description: Observation data in: body - name: heartbeat + name: observation required: true schema: - $ref: '#/definitions/handler.HeartbeatCreateRequest' + $ref: '#/definitions/oscalTypes_1_1_3.Observation' produces: - application/json responses: "201": description: Created + schema: + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Observation' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' + "404": + description: Not Found + schema: + $ref: '#/definitions/api.Error' "500": description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Create Heartbeat + security: + - OAuth2Password: [] + summary: Create an observation for a result tags: - - Heartbeat - /agent/heartbeat/over-time: - get: - description: Retrieves heartbeat counts aggregated by 2-minute intervals. - produces: - - application/json + - Assessment Results + /oscal/assessment-results/{id}/results/{resultId}/observations/{obsId}: + delete: + description: Deletes a specific observation from a result. + parameters: + - description: Assessment Results ID + in: path + name: id + required: true + type: string + - description: Result ID + in: path + name: resultId + required: true + type: string + - description: Observation ID + in: path + name: obsId + required: true + type: string responses: - "200": - description: OK + "204": + description: No Content + "400": + description: Bad Request schema: - $ref: '#/definitions/handler.GenericDataListResponse-handler_OverTime_HeartbeatInterval' + $ref: '#/definitions/api.Error' + "404": + description: Not Found + schema: + $ref: '#/definitions/api.Error' "500": description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Get Heartbeat Metrics Over Time + security: + - OAuth2Password: [] + summary: Delete an observation tags: - - Heartbeat - /auth/forgot-password: - post: + - Assessment Results + put: consumes: - application/json - description: Sends a password reset email to users with authMethod=password + description: Updates a specific observation in a result. parameters: - - description: Email + - description: Assessment Results ID + in: path + name: id + required: true + type: string + - description: Result ID + in: path + name: resultId + required: true + type: string + - description: Observation ID + in: path + name: obsId + required: true + type: string + - description: Observation data in: body - name: request + name: observation required: true schema: - $ref: '#/definitions/auth.AuthHandler' + $ref: '#/definitions/oscalTypes_1_1_3.Observation' produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-string' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Observation' "400": description: Bad Request schema: @@ -6150,173 +12484,188 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Forgot password + security: + - OAuth2Password: [] + summary: Update an observation tags: - - Auth - /auth/login: - post: - consumes: - - application/json - description: Login user and returns a JWT token and sets a cookie with the token + - Assessment Results + /oscal/assessment-results/{id}/results/{resultId}/risks: + get: + description: Retrieves all risks for a given result. parameters: - - description: Login Data - in: body - name: loginRequest + - description: Assessment Results ID + in: path + name: id required: true - schema: - $ref: '#/definitions/auth.AuthHandler' + type: string + - description: Result ID + in: path + name: resultId + required: true + type: string produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-auth_AuthHandler' + $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_Risk' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "401": - description: Unauthorized + "404": + description: Not Found schema: - $ref: '#/definitions/handler.GenericDataResponse-auth_AuthHandler' + $ref: '#/definitions/api.Error' "500": description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Login user + security: + - OAuth2Password: [] + summary: Get risks for a result tags: - - Auth - /auth/password-reset: + - Assessment Results post: consumes: - application/json - description: Resets password using a valid JWT token + description: Creates a new risk for a given result. parameters: - - description: Reset data + - description: Assessment Results ID + in: path + name: id + required: true + type: string + - description: Result ID + in: path + name: resultId + required: true + type: string + - description: Risk data in: body - name: request + name: risk required: true schema: - $ref: '#/definitions/auth.AuthHandler' + $ref: '#/definitions/oscalTypes_1_1_3.Risk' produces: - application/json responses: - "200": - description: OK + "201": + description: Created schema: - $ref: '#/definitions/handler.GenericDataResponse-string' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Risk' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "401": - description: Unauthorized - schema: - $ref: '#/definitions/api.Error' - "500": - description: Internal Server Error - schema: - $ref: '#/definitions/api.Error' - summary: Reset password - tags: - - Auth - /auth/publickey: - get: - consumes: - - application/json - description: Get JSON Web Key (JWK) representation of the JWT public key - produces: - - application/json - responses: - "200": - description: OK + "404": + description: Not Found schema: - $ref: '#/definitions/authn.JWK' + $ref: '#/definitions/api.Error' "500": description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Get JWK + security: + - OAuth2Password: [] + summary: Create a risk for a result tags: - - Auth - /auth/token: - post: - consumes: - - application/x-www-form-urlencoded - description: Get OAuth2 token using username and password + - Assessment Results + /oscal/assessment-results/{id}/results/{resultId}/risks/{riskId}: + delete: + description: Deletes a specific risk from a result. parameters: - - description: Username (email) - in: formData - name: username + - description: Assessment Results ID + in: path + name: id required: true type: string - - description: Password - in: formData - name: password + - description: Result ID + in: path + name: resultId + required: true + type: string + - description: Risk ID + in: path + name: riskId required: true type: string - produces: - - application/json responses: - "200": - description: OK - schema: - $ref: '#/definitions/auth.AuthHandler' + "204": + description: No Content "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "401": - description: Unauthorized + "404": + description: Not Found schema: $ref: '#/definitions/api.Error' "500": description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Get OAuth2 token + security: + - OAuth2Password: [] + summary: Delete a risk tags: - - Auth - /evidence: - post: + - Assessment Results + put: consumes: - application/json - description: Creates a new Evidence record including activities, inventory items, - components, and subjects. + description: Updates a specific risk in a result. parameters: - - description: Evidence create request + - description: Assessment Results ID + in: path + name: id + required: true + type: string + - description: Result ID + in: path + name: resultId + required: true + type: string + - description: Risk ID + in: path + name: riskId + required: true + type: string + - description: Risk data in: body - name: evidence + name: risk required: true schema: - $ref: '#/definitions/handler.EvidenceCreateRequest' + $ref: '#/definitions/oscalTypes_1_1_3.Risk' produces: - application/json responses: - "201": - description: Created + "200": + description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-relational_Evidence' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Risk' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' + "404": + description: Not Found + schema: + $ref: '#/definitions/api.Error' "500": description: Internal Server Error schema: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Create new Evidence + summary: Update a risk tags: - - Evidence - /evidence/{id}: + - Assessment Results + /oscal/assessment-results/{id}/risks: get: - description: Retrieves a single Evidence record by its unique ID, including - associated activities, inventory items, components, subjects, and labels. + description: Retrieves all risks in the system that can be associated with results. parameters: - - description: Evidence ID + - description: Assessment Results ID in: path name: id required: true @@ -6327,7 +12676,7 @@ paths: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-handler_OscalLikeEvidence' + $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_Risk' "400": description: Bad Request schema: @@ -6340,81 +12689,78 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Get Evidence by ID + security: + - OAuth2Password: [] + summary: List all risks available for association tags: - - Evidence - /evidence/compliance-by-control/{id}: + - Assessment Results + /oscal/catalogs: get: - description: Retrieves the count of evidence statuses for filters associated - with a specific Control ID. - parameters: - - description: Control ID - in: path - name: id - required: true - type: string + description: Retrieves all catalogs. produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataListResponse-handler_ComplianceByControl_StatusCount' + $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_Catalog' + "400": + description: Bad Request + schema: + $ref: '#/definitions/api.Error' "500": description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Get compliance counts by control + security: + - OAuth2Password: [] + summary: List catalogs tags: - - Evidence - /evidence/compliance-by-filter/{id}: - get: - description: Retrieves the count of evidence statuses for a specific filter/dashboard. + - Catalog + post: + consumes: + - application/json + description: Creates a new OSCAL Catalog. parameters: - - description: Filter/Dashboard ID (UUID) - in: path - name: id + - description: Catalog object + in: body + name: catalog required: true - type: string + schema: + $ref: '#/definitions/oscalTypes_1_1_3.Catalog' produces: - application/json responses: - "200": - description: OK + "201": + description: Created schema: - $ref: '#/definitions/handler.GenericDataListResponse-handler_ComplianceByControl_StatusCount' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Catalog' "400": - description: Invalid UUID - schema: - $ref: '#/definitions/api.Error' - "404": - description: Not Found + description: Bad Request schema: $ref: '#/definitions/api.Error' "500": description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Get compliance status counts by filter/dashboard ID + security: + - OAuth2Password: [] + summary: Create a new Catalog tags: - - Evidence - /evidence/for-control/{id}: - get: - description: Retrieves Evidence records associated with a specific Control ID, - including related activities, inventory items, components, subjects, and labels. + - Catalog + /oscal/catalogs/{id}: + delete: + description: Deletes a Catalog and cascades to related groups/controls, metadata + and back-matter. parameters: - - description: Control ID + - description: Catalog ID in: path name: id required: true type: string - produces: - - application/json responses: - "200": - description: OK - schema: - $ref: '#/definitions/handler.ForControl.EvidenceDataListResponse' + "204": + description: No Content "400": description: Bad Request schema: @@ -6427,15 +12773,15 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: List Evidence for a Control + security: + - OAuth2Password: [] + summary: Delete a Catalog (cascade) tags: - - Evidence - /evidence/history/{id}: + - Catalog get: - description: Retrieves a the history for a Evidence record by its UUID, including - associated activities, inventory items, components, subjects, and labels. + description: Retrieves a single Catalog by its unique ID. parameters: - - description: Evidence ID + - description: Catalog ID in: path name: id required: true @@ -6446,11 +12792,15 @@ paths: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataListResponse-handler_OscalLikeEvidence' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Catalog' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' + "401": + description: Unauthorized + schema: + $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -6459,55 +12809,59 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Get Evidence history by UUID + security: + - OAuth2Password: [] + summary: Get a Catalog tags: - - Evidence - /evidence/search: - post: + - Catalog + put: consumes: - application/json - description: Searches Evidence records by label filters. + description: Updates an existing OSCAL Catalog. parameters: - - description: Label filter + - description: Catalog ID + in: path + name: id + required: true + type: string + - description: Updated Catalog object in: body - name: filter + name: catalog required: true schema: - $ref: '#/definitions/labelfilter.Filter' + $ref: '#/definitions/oscalTypes_1_1_3.Catalog' produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataListResponse-relational_Evidence' - "422": - description: Unprocessable Entity + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Catalog' + "400": + description: Bad Request + schema: + $ref: '#/definitions/api.Error' + "404": + description: Not Found schema: $ref: '#/definitions/api.Error' "500": description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Search Evidence + security: + - OAuth2Password: [] + summary: Update a Catalog tags: - - Evidence - /evidence/status-over-time: - post: - consumes: - - application/json - description: Retrieves counts of evidence statuses at various time intervals - based on a label filter. + - Catalog + /oscal/catalogs/{id}/all-controls: + get: + description: Retrieves the top-level controls for a given Catalog. parameters: - - description: Label filter - in: body - name: filter - required: true - schema: - $ref: '#/definitions/labelfilter.Filter' - - description: Comma-separated list of duration intervals (e.g., '10m,1h,24h') - in: query - name: intervals + - description: Catalog ID + in: path + name: id + required: true type: string produces: - application/json @@ -6515,117 +12869,153 @@ paths: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataListResponse-handler_StatusInterval' + $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_Control' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "422": - description: Unprocessable Entity + "401": + description: Unauthorized + schema: + $ref: '#/definitions/api.Error' + "404": + description: Not Found schema: $ref: '#/definitions/api.Error' "500": description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Evidence status metrics over intervals + security: + - OAuth2Password: [] + summary: List controls for a Catalog tags: - - Evidence - /evidence/status-over-time/{id}: + - Catalog + /oscal/catalogs/{id}/back-matter: get: - description: Retrieves counts of evidence statuses at various time intervals - for a specific evidence stream identified by UUID. + description: Retrieves the back-matter for a given Catalog. parameters: - - description: Evidence UUID + - description: Catalog ID in: path name: id required: true type: string - - description: Comma-separated list of duration intervals (e.g., '10m,1h,24h') - in: query - name: intervals - type: string produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataListResponse-handler_StatusInterval' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_BackMatter' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "422": - description: Unprocessable Entity + "401": + description: Unauthorized + schema: + $ref: '#/definitions/api.Error' + "404": + description: Not Found schema: $ref: '#/definitions/api.Error' "500": description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Evidence status metrics over intervals by UUID + security: + - OAuth2Password: [] + summary: Get back-matter for a Catalog tags: - - Evidence - /filters: + - Catalog + /oscal/catalogs/{id}/controls: get: - description: Retrieves all filters, optionally filtered by controlId or componentId. + description: Retrieves the top-level controls for a given Catalog. + parameters: + - description: Catalog ID + in: path + name: id + required: true + type: string produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataListResponse-handler_FilterWithAssociations' + $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_Control' + "400": + description: Bad Request + schema: + $ref: '#/definitions/api.Error' + "401": + description: Unauthorized + schema: + $ref: '#/definitions/api.Error' + "404": + description: Not Found + schema: + $ref: '#/definitions/api.Error' "500": description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: List filters + security: + - OAuth2Password: [] + summary: List controls for a Catalog tags: - - Filters + - Catalog post: consumes: - application/json - description: Creates a new filter. + description: Adds a top-level control under the specified Catalog. parameters: - - description: Filter to add + - description: Catalog ID + in: path + name: id + required: true + type: string + - description: Control object in: body - name: filter + name: control required: true schema: - $ref: '#/definitions/handler.createFilterRequest' + $ref: '#/definitions/oscalTypes_1_1_3.Control' produces: - application/json responses: "201": description: Created schema: - $ref: '#/definitions/handler.GenericDataResponse-relational_Filter' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Control' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "422": - description: Unprocessable Entity - schema: - $ref: '#/definitions/api.Error' "500": description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Create a new filter + security: + - OAuth2Password: [] + summary: Create a new Control for a Catalog tags: - - Filters - /filters/{id}: + - Catalog + /oscal/catalogs/{id}/controls/{control}: delete: - description: Deletes a filter. + description: Deletes a Control and cascades to nested children; clears filter + associations. parameters: - - description: Filter ID + - description: Catalog ID in: path name: id required: true type: string + - description: Control ID + in: path + name: control + required: true + type: string responses: "204": description: No Content @@ -6641,24 +13031,31 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Delete a filter + security: + - OAuth2Password: [] + summary: Delete a Control (cascade) tags: - - Filters + - Catalog get: - description: Retrieves a single filter by its unique ID. + description: Retrieves a single Control by its ID for a given Catalog. parameters: - - description: Filter ID + - description: Catalog ID in: path name: id required: true type: string + - description: Control ID + in: path + name: control + required: true + type: string produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-handler_FilterWithAssociations' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Control' "400": description: Bad Request schema: @@ -6671,32 +13068,40 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Get a filter + security: + - OAuth2Password: [] + summary: Get a specific Control within a Catalog tags: - - Filters + - Catalog put: consumes: - application/json - description: Updates an existing filter. + description: Updates the properties of an existing Control under the specified + Catalog. parameters: - - description: Filter ID + - description: Catalog ID in: path name: id required: true type: string - - description: Filter to update + - description: Control ID + in: path + name: control + required: true + type: string + - description: Updated Control object in: body - name: filter + name: control required: true schema: - $ref: '#/definitions/handler.createFilterRequest' + $ref: '#/definitions/oscalTypes_1_1_3.Control' produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-relational_Filter' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Control' "400": description: Bad Request schema: @@ -6709,83 +13114,178 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Update a filter + security: + - OAuth2Password: [] + summary: Update a Control within a Catalog tags: - - Filters - /filters/import: + - Catalog + /oscal/catalogs/{id}/controls/{control}/controls: + get: + description: Retrieves the controls directly under a specific Control in a given + Catalog. + parameters: + - description: Catalog ID + in: path + name: id + required: true + type: string + - description: Control ID + in: path + name: control + required: true + type: string + produces: + - application/json + responses: + "200": + description: OK + schema: + $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_Control' + "400": + description: Bad Request + schema: + $ref: '#/definitions/api.Error' + "404": + description: Not Found + schema: + $ref: '#/definitions/api.Error' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/api.Error' + security: + - OAuth2Password: [] + summary: List child controls for a Control within a Catalog + tags: + - Catalog post: consumes: - - multipart/form-data - description: Import multiple dashboard filter JSON files + - application/json + description: Adds a child control under the specified Catalog Control. parameters: - - description: Dashboard filter JSON files to import - in: formData - name: files + - description: Catalog ID + in: path + name: id required: true - type: file + type: string + - description: Parent Control ID + in: path + name: control + required: true + type: string + - description: Control object + in: body + name: control + required: true + schema: + $ref: '#/definitions/oscalTypes_1_1_3.Control' + produces: + - application/json + responses: + "201": + description: Created + schema: + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Control' + "400": + description: Bad Request + schema: + $ref: '#/definitions/api.Error' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/api.Error' + security: + - OAuth2Password: [] + summary: Create a new Sub-Control for a Control within a Catalog + tags: + - Catalog + /oscal/catalogs/{id}/groups: + get: + description: Retrieves the top-level groups for a given Catalog. + parameters: + - description: Catalog ID + in: path + name: id + required: true + type: string produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-handler_FilterImportResponse' + $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_Group' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' + "401": + description: Unauthorized + schema: + $ref: '#/definitions/api.Error' + "404": + description: Not Found + schema: + $ref: '#/definitions/api.Error' "500": description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Import dashboard filters + security: + - OAuth2Password: [] + summary: List groups for a Catalog tags: - - Filters - /oscal/activities: + - Catalog post: consumes: - application/json - description: Creates a new activity for us in other resources. + description: Adds a top-level group under the specified Catalog. parameters: - - description: Activity object + - description: Catalog ID + in: path + name: id + required: true + type: string + - description: Group object in: body - name: activity + name: group required: true schema: - $ref: '#/definitions/oscalTypes_1_1_3.Activity' + $ref: '#/definitions/oscalTypes_1_1_3.Group' produces: - application/json responses: "201": description: Created schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Activity' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Group' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "404": - description: Not Found - schema: - $ref: '#/definitions/api.Error' "500": description: Internal Server Error schema: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Create an Activity + summary: Create a new Group for a Catalog tags: - - Activities - /oscal/activities/{id}: + - Catalog + /oscal/catalogs/{id}/groups/{group}: delete: - description: Deletes an activity + description: Deletes a Group and cascades to nested groups and controls. parameters: - - description: Activity ID + - description: Catalog ID in: path name: id required: true type: string + - description: Group ID + in: path + name: group + required: true + type: string responses: "204": description: No Content @@ -6803,26 +13303,29 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Delete Activity + summary: Delete a Group (cascade) tags: - - Activities + - Catalog get: - consumes: - - application/json - description: Retrieves an Activity by its unique ID. + description: Retrieves a single Group by its ID for a given Catalog. parameters: - - description: Activity ID + - description: Catalog ID in: path name: id required: true type: string + - description: Group ID + in: path + name: group + required: true + type: string produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Activity' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Group' "400": description: Bad Request schema: @@ -6837,32 +13340,38 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Retrieve an Activity + summary: Get a specific Group within a Catalog tags: - - Activities + - Catalog put: consumes: - application/json - description: Updates properties of an existing Activity by its ID. + description: Updates the properties of an existing Group under the specified + Catalog. parameters: - - description: Activity ID + - description: Catalog ID in: path name: id required: true type: string - - description: Activity object + - description: Group ID + in: path + name: group + required: true + type: string + - description: Updated Group object in: body - name: activity + name: group required: true schema: - $ref: '#/definitions/oscalTypes_1_1_3.Activity' + $ref: '#/definitions/oscalTypes_1_1_3.Group' produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Activity' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Group' "400": description: Bad Request schema: @@ -6877,80 +13386,110 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Update an Activity + summary: Update a Group within a Catalog tags: - - Activities - /oscal/assessment-plans: + - Catalog + /oscal/catalogs/{id}/groups/{group}/controls: get: - description: Retrieves all Assessment Plans. + description: Retrieves the controls directly under a specific Group in a given + Catalog. + parameters: + - description: Catalog ID + in: path + name: id + required: true + type: string + - description: Group ID + in: path + name: group + required: true + type: string produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_AssessmentPlan' + $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_Control' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' + "404": + description: Not Found + schema: + $ref: '#/definitions/api.Error' "500": description: Internal Server Error schema: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: List Assessment Plans + summary: List controls for a Group within a Catalog tags: - - Assessment Plans + - Catalog post: consumes: - application/json - description: Creates a new OSCAL Assessment Plan with comprehensive validation. + description: Adds a control under the specified Catalog and Group. parameters: - - description: 'Assessment Plan object with required fields: UUID, metadata - (title, version), import-ssp' + - description: Catalog ID + in: path + name: id + required: true + type: string + - description: Parent Group ID + in: path + name: group + required: true + type: string + - description: Control object in: body - name: plan + name: control required: true schema: - $ref: '#/definitions/oscalTypes_1_1_3.AssessmentPlan' + $ref: '#/definitions/oscalTypes_1_1_3.Control' produces: - application/json responses: "201": - description: Successfully created assessment plan + description: Created schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_AssessmentPlan' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Control' "400": - description: Bad request - validation errors or malformed input - schema: - $ref: '#/definitions/api.Error' - "401": - description: Unauthorized - invalid or missing JWT token + description: Bad Request schema: $ref: '#/definitions/api.Error' "500": - description: Internal server error + description: Internal Server Error schema: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Create an Assessment Plan + summary: Create a new Control for a Catalog Group tags: - - Assessment Plans - /oscal/assessment-plans/{id}: - delete: - description: Deletes an Assessment Plan by its unique ID. + - Catalog + /oscal/catalogs/{id}/groups/{group}/groups: + get: + description: Retrieves the sub-groups of a specific Group in a given Catalog. parameters: - - description: Assessment Plan ID + - description: Catalog ID in: path name: id required: true type: string + - description: Group ID + in: path + name: group + required: true + type: string + produces: + - application/json responses: - "204": - description: No Content + "200": + description: OK + schema: + $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_Group' "400": description: Bad Request schema: @@ -6965,66 +13504,101 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Delete an Assessment Plan + summary: List sub-groups for a Group within a Catalog tags: - - Assessment Plans - get: - description: Retrieves a single Assessment Plan by its unique ID. + - Catalog + post: + consumes: + - application/json + description: Adds a sub-group under the specified Catalog and Group. parameters: - - description: Assessment Plan ID + - description: Catalog ID in: path name: id required: true type: string + - description: Parent Group ID + in: path + name: group + required: true + type: string + - description: Group object + in: body + name: group + required: true + schema: + $ref: '#/definitions/oscalTypes_1_1_3.Group' + produces: + - application/json + responses: + "201": + description: Created + schema: + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Group' + "400": + description: Bad Request + schema: + $ref: '#/definitions/api.Error' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/api.Error' + security: + - OAuth2Password: [] + summary: Create a new Sub-Group for a Catalog Group + tags: + - Catalog + /oscal/component-definitions: + get: + description: Retrieves all component definitions. produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_AssessmentPlan' + $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_ComponentDefinition' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "404": - description: Not Found + "401": + description: Unauthorized + schema: + $ref: '#/definitions/api.Error' + "500": + description: Internal Server Error schema: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Get an Assessment Plan + summary: List component definitions tags: - - Assessment Plans - put: + - Component Definitions + post: consumes: - application/json - description: Updates an existing Assessment Plan. + description: Creates a new component definition. parameters: - - description: Assessment Plan ID - in: path - name: id - required: true - type: string - - description: Assessment Plan object + - description: Component Definition in: body - name: plan + name: componentDefinition required: true schema: - $ref: '#/definitions/oscalTypes_1_1_3.AssessmentPlan' + $ref: '#/definitions/oscalTypes_1_1_3.ComponentDefinition' produces: - application/json responses: - "200": - description: OK + "201": + description: Created schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_AssessmentPlan' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_ComponentDefinition' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "404": - description: Not Found + "401": + description: Unauthorized schema: $ref: '#/definitions/api.Error' "500": @@ -7033,14 +13607,14 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Update an Assessment Plan + summary: Create a component definition tags: - - Assessment Plans - /oscal/assessment-plans/{id}/assessment-assets: + - Component Definitions + /oscal/component-definitions/{id}: get: - description: Retrieves all assessment assets for an Assessment Plan. + description: Retrieves a single component definition by its unique ID. parameters: - - description: Assessment Plan ID + - description: Component Definition ID in: path name: id required: true @@ -7051,11 +13625,15 @@ paths: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-array_oscalTypes_1_1_3_AssessmentAssets' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_ComponentDefinition' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' + "401": + description: Unauthorized + schema: + $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -7066,36 +13644,40 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Get Assessment Plan Assets + summary: Get a component definition tags: - - Assessment Plans - post: + - Component Definitions + put: consumes: - application/json - description: Creates a new assessment asset for an Assessment Plan. + description: Updates an existing component definition. parameters: - - description: Assessment Plan ID + - description: Component Definition ID in: path name: id required: true type: string - - description: Assessment Asset object + - description: Updated Component Definition object in: body - name: asset + name: componentDefinition required: true schema: - $ref: '#/definitions/oscalTypes_1_1_3.AssessmentAssets' + $ref: '#/definitions/oscalTypes_1_1_3.ComponentDefinition' produces: - application/json responses: - "201": - description: Created + "200": + description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_AssessmentAssets' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_ComponentDefinition' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' + "401": + description: Unauthorized + schema: + $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -7106,30 +13688,33 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Create Assessment Plan Asset + summary: Update a component definition tags: - - Assessment Plans - /oscal/assessment-plans/{id}/assessment-assets/{assetId}: - delete: - description: Deletes an assessment asset from an Assessment Plan. + - Component Definitions + /oscal/component-definitions/{id}/back-matter: + get: + description: Retrieves the back-matter for a given Component Definition. parameters: - - description: Assessment Plan ID + - description: Component Definition ID in: path name: id required: true type: string - - description: Assessment Asset ID - in: path - name: assetId - required: true - type: string + produces: + - application/json responses: - "204": - description: No Content + "200": + description: OK + schema: + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_BackMatter' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' + "401": + description: Unauthorized + schema: + $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -7140,41 +13725,40 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Delete Assessment Plan Asset + summary: Get back-matter for a Component Definition tags: - - Assessment Plans - put: + - Component Definitions + post: consumes: - application/json - description: Updates an existing assessment asset for an Assessment Plan. + description: Creates new back-matter for a given component definition. parameters: - - description: Assessment Plan ID + - description: Component Definition ID in: path name: id required: true type: string - - description: Assessment Asset ID - in: path - name: assetId - required: true - type: string - - description: Assessment Asset object + - description: Back Matter in: body - name: asset + name: back-matter required: true schema: - $ref: '#/definitions/oscalTypes_1_1_3.AssessmentAssets' + $ref: '#/definitions/oscalTypes_1_1_3.BackMatter' produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_AssessmentAssets' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_BackMatter' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' + "401": + description: Unauthorized + schema: + $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -7185,14 +13769,14 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Update Assessment Plan Asset + summary: Create back-matter for a component definition tags: - - Assessment Plans - /oscal/assessment-plans/{id}/assessment-subjects: + - Component Definitions + /oscal/component-definitions/{id}/capabilities: get: - description: Retrieves all assessment subjects for an Assessment Plan. + description: Retrieves all capabilities for a given component definition. parameters: - - description: Assessment Plan ID + - description: Component Definition ID in: path name: id required: true @@ -7203,11 +13787,15 @@ paths: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-array_oscalTypes_1_1_3_AssessmentSubject' + $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_Capability' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' + "401": + description: Unauthorized + schema: + $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -7218,36 +13806,42 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Get Assessment Plan Subjects + summary: Get capabilities for a component definition tags: - - Assessment Plans + - Component Definitions post: consumes: - application/json - description: Creates a new assessment subject for an Assessment Plan. + description: Creates new capabilities for a given component definition. parameters: - - description: Assessment Plan ID + - description: Component Definition ID in: path name: id required: true type: string - - description: Assessment Subject object + - description: Capabilities in: body - name: subject + name: capabilities required: true schema: - $ref: '#/definitions/oscalTypes_1_1_3.AssessmentSubject' + items: + $ref: '#/definitions/oscalTypes_1_1_3.Capability' + type: array produces: - application/json responses: - "201": - description: Created + "200": + description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_AssessmentSubject' + $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_Capability' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' + "401": + description: Unauthorized + schema: + $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -7258,30 +13852,46 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Create Assessment Plan Subject + summary: Create capabilities for a component definition tags: - - Assessment Plans - /oscal/assessment-plans/{id}/assessment-subjects/{subjectId}: - delete: - description: Deletes an assessment subject from an Assessment Plan. + - Component Definitions + /oscal/component-definitions/{id}/capabilities/{capability}: + put: + consumes: + - application/json + description: Updates a single capability for a given component definition. parameters: - - description: Assessment Plan ID + - description: Component Definition ID in: path name: id required: true type: string - - description: Assessment Subject ID + - description: Capability ID (UUID) in: path - name: subjectId + name: capability required: true type: string + - description: Capability to update + in: body + name: capability + required: true + schema: + $ref: '#/definitions/oscalTypes_1_1_3.Capability' + produces: + - application/json responses: - "204": - description: No Content + "200": + description: OK + schema: + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Capability' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' + "401": + description: Unauthorized + schema: + $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -7292,41 +13902,79 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Delete Assessment Plan Subject + summary: Update a capability for a component definition tags: - - Assessment Plans - put: - consumes: - - application/json - description: Updates an existing assessment subject for an Assessment Plan. + - Component Definitions + /oscal/component-definitions/{id}/capabilities/incorporates-components: + get: + description: Retrieves all incorporates components for a given component definition. parameters: - - description: Assessment Plan ID + - description: Component Definition ID in: path name: id required: true type: string - - description: Assessment Subject ID + produces: + - application/json + responses: + "200": + description: OK + schema: + $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_IncorporatesComponent' + "400": + description: Bad Request + schema: + $ref: '#/definitions/api.Error' + "401": + description: Unauthorized + schema: + $ref: '#/definitions/api.Error' + "404": + description: Not Found + schema: + $ref: '#/definitions/api.Error' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/api.Error' + security: + - OAuth2Password: [] + summary: Get incorporates components for a component definition + tags: + - Component Definitions + post: + consumes: + - application/json + description: Creates new incorporates components for a given component definition. + parameters: + - description: Component Definition ID in: path - name: subjectId + name: id required: true type: string - - description: Assessment Subject object + - description: Incorporates Components in: body - name: subject + name: incorporates-components required: true schema: - $ref: '#/definitions/oscalTypes_1_1_3.AssessmentSubject' + items: + $ref: '#/definitions/oscalTypes_1_1_3.IncorporatesComponent' + type: array produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_AssessmentSubject' + $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_IncorporatesComponent' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' + "401": + description: Unauthorized + schema: + $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -7337,14 +13985,14 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Update Assessment Plan Subject + summary: Create incorporates components for a component definition tags: - - Assessment Plans - /oscal/assessment-plans/{id}/back-matter: + - Component Definitions + /oscal/component-definitions/{id}/components: get: - description: Retrieves back matter for an Assessment Plan. + description: Retrieves all components for a given component definition. parameters: - - description: Assessment Plan ID + - description: Component Definition ID in: path name: id required: true @@ -7355,11 +14003,15 @@ paths: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_BackMatter' + $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_DefinedComponent' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' + "401": + description: Unauthorized + schema: + $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -7370,30 +14022,42 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Get Assessment Plan Back Matter + summary: Get components for a component definition tags: - - Assessment Plans - /oscal/assessment-plans/{id}/full: - get: - description: Retrieves a single Assessment Plan by its unique ID with all related - data preloaded. + - Component Definitions + post: + consumes: + - application/json + description: Creates new components for a given component definition. parameters: - - description: Assessment Plan ID + - description: Component Definition ID in: path name: id required: true type: string + - description: Components to create + in: body + name: components + required: true + schema: + items: + $ref: '#/definitions/oscalTypes_1_1_3.DefinedComponent' + type: array produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_AssessmentPlan' + $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_DefinedComponent' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' + "401": + description: Unauthorized + schema: + $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -7404,29 +14068,42 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Get a full Assessment Plan + summary: Create components for a component definition tags: - - Assessment Plans - /oscal/assessment-plans/{id}/import-ssp: - get: - description: Retrieves import SSP information for an Assessment Plan. + - Component Definitions + put: + consumes: + - application/json + description: Updates the components for a given component definition. parameters: - - description: Assessment Plan ID + - description: Component Definition ID in: path name: id required: true type: string + - description: Components to update + in: body + name: components + required: true + schema: + items: + $ref: '#/definitions/oscalTypes_1_1_3.DefinedComponent' + type: array produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_ImportSsp' + $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_DefinedComponent' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' + "401": + description: Unauthorized + schema: + $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -7437,29 +14114,38 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Get Assessment Plan Import SSP + summary: Update components for a component definition tags: - - Assessment Plans - /oscal/assessment-plans/{id}/local-definitions: + - Component Definitions + /oscal/component-definitions/{id}/components/{defined-component}: get: - description: Retrieves local definitions for an Assessment Plan. + description: Retrieves a defined component for a given component definition. parameters: - - description: Assessment Plan ID + - description: Component Definition ID in: path name: id required: true type: string + - description: Defined Component ID + in: path + name: defined-component + required: true + type: string produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_LocalDefinitions' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_DefinedComponent' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' + "401": + description: Unauthorized + schema: + $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -7470,29 +14156,40 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Get Assessment Plan Local Definitions + summary: Get a defined component for a component definition tags: - - Assessment Plans - /oscal/assessment-plans/{id}/metadata: - get: - description: Retrieves metadata for an Assessment Plan. + - Component Definitions + post: + consumes: + - application/json + description: Creates a new defined component for a given component definition. parameters: - - description: Assessment Plan ID + - description: Component Definition ID in: path name: id required: true type: string + - description: Defined Component to create + in: body + name: defined-component + required: true + schema: + $ref: '#/definitions/oscalTypes_1_1_3.DefinedComponent' produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Metadata' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_DefinedComponent' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' + "401": + description: Unauthorized + schema: + $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -7503,29 +14200,45 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Get Assessment Plan Metadata + summary: Create a defined component for a component definition tags: - - Assessment Plans - /oscal/assessment-plans/{id}/tasks: - get: - description: Retrieves all tasks for an Assessment Plan. + - Component Definitions + put: + consumes: + - application/json + description: Updates a defined component for a given component definition. parameters: - - description: Assessment Plan ID + - description: Component Definition ID in: path name: id required: true type: string + - description: Defined Component ID + in: path + name: defined-component + required: true + type: string + - description: Defined Component to update + in: body + name: defined-component + required: true + schema: + $ref: '#/definitions/oscalTypes_1_1_3.DefinedComponent' produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-array_oscalTypes_1_1_3_Task' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_DefinedComponent' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' + "401": + description: Unauthorized + schema: + $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -7536,36 +14249,38 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Get Assessment Plan Tasks + summary: Update a defined component for a component definition tags: - - Assessment Plans - post: - consumes: - - application/json - description: Creates a new task for an Assessment Plan. + - Component Definitions + /oscal/component-definitions/{id}/components/{defined-component}/control-implementations: + get: + description: Retrieves all control implementations for a given defined component. parameters: - - description: Assessment Plan ID + - description: Component Definition ID in: path name: id required: true type: string - - description: Task object - in: body - name: task + - description: Defined Component ID + in: path + name: defined-component required: true - schema: - $ref: '#/definitions/oscalTypes_1_1_3.Task' + type: string produces: - application/json responses: - "201": - description: Created + "200": + description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Task' + $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_ControlImplementationSet' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' + "401": + description: Unauthorized + schema: + $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -7576,30 +14291,47 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Create Assessment Plan Task + summary: Get control implementations for a defined component tags: - - Assessment Plans - /oscal/assessment-plans/{id}/tasks/{taskId}: - delete: - description: Deletes a task from an Assessment Plan. + - Component Definitions + post: + consumes: + - application/json + description: Creates new control implementations for a given defined component. parameters: - - description: Assessment Plan ID + - description: Component Definition ID in: path name: id required: true type: string - - description: Task ID + - description: Defined Component ID in: path - name: taskId + name: defined-component required: true type: string + - description: Control Implementations + in: body + name: control-implementations + required: true + schema: + items: + $ref: '#/definitions/oscalTypes_1_1_3.ControlImplementationSet' + type: array + produces: + - application/json responses: - "204": - description: No Content + "200": + description: OK + schema: + $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_ControlImplementationSet' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' + "401": + description: Unauthorized + schema: + $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -7610,41 +14342,47 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Delete Assessment Plan Task + summary: Create control implementations for a defined component tags: - - Assessment Plans + - Component Definitions put: consumes: - application/json - description: Updates an existing task for an Assessment Plan. + description: Updates control implementations for a given defined component. parameters: - - description: Assessment Plan ID + - description: Component Definition ID in: path name: id required: true type: string - - description: Task ID + - description: Defined Component ID in: path - name: taskId + name: defined-component required: true type: string - - description: Task object + - description: Control Implementations in: body - name: task + name: control-implementations required: true schema: - $ref: '#/definitions/oscalTypes_1_1_3.Task' + items: + $ref: '#/definitions/oscalTypes_1_1_3.ControlImplementationSet' + type: array produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Task' + $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_ControlImplementationSet' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' + "401": + description: Unauthorized + schema: + $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -7655,35 +14393,51 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Update Assessment Plan Task + summary: Update control implementations for a defined component tags: - - Assessment Plans - /oscal/assessment-plans/{id}/tasks/{taskId}/associated-activities: - get: - description: Retrieves all Activities associated with a specific Task in an - Assessment Plan. + - Component Definitions + /oscal/component-definitions/{id}/components/{defined-component}/control-implementations/{control-implementation}: + put: + consumes: + - application/json + description: Updates a specific control implementation for a given defined component. parameters: - - description: Assessment Plan ID + - description: Component Definition ID in: path name: id required: true type: string - - description: Task ID + - description: Defined Component ID in: path - name: taskId + name: defined-component + required: true + type: string + - description: Control Implementation ID + in: path + name: control-implementation required: true type: string + - description: Control Implementation + in: body + name: control-implementation + required: true + schema: + $ref: '#/definitions/oscalTypes_1_1_3.ControlImplementationSet' produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_AssociatedActivity' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_ControlImplementationSet' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' + "401": + description: Unauthorized + schema: + $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -7694,36 +14448,38 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: List Associated Activities for a Task + summary: Update a single control implementation for a defined component tags: - - Assessment Plans - /oscal/assessment-plans/{id}/tasks/{taskId}/associated-activities/{activityId}: - delete: - description: Removes an association of an Activity from a Task within an Assessment - Plan. + - Component Definitions + /oscal/component-definitions/{id}/components/{defined-component}/control-implementations/implemented-requirements: + get: + description: Retrieves all implemented requirements for a given defined component. parameters: - - description: Assessment Plan ID + - description: Component Definition ID in: path name: id required: true type: string - - description: Task ID - in: path - name: taskId - required: true - type: string - - description: Activity ID + - description: Defined Component ID in: path - name: activityId + name: defined-component required: true type: string + produces: + - application/json responses: - "204": - description: No Content + "200": + description: OK + schema: + $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_ImplementedRequirementControlImplementation' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' + "401": + description: Unauthorized + schema: + $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -7734,37 +14490,38 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Disassociate an Activity from a Task + summary: Get implemented requirements for a defined component tags: - - Assessment Plans - post: - description: Associates an existing Activity to a Task within an Assessment - Plan. + - Component Definitions + /oscal/component-definitions/{id}/components/{defined-component}/control-implementations/implemented-requirements/statements: + get: + description: Retrieves all statements for a given defined component. parameters: - - description: Assessment Plan ID + - description: Component Definition ID in: path name: id required: true type: string - - description: Task ID - in: path - name: taskId - required: true - type: string - - description: Activity ID + - description: Defined Component ID in: path - name: activityId + name: defined-component required: true type: string produces: - application/json responses: "200": - description: No Content + description: OK + schema: + $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_ControlStatementImplementation' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' + "401": + description: Unauthorized + schema: + $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -7775,14 +14532,15 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Associate an Activity with a Task + summary: Get statements for a defined component tags: - - Assessment Plans - /oscal/assessment-plans/{id}/terms-and-conditions: + - Component Definitions + /oscal/component-definitions/{id}/full: get: - description: Retrieves terms and conditions for an Assessment Plan. + description: Retrieves a complete Component Definition by its ID, including + all metadata and revisions. parameters: - - description: Assessment Plan ID + - description: Component Definition ID in: path name: id required: true @@ -7793,11 +14551,15 @@ paths: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_AssessmentPlanTermsAndConditions' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_ComponentDefinition' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' + "401": + description: Unauthorized + schema: + $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -7808,79 +14570,129 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Get Assessment Plan Terms and Conditions + summary: Get a complete Component Definition tags: - - Assessment Plans - /oscal/assessment-results: + - Component Definitions + /oscal/component-definitions/{id}/import-component-definitions: get: - description: Retrieves all Assessment Results. + description: Retrieves all import component definitions for a given defined + component. + parameters: + - description: Component Definition ID + in: path + name: id + required: true + type: string + - description: Defined Component ID + in: path + name: defined-component + required: true + type: string produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_AssessmentResults' + $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_ImportComponentDefinition' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' + "401": + description: Unauthorized + schema: + $ref: '#/definitions/api.Error' + "404": + description: Not Found + schema: + $ref: '#/definitions/api.Error' "500": description: Internal Server Error schema: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: List Assessment Results + summary: Get import component definitions for a defined component tags: - - Assessment Results + - Component Definitions post: - consumes: - - application/json - description: Creates an Assessment Results from input. + description: Creates new import component definitions for a given component + definition. parameters: - - description: Assessment Results data + - description: Component Definition ID + in: path + name: id + required: true + type: string + - description: Import Component Definitions in: body - name: ar + name: import-component-definitions required: true schema: - $ref: '#/definitions/oscalTypes_1_1_3.AssessmentResults' + items: + $ref: '#/definitions/oscalTypes_1_1_3.ImportComponentDefinition' + type: array produces: - application/json responses: - "201": - description: Created + "200": + description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_AssessmentResults' + $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_ImportComponentDefinition' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' + "401": + description: Unauthorized + schema: + $ref: '#/definitions/api.Error' + "404": + description: Not Found + schema: + $ref: '#/definitions/api.Error' "500": description: Internal Server Error schema: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Create an Assessment Results + summary: Create import component definitions for a component definition tags: - - Assessment Results - /oscal/assessment-results/{id}: - delete: - description: Deletes an Assessment Results by its ID. + - Component Definitions + put: + description: Updates the import component definitions for a given component + definition. parameters: - - description: Assessment Results ID + - description: Component Definition ID in: path name: id required: true type: string + - description: Import Component Definitions + in: body + name: import-component-definitions + required: true + schema: + items: + $ref: '#/definitions/oscalTypes_1_1_3.ImportComponentDefinition' + type: array + produces: + - application/json responses: - "204": - description: No Content + "200": + description: OK + schema: + $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_ImportComponentDefinition' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' + "401": + description: Unauthorized + schema: + $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -7891,70 +14703,84 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Delete an Assessment Results + summary: Update import component definitions for a component definition tags: - - Assessment Results - get: - description: Retrieves a single Assessment Results by its unique ID. + - Component Definitions + /oscal/import: + post: + consumes: + - multipart/form-data + description: Import multiple OSCAL JSON files (catalogs, profiles, SSPs, etc.) parameters: - - description: Assessment Results ID - in: path - name: id + - description: OSCAL JSON files to import + in: formData + name: files required: true - type: string + type: file produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_AssessmentResults' + $ref: '#/definitions/handler.GenericDataResponse-oscal_ImportResponse' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "404": - description: Not Found - schema: - $ref: '#/definitions/api.Error' "500": description: Internal Server Error schema: $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Get an Assessment Results + summary: Import OSCAL files tags: - - Assessment Results - put: - consumes: - - application/json - description: Updates an existing Assessment Results. + - OSCAL + /oscal/inventory: + get: + description: Retrieves all inventory items from all sources (SSP, Evidence, + POAM, AP, AR) parameters: - - description: Assessment Results ID - in: path - name: id - required: true + - description: Include items from System Security Plans + in: query + name: include_ssp + type: string + - description: Include items from Evidence + in: query + name: include_evidence + type: string + - description: Include items from Plan of Action and Milestones + in: query + name: include_poam + type: string + - description: Include items from Assessment Plans + in: query + name: include_ap + type: string + - description: Include items from Assessment Results + in: query + name: include_ar + type: string + - description: Filter by item type (e.g., operating-system, database, web-server) + in: query + name: item_type + type: string + - description: Filter by SSP attachment status + in: query + name: attached_to_ssp type: string - - description: Updated Assessment Results object - in: body - name: ar - required: true - schema: - $ref: '#/definitions/oscalTypes_1_1_3.AssessmentResults' produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_AssessmentResults' + $ref: '#/definitions/handler.GenericDataListResponse-oscal_InventoryItemWithSource' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "404": - description: Not Found + "401": + description: Unauthorized schema: $ref: '#/definitions/api.Error' "500": @@ -7963,31 +14789,34 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Update an Assessment Results + summary: Get All Inventory Items tags: - - Assessment Results - /oscal/assessment-results/{id}/available-controls: - get: - description: Retrieves controls that can be referenced in findings + - Inventory + post: + consumes: + - application/json + description: Creates a new inventory item with optional attachment to SSP or + POAM parameters: - - description: Assessment Results ID - in: path - name: id + - description: Create Inventory Item Request + in: body + name: request required: true - type: string + schema: + $ref: '#/definitions/oscal.CreateInventoryItemRequest' produces: - application/json responses: - "200": - description: OK + "201": + description: Created schema: - $ref: '#/definitions/handler.GenericDataListResponse-array_oscalTypes_1_1_3_Control' + $ref: '#/definitions/handler.GenericDataResponse-oscal_InventoryItemWithSource' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "404": - description: Not Found + "401": + description: Unauthorized schema: $ref: '#/definitions/api.Error' "500": @@ -7996,25 +14825,33 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Get available controls for findings + summary: Create Inventory Item tags: - - Assessment Results - /oscal/assessment-results/{id}/back-matter: - delete: - description: Deletes the back matter for an Assessment Results. + - Inventory + /oscal/inventory/{id}: + get: + description: Retrieves a specific inventory item by its ID parameters: - - description: Assessment Results ID + - description: Inventory Item ID in: path name: id required: true type: string + produces: + - application/json responses: - "204": - description: No Content + "200": + description: OK + schema: + $ref: '#/definitions/handler.GenericDataResponse-oscal_InventoryItemWithSource' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' + "401": + description: Unauthorized + schema: + $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -8025,30 +14862,25 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Delete back matter + summary: Get Inventory Item by ID tags: - - Assessment Results + - Inventory + /oscal/parties: get: - description: Retrieves the back matter for an Assessment Results. - parameters: - - description: Assessment Results ID - in: path - name: id - required: true - type: string + description: Retrieves all parties. produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_BackMatter' + $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_Party' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "404": - description: Not Found + "401": + description: Unauthorized schema: $ref: '#/definitions/api.Error' "500": @@ -8057,36 +14889,33 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Get back matter + summary: List parties tags: - - Assessment Results - post: - consumes: - - application/json - description: Creates or replaces the back matter for an Assessment Results. + - Oscal + /oscal/parties/{id}: + get: + description: Retrieves a single Party by its unique ID. parameters: - - description: Assessment Results ID + - description: Party ID in: path name: id required: true type: string - - description: Back Matter - in: body - name: backMatter - required: true - schema: - $ref: '#/definitions/oscalTypes_1_1_3.BackMatter' produces: - application/json responses: - "201": - description: Created + "200": + description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_BackMatter' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Party' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' + "401": + description: Unauthorized + schema: + $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -8097,106 +14926,72 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Create back matter + summary: Get a Party tags: - - Assessment Results - put: - consumes: - - application/json - description: Updates the back matter for an Assessment Results. - parameters: - - description: Assessment Results ID - in: path - name: id - required: true - type: string - - description: Back Matter - in: body - name: backMatter - required: true - schema: - $ref: '#/definitions/oscalTypes_1_1_3.BackMatter' + - Oscal + /oscal/plan-of-action-and-milestones: + get: + description: Retrieves all Plan of Action and Milestones. produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_BackMatter' + $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_PlanOfActionAndMilestones' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "404": - description: Not Found - schema: - $ref: '#/definitions/api.Error' "500": description: Internal Server Error schema: $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Update back matter + summary: List POA&Ms tags: - - Assessment Results - /oscal/assessment-results/{id}/back-matter/resources: - get: - description: Retrieves all resources from the back matter for an Assessment - Results. + - Plan Of Action and Milestones + post: + consumes: + - application/json + description: Creates a new Plan of Action and Milestones. parameters: - - description: Assessment Results ID - in: path - name: id + - description: POA&M data + in: body + name: poam required: true - type: string + schema: + $ref: '#/definitions/oscalTypes_1_1_3.PlanOfActionAndMilestones' produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_Resource' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_PlanOfActionAndMilestones' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "404": - description: Not Found - schema: - $ref: '#/definitions/api.Error' "500": description: Internal Server Error schema: $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Get back matter resources + summary: Create a new POA&M tags: - - Assessment Results - post: - consumes: - - application/json - description: Creates a new resource in the back matter for an Assessment Results. + - Plan Of Action and Milestones + /oscal/plan-of-action-and-milestones/{id}: + delete: + description: Deletes an existing Plan of Action and Milestones and all its related + data. parameters: - - description: Assessment Results ID + - description: POA&M ID in: path name: id required: true type: string - - description: Resource - in: body - name: resource - required: true - schema: - $ref: '#/definitions/oscalTypes_1_1_3.Resource' - produces: - - application/json responses: - "201": - description: Created - schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Resource' + "204": + description: No Content "400": description: Bad Request schema: @@ -8209,29 +15004,25 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Create back matter resource + summary: Delete a POA&M tags: - - Assessment Results - /oscal/assessment-results/{id}/back-matter/resources/{resourceId}: - delete: - description: Deletes a specific resource from the back matter for an Assessment - Results. + - Plan Of Action and Milestones + get: + description: Retrieves a single Plan of Action and Milestones by its unique + ID. parameters: - - description: Assessment Results ID + - description: POA&M ID in: path name: id required: true type: string - - description: Resource ID - in: path - name: resourceId - required: true - type: string + produces: + - application/json responses: - "204": - description: No Content + "200": + description: OK + schema: + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_PlanOfActionAndMilestones' "400": description: Bad Request schema: @@ -8244,40 +15035,32 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Delete back matter resource + summary: Get a POA&M tags: - - Assessment Results + - Plan Of Action and Milestones put: consumes: - application/json - description: Updates a specific resource in the back matter for an Assessment - Results. + description: Updates an existing Plan of Action and Milestones. parameters: - - description: Assessment Results ID + - description: POA&M ID in: path name: id required: true type: string - - description: Resource ID - in: path - name: resourceId - required: true - type: string - - description: Resource + - description: POA&M data in: body - name: resource + name: poam required: true schema: - $ref: '#/definitions/oscalTypes_1_1_3.Resource' + $ref: '#/definitions/oscalTypes_1_1_3.PlanOfActionAndMilestones' produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Resource' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_PlanOfActionAndMilestones' "400": description: Bad Request schema: @@ -8290,32 +15073,25 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Update back matter resource + summary: Update a POA&M tags: - - Assessment Results - /oscal/assessment-results/{id}/control/{controlId}: + - Plan Of Action and Milestones + /oscal/plan-of-action-and-milestones/{id}/back-matter: get: - description: Retrieves a control with all its parts for reference in findings + description: Retrieves back-matter for a given POA&M. parameters: - - description: Assessment Results ID + - description: POA&M ID in: path name: id required: true type: string - - description: Control ID - in: path - name: controlId - required: true - type: string produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Control' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_BackMatter' "400": description: Bad Request schema: @@ -8328,17 +15104,14 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Get control details with statements and objectives + summary: Get POA&M back-matter tags: - - Assessment Results - /oscal/assessment-results/{id}/findings: + - Plan Of Action and Milestones + /oscal/plan-of-action-and-milestones/{id}/back-matter/resources: get: - description: Retrieves all findings in the system that can be associated with - results. + description: Retrieves all back-matter resources for a given POA&M. parameters: - - description: Assessment Results ID + - description: POA&M ID in: path name: id required: true @@ -8349,7 +15122,7 @@ paths: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_Finding' + $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_Resource' "400": description: Bad Request schema: @@ -8362,28 +15135,32 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: List all findings available for association + summary: Get back-matter resources for a POA&M tags: - - Assessment Results - /oscal/assessment-results/{id}/full: - get: - description: Retrieves a complete Assessment Results by its ID, including all - metadata and related objects. + - Plan Of Action and Milestones + post: + consumes: + - application/json + description: Creates a new back-matter resource for a given POA&M. parameters: - - description: Assessment Results ID + - description: POA&M ID in: path name: id required: true type: string + - description: Resource data + in: body + name: resource + required: true + schema: + $ref: '#/definitions/oscalTypes_1_1_3.Resource' produces: - application/json responses: - "200": - description: OK + "201": + description: Created schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_AssessmentResults' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Resource' "400": description: Bad Request schema: @@ -8396,27 +15173,26 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Get a complete Assessment Results + summary: Create a new back-matter resource for a POA&M tags: - - Assessment Results - /oscal/assessment-results/{id}/import-ap: - get: - description: Retrieves import-ap for a given Assessment Results. + - Plan Of Action and Milestones + /oscal/plan-of-action-and-milestones/{id}/back-matter/resources/{resourceId}: + delete: + description: Deletes an existing back-matter resource for a given POA&M. parameters: - - description: Assessment Results ID + - description: POA&M ID in: path name: id required: true type: string - produces: - - application/json + - description: Resource ID + in: path + name: resourceId + required: true + type: string responses: - "200": - description: OK - schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_ImportAp' + "204": + description: No Content "400": description: Bad Request schema: @@ -8429,34 +15205,37 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Get Assessment Results import-ap + summary: Delete a back-matter resource from a POA&M tags: - - Assessment Results + - Plan Of Action and Milestones put: consumes: - application/json - description: Updates import-ap for a given Assessment Results. + description: Updates an existing back-matter resource for a given POA&M. parameters: - - description: Assessment Results ID + - description: POA&M ID in: path name: id required: true type: string - - description: Import AP data + - description: Resource ID + in: path + name: resourceId + required: true + type: string + - description: Resource data in: body - name: importAp + name: resource required: true schema: - $ref: '#/definitions/oscalTypes_1_1_3.ImportAp' + $ref: '#/definitions/oscalTypes_1_1_3.Resource' produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_ImportAp' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Resource' "400": description: Bad Request schema: @@ -8469,16 +15248,14 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Update Assessment Results import-ap + summary: Update a back-matter resource for a POA&M tags: - - Assessment Results - /oscal/assessment-results/{id}/local-definitions: + - Plan Of Action and Milestones + /oscal/plan-of-action-and-milestones/{id}/findings: get: - description: Retrieves local-definitions for a given Assessment Results. + description: Retrieves all findings for a given POA&M. parameters: - - description: Assessment Results ID + - description: POA&M ID in: path name: id required: true @@ -8489,7 +15266,7 @@ paths: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_LocalDefinitions' + $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_Finding' "400": description: Bad Request schema: @@ -8502,34 +15279,32 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Get Assessment Results local-definitions + summary: Get findings for a POA&M tags: - - Assessment Results - put: + - Plan Of Action and Milestones + post: consumes: - application/json - description: Updates local-definitions for a given Assessment Results. + description: Creates a new finding for a given POA&M. parameters: - - description: Assessment Results ID + - description: POA&M ID in: path name: id required: true type: string - - description: Local definitions data + - description: Finding data in: body - name: localDefinitions + name: finding required: true schema: - $ref: '#/definitions/oscalTypes_1_1_3.LocalDefinitions' + $ref: '#/definitions/oscalTypes_1_1_3.Finding' produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_LocalDefinitions' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Finding' "400": description: Bad Request schema: @@ -8542,27 +15317,26 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Update Assessment Results local-definitions + summary: Create a new finding for a POA&M tags: - - Assessment Results - /oscal/assessment-results/{id}/metadata: - get: - description: Retrieves metadata for a given Assessment Results. + - Plan Of Action and Milestones + /oscal/plan-of-action-and-milestones/{id}/findings/{findingId}: + delete: + description: Deletes an existing finding for a given POA&M. parameters: - - description: Assessment Results ID + - description: POA&M ID in: path name: id required: true type: string - produces: - - application/json + - description: Finding ID + in: path + name: findingId + required: true + type: string responses: - "200": - description: OK - schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Metadata' + "204": + description: No Content "400": description: Bad Request schema: @@ -8575,34 +15349,37 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Get Assessment Results metadata + summary: Delete a finding from a POA&M tags: - - Assessment Results + - Plan Of Action and Milestones put: consumes: - application/json - description: Updates metadata for a given Assessment Results. + description: Updates an existing finding for a given POA&M. parameters: - - description: Assessment Results ID + - description: POA&M ID in: path name: id required: true type: string - - description: Metadata data + - description: Finding ID + in: path + name: findingId + required: true + type: string + - description: Finding data in: body - name: metadata + name: finding required: true schema: - $ref: '#/definitions/oscalTypes_1_1_3.Metadata' + $ref: '#/definitions/oscalTypes_1_1_3.Finding' produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Metadata' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Finding' "400": description: Bad Request schema: @@ -8615,17 +15392,15 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Update Assessment Results metadata + summary: Update a finding for a POA&M tags: - - Assessment Results - /oscal/assessment-results/{id}/observations: + - Plan Of Action and Milestones + /oscal/plan-of-action-and-milestones/{id}/full: get: - description: Retrieves all observations in the system that can be associated - with results. + description: Retrieves a complete POA&M by its ID, including all metadata and + related objects. parameters: - - description: Assessment Results ID + - description: POA&M ID in: path name: id required: true @@ -8636,7 +15411,7 @@ paths: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_Observation' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_PlanOfActionAndMilestones' "400": description: Bad Request schema: @@ -8649,27 +15424,63 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: List all observations available for association + summary: Get a complete POA&M tags: - - Assessment Results - /oscal/assessment-results/{id}/results: + - Plan Of Action and Milestones + /oscal/plan-of-action-and-milestones/{id}/import-ssp: get: - description: Retrieves all results for a given Assessment Results. + description: Retrieves import-ssp for a given POA&M. parameters: - - description: Assessment Results ID + - description: POA&M ID + in: path + name: id + required: true + type: string + produces: + - application/json + responses: + "200": + description: OK + schema: + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_ImportSsp' + "400": + description: Bad Request + schema: + $ref: '#/definitions/api.Error' + "404": + description: Not Found + schema: + $ref: '#/definitions/api.Error' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/api.Error' + summary: Get POA&M import-ssp + tags: + - Plan Of Action and Milestones + post: + consumes: + - application/json + description: Creates import-ssp for a given POA&M. + parameters: + - description: POA&M ID in: path name: id required: true - type: string + type: string + - description: Import SSP data + in: body + name: importSsp + required: true + schema: + $ref: '#/definitions/oscalTypes_1_1_3.ImportSsp' produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_Result' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_ImportSsp' "400": description: Bad Request schema: @@ -8682,34 +15493,32 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Get results for an Assessment Results + summary: Create import-ssp for a POA&M tags: - - Assessment Results - post: + - Plan Of Action and Milestones + put: consumes: - application/json - description: Creates a new result for a given Assessment Results. + description: Updates import-ssp for a given POA&M. parameters: - - description: Assessment Results ID + - description: POA&M ID in: path name: id required: true type: string - - description: Result data + - description: Import SSP data in: body - name: result + name: importSsp required: true schema: - $ref: '#/definitions/oscalTypes_1_1_3.Result' + $ref: '#/definitions/oscalTypes_1_1_3.ImportSsp' produces: - application/json responses: - "201": - description: Created + "200": + description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Result' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_ImportSsp' "400": description: Bad Request schema: @@ -8722,28 +15531,25 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Create a result for an Assessment Results + summary: Update import-ssp for a POA&M tags: - - Assessment Results - /oscal/assessment-results/{id}/results/{resultId}: - delete: - description: Deletes a specific result from an Assessment Results. + - Plan Of Action and Milestones + /oscal/plan-of-action-and-milestones/{id}/local-definitions: + get: + description: Retrieves local definitions for a given POA&M. parameters: - - description: Assessment Results ID + - description: POA&M ID in: path name: id required: true type: string - - description: Result ID - in: path - name: resultId - required: true - type: string + produces: + - application/json responses: - "204": - description: No Content + "200": + description: OK + schema: + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_PlanOfActionAndMilestonesLocalDefinitions' "400": description: Bad Request schema: @@ -8756,31 +15562,37 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Delete a result + summary: Get POA&M local definitions tags: - - Assessment Results - get: - description: Retrieves a specific result from an Assessment Results. + - Plan Of Action and Milestones + put: + consumes: + - application/json + description: |- + Updates local-definitions for a given POA&M with special handling of array and object fields. + - Components and inventory-items arrays are treated as full replacements: the existing values on the POA&M are overwritten by the arrays provided in the request body (no per-element merge is performed). + - Sending an empty array [] for components or inventory-items clears that specific field (resulting in an empty array on the POA&M). + - Omitting a field in the request body leaves the existing value for that field unchanged. + - Sending an empty JSON object {} as the payload deletes the entire local-definitions object for the POA&M. parameters: - - description: Assessment Results ID + - description: POA&M ID in: path name: id required: true type: string - - description: Result ID - in: path - name: resultId + - description: Local definitions data + in: body + name: local-definitions required: true - type: string + schema: + $ref: '#/definitions/oscalTypes_1_1_3.PlanOfActionAndMilestonesLocalDefinitions' produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Result' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_PlanOfActionAndMilestonesLocalDefinitions' "400": description: Bad Request schema: @@ -8793,39 +15605,25 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Get a specific result + summary: Update POA&M local-definitions tags: - - Assessment Results - put: - consumes: - - application/json - description: Updates a specific result in an Assessment Results. + - Plan Of Action and Milestones + /oscal/plan-of-action-and-milestones/{id}/metadata: + get: + description: Retrieves metadata for a given POA&M. parameters: - - description: Assessment Results ID + - description: POA&M ID in: path name: id required: true type: string - - description: Result ID - in: path - name: resultId - required: true - type: string - - description: Result data - in: body - name: result - required: true - schema: - $ref: '#/definitions/oscalTypes_1_1_3.Result' produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Result' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Metadata' "400": description: Bad Request schema: @@ -8838,33 +15636,32 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Update a result + summary: Get POA&M metadata tags: - - Assessment Results - /oscal/assessment-results/{id}/results/{resultId}/associated-findings: - get: - description: Retrieves all Findings associated with a specific Result in an - Assessment Results. + - Plan Of Action and Milestones + put: + consumes: + - application/json + description: Updates metadata for a given POA&M. parameters: - - description: Assessment Results ID + - description: POA&M ID in: path name: id required: true type: string - - description: Result ID - in: path - name: resultId + - description: Metadata data + in: body + name: metadata required: true - type: string + schema: + $ref: '#/definitions/oscalTypes_1_1_3.Metadata' produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_Finding' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Metadata' "400": description: Bad Request schema: @@ -8877,34 +15674,25 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: List Associated Findings for a Result + summary: Update POA&M metadata tags: - - Assessment Results - /oscal/assessment-results/{id}/results/{resultId}/associated-findings/{findingId}: - delete: - description: Removes an association of a Finding from a Result within an Assessment - Results. + - Plan Of Action and Milestones + /oscal/plan-of-action-and-milestones/{id}/observations: + get: + description: Retrieves all observations for a given POA&M. parameters: - - description: Assessment Results ID + - description: POA&M ID in: path name: id required: true type: string - - description: Result ID - in: path - name: resultId - required: true - type: string - - description: Finding ID - in: path - name: findingId - required: true - type: string + produces: + - application/json responses: - "204": - description: No Content + "200": + description: OK + schema: + $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_Observation' "400": description: Bad Request schema: @@ -8917,35 +15705,32 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Disassociate a Finding from a Result + summary: Get observations for a POA&M tags: - - Assessment Results + - Plan Of Action and Milestones post: - description: Associates an existing Finding to a Result within an Assessment - Results. + consumes: + - application/json + description: Creates a new observation for a given POA&M. parameters: - - description: Assessment Results ID + - description: POA&M ID in: path name: id required: true type: string - - description: Result ID - in: path - name: resultId - required: true - type: string - - description: Finding ID - in: path - name: findingId + - description: Observation data + in: body + name: observation required: true - type: string + schema: + $ref: '#/definitions/oscalTypes_1_1_3.Observation' produces: - application/json responses: "200": - description: No Content + description: OK + schema: + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Observation' "400": description: Bad Request schema: @@ -8958,33 +15743,26 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Associate a Finding with a Result + summary: Create a new observation for a POA&M tags: - - Assessment Results - /oscal/assessment-results/{id}/results/{resultId}/associated-observations: - get: - description: Retrieves all Observations associated with a specific Result in - an Assessment Results. + - Plan Of Action and Milestones + /oscal/plan-of-action-and-milestones/{id}/observations/{obsId}: + delete: + description: Deletes an existing observation for a given POA&M. parameters: - - description: Assessment Results ID + - description: POA&M ID in: path name: id required: true type: string - - description: Result ID + - description: Observation ID in: path - name: resultId + name: obsId required: true type: string - produces: - - application/json responses: - "200": - description: OK - schema: - $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_Observation' + "204": + description: No Content "400": description: Bad Request schema: @@ -8997,34 +15775,37 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: List Associated Observations for a Result + summary: Delete an observation from a POA&M tags: - - Assessment Results - /oscal/assessment-results/{id}/results/{resultId}/associated-observations/{observationId}: - delete: - description: Removes an association of an Observation from a Result within an - Assessment Results. + - Plan Of Action and Milestones + put: + consumes: + - application/json + description: Updates an existing observation for a given POA&M. parameters: - - description: Assessment Results ID + - description: POA&M ID in: path name: id required: true type: string - - description: Result ID - in: path - name: resultId - required: true - type: string - description: Observation ID in: path - name: observationId + name: obsId required: true type: string + - description: Observation data + in: body + name: observation + required: true + schema: + $ref: '#/definitions/oscalTypes_1_1_3.Observation' + produces: + - application/json responses: - "204": - description: No Content + "200": + description: OK + schema: + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Observation' "400": description: Bad Request schema: @@ -9037,35 +15818,25 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Disassociate an Observation from a Result + summary: Update an observation for a POA&M tags: - - Assessment Results - post: - description: Associates an existing Observation to a Result within an Assessment - Results. + - Plan Of Action and Milestones + /oscal/plan-of-action-and-milestones/{id}/poam-items: + get: + description: Retrieves all POA&M items for a given POA&M. parameters: - - description: Assessment Results ID + - description: POA&M ID in: path name: id required: true type: string - - description: Result ID - in: path - name: resultId - required: true - type: string - - description: Observation ID - in: path - name: observationId - required: true - type: string produces: - application/json responses: "200": - description: No Content + description: OK + schema: + $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_PoamItem' "400": description: Bad Request schema: @@ -9078,33 +15849,32 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Associate an Observation with a Result + summary: Get POA&M items tags: - - Assessment Results - /oscal/assessment-results/{id}/results/{resultId}/associated-risks: - get: - description: Retrieves all Risks associated with a specific Result in an Assessment - Results. + - Plan Of Action and Milestones + post: + consumes: + - application/json + description: Creates a new POAM item for a given POA&M. parameters: - - description: Assessment Results ID + - description: POA&M ID in: path name: id required: true type: string - - description: Result ID - in: path - name: resultId + - description: POAM Item data + in: body + name: poam-item required: true - type: string + schema: + $ref: '#/definitions/oscalTypes_1_1_3.PoamItem' produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_Risk' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_PoamItem' "400": description: Bad Request schema: @@ -9117,29 +15887,21 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: List Associated Risks for a Result + summary: Create a new POAM item for a POA&M tags: - - Assessment Results - /oscal/assessment-results/{id}/results/{resultId}/associated-risks/{riskId}: + - Plan Of Action and Milestones + /oscal/plan-of-action-and-milestones/{id}/poam-items/{itemId}: delete: - description: Removes an association of a Risk from a Result within an Assessment - Results. + description: Deletes an existing POAM item for a given POA&M. parameters: - - description: Assessment Results ID + - description: POA&M ID in: path name: id required: true type: string - - description: Result ID - in: path - name: resultId - required: true - type: string - - description: Risk ID + - description: POAM Item ID in: path - name: riskId + name: itemId required: true type: string responses: @@ -9157,34 +15919,37 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Disassociate a Risk from a Result + summary: Delete a POAM item from a POA&M tags: - - Assessment Results - post: - description: Associates an existing Risk to a Result within an Assessment Results. + - Plan Of Action and Milestones + put: + consumes: + - application/json + description: Updates an existing POAM item for a given POA&M. parameters: - - description: Assessment Results ID + - description: POA&M ID in: path name: id required: true type: string - - description: Result ID + - description: POAM Item ID in: path - name: resultId + name: itemId required: true type: string - - description: Risk ID - in: path - name: riskId + - description: POAM Item data + in: body + name: poam-item required: true - type: string + schema: + $ref: '#/definitions/oscalTypes_1_1_3.PoamItem' produces: - application/json responses: "200": - description: No Content + description: OK + schema: + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_PoamItem' "400": description: Bad Request schema: @@ -9197,32 +15962,25 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Associate a Risk with a Result + summary: Update a POAM item for a POA&M tags: - - Assessment Results - /oscal/assessment-results/{id}/results/{resultId}/attestations: + - Plan Of Action and Milestones + /oscal/plan-of-action-and-milestones/{id}/risks: get: - description: Retrieves all attestations for a given result. + description: Retrieves all risks for a given POA&M. parameters: - - description: Assessment Results ID + - description: POA&M ID in: path name: id required: true type: string - - description: Result ID - in: path - name: resultId - required: true - type: string produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_AttestationStatements' + $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_Risk' "400": description: Bad Request schema: @@ -9235,39 +15993,32 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Get attestations for a result + summary: Get risks for a POA&M tags: - - Assessment Results + - Plan Of Action and Milestones post: consumes: - application/json - description: Creates a new attestation for a given result. + description: Creates a new risk for a given POA&M. parameters: - - description: Assessment Results ID + - description: POA&M ID in: path name: id required: true type: string - - description: Result ID - in: path - name: resultId - required: true - type: string - - description: Attestation data + - description: Risk data in: body - name: attestation + name: risk required: true schema: - $ref: '#/definitions/oscalTypes_1_1_3.AttestationStatements' + $ref: '#/definitions/oscalTypes_1_1_3.Risk' produces: - application/json responses: - "201": - description: Created + "200": + description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_AttestationStatements' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Risk' "400": description: Bad Request schema: @@ -9280,28 +16031,21 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Create an attestation for a result + summary: Create a new risk for a POA&M tags: - - Assessment Results - /oscal/assessment-results/{id}/results/{resultId}/attestations/{attestationId}: + - Plan Of Action and Milestones + /oscal/plan-of-action-and-milestones/{id}/risks/{riskId}: delete: - description: Deletes a specific attestation from a result. + description: Deletes an existing risk for a given POA&M. parameters: - - description: Assessment Results ID + - description: POA&M ID in: path name: id required: true type: string - - description: Result ID - in: path - name: resultId - required: true - type: string - - description: Attestation ID + - description: Risk ID in: path - name: attestationId + name: riskId required: true type: string responses: @@ -9319,82 +16063,37 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Delete an attestation + summary: Delete a risk from a POA&M tags: - - Assessment Results + - Plan Of Action and Milestones put: consumes: - application/json - description: Updates a specific attestation in a result. + description: Updates an existing risk for a given POA&M. parameters: - - description: Assessment Results ID + - description: POA&M ID in: path name: id required: true type: string - - description: Result ID - in: path - name: resultId - required: true - type: string - - description: Attestation ID + - description: Risk ID in: path - name: attestationId + name: riskId required: true type: string - - description: Attestation data + - description: Risk data in: body - name: attestation + name: risk required: true schema: - $ref: '#/definitions/oscalTypes_1_1_3.AttestationStatements' - produces: - - application/json - responses: - "200": - description: OK - schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_AttestationStatements' - "400": - description: Bad Request - schema: - $ref: '#/definitions/api.Error' - "404": - description: Not Found - schema: - $ref: '#/definitions/api.Error' - "500": - description: Internal Server Error - schema: - $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Update an attestation - tags: - - Assessment Results - /oscal/assessment-results/{id}/results/{resultId}/findings: - get: - description: Retrieves all findings for a given result. - parameters: - - description: Assessment Results ID - in: path - name: id - required: true - type: string - - description: Result ID - in: path - name: resultId - required: true - type: string + $ref: '#/definitions/oscalTypes_1_1_3.Risk' produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_Finding' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Risk' "400": description: Bad Request schema: @@ -9407,39 +16106,25 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Get findings for a result + summary: Update a risk for a POA&M tags: - - Assessment Results - post: - consumes: - - application/json - description: Creates a new finding for a given result. + - Plan Of Action and Milestones + /oscal/plan-of-action-and-milestones/{id}/system-id: + get: + description: Retrieves system-id for a given POA&M. parameters: - - description: Assessment Results ID + - description: POA&M ID in: path name: id required: true type: string - - description: Result ID - in: path - name: resultId - required: true - type: string - - description: Finding data - in: body - name: finding - required: true - schema: - $ref: '#/definitions/oscalTypes_1_1_3.Finding' produces: - application/json responses: - "201": - description: Created + "200": + description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Finding' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_SystemId' "400": description: Bad Request schema: @@ -9452,33 +16137,32 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Create a finding for a result + summary: Get POA&M system-id tags: - - Assessment Results - /oscal/assessment-results/{id}/results/{resultId}/findings/{findingId}: - delete: - description: Deletes a specific finding from a result. + - Plan Of Action and Milestones + post: + consumes: + - application/json + description: Creates system-id for a given POA&M. parameters: - - description: Assessment Results ID + - description: POA&M ID in: path name: id required: true type: string - - description: Result ID - in: path - name: resultId - required: true - type: string - - description: Finding ID - in: path - name: findingId + - description: System ID data + in: body + name: systemId required: true - type: string + schema: + $ref: '#/definitions/oscalTypes_1_1_3.SystemId' + produces: + - application/json responses: - "204": - description: No Content + "200": + description: OK + schema: + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_SystemId' "400": description: Bad Request schema: @@ -9491,44 +16175,32 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Delete a finding + summary: Create system-id for a POA&M tags: - - Assessment Results + - Plan Of Action and Milestones put: consumes: - application/json - description: Updates a specific finding in a result. + description: Updates system-id for a given POA&M. parameters: - - description: Assessment Results ID + - description: POA&M ID in: path name: id required: true type: string - - description: Result ID - in: path - name: resultId - required: true - type: string - - description: Finding ID - in: path - name: findingId - required: true - type: string - - description: Finding data + - description: System ID data in: body - name: finding + name: systemId required: true schema: - $ref: '#/definitions/oscalTypes_1_1_3.Finding' + $ref: '#/definitions/oscalTypes_1_1_3.SystemId' produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Finding' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_SystemId' "400": description: Bad Request schema: @@ -9541,38 +16213,25 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Update a finding + summary: Update system-id for a POA&M tags: - - Assessment Results - /oscal/assessment-results/{id}/results/{resultId}/observations: + - Plan Of Action and Milestones + /oscal/profiles: get: - description: Retrieves all observations for a given result. - parameters: - - description: Assessment Results ID - in: path - name: id - required: true - type: string - - description: Result ID - in: path - name: resultId - required: true - type: string + description: Retrieves all OSCAL profiles produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_Observation' + $ref: '#/definitions/handler.GenericDataListResponse-oscal_ProfileHandler' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "404": - description: Not Found + "401": + description: Unauthorized schema: $ref: '#/definitions/api.Error' "500": @@ -9581,43 +16240,33 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Get observations for a result + summary: List Profiles tags: - - Assessment Results + - Profile post: consumes: - application/json - description: Creates a new observation for a given result. + description: Creates a new OSCAL Profile. parameters: - - description: Assessment Results ID - in: path - name: id - required: true - type: string - - description: Result ID - in: path - name: resultId - required: true - type: string - - description: Observation data + - description: Profile object in: body - name: observation + name: profile required: true schema: - $ref: '#/definitions/oscalTypes_1_1_3.Observation' + $ref: '#/definitions/oscalTypes_1_1_3.Profile' produces: - application/json responses: "201": description: Created schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Observation' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Profile' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "404": - description: Not Found + "401": + description: Unauthorized schema: $ref: '#/definitions/api.Error' "500": @@ -9626,35 +16275,33 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Create an observation for a result + summary: Create a new OSCAL Profile tags: - - Assessment Results - /oscal/assessment-results/{id}/results/{resultId}/observations/{obsId}: - delete: - description: Deletes a specific observation from a result. + - Profile + /oscal/profiles/{id}: + get: + description: Get an OSCAL profile with the uuid provided parameters: - - description: Assessment Results ID + - description: Profile ID in: path name: id required: true type: string - - description: Result ID - in: path - name: resultId - required: true - type: string - - description: Observation ID - in: path - name: obsId - required: true - type: string + produces: + - application/json responses: - "204": - description: No Content + "200": + description: OK + schema: + $ref: '#/definitions/handler.GenericDataResponse-oscal_ProfileHandler' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' + "401": + description: Unauthorized + schema: + $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -9665,46 +16312,33 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Delete an observation + summary: Get Profile tags: - - Assessment Results - put: - consumes: - - application/json - description: Updates a specific observation in a result. + - Profile + /oscal/profiles/{id}/back-matter: + get: + description: Get the BackMatter for a specific profile parameters: - - description: Assessment Results ID + - description: Profile ID in: path name: id required: true type: string - - description: Result ID - in: path - name: resultId - required: true - type: string - - description: Observation ID - in: path - name: obsId - required: true - type: string - - description: Observation data - in: body - name: observation - required: true - schema: - $ref: '#/definitions/oscalTypes_1_1_3.Observation' produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Observation' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_BackMatter' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' + "401": + description: Unauthorized + schema: + $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -9715,22 +16349,26 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Update an observation + summary: Get Backmatter tags: - - Assessment Results - /oscal/assessment-results/{id}/results/{resultId}/risks: + - Profile + /oscal/profiles/{id}/compliance-progress: get: - description: Retrieves all risks for a given result. + description: Returns aggregated compliance progress for controls in a Profile, + including summary, optional per-control rows, and group rollups. parameters: - - description: Assessment Results ID + - description: Profile ID in: path name: id required: true type: string - - description: Result ID - in: path - name: resultId - required: true + - description: Include per-control breakdown (default true) + in: query + name: includeControls + type: boolean + - description: System Security Plan ID for implementation coverage + in: query + name: sspId type: string produces: - application/json @@ -9738,11 +16376,15 @@ paths: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_Risk' + $ref: '#/definitions/handler.GenericDataResponse-oscal_ProfileComplianceProgress' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' + "401": + description: Unauthorized + schema: + $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -9753,41 +16395,33 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Get risks for a result + summary: Get compliance progress for a Profile tags: - - Assessment Results - post: - consumes: - - application/json - description: Creates a new risk for a given result. + - Profile + /oscal/profiles/{id}/full: + get: + description: Retrieves the full OSCAL Profile, including all nested content. parameters: - - description: Assessment Results ID + - description: Profile ID in: path name: id required: true - type: string - - description: Result ID - in: path - name: resultId - required: true - type: string - - description: Risk data - in: body - name: risk - required: true - schema: - $ref: '#/definitions/oscalTypes_1_1_3.Risk' + type: string produces: - application/json responses: - "201": - description: Created + "200": + description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Risk' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Profile' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' + "401": + description: Unauthorized + schema: + $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -9798,35 +16432,33 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Create a risk for a result + summary: Get full Profile tags: - - Assessment Results - /oscal/assessment-results/{id}/results/{resultId}/risks/{riskId}: - delete: - description: Deletes a specific risk from a result. + - Profile + /oscal/profiles/{id}/imports: + get: + description: List imports for a specific profile parameters: - - description: Assessment Results ID + - description: Profile ID in: path name: id required: true type: string - - description: Result ID - in: path - name: resultId - required: true - type: string - - description: Risk ID - in: path - name: riskId - required: true - type: string + produces: + - application/json responses: - "204": - description: No Content + "200": + description: OK + schema: + $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_Import' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' + "401": + description: Unauthorized + schema: + $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -9837,46 +16469,36 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Delete a risk + summary: List Imports tags: - - Assessment Results - put: - consumes: - - application/json - description: Updates a specific risk in a result. + - Profile + /oscal/profiles/{id}/imports/{href}: + delete: + description: Deletes an import from a profile by its href parameters: - - description: Assessment Results ID + - description: Profile ID in: path name: id required: true type: string - - description: Result ID - in: path - name: resultId - required: true - type: string - - description: Risk ID + - description: Import Href in: path - name: riskId + name: href required: true type: string - - description: Risk data - in: body - name: risk - required: true - schema: - $ref: '#/definitions/oscalTypes_1_1_3.Risk' produces: - application/json responses: - "200": - description: OK - schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Risk' + "204": + description: Import deleted successfully "400": description: Bad Request schema: $ref: '#/definitions/api.Error' + "401": + description: Unauthorized + schema: + $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -9887,29 +16509,37 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Update a risk + summary: Delete Import from Profile tags: - - Assessment Results - /oscal/assessment-results/{id}/risks: + - Profile get: - description: Retrieves all risks in the system that can be associated with results. + description: Retrieves a specific import from a profile by its backmatter href parameters: - - description: Assessment Results ID + - description: Profile UUID in: path name: id required: true type: string + - description: Import Href + in: path + name: href + required: true + type: string produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_Risk' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Import' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' + "401": + description: Unauthorized + schema: + $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -9920,80 +16550,132 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: List all risks available for association + summary: Get Import from Profile by Backmatter Href tags: - - Assessment Results - /oscal/catalogs: - get: - description: Retrieves all catalogs. + - Profile + put: + consumes: + - application/json + description: Updates an existing import in a profile by its href + parameters: + - description: Profile ID + in: path + name: id + required: true + type: string + - description: Import Href + in: path + name: href + required: true + type: string + - description: Import data to update + in: body + name: request + required: true + schema: + $ref: '#/definitions/oscalTypes_1_1_3.Import' produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_Catalog' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Import' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' + "401": + description: Unauthorized + schema: + $ref: '#/definitions/api.Error' + "404": + description: Not Found + schema: + $ref: '#/definitions/api.Error' "500": description: Internal Server Error schema: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: List catalogs + summary: Update Import in Profile tags: - - Catalog + - Profile + /oscal/profiles/{id}/imports/add: post: consumes: - application/json - description: Creates a new OSCAL Catalog. + description: Adds an import to a profile by its UUID and type (catalog/profile). + Only catalogs are currently supported currently parameters: - - description: Catalog object + - description: Profile ID + in: path + name: id + required: true + type: string + - description: Request data in: body - name: catalog + name: request required: true schema: - $ref: '#/definitions/oscalTypes_1_1_3.Catalog' + $ref: '#/definitions/oscal.ProfileHandler' produces: - application/json responses: "201": description: Created schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Catalog' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Import' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' + "401": + description: Unauthorized + schema: + $ref: '#/definitions/api.Error' + "404": + description: Not Found + schema: + $ref: '#/definitions/api.Error' + "409": + description: Conflict + schema: + $ref: '#/definitions/api.Error' "500": description: Internal Server Error schema: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Create a new Catalog + summary: Add Import to Profile tags: - - Catalog - /oscal/catalogs/{id}: - delete: - description: Deletes a Catalog and cascades to related groups/controls, metadata - and back-matter. + - Profile + /oscal/profiles/{id}/merge: + get: + description: Retrieves the merge section for a specific profile. parameters: - - description: Catalog ID + - description: Profile ID in: path name: id required: true type: string + produces: + - application/json responses: - "204": - description: No Content + "200": + description: OK + schema: + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Merge' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' + "401": + description: Unauthorized + schema: + $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -10004,24 +16686,32 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Delete a Catalog (cascade) + summary: Get merge section tags: - - Catalog - get: - description: Retrieves a single Catalog by its unique ID. + - Profile + put: + consumes: + - application/json + description: Updates the merge information for a specific profile parameters: - - description: Catalog ID + - description: Profile ID in: path name: id required: true type: string + - description: Merge data to update + in: body + name: request + required: true + schema: + $ref: '#/definitions/oscalTypes_1_1_3.Merge' produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Catalog' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Merge' "400": description: Bad Request schema: @@ -10040,32 +16730,25 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Get a Catalog + summary: Update Merge tags: - - Catalog - put: - consumes: - - application/json - description: Updates an existing OSCAL Catalog. + - Profile + /oscal/profiles/{id}/modify: + get: + description: Retrieves the modify section for a specific profile. parameters: - - description: Catalog ID + - description: Profile ID in: path name: id required: true type: string - - description: Updated Catalog object - in: body - name: catalog - required: true - schema: - $ref: '#/definitions/oscalTypes_1_1_3.Catalog' produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Catalog' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Modify' "400": description: Bad Request schema: @@ -10080,25 +16763,26 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Update a Catalog + summary: Get modify section tags: - - Catalog - /oscal/catalogs/{id}/back-matter: - get: - description: Retrieves the back-matter for a given Catalog. + - Profile + /oscal/profiles/{id}/resolve: + post: + description: Resolves a Profiled identified by the "profile ID" param and stores + a new catalog in the database parameters: - - description: Catalog ID + - description: Profile ID in: path name: id required: true type: string produces: - application/json - responses: - "200": - description: OK + responses: + "201": + description: Created schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_BackMatter' + $ref: '#/definitions/handler.GenericDataResponse-oscal_ProfileHandler' "400": description: Bad Request schema: @@ -10107,24 +16791,21 @@ paths: description: Unauthorized schema: $ref: '#/definitions/api.Error' - "404": - description: Not Found - schema: - $ref: '#/definitions/api.Error' "500": description: Internal Server Error schema: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Get back-matter for a Catalog + summary: Resolves a Profile as a stored catalog tags: - - Catalog - /oscal/catalogs/{id}/controls: + - Profile + /oscal/profiles/{id}/resolved: get: - description: Retrieves the top-level controls for a given Catalog. + description: Returns a resolved OSCAL catalog based on a given Profile ID, applying + all imports and modifications. parameters: - - description: Catalog ID + - description: Profile ID in: path name: id required: true @@ -10135,7 +16816,7 @@ paths: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_Control' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Catalog' "400": description: Bad Request schema: @@ -10154,65 +16835,35 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: List controls for a Catalog + summary: Get Resolved Profile tags: - - Catalog + - Profile + /oscal/profiles/build-props: post: consumes: - application/json - description: Adds a top-level control under the specified Catalog. + description: Generates a Profile selecting controls from a catalog based on + prop matching rules. Returns the created Profile and the matched control IDs. parameters: - - description: Catalog ID - in: path - name: id - required: true - type: string - - description: Control object + - description: Prop matching request in: body - name: control + name: request required: true schema: - $ref: '#/definitions/oscalTypes_1_1_3.Control' + $ref: '#/definitions/oscal.BuildByPropsRequest' produces: - application/json responses: "201": description: Created schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Control' + $ref: '#/definitions/handler.GenericDataResponse-oscal_BuildByPropsResponse' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "500": - description: Internal Server Error - schema: - $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Create a new Control for a Catalog - tags: - - Catalog - /oscal/catalogs/{id}/controls/{control}: - delete: - description: Deletes a Control and cascades to nested children; clears filter - associations. - parameters: - - description: Catalog ID - in: path - name: id - required: true - type: string - - description: Control ID - in: path - name: control - required: true - type: string - responses: - "204": - description: No Content - "400": - description: Bad Request + "401": + description: Unauthorized schema: $ref: '#/definitions/api.Error' "404": @@ -10225,35 +16876,25 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Delete a Control (cascade) + summary: Build Profile by Control Props tags: - - Catalog + - Profile + /oscal/roles: get: - description: Retrieves a single Control by its ID for a given Catalog. - parameters: - - description: Catalog ID - in: path - name: id - required: true - type: string - - description: Control ID - in: path - name: control - required: true - type: string + description: Retrieves all roles. produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Control' + $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_Role' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "404": - description: Not Found + "401": + description: Unauthorized schema: $ref: '#/definitions/api.Error' "500": @@ -10262,42 +16903,33 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Get a specific Control within a Catalog + summary: List roles tags: - - Catalog - put: - consumes: - - application/json - description: Updates the properties of an existing Control under the specified - Catalog. + - Oscal + /oscal/roles/{id}: + get: + description: Retrieves a single Role by its unique ID. parameters: - - description: Catalog ID + - description: Party ID in: path name: id required: true type: string - - description: Control ID - in: path - name: control - required: true - type: string - - description: Updated Control object - in: body - name: control - required: true - schema: - $ref: '#/definitions/oscalTypes_1_1_3.Control' produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Control' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Role' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' + "401": + description: Unauthorized + schema: + $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -10308,37 +16940,25 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Update a Control within a Catalog + summary: Get a Role tags: - - Catalog - /oscal/catalogs/{id}/controls/{control}/controls: + - Oscal + /oscal/system-security-plans: get: - description: Retrieves the controls directly under a specific Control in a given - Catalog. - parameters: - - description: Catalog ID - in: path - name: id - required: true - type: string - - description: Control ID - in: path - name: control - required: true - type: string + description: Retrieves all System Security Plans. produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_Control' + $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_SystemSecurityPlan' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "404": - description: Not Found + "401": + description: Unauthorized schema: $ref: '#/definitions/api.Error' "500": @@ -10347,74 +16967,64 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: List child controls for a Control within a Catalog + summary: List System Security Plans tags: - - Catalog + - System Security Plans post: consumes: - application/json - description: Adds a child control under the specified Catalog Control. + description: Creates a System Security Plan from input. parameters: - - description: Catalog ID - in: path - name: id - required: true - type: string - - description: Parent Control ID - in: path - name: control - required: true - type: string - - description: Control object + - description: SSP data in: body - name: control + name: ssp required: true schema: - $ref: '#/definitions/oscalTypes_1_1_3.Control' + $ref: '#/definitions/oscalTypes_1_1_3.SystemSecurityPlan' produces: - application/json responses: - "201": - description: Created + "200": + description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Control' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_SystemSecurityPlan' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' + "401": + description: Unauthorized + schema: + $ref: '#/definitions/api.Error' + "404": + description: Not Found + schema: + $ref: '#/definitions/api.Error' "500": description: Internal Server Error schema: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Create a new Sub-Control for a Control within a Catalog + summary: Create a System Security Plan tags: - - Catalog - /oscal/catalogs/{id}/groups: - get: - description: Retrieves the top-level groups for a given Catalog. + - System Security Plans + /oscal/system-security-plans/{id}: + delete: + description: Deletes an existing System Security Plan and all its related data. parameters: - - description: Catalog ID + - description: SSP ID in: path name: id required: true type: string - produces: - - application/json responses: - "200": - description: OK - schema: - $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_Group' + "204": + description: No Content "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "401": - description: Unauthorized - schema: - $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -10423,64 +17033,68 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: List groups for a Catalog + summary: Delete a System Security Plan tags: - - Catalog - post: - consumes: - - application/json - description: Adds a top-level group under the specified Catalog. + - System Security Plans + get: + description: Retrieves a single System Security Plan by its unique ID. parameters: - - description: Catalog ID + - description: System Security Plan ID in: path name: id required: true type: string - - description: Group object - in: body - name: group - required: true - schema: - $ref: '#/definitions/oscalTypes_1_1_3.Group' produces: - application/json responses: - "201": - description: Created + "200": + description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Group' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_SystemSecurityPlan' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' + "401": + description: Unauthorized + schema: + $ref: '#/definitions/api.Error' + "404": + description: Not Found + schema: + $ref: '#/definitions/api.Error' "500": description: Internal Server Error schema: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Create a new Group for a Catalog + summary: Get a System Security Plan tags: - - Catalog - /oscal/catalogs/{id}/groups/{group}: - delete: - description: Deletes a Group and cascades to nested groups and controls. + - System Security Plans + put: + consumes: + - application/json + description: Updates an existing System Security Plan. parameters: - - description: Catalog ID + - description: SSP ID in: path name: id required: true type: string - - description: Group ID - in: path - name: group + - description: SSP data + in: body + name: ssp required: true - type: string + schema: + $ref: '#/definitions/oscalTypes_1_1_3.SystemSecurityPlan' + produces: + - application/json responses: - "204": - description: No Content + "200": + description: OK + schema: + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_SystemSecurityPlan' "400": description: Bad Request schema: @@ -10493,31 +17107,25 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Delete a Group (cascade) + summary: Update a System Security Plan tags: - - Catalog + - System Security Plans + /oscal/system-security-plans/{id}/back-matter: get: - description: Retrieves a single Group by its ID for a given Catalog. + description: Retrieves back-matter for a given SSP. parameters: - - description: Catalog ID + - description: SSP ID in: path name: id required: true type: string - - description: Group ID - in: path - name: group - required: true - type: string produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Group' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_BackMatter' "400": description: Bad Request schema: @@ -10530,40 +17138,32 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Get a specific Group within a Catalog + summary: Get SSP back-matter tags: - - Catalog + - System Security Plans put: consumes: - application/json - description: Updates the properties of an existing Group under the specified - Catalog. + description: Updates back-matter for a given SSP. parameters: - - description: Catalog ID + - description: SSP ID in: path name: id required: true type: string - - description: Group ID - in: path - name: group - required: true - type: string - - description: Updated Group object + - description: Back Matter data in: body - name: group + name: back-matter required: true schema: - $ref: '#/definitions/oscalTypes_1_1_3.Group' + $ref: '#/definitions/oscalTypes_1_1_3.BackMatter' produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Group' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_BackMatter' "400": description: Bad Request schema: @@ -10576,33 +17176,25 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Update a Group within a Catalog + summary: Update SSP back-matter tags: - - Catalog - /oscal/catalogs/{id}/groups/{group}/controls: + - System Security Plans + /oscal/system-security-plans/{id}/back-matter/resources: get: - description: Retrieves the controls directly under a specific Group in a given - Catalog. + description: Retrieves all back-matter resources for a given SSP. parameters: - - description: Catalog ID + - description: SSP ID in: path name: id required: true type: string - - description: Group ID - in: path - name: group - required: true - type: string produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_Control' + $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_Resource' "400": description: Bad Request schema: @@ -10615,73 +17207,64 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: List controls for a Group within a Catalog + summary: Get back-matter resources for a SSP tags: - - Catalog + - System Security Plans post: consumes: - application/json - description: Adds a control under the specified Catalog and Group. + description: Creates a new back-matter resource for a given SSP. parameters: - - description: Catalog ID + - description: SSP ID in: path name: id required: true type: string - - description: Parent Group ID - in: path - name: group - required: true - type: string - - description: Control object + - description: Resource data in: body - name: control + name: resource required: true schema: - $ref: '#/definitions/oscalTypes_1_1_3.Control' + $ref: '#/definitions/oscalTypes_1_1_3.Resource' produces: - application/json responses: "201": description: Created schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Control' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Resource' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' + "404": + description: Not Found + schema: + $ref: '#/definitions/api.Error' "500": description: Internal Server Error schema: $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Create a new Control for a Catalog Group + summary: Create a new back-matter resource for a SSP tags: - - Catalog - /oscal/catalogs/{id}/groups/{group}/groups: - get: - description: Retrieves the sub-groups of a specific Group in a given Catalog. + - System Security Plans + /oscal/system-security-plans/{id}/back-matter/resources/{resourceId}: + delete: + description: Deletes an existing back-matter resource for a given SSP. parameters: - - description: Catalog ID + - description: SSP ID in: path name: id required: true type: string - - description: Group ID + - description: Resource ID in: path - name: group + name: resourceId required: true type: string - produces: - - application/json responses: - "200": - description: OK - schema: - $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_Group' + "204": + description: No Content "400": description: Bad Request schema: @@ -10694,62 +17277,100 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: List sub-groups for a Group within a Catalog + summary: Delete a back-matter resource from a SSP tags: - - Catalog - post: + - System Security Plans + put: consumes: - application/json - description: Adds a sub-group under the specified Catalog and Group. + description: Updates an existing back-matter resource for a given SSP. parameters: - - description: Catalog ID + - description: SSP ID in: path name: id required: true type: string - - description: Parent Group ID + - description: Resource ID in: path - name: group + name: resourceId required: true type: string - - description: Group object + - description: Resource data in: body - name: group + name: resource required: true schema: - $ref: '#/definitions/oscalTypes_1_1_3.Group' + $ref: '#/definitions/oscalTypes_1_1_3.Resource' produces: - application/json responses: - "201": - description: Created + "200": + description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Group' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Resource' + "400": + description: Bad Request + schema: + $ref: '#/definitions/api.Error' + "404": + description: Not Found + schema: + $ref: '#/definitions/api.Error' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/api.Error' + summary: Update a back-matter resource for a SSP + tags: + - System Security Plans + /oscal/system-security-plans/{id}/bulk-apply-component-suggestions: + post: + description: For each ImplementedRequirement, creates SystemComponents from + matching DefinedComponents and links them via ByComponent. + parameters: + - description: SSP ID + in: path + name: id + required: true + type: string + responses: + "204": + description: No Content "400": description: Bad Request schema: $ref: '#/definitions/api.Error' + "404": + description: Not Found + schema: + $ref: '#/definitions/api.Error' "500": description: Internal Server Error schema: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Create a new Sub-Group for a Catalog Group + summary: Bulk apply component suggestions for all implemented requirements in + an SSP tags: - - Catalog - /oscal/component-definitions: + - System Security Plans + /oscal/system-security-plans/{id}/control-implementation: get: - description: Retrieves all component definitions. + description: Retrieves the Control Implementation for a given System Security + Plan. + parameters: + - description: System Security Plan ID + in: path + name: id + required: true + type: string produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_ComponentDefinition' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_ControlImplementation' "400": description: Bad Request schema: @@ -10758,55 +17379,63 @@ paths: description: Unauthorized schema: $ref: '#/definitions/api.Error' + "404": + description: Not Found + schema: + $ref: '#/definitions/api.Error' "500": description: Internal Server Error schema: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: List component definitions + summary: Get Control Implementation tags: - - Component Definitions - post: + - System Security Plans + put: consumes: - application/json - description: Creates a new component definition. + description: Updates the Control Implementation for a given System Security + Plan. parameters: - - description: Component Definition + - description: System Security Plan ID + in: path + name: id + required: true + type: string + - description: Updated Control Implementation object in: body - name: componentDefinition + name: control-implementation required: true schema: - $ref: '#/definitions/oscalTypes_1_1_3.ComponentDefinition' + $ref: '#/definitions/oscalTypes_1_1_3.ControlImplementation' produces: - application/json responses: - "201": - description: Created + "200": + description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_ComponentDefinition' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_ControlImplementation' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "401": - description: Unauthorized + "404": + description: Not Found schema: $ref: '#/definitions/api.Error' "500": description: Internal Server Error schema: $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Create a component definition + summary: Update Control Implementation tags: - - Component Definitions - /oscal/component-definitions/{id}: + - System Security Plans + /oscal/system-security-plans/{id}/control-implementation/implemented-requirements: get: - description: Retrieves a single component definition by its unique ID. + description: Retrieves all implemented requirements for a given SSP. parameters: - - description: Component Definition ID + - description: SSP ID in: path name: id required: true @@ -10817,15 +17446,11 @@ paths: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_ComponentDefinition' + $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_ImplementedRequirement' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "401": - description: Unauthorized - schema: - $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -10834,42 +17459,36 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Get a component definition + summary: Get implemented requirements for a SSP tags: - - Component Definitions - put: + - System Security Plans + post: consumes: - application/json - description: Updates an existing component definition. + description: Creates a new implemented requirement for a given SSP. parameters: - - description: Component Definition ID + - description: SSP ID in: path name: id required: true type: string - - description: Updated Component Definition object + - description: Implemented Requirement data in: body - name: componentDefinition + name: requirement required: true schema: - $ref: '#/definitions/oscalTypes_1_1_3.ComponentDefinition' + $ref: '#/definitions/oscalTypes_1_1_3.ImplementedRequirement' produces: - application/json responses: - "200": - description: OK + "201": + description: Created schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_ComponentDefinition' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_ImplementedRequirement' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "401": - description: Unauthorized - schema: - $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -10878,35 +17497,30 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Update a component definition + summary: Create a new implemented requirement for a SSP tags: - - Component Definitions - /oscal/component-definitions/{id}/back-matter: - get: - description: Retrieves the back-matter for a given Component Definition. + - System Security Plans + /oscal/system-security-plans/{id}/control-implementation/implemented-requirements/{reqId}: + delete: + description: Deletes an existing implemented requirement for a given SSP. parameters: - - description: Component Definition ID + - description: SSP ID in: path name: id required: true type: string - produces: - - application/json + - description: Requirement ID + in: path + name: reqId + required: true + type: string responses: - "200": - description: OK - schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_BackMatter' + "204": + description: No Content "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "401": - description: Unauthorized - schema: - $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -10915,42 +17529,41 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Get back-matter for a Component Definition + summary: Delete an implemented requirement from a SSP tags: - - Component Definitions - post: + - System Security Plans + put: consumes: - application/json - description: Creates new back-matter for a given component definition. + description: Updates an existing implemented requirement for a given SSP. parameters: - - description: Component Definition ID + - description: SSP ID in: path name: id required: true type: string - - description: Back Matter + - description: Requirement ID + in: path + name: reqId + required: true + type: string + - description: Implemented Requirement data in: body - name: back-matter + name: requirement required: true schema: - $ref: '#/definitions/oscalTypes_1_1_3.BackMatter' + $ref: '#/definitions/oscalTypes_1_1_3.ImplementedRequirement' produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_BackMatter' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_ImplementedRequirement' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "401": - description: Unauthorized - schema: - $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -10959,35 +17572,31 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Create back-matter for a component definition + summary: Update an implemented requirement for a SSP tags: - - Component Definitions - /oscal/component-definitions/{id}/capabilities: - get: - description: Retrieves all capabilities for a given component definition. + - System Security Plans + /oscal/system-security-plans/{id}/control-implementation/implemented-requirements/{reqId}/apply-suggestion: + post: + description: Creates SystemComponents from DefinedComponents that implement + the same control and links them via ByComponent. parameters: - - description: Component Definition ID + - description: SSP ID in: path name: id required: true type: string - produces: - - application/json + - description: Implemented Requirement ID + in: path + name: reqId + required: true + type: string responses: - "200": - description: OK - schema: - $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_Capability' + "204": + description: No Content "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "401": - description: Unauthorized - schema: - $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -10998,42 +17607,48 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Get capabilities for a component definition + summary: Apply component suggestions for an implemented requirement tags: - - Component Definitions - post: + - System Security Plans + /oscal/system-security-plans/{id}/control-implementation/implemented-requirements/{reqId}/by-components/{byComponentId}: + put: consumes: - application/json - description: Creates new capabilities for a given component definition. + description: Updates an existing by-component that belongs to an implemented + requirement for a given SSP. parameters: - - description: Component Definition ID + - description: SSP ID in: path name: id required: true type: string - - description: Capabilities + - description: Requirement ID + in: path + name: reqId + required: true + type: string + - description: By-Component ID + in: path + name: byComponentId + required: true + type: string + - description: By-Component data in: body - name: capabilities + name: by-component required: true schema: - items: - $ref: '#/definitions/oscalTypes_1_1_3.Capability' - type: array + $ref: '#/definitions/oscalTypes_1_1_3.ByComponent' produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_Capability' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_ByComponent' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "401": - description: Unauthorized - schema: - $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -11042,48 +17657,43 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Create capabilities for a component definition + summary: Update a by-component within an implemented requirement tags: - - Component Definitions - /oscal/component-definitions/{id}/capabilities/{capability}: - put: + - System Security Plans + /oscal/system-security-plans/{id}/control-implementation/implemented-requirements/{reqId}/statements: + post: consumes: - application/json - description: Updates a single capability for a given component definition. + description: Creates a new statement within an implemented requirement for a + given SSP. parameters: - - description: Component Definition ID + - description: SSP ID in: path name: id required: true type: string - - description: Capability ID (UUID) + - description: Requirement ID in: path - name: capability + name: reqId required: true type: string - - description: Capability to update + - description: Statement data in: body - name: capability + name: statement required: true schema: - $ref: '#/definitions/oscalTypes_1_1_3.Capability' + $ref: '#/definitions/oscalTypes_1_1_3.Statement' produces: - application/json responses: - "200": - description: OK + "201": + description: Created schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Capability' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Statement' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "401": - description: Unauthorized - schema: - $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -11092,35 +17702,48 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Update a capability for a component definition + summary: Create a new statement within an implemented requirement tags: - - Component Definitions - /oscal/component-definitions/{id}/capabilities/incorporates-components: - get: - description: Retrieves all incorporates components for a given component definition. + - System Security Plans + /oscal/system-security-plans/{id}/control-implementation/implemented-requirements/{reqId}/statements/{stmtId}: + put: + consumes: + - application/json + description: Updates an existing statement within an implemented requirement + for a given SSP. parameters: - - description: Component Definition ID + - description: SSP ID in: path name: id required: true type: string + - description: Requirement ID + in: path + name: reqId + required: true + type: string + - description: Statement ID + in: path + name: stmtId + required: true + type: string + - description: Statement data + in: body + name: statement + required: true + schema: + $ref: '#/definitions/oscalTypes_1_1_3.Statement' produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_IncorporatesComponent' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Statement' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "401": - description: Unauthorized - schema: - $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -11129,44 +17752,36 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Get incorporates components for a component definition + summary: Update a statement within an implemented requirement tags: - - Component Definitions + - System Security Plans + /oscal/system-security-plans/{id}/control-implementation/implemented-requirements/{reqId}/statements/{stmtId}/apply-suggestion: post: - consumes: - - application/json - description: Creates new incorporates components for a given component definition. + description: Creates SystemComponents from DefinedComponents that implement + the statement's parent control and links them via ByComponent to the statement. parameters: - - description: Component Definition ID + - description: SSP ID in: path name: id required: true type: string - - description: Incorporates Components - in: body - name: incorporates-components + - description: Implemented Requirement ID + in: path + name: reqId required: true - schema: - items: - $ref: '#/definitions/oscalTypes_1_1_3.IncorporatesComponent' - type: array - produces: - - application/json + type: string + - description: Statement ID + in: path + name: stmtId + required: true + type: string responses: - "200": - description: OK - schema: - $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_IncorporatesComponent' + "204": + description: No Content "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "401": - description: Unauthorized - schema: - $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -11177,33 +17792,48 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Create incorporates components for a component definition + summary: Apply component suggestions for a statement tags: - - Component Definitions - /oscal/component-definitions/{id}/components: - get: - description: Retrieves all components for a given component definition. + - System Security Plans + /oscal/system-security-plans/{id}/control-implementation/implemented-requirements/{reqId}/statements/{stmtId}/by-components: + post: + consumes: + - application/json + description: Create a by-component within an existing statement within an implemented + requirement for a given SSP. parameters: - - description: Component Definition ID + - description: SSP ID in: path name: id required: true type: string + - description: Requirement ID + in: path + name: reqId + required: true + type: string + - description: Statement ID + in: path + name: stmtId + required: true + type: string + - description: By-Component data + in: body + name: by-component + required: true + schema: + $ref: '#/definitions/oscalTypes_1_1_3.ByComponent' produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_DefinedComponent' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_ByComponent' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "401": - description: Unauthorized - schema: - $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -11212,44 +17842,47 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Get components for a component definition + summary: Create a by-component within a statement (within an implemented requirement) tags: - - Component Definitions - post: + - System Security Plans + ? /oscal/system-security-plans/{id}/control-implementation/implemented-requirements/{reqId}/statements/{stmtId}/by-components/{byComponentId} + : delete: consumes: - application/json - description: Creates new components for a given component definition. + description: Deletes a by-component within an existing statement within an implemented + requirement for a given SSP. parameters: - - description: Component Definition ID + - description: SSP ID in: path name: id required: true type: string - - description: Components to create - in: body - name: components + - description: Requirement ID + in: path + name: reqId required: true - schema: - items: - $ref: '#/definitions/oscalTypes_1_1_3.DefinedComponent' - type: array + type: string + - description: Statement ID + in: path + name: stmtId + required: true + type: string + - description: By-Component ID + in: path + name: byComponentId + required: true + type: string produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_DefinedComponent' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_ByComponent' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "401": - description: Unauthorized - schema: - $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -11258,44 +17891,52 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Create components for a component definition + summary: Delete a by-component within a statement (within an implemented requirement) tags: - - Component Definitions + - System Security Plans put: consumes: - application/json - description: Updates the components for a given component definition. + description: Updates a by-component within an existing statement within an implemented + requirement for a given SSP. parameters: - - description: Component Definition ID + - description: SSP ID in: path name: id required: true type: string - - description: Components to update + - description: Requirement ID + in: path + name: reqId + required: true + type: string + - description: Statement ID + in: path + name: stmtId + required: true + type: string + - description: By-Component ID + in: path + name: byComponentId + required: true + type: string + - description: By-Component data in: body - name: components + name: by-component required: true schema: - items: - $ref: '#/definitions/oscalTypes_1_1_3.DefinedComponent' - type: array + $ref: '#/definitions/oscalTypes_1_1_3.ByComponent' produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_DefinedComponent' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_ByComponent' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "401": - description: Unauthorized - schema: - $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -11304,23 +17945,27 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Update components for a component definition + summary: Update a by-component within a statement (within an implemented requirement) tags: - - Component Definitions - /oscal/component-definitions/{id}/components/{defined-component}: - get: - description: Retrieves a defined component for a given component definition. + - System Security Plans + /oscal/system-security-plans/{id}/control-implementation/implemented-requirements/{reqId}/statements/{stmtId}/suggest-components: + post: + description: Returns DefinedComponents that implement the statement's parent + control and are not yet present in the SSP. parameters: - - description: Component Definition ID + - description: SSP ID in: path name: id required: true type: string - - description: Defined Component ID + - description: Implemented Requirement ID in: path - name: defined-component + name: reqId + required: true + type: string + - description: Statement ID + in: path + name: stmtId required: true type: string produces: @@ -11329,15 +17974,11 @@ paths: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_DefinedComponent' + $ref: '#/definitions/handler.GenericDataListResponse-relational_SystemComponentSuggestion' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "401": - description: Unauthorized - schema: - $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -11348,40 +17989,35 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Get a defined component for a component definition + summary: Suggest system components for a statement tags: - - Component Definitions + - System Security Plans + /oscal/system-security-plans/{id}/control-implementation/implemented-requirements/{reqId}/suggest-components: post: - consumes: - - application/json - description: Creates a new defined component for a given component definition. + description: Returns DefinedComponents that implement the same control and are + not yet present in the SSP. parameters: - - description: Component Definition ID + - description: SSP ID in: path name: id required: true type: string - - description: Defined Component to create - in: body - name: defined-component + - description: Implemented Requirement ID + in: path + name: reqId required: true - schema: - $ref: '#/definitions/oscalTypes_1_1_3.DefinedComponent' + type: string produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_DefinedComponent' + $ref: '#/definitions/handler.GenericDataListResponse-relational_SystemComponentSuggestion' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "401": - description: Unauthorized - schema: - $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -11392,45 +18028,29 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Create a defined component for a component definition + summary: Suggest system components for an implemented requirement tags: - - Component Definitions - put: - consumes: - - application/json - description: Updates a defined component for a given component definition. + - System Security Plans + /oscal/system-security-plans/{id}/import-profile: + get: + description: Retrieves import-profile for a given SSP. parameters: - - description: Component Definition ID + - description: SSP ID in: path name: id required: true type: string - - description: Defined Component ID - in: path - name: defined-component - required: true - type: string - - description: Defined Component to update - in: body - name: defined-component - required: true - schema: - $ref: '#/definitions/oscalTypes_1_1_3.DefinedComponent' produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_DefinedComponent' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_ImportProfile' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "401": - description: Unauthorized - schema: - $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -11439,40 +18059,36 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Update a defined component for a component definition + summary: Get SSP import-profile tags: - - Component Definitions - /oscal/component-definitions/{id}/components/{defined-component}/control-implementations: - get: - description: Retrieves all control implementations for a given defined component. + - System Security Plans + put: + consumes: + - application/json + description: Updates import-profile for a given SSP. parameters: - - description: Component Definition ID + - description: SSP ID in: path name: id required: true type: string - - description: Defined Component ID - in: path - name: defined-component + - description: Import Profile data + in: body + name: import-profile required: true - type: string + schema: + $ref: '#/definitions/oscalTypes_1_1_3.ImportProfile' produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_ControlImplementationSet' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_ImportProfile' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "401": - description: Unauthorized - schema: - $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -11481,49 +18097,29 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Get control implementations for a defined component + summary: Update SSP import-profile tags: - - Component Definitions - post: - consumes: - - application/json - description: Creates new control implementations for a given defined component. + - System Security Plans + /oscal/system-security-plans/{id}/metadata: + get: + description: Retrieves metadata for a given SSP. parameters: - - description: Component Definition ID + - description: SSP ID in: path name: id required: true type: string - - description: Defined Component ID - in: path - name: defined-component - required: true - type: string - - description: Control Implementations - in: body - name: control-implementations - required: true - schema: - items: - $ref: '#/definitions/oscalTypes_1_1_3.ControlImplementationSet' - type: array produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_ControlImplementationSet' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Metadata' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "401": - description: Unauthorized - schema: - $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -11532,49 +18128,36 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Create control implementations for a defined component + summary: Get SSP metadata tags: - - Component Definitions + - System Security Plans put: consumes: - application/json - description: Updates control implementations for a given defined component. + description: Updates metadata for a given SSP. parameters: - - description: Component Definition ID + - description: SSP ID in: path name: id required: true type: string - - description: Defined Component ID - in: path - name: defined-component - required: true - type: string - - description: Control Implementations + - description: Metadata data in: body - name: control-implementations + name: metadata required: true schema: - items: - $ref: '#/definitions/oscalTypes_1_1_3.ControlImplementationSet' - type: array + $ref: '#/definitions/oscalTypes_1_1_3.Metadata' produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_ControlImplementationSet' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Metadata' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "401": - description: Unauthorized - schema: - $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -11583,45 +18166,26 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Update control implementations for a defined component + summary: Update SSP metadata tags: - - Component Definitions - /oscal/component-definitions/{id}/components/{defined-component}/control-implementations/{control-implementation}: - put: - consumes: - - application/json - description: Updates a specific control implementation for a given defined component. + - System Security Plans + /oscal/system-security-plans/{id}/profile: + get: + description: Retrieves the Profile attached to the specified System Security + Plan. parameters: - - description: Component Definition ID + - description: System Security Plan ID in: path name: id required: true type: string - - description: Defined Component ID - in: path - name: defined-component - required: true - type: string - - description: Control Implementation ID - in: path - name: control-implementation - required: true - type: string - - description: Control Implementation - in: body - name: control-implementation - required: true - schema: - $ref: '#/definitions/oscalTypes_1_1_3.ControlImplementationSet' produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_ControlImplementationSet' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Profile' "400": description: Bad Request schema: @@ -11640,38 +18204,36 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Update a single control implementation for a defined component + summary: Get Profile for a System Security Plan tags: - - Component Definitions - /oscal/component-definitions/{id}/components/{defined-component}/control-implementations/implemented-requirements: - get: - description: Retrieves all implemented requirements for a given defined component. + - System Security Plans + put: + consumes: + - application/json + description: Associates a given Profile with a System Security Plan. parameters: - - description: Component Definition ID + - description: SSP ID in: path name: id required: true type: string - - description: Defined Component ID - in: path - name: defined-component + - description: Profile ID to attach + in: body + name: profileId required: true - type: string + schema: + type: string produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_ImplementedRequirementControlImplementation' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_SystemSecurityPlan' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "401": - description: Unauthorized - schema: - $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -11680,32 +18242,26 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - security: - - OAuth2Password: [] - summary: Get implemented requirements for a defined component + summary: Attach a Profile to a System Security Plan tags: - - Component Definitions - /oscal/component-definitions/{id}/components/{defined-component}/control-implementations/implemented-requirements/statements: + - System Security Plans + /oscal/system-security-plans/{id}/system-characteristics: get: - description: Retrieves all statements for a given defined component. + description: Retrieves the System Characteristics for a given System Security + Plan. parameters: - - description: Component Definition ID + - description: System Security Plan ID in: path name: id required: true type: string - - description: Defined Component ID - in: path - name: defined-component - required: true - type: string produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_ControlStatementImplementation' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_SystemCharacteristics' "400": description: Bad Request schema: @@ -11724,26 +18280,33 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Get statements for a defined component + summary: Get System Characteristics tags: - - Component Definitions - /oscal/component-definitions/{id}/full: - get: - description: Retrieves a complete Component Definition by its ID, including - all metadata and revisions. + - System Security Plans + put: + consumes: + - application/json + description: Updates the System Characteristics for a given System Security + Plan. parameters: - - description: Component Definition ID + - description: System Security Plan ID in: path name: id required: true type: string + - description: Updated System Characteristics object + in: body + name: characteristics + required: true + schema: + $ref: '#/definitions/oscalTypes_1_1_3.SystemCharacteristics' produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_ComponentDefinition' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_SystemCharacteristics' "400": description: Bad Request schema: @@ -11762,31 +18325,26 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Get a complete Component Definition + summary: Update System Characteristics tags: - - Component Definitions - /oscal/component-definitions/{id}/import-component-definitions: + - System Security Plans + /oscal/system-security-plans/{id}/system-characteristics/authorization-boundary: get: - description: Retrieves all import component definitions for a given defined - component. + description: Retrieves the Authorization Boundary for a given System Security + Plan. parameters: - - description: Component Definition ID + - description: System Security Plan ID in: path name: id required: true type: string - - description: Defined Component ID - in: path - name: defined-component - required: true - type: string produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_ImportComponentDefinition' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_AuthorizationBoundary' "400": description: Bad Request schema: @@ -11805,33 +18363,34 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Get import component definitions for a defined component + summary: Get Authorization Boundary tags: - - Component Definitions + - System Security Plans + /oscal/system-security-plans/{id}/system-characteristics/authorization-boundary/diagrams: post: - description: Creates new import component definitions for a given component - definition. + consumes: + - application/json + description: Creates a new Diagram under the Authorization Boundary of a System + Security Plan. parameters: - - description: Component Definition ID + - description: System Security Plan ID in: path name: id required: true type: string - - description: Import Component Definitions + - description: Diagram object to create in: body - name: import-component-definitions + name: diagram required: true schema: - items: - $ref: '#/definitions/oscalTypes_1_1_3.ImportComponentDefinition' - type: array + $ref: '#/definitions/oscalTypes_1_1_3.Diagram' produces: - application/json responses: - "200": - description: OK + "201": + description: Created schema: - $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_ImportComponentDefinition' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Diagram' "400": description: Bad Request schema: @@ -11850,33 +18409,29 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Create import component definitions for a component definition + summary: Create an Authorization Boundary Diagram tags: - - Component Definitions - put: - description: Updates the import component definitions for a given component - definition. + - System Security Plans + /oscal/system-security-plans/{id}/system-characteristics/authorization-boundary/diagrams/{diagram}: + delete: + description: Deletes a specific Diagram under the Authorization Boundary of + a System Security Plan. parameters: - - description: Component Definition ID + - description: System Security Plan ID in: path name: id required: true type: string - - description: Import Component Definitions - in: body - name: import-component-definitions + - description: Diagram ID + in: path + name: diagram required: true - schema: - items: - $ref: '#/definitions/oscalTypes_1_1_3.ImportComponentDefinition' - type: array + type: string produces: - application/json responses: - "200": - description: OK - schema: - $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_ImportComponentDefinition' + "204": + description: No Content "400": description: Bad Request schema: @@ -11895,70 +18450,67 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Update import component definitions for a component definition + summary: Delete an Authorization Boundary Diagram tags: - - Component Definitions - /oscal/import: - post: + - System Security Plans + put: consumes: - - multipart/form-data - description: Import multiple OSCAL JSON files (catalogs, profiles, SSPs, etc.) + - application/json + description: Updates a specific Diagram under the Authorization Boundary of + a System Security Plan. parameters: - - description: OSCAL JSON files to import - in: formData - name: files + - description: System Security Plan ID + in: path + name: id required: true - type: file + type: string + - description: Diagram ID + in: path + name: diagram + required: true + type: string + - description: Updated Diagram object + in: body + name: diagram + required: true + schema: + $ref: '#/definitions/oscalTypes_1_1_3.Diagram' produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscal_ImportResponse' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Diagram' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' + "401": + description: Unauthorized + schema: + $ref: '#/definitions/api.Error' + "404": + description: Not Found + schema: + $ref: '#/definitions/api.Error' "500": description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Import OSCAL files + security: + - OAuth2Password: [] + summary: Update an Authorization Boundary Diagram tags: - - OSCAL - /oscal/inventory: + - System Security Plans + /oscal/system-security-plans/{id}/system-characteristics/data-flow: get: - description: Retrieves all inventory items from all sources (SSP, Evidence, - POAM, AP, AR) + description: Retrieves the Data Flow for a given System Security Plan. parameters: - - description: Include items from System Security Plans - in: query - name: include_ssp - type: string - - description: Include items from Evidence - in: query - name: include_evidence - type: string - - description: Include items from Plan of Action and Milestones - in: query - name: include_poam - type: string - - description: Include items from Assessment Plans - in: query - name: include_ap - type: string - - description: Include items from Assessment Results - in: query - name: include_ar - type: string - - description: Filter by item type (e.g., operating-system, database, web-server) - in: query - name: item_type - type: string - - description: Filter by SSP attachment status - in: query - name: attached_to_ssp + - description: System Security Plan ID + in: path + name: id + required: true type: string produces: - application/json @@ -11966,7 +18518,7 @@ paths: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataListResponse-oscal_InventoryItemWithSource' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_DataFlow' "400": description: Bad Request schema: @@ -11975,34 +18527,44 @@ paths: description: Unauthorized schema: $ref: '#/definitions/api.Error' + "404": + description: Not Found + schema: + $ref: '#/definitions/api.Error' "500": description: Internal Server Error schema: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Get All Inventory Items + summary: Get Data Flow tags: - - Inventory + - System Security Plans + /oscal/system-security-plans/{id}/system-characteristics/data-flow/diagrams: post: consumes: - application/json - description: Creates a new inventory item with optional attachment to SSP or - POAM + description: Creates a new Diagram under the Data Flow of a System Security + Plan. parameters: - - description: Create Inventory Item Request + - description: System Security Plan ID + in: path + name: id + required: true + type: string + - description: Diagram object to create in: body - name: request + name: diagram required: true schema: - $ref: '#/definitions/oscal.CreateInventoryItemRequest' + $ref: '#/definitions/oscalTypes_1_1_3.Diagram' produces: - application/json responses: "201": description: Created schema: - $ref: '#/definitions/handler.GenericDataResponse-oscal_InventoryItemWithSource' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Diagram' "400": description: Bad Request schema: @@ -12011,31 +18573,39 @@ paths: description: Unauthorized schema: $ref: '#/definitions/api.Error' + "404": + description: Not Found + schema: + $ref: '#/definitions/api.Error' "500": description: Internal Server Error schema: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Create Inventory Item + summary: Create a Data Flow Diagram tags: - - Inventory - /oscal/inventory/{id}: - get: - description: Retrieves a specific inventory item by its ID + - System Security Plans + /oscal/system-security-plans/{id}/system-characteristics/data-flow/diagrams/{diagram}: + delete: + description: Deletes a specific Diagram under the Data Flow of a System Security + Plan. parameters: - - description: Inventory Item ID + - description: System Security Plan ID in: path name: id required: true type: string + - description: Diagram ID + in: path + name: diagram + required: true + type: string produces: - application/json responses: - "200": - description: OK - schema: - $ref: '#/definitions/handler.GenericDataResponse-oscal_InventoryItemWithSource' + "204": + description: No Content "400": description: Bad Request schema: @@ -12054,19 +18624,38 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Get Inventory Item by ID + summary: Delete a Data Flow Diagram tags: - - Inventory - /oscal/parties: - get: - description: Retrieves all parties. + - System Security Plans + put: + consumes: + - application/json + description: Updates a specific Diagram under the Data Flow of a System Security + Plan. + parameters: + - description: System Security Plan ID + in: path + name: id + required: true + type: string + - description: Diagram ID + in: path + name: diagram + required: true + type: string + - description: Updated Diagram object + in: body + name: diagram + required: true + schema: + $ref: '#/definitions/oscalTypes_1_1_3.Diagram' produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_Party' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Diagram' "400": description: Bad Request schema: @@ -12075,20 +18664,25 @@ paths: description: Unauthorized schema: $ref: '#/definitions/api.Error' + "404": + description: Not Found + schema: + $ref: '#/definitions/api.Error' "500": description: Internal Server Error schema: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: List parties + summary: Update a Data Flow Diagram tags: - - Oscal - /oscal/parties/{id}: + - System Security Plans + /oscal/system-security-plans/{id}/system-characteristics/network-architecture: get: - description: Retrieves a single Party by its unique ID. + description: Retrieves the Network Architecture for a given System Security + Plan. parameters: - - description: Party ID + - description: System Security Plan ID in: path name: id required: true @@ -12099,7 +18693,7 @@ paths: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Party' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_NetworkArchitecture' "400": description: Bad Request schema: @@ -12118,69 +18712,72 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Get a Party - tags: - - Oscal - /oscal/plan-of-action-and-milestones: - get: - description: Retrieves all Plan of Action and Milestones. - produces: - - application/json - responses: - "200": - description: OK - schema: - $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_PlanOfActionAndMilestones' - "400": - description: Bad Request - schema: - $ref: '#/definitions/api.Error' - "500": - description: Internal Server Error - schema: - $ref: '#/definitions/api.Error' - summary: List POA&Ms + summary: Get Network Architecture tags: - - Plan Of Action and Milestones + - System Security Plans + /oscal/system-security-plans/{id}/system-characteristics/network-architecture/diagrams: post: consumes: - application/json - description: Creates a new Plan of Action and Milestones. + description: Creates a new Diagram under the Network Architecture of a System + Security Plan. parameters: - - description: POA&M data + - description: System Security Plan ID + in: path + name: id + required: true + type: string + - description: Diagram object to create in: body - name: poam + name: diagram required: true schema: - $ref: '#/definitions/oscalTypes_1_1_3.PlanOfActionAndMilestones' + $ref: '#/definitions/oscalTypes_1_1_3.Diagram' produces: - application/json responses: - "200": - description: OK + "201": + description: Created schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_PlanOfActionAndMilestones' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Diagram' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' + "401": + description: Unauthorized + schema: + $ref: '#/definitions/api.Error' + "404": + description: Not Found + schema: + $ref: '#/definitions/api.Error' "500": description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Create a new POA&M + security: + - OAuth2Password: [] + summary: Create a Network Architecture Diagram tags: - - Plan Of Action and Milestones - /oscal/plan-of-action-and-milestones/{id}: + - System Security Plans + /oscal/system-security-plans/{id}/system-characteristics/network-architecture/diagrams/{diagram}: delete: - description: Deletes an existing Plan of Action and Milestones and all its related - data. + description: Deletes a specific Diagram under the Network Architecture of a + System Security Plan. parameters: - - description: POA&M ID + - description: System Security Plan ID in: path name: id required: true type: string + - description: Diagram ID + in: path + name: diagram + required: true + type: string + produces: + - application/json responses: "204": description: No Content @@ -12188,6 +18785,10 @@ paths: description: Bad Request schema: $ref: '#/definitions/api.Error' + "401": + description: Unauthorized + schema: + $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -12196,29 +18797,48 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Delete a POA&M + security: + - OAuth2Password: [] + summary: Delete a Network Architecture Diagram tags: - - Plan Of Action and Milestones - get: - description: Retrieves a single Plan of Action and Milestones by its unique - ID. + - System Security Plans + put: + consumes: + - application/json + description: Updates a specific Diagram under the Network Architecture of a + System Security Plan. parameters: - - description: POA&M ID + - description: System Security Plan ID + in: path + name: id + required: true + type: string + - description: Diagram ID in: path - name: id + name: diagram required: true type: string + - description: Updated Diagram object + in: body + name: diagram + required: true + schema: + $ref: '#/definitions/oscalTypes_1_1_3.Diagram' produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_PlanOfActionAndMilestones' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Diagram' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' + "401": + description: Unauthorized + schema: + $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -12227,36 +18847,36 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Get a POA&M + security: + - OAuth2Password: [] + summary: Update a Network Architecture Diagram tags: - - Plan Of Action and Milestones - put: - consumes: - - application/json - description: Updates an existing Plan of Action and Milestones. + - System Security Plans + /oscal/system-security-plans/{id}/system-implementation: + get: + description: Retrieves the System Implementation for a given System Security + Plan. parameters: - - description: POA&M ID + - description: System Security Plan ID in: path name: id required: true type: string - - description: POA&M data - in: body - name: poam - required: true - schema: - $ref: '#/definitions/oscalTypes_1_1_3.PlanOfActionAndMilestones' produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_PlanOfActionAndMilestones' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_SystemImplementation' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' + "401": + description: Unauthorized + schema: + $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -12265,29 +18885,42 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Update a POA&M + security: + - OAuth2Password: [] + summary: Get System Implementation tags: - - Plan Of Action and Milestones - /oscal/plan-of-action-and-milestones/{id}/back-matter: - get: - description: Retrieves back-matter for a given POA&M. + - System Security Plans + put: + consumes: + - application/json + description: Updates the System Implementation for a given System Security Plan. parameters: - - description: POA&M ID + - description: System Security Plan ID in: path name: id required: true type: string + - description: Updated System Implementation object + in: body + name: system-implementation + required: true + schema: + $ref: '#/definitions/oscalTypes_1_1_3.SystemImplementation' produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_BackMatter' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_SystemImplementation' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' + "401": + description: Unauthorized + schema: + $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -12296,14 +18929,17 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Get POA&M back-matter + security: + - OAuth2Password: [] + summary: Update System Implementation tags: - - Plan Of Action and Milestones - /oscal/plan-of-action-and-milestones/{id}/back-matter/resources: + - System Security Plans + /oscal/system-security-plans/{id}/system-implementation/components: get: - description: Retrieves all back-matter resources for a given POA&M. + description: Retrieves components in the System Implementation for a given System + Security Plan. parameters: - - description: POA&M ID + - description: System Security Plan ID in: path name: id required: true @@ -12314,11 +18950,15 @@ paths: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_Resource' + $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_SystemComponent' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' + "401": + description: Unauthorized + schema: + $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -12327,32 +18967,35 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Get back-matter resources for a POA&M + security: + - OAuth2Password: [] + summary: List System Implementation Components tags: - - Plan Of Action and Milestones + - System Security Plans post: consumes: - application/json - description: Creates a new back-matter resource for a given POA&M. + description: Creates a new system component for a given SSP. Accepts an optional + definedComponentId field to link to a DefinedComponent. parameters: - - description: POA&M ID + - description: SSP ID in: path name: id required: true type: string - - description: Resource data + - description: System Component data with optional definedComponentId field in: body - name: resource + name: component required: true schema: - $ref: '#/definitions/oscalTypes_1_1_3.Resource' + $ref: '#/definitions/oscal.SystemComponentRequest' produces: - application/json responses: "201": description: Created schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Resource' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_SystemComponent' "400": description: Bad Request schema: @@ -12365,21 +19008,21 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Create a new back-matter resource for a POA&M + summary: Create a new system component tags: - - Plan Of Action and Milestones - /oscal/plan-of-action-and-milestones/{id}/back-matter/resources/{resourceId}: + - System Security Plans + /oscal/system-security-plans/{id}/system-implementation/components/{componentId}: delete: - description: Deletes an existing back-matter resource for a given POA&M. + description: Deletes an existing system component for a given SSP. parameters: - - description: POA&M ID + - description: SSP ID in: path name: id required: true type: string - - description: Resource ID + - description: Component ID in: path - name: resourceId + name: componentId required: true type: string responses: @@ -12397,70 +19040,36 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Delete a back-matter resource from a POA&M + summary: Delete a system component tags: - - Plan Of Action and Milestones - put: - consumes: - - application/json - description: Updates an existing back-matter resource for a given POA&M. + - System Security Plans + get: + description: Retrieves component in the System Implementation for a given System + Security Plan. parameters: - - description: POA&M ID + - description: System Security Plan ID in: path name: id required: true type: string - - description: Resource ID + - description: Component ID in: path - name: resourceId + name: componentId required: true type: string - - description: Resource data - in: body - name: resource - required: true - schema: - $ref: '#/definitions/oscalTypes_1_1_3.Resource' produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Resource' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_SystemComponent' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "404": - description: Not Found - schema: - $ref: '#/definitions/api.Error' - "500": - description: Internal Server Error - schema: - $ref: '#/definitions/api.Error' - summary: Update a back-matter resource for a POA&M - tags: - - Plan Of Action and Milestones - /oscal/plan-of-action-and-milestones/{id}/findings: - get: - description: Retrieves all findings for a given POA&M. - parameters: - - description: POA&M ID - in: path - name: id - required: true - type: string - produces: - - application/json - responses: - "200": - description: OK - schema: - $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_Finding' - "400": - description: Bad Request + "401": + description: Unauthorized schema: $ref: '#/definitions/api.Error' "404": @@ -12471,64 +19080,40 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Get findings for a POA&M + security: + - OAuth2Password: [] + summary: Get System Implementation Component tags: - - Plan Of Action and Milestones - post: + - System Security Plans + put: consumes: - application/json - description: Creates a new finding for a given POA&M. + description: Updates an existing system component for a given SSP. Accepts an + optional definedComponentId field to link to a DefinedComponent. parameters: - - description: POA&M ID + - description: SSP ID in: path name: id required: true type: string - - description: Finding data + - description: Component ID + in: path + name: componentId + required: true + type: string + - description: System Component data with optional definedComponentId field in: body - name: finding + name: component required: true schema: - $ref: '#/definitions/oscalTypes_1_1_3.Finding' + $ref: '#/definitions/oscal.SystemComponentRequest' produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Finding' - "400": - description: Bad Request - schema: - $ref: '#/definitions/api.Error' - "404": - description: Not Found - schema: - $ref: '#/definitions/api.Error' - "500": - description: Internal Server Error - schema: - $ref: '#/definitions/api.Error' - summary: Create a new finding for a POA&M - tags: - - Plan Of Action and Milestones - /oscal/plan-of-action-and-milestones/{id}/findings/{findingId}: - delete: - description: Deletes an existing finding for a given POA&M. - parameters: - - description: POA&M ID - in: path - name: id - required: true - type: string - - description: Finding ID - in: path - name: findingId - required: true - type: string - responses: - "204": - description: No Content + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_SystemComponent' "400": description: Bad Request schema: @@ -12541,41 +19126,34 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Delete a finding from a POA&M + summary: Update a system component tags: - - Plan Of Action and Milestones - put: - consumes: - - application/json - description: Updates an existing finding for a given POA&M. + - System Security Plans + /oscal/system-security-plans/{id}/system-implementation/inventory-items: + get: + description: Retrieves inventory items in the System Implementation for a given + System Security Plan. parameters: - - description: POA&M ID + - description: System Security Plan ID in: path name: id required: true type: string - - description: Finding ID - in: path - name: findingId - required: true - type: string - - description: Finding data - in: body - name: finding - required: true - schema: - $ref: '#/definitions/oscalTypes_1_1_3.Finding' produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Finding' + $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_InventoryItem' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' + "401": + description: Unauthorized + schema: + $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -12584,26 +19162,34 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Update a finding for a POA&M + security: + - OAuth2Password: [] + summary: List System Implementation Inventory Items tags: - - Plan Of Action and Milestones - /oscal/plan-of-action-and-milestones/{id}/full: - get: - description: Retrieves a complete POA&M by its ID, including all metadata and - related objects. + - System Security Plans + post: + consumes: + - application/json + description: Creates a new inventory item for a given SSP. parameters: - - description: POA&M ID + - description: SSP ID in: path name: id required: true type: string + - description: Inventory Item data + in: body + name: item + required: true + schema: + $ref: '#/definitions/oscalTypes_1_1_3.InventoryItem' produces: - application/json responses: - "200": - description: OK + "201": + description: Created schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_PlanOfActionAndMilestones' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_InventoryItem' "400": description: Bad Request schema: @@ -12616,25 +19202,26 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Get a complete POA&M + summary: Create a new inventory item tags: - - Plan Of Action and Milestones - /oscal/plan-of-action-and-milestones/{id}/import-ssp: - get: - description: Retrieves import-ssp for a given POA&M. + - System Security Plans + /oscal/system-security-plans/{id}/system-implementation/inventory-items/{itemId}: + delete: + description: Deletes an existing inventory item for a given SSP. parameters: - - description: POA&M ID + - description: SSP ID in: path name: id required: true type: string - produces: - - application/json + - description: Item ID + in: path + name: itemId + required: true + type: string responses: - "200": - description: OK - schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_ImportSsp' + "204": + description: No Content "400": description: Bad Request schema: @@ -12647,32 +19234,37 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Get POA&M import-ssp + summary: Delete an inventory item tags: - - Plan Of Action and Milestones - post: + - System Security Plans + put: consumes: - application/json - description: Creates import-ssp for a given POA&M. + description: Updates an existing inventory item for a given SSP. parameters: - - description: POA&M ID + - description: SSP ID in: path name: id required: true type: string - - description: Import SSP data + - description: Item ID + in: path + name: itemId + required: true + type: string + - description: Inventory Item data in: body - name: importSsp + name: item required: true schema: - $ref: '#/definitions/oscalTypes_1_1_3.ImportSsp' + $ref: '#/definitions/oscalTypes_1_1_3.InventoryItem' produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_ImportSsp' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_InventoryItem' "400": description: Bad Request schema: @@ -12685,36 +19277,34 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Create import-ssp for a POA&M + summary: Update an inventory item tags: - - Plan Of Action and Milestones - put: - consumes: - - application/json - description: Updates import-ssp for a given POA&M. + - System Security Plans + /oscal/system-security-plans/{id}/system-implementation/leveraged-authorizations: + get: + description: Retrieves leveraged authorizations in the System Implementation + for a given System Security Plan. parameters: - - description: POA&M ID + - description: System Security Plan ID in: path name: id required: true type: string - - description: Import SSP data - in: body - name: importSsp - required: true - schema: - $ref: '#/definitions/oscalTypes_1_1_3.ImportSsp' produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_ImportSsp' + $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_LeveragedAuthorization' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' + "401": + description: Unauthorized + schema: + $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -12723,25 +19313,34 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Update import-ssp for a POA&M + security: + - OAuth2Password: [] + summary: List System Implementation Leveraged Authorizations tags: - - Plan Of Action and Milestones - /oscal/plan-of-action-and-milestones/{id}/local-definitions: - get: - description: Retrieves local definitions for a given POA&M. + - System Security Plans + post: + consumes: + - application/json + description: Creates a new leveraged authorization for a given SSP. parameters: - - description: POA&M ID + - description: SSP ID in: path name: id required: true type: string + - description: Leveraged Authorization data + in: body + name: auth + required: true + schema: + $ref: '#/definitions/oscalTypes_1_1_3.LeveragedAuthorization' produces: - application/json responses: - "200": - description: OK + "201": + description: Created schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_PlanOfActionAndMilestonesLocalDefinitions' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_LeveragedAuthorization' "400": description: Bad Request schema: @@ -12754,25 +19353,26 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Get POA&M local definitions + summary: Create a new leveraged authorization tags: - - Plan Of Action and Milestones - /oscal/plan-of-action-and-milestones/{id}/metadata: - get: - description: Retrieves metadata for a given POA&M. + - System Security Plans + /oscal/system-security-plans/{id}/system-implementation/leveraged-authorizations/{authId}: + delete: + description: Deletes an existing leveraged authorization for a given SSP. parameters: - - description: POA&M ID + - description: SSP ID in: path name: id required: true type: string - produces: - - application/json + - description: Authorization ID + in: path + name: authId + required: true + type: string responses: - "200": - description: OK - schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Metadata' + "204": + description: No Content "400": description: Bad Request schema: @@ -12785,32 +19385,37 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Get POA&M metadata + summary: Delete a leveraged authorization tags: - - Plan Of Action and Milestones + - System Security Plans put: consumes: - application/json - description: Updates metadata for a given POA&M. + description: Updates an existing leveraged authorization for a given SSP. parameters: - - description: POA&M ID + - description: SSP ID in: path name: id required: true type: string - - description: Metadata data + - description: Authorization ID + in: path + name: authId + required: true + type: string + - description: Leveraged Authorization data in: body - name: metadata + name: auth required: true schema: - $ref: '#/definitions/oscalTypes_1_1_3.Metadata' + $ref: '#/definitions/oscalTypes_1_1_3.LeveragedAuthorization' produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Metadata' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_LeveragedAuthorization' "400": description: Bad Request schema: @@ -12823,14 +19428,15 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Update POA&M metadata + summary: Update a leveraged authorization tags: - - Plan Of Action and Milestones - /oscal/plan-of-action-and-milestones/{id}/observations: + - System Security Plans + /oscal/system-security-plans/{id}/system-implementation/users: get: - description: Retrieves all observations for a given POA&M. + description: Retrieves users in the System Implementation for a given System + Security Plan. parameters: - - description: POA&M ID + - description: System Security Plan ID in: path name: id required: true @@ -12841,11 +19447,15 @@ paths: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_Observation' + $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_SystemUser' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' + "401": + description: Unauthorized + schema: + $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -12854,32 +19464,34 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Get observations for a POA&M + security: + - OAuth2Password: [] + summary: List System Implementation Users tags: - - Plan Of Action and Milestones + - System Security Plans post: consumes: - application/json - description: Creates a new observation for a given POA&M. + description: Creates a new system user for a given SSP. parameters: - - description: POA&M ID + - description: SSP ID in: path name: id required: true type: string - - description: Observation data + - description: System User data in: body - name: observation + name: user required: true schema: - $ref: '#/definitions/oscalTypes_1_1_3.Observation' + $ref: '#/definitions/oscalTypes_1_1_3.SystemUser' produces: - application/json responses: - "200": - description: OK + "201": + description: Created schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Observation' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_SystemUser' "400": description: Bad Request schema: @@ -12892,21 +19504,21 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Create a new observation for a POA&M + summary: Create a new system user tags: - - Plan Of Action and Milestones - /oscal/plan-of-action-and-milestones/{id}/observations/{obsId}: + - System Security Plans + /oscal/system-security-plans/{id}/system-implementation/users/{userId}: delete: - description: Deletes an existing observation for a given POA&M. + description: Deletes an existing system user for a given SSP. parameters: - - description: POA&M ID + - description: SSP ID in: path name: id required: true type: string - - description: Observation ID + - description: User ID in: path - name: obsId + name: userId required: true type: string responses: @@ -12924,37 +19536,37 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Delete an observation from a POA&M + summary: Delete a system user tags: - - Plan Of Action and Milestones + - System Security Plans put: consumes: - application/json - description: Updates an existing observation for a given POA&M. + description: Updates an existing system user for a given SSP. parameters: - - description: POA&M ID + - description: SSP ID in: path name: id required: true type: string - - description: Observation ID + - description: User ID in: path - name: obsId + name: userId required: true type: string - - description: Observation data + - description: System User data in: body - name: observation + name: user required: true schema: - $ref: '#/definitions/oscalTypes_1_1_3.Observation' + $ref: '#/definitions/oscalTypes_1_1_3.SystemUser' produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Observation' + $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_SystemUser' "400": description: Bad Request schema: @@ -12967,17 +19579,35 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Update an observation for a POA&M + summary: Update a system user tags: - - Plan Of Action and Milestones - /oscal/plan-of-action-and-milestones/{id}/poam-items: + - System Security Plans + /poam-items: get: - description: Retrieves all POA&M items for a given POA&M. parameters: - - description: POA&M ID - in: path - name: id - required: true + - description: Filter by status (open|in-progress|completed|overdue) + in: query + name: status + type: string + - description: Filter by SSP UUID + in: query + name: sspId + type: string + - description: Filter by linked risk UUID + in: query + name: riskId + type: string + - description: Filter by planned_completion_date before (RFC3339) + in: query + name: deadlineBefore + type: string + - description: Return only overdue items + in: query + name: overdueOnly + type: boolean + - description: Filter by primary_owner_user_id UUID + in: query + name: ownerRef type: string produces: - application/json @@ -12985,45 +19615,37 @@ paths: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_PoamItem' + $ref: '#/definitions/handler.GenericDataListResponse-handler_poamItemResponse' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "404": - description: Not Found - schema: - $ref: '#/definitions/api.Error' "500": description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Get POA&M items + security: + - OAuth2Password: [] + summary: List POAM items tags: - - Plan Of Action and Milestones + - POAM Items post: consumes: - application/json - description: Creates a new POAM item for a given POA&M. parameters: - - description: POA&M ID - in: path - name: id - required: true - type: string - - description: POAM Item data + - description: POAM item payload in: body - name: poam-item + name: body required: true schema: - $ref: '#/definitions/oscalTypes_1_1_3.PoamItem' + $ref: '#/definitions/handler.createPoamItemRequest' produces: - application/json responses: - "200": - description: OK + "201": + description: Created schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_PoamItem' + $ref: '#/definitions/handler.GenericDataResponse-handler_poamItemResponse' "400": description: Bad Request schema: @@ -13036,23 +19658,19 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Create a new POAM item for a POA&M + security: + - OAuth2Password: [] + summary: Create a POAM item tags: - - Plan Of Action and Milestones - /oscal/plan-of-action-and-milestones/{id}/poam-items/{itemId}: + - POAM Items + /poam-items/{id}: delete: - description: Deletes an existing POAM item for a given POA&M. parameters: - - description: POA&M ID + - description: POAM item ID in: path name: id required: true type: string - - description: POAM Item ID - in: path - name: itemId - required: true - type: string responses: "204": description: No Content @@ -13068,37 +19686,25 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Delete a POAM item from a POA&M + security: + - OAuth2Password: [] + summary: Delete a POAM item tags: - - Plan Of Action and Milestones - put: - consumes: - - application/json - description: Updates an existing POAM item for a given POA&M. + - POAM Items + get: parameters: - - description: POA&M ID + - description: POAM item ID in: path name: id required: true type: string - - description: POAM Item ID - in: path - name: itemId - required: true - type: string - - description: POAM Item data - in: body - name: poam-item - required: true - schema: - $ref: '#/definitions/oscalTypes_1_1_3.PoamItem' produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_PoamItem' + $ref: '#/definitions/handler.GenericDataResponse-handler_poamItemResponse' "400": description: Bad Request schema: @@ -13111,25 +19717,33 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Update a POAM item for a POA&M + security: + - OAuth2Password: [] + summary: Get a POAM item tags: - - Plan Of Action and Milestones - /oscal/plan-of-action-and-milestones/{id}/risks: - get: - description: Retrieves all risks for a given POA&M. + - POAM Items + put: + consumes: + - application/json parameters: - - description: POA&M ID + - description: POAM item ID in: path name: id required: true type: string + - description: Update payload + in: body + name: body + required: true + schema: + $ref: '#/definitions/handler.updatePoamItemRequest' produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_Risk' + $ref: '#/definitions/handler.GenericDataResponse-handler_poamItemResponse' "400": description: Bad Request schema: @@ -13142,32 +19756,26 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Get risks for a POA&M + security: + - OAuth2Password: [] + summary: Update a POAM item tags: - - Plan Of Action and Milestones - post: - consumes: - - application/json - description: Creates a new risk for a given POA&M. + - POAM Items + /poam-items/{id}/controls: + get: parameters: - - description: POA&M ID + - description: POAM item ID in: path name: id required: true type: string - - description: Risk data - in: body - name: risk - required: true - schema: - $ref: '#/definitions/oscalTypes_1_1_3.Risk' produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Risk' + $ref: '#/definitions/handler.GenericDataListResponse-poam_PoamItemControlLink' "400": description: Bad Request schema: @@ -13180,26 +19788,33 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Create a new risk for a POA&M + security: + - OAuth2Password: [] + summary: List linked controls tags: - - Plan Of Action and Milestones - /oscal/plan-of-action-and-milestones/{id}/risks/{riskId}: - delete: - description: Deletes an existing risk for a given POA&M. + - POAM Items + post: + consumes: + - application/json parameters: - - description: POA&M ID + - description: POAM item ID in: path name: id required: true type: string - - description: Risk ID - in: path - name: riskId + - description: Control ref payload + in: body + name: body required: true - type: string + schema: + $ref: '#/definitions/handler.poamControlRefRequest' + produces: + - application/json responses: - "204": - description: No Content + "201": + description: Created + schema: + $ref: '#/definitions/handler.GenericDataResponse-poam_PoamItemControlLink' "400": description: Bad Request schema: @@ -13212,37 +19827,32 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Delete a risk from a POA&M + security: + - OAuth2Password: [] + summary: Add a control link tags: - - Plan Of Action and Milestones - put: - consumes: - - application/json - description: Updates an existing risk for a given POA&M. + - POAM Items + /poam-items/{id}/controls/{catalogId}/{controlId}: + delete: parameters: - - description: POA&M ID + - description: POAM item ID in: path name: id required: true type: string - - description: Risk ID + - description: Catalog ID in: path - name: riskId + name: catalogId required: true type: string - - description: Risk data - in: body - name: risk + - description: Control ID + in: path + name: controlId required: true - schema: - $ref: '#/definitions/oscalTypes_1_1_3.Risk' - produces: - - application/json + type: string responses: - "200": - description: OK - schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Risk' + "204": + description: No Content "400": description: Bad Request schema: @@ -13255,14 +19865,15 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Update a risk for a POA&M + security: + - OAuth2Password: [] + summary: Delete a control link tags: - - Plan Of Action and Milestones - /oscal/plan-of-action-and-milestones/{id}/system-id: + - POAM Items + /poam-items/{id}/evidence: get: - description: Retrieves system-id for a given POA&M. parameters: - - description: POA&M ID + - description: POAM item ID in: path name: id required: true @@ -13273,7 +19884,7 @@ paths: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_SystemId' + $ref: '#/definitions/handler.GenericDataListResponse-poam_PoamItemEvidenceLink' "400": description: Bad Request schema: @@ -13286,32 +19897,33 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Get POA&M system-id + security: + - OAuth2Password: [] + summary: List linked evidence tags: - - Plan Of Action and Milestones + - POAM Items post: consumes: - application/json - description: Creates system-id for a given POA&M. parameters: - - description: POA&M ID + - description: POAM item ID in: path name: id required: true type: string - - description: System ID data + - description: Evidence ID payload in: body - name: systemId + name: body required: true schema: - $ref: '#/definitions/oscalTypes_1_1_3.SystemId' + $ref: '#/definitions/handler.addLinkRequest' produces: - application/json responses: - "200": - description: OK + "201": + description: Created schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_SystemId' + $ref: '#/definitions/handler.GenericDataResponse-poam_PoamItemEvidenceLink' "400": description: Bad Request schema: @@ -13324,32 +19936,27 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Create system-id for a POA&M + security: + - OAuth2Password: [] + summary: Add an evidence link tags: - - Plan Of Action and Milestones - put: - consumes: - - application/json - description: Updates system-id for a given POA&M. + - POAM Items + /poam-items/{id}/evidence/{evidenceId}: + delete: parameters: - - description: POA&M ID + - description: POAM item ID in: path name: id required: true type: string - - description: System ID data - in: body - name: systemId + - description: Evidence ID + in: path + name: evidenceId required: true - schema: - $ref: '#/definitions/oscalTypes_1_1_3.SystemId' - produces: - - application/json + type: string responses: - "200": - description: OK - schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_SystemId' + "204": + description: No Content "400": description: Bad Request schema: @@ -13362,25 +19969,32 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Update system-id for a POA&M + security: + - OAuth2Password: [] + summary: Delete an evidence link tags: - - Plan Of Action and Milestones - /oscal/profiles: + - POAM Items + /poam-items/{id}/findings: get: - description: Retrieves all OSCAL profiles + parameters: + - description: POAM item ID + in: path + name: id + required: true + type: string produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataListResponse-oscal_ProfileHandler' + $ref: '#/definitions/handler.GenericDataListResponse-poam_PoamItemFindingLink' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "401": - description: Unauthorized + "404": + description: Not Found schema: $ref: '#/definitions/api.Error' "500": @@ -13389,33 +20003,37 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: List Profiles + summary: List linked findings tags: - - Profile + - POAM Items post: consumes: - application/json - description: Creates a new OSCAL Profile. parameters: - - description: Profile object + - description: POAM item ID + in: path + name: id + required: true + type: string + - description: Finding ID payload in: body - name: profile + name: body required: true schema: - $ref: '#/definitions/oscalTypes_1_1_3.Profile' + $ref: '#/definitions/handler.addLinkRequest' produces: - application/json responses: "201": description: Created schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Profile' + $ref: '#/definitions/handler.GenericDataResponse-poam_PoamItemFindingLink' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "401": - description: Unauthorized + "404": + description: Not Found schema: $ref: '#/definitions/api.Error' "500": @@ -13424,33 +20042,29 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Create a new OSCAL Profile + summary: Add a finding link tags: - - Profile - /oscal/profiles/{id}: - get: - description: Get an OSCAL profile with the uuid provided + - POAM Items + /poam-items/{id}/findings/{findingId}: + delete: parameters: - - description: Profile ID + - description: POAM item ID in: path name: id required: true type: string - produces: - - application/json + - description: Finding ID + in: path + name: findingId + required: true + type: string responses: - "200": - description: OK - schema: - $ref: '#/definitions/handler.GenericDataResponse-oscal_ProfileHandler' + "204": + description: No Content "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "401": - description: Unauthorized - schema: - $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -13461,14 +20075,13 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Get Profile + summary: Delete a finding link tags: - - Profile - /oscal/profiles/{id}/back-matter: + - POAM Items + /poam-items/{id}/milestones: get: - description: Get the BackMatter for a specific profile parameters: - - description: Profile ID + - description: POAM item ID in: path name: id required: true @@ -13479,15 +20092,11 @@ paths: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_BackMatter' + $ref: '#/definitions/handler.GenericDataListResponse-handler_milestoneResponse' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "401": - description: Unauthorized - schema: - $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -13498,33 +20107,35 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Get Backmatter + summary: List milestones for a POAM item tags: - - Profile - /oscal/profiles/{id}/full: - get: - description: Retrieves the full OSCAL Profile, including all nested content. + - POAM Items + post: + consumes: + - application/json parameters: - - description: Profile ID + - description: POAM item ID in: path name: id required: true type: string + - description: Milestone payload + in: body + name: body + required: true + schema: + $ref: '#/definitions/handler.createMilestoneRequest' produces: - application/json responses: - "200": - description: OK + "201": + description: Created schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Profile' + $ref: '#/definitions/handler.GenericDataResponse-handler_milestoneResponse' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "401": - description: Unauthorized - schema: - $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -13535,33 +20146,29 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Get full Profile + summary: Add a milestone to a POAM item tags: - - Profile - /oscal/profiles/{id}/imports: - get: - description: List imports for a specific profile + - POAM Items + /poam-items/{id}/milestones/{milestoneId}: + delete: parameters: - - description: Profile ID + - description: POAM item ID in: path name: id required: true type: string - produces: - - application/json + - description: Milestone ID + in: path + name: milestoneId + required: true + type: string responses: - "200": - description: OK - schema: - $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_Import' + "204": + description: No Content "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "401": - description: Unauthorized - schema: - $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -13572,36 +20179,40 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: List Imports + summary: Delete a milestone tags: - - Profile - /oscal/profiles/{id}/imports/{href}: - delete: - description: Deletes an import from a profile by its href + - POAM Items + put: + consumes: + - application/json parameters: - - description: Profile ID + - description: POAM item ID in: path name: id required: true type: string - - description: Import Href + - description: Milestone ID in: path - name: href + name: milestoneId required: true type: string + - description: Milestone update payload + in: body + name: body + required: true + schema: + $ref: '#/definitions/handler.updateMilestoneRequest' produces: - application/json responses: - "204": - description: Import deleted successfully + "200": + description: OK + schema: + $ref: '#/definitions/handler.GenericDataResponse-handler_milestoneResponse' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "401": - description: Unauthorized - schema: - $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -13612,37 +20223,28 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Delete Import from Profile + summary: Update a milestone tags: - - Profile + - POAM Items + /poam-items/{id}/risks: get: - description: Retrieves a specific import from a profile by its backmatter href parameters: - - description: Profile UUID + - description: POAM item ID in: path name: id required: true type: string - - description: Import Href - in: path - name: href - required: true - type: string produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Import' + $ref: '#/definitions/handler.GenericDataListResponse-poam_PoamItemRiskLink' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "401": - description: Unauthorized - schema: - $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -13653,45 +20255,35 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Get Import from Profile by Backmatter Href + summary: List linked risks tags: - - Profile - put: + - POAM Items + post: consumes: - application/json - description: Updates an existing import in a profile by its href parameters: - - description: Profile ID + - description: POAM item ID in: path name: id required: true type: string - - description: Import Href - in: path - name: href - required: true - type: string - - description: Import data to update + - description: Risk ID payload in: body - name: request + name: body required: true schema: - $ref: '#/definitions/oscalTypes_1_1_3.Import' + $ref: '#/definitions/handler.addLinkRequest' produces: - application/json responses: - "200": - description: OK + "201": + description: Created schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Import' + $ref: '#/definitions/handler.GenericDataResponse-poam_PoamItemRiskLink' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "401": - description: Unauthorized - schema: - $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -13702,85 +20294,106 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Update Import in Profile + summary: Add a risk link tags: - - Profile - /oscal/profiles/{id}/imports/add: - post: - consumes: - - application/json - description: Adds an import to a profile by its UUID and type (catalog/profile). - Only catalogs are currently supported currently + - POAM Items + /poam-items/{id}/risks/{riskId}: + delete: parameters: - - description: Profile ID + - description: POAM item ID in: path name: id required: true type: string - - description: Request data - in: body - name: request + - description: Risk ID + in: path + name: riskId required: true - schema: - $ref: '#/definitions/oscal.ProfileHandler' - produces: - - application/json + type: string responses: - "201": - description: Created - schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Import' + "204": + description: No Content "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "401": - description: Unauthorized - schema: - $ref: '#/definitions/api.Error' "404": description: Not Found schema: $ref: '#/definitions/api.Error' - "409": - description: Conflict - schema: - $ref: '#/definitions/api.Error' "500": description: Internal Server Error schema: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Add Import to Profile + summary: Delete a risk link tags: - - Profile - /oscal/profiles/{id}/merge: + - POAM Items + /risk-templates: get: - description: Retrieves the merge section for a specific profile. + description: List risk templates with optional filters and pagination. parameters: - - description: Profile ID - in: path - name: id - required: true + - description: Plugin ID + in: query + name: pluginId + type: string + - description: Policy package + in: query + name: policyPackage type: string + - description: Active flag + in: query + name: isActive + type: boolean + - description: Page number + in: query + name: page + type: integer + - description: Page size + in: query + name: limit + type: integer produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Merge' + $ref: '#/definitions/service.ListResponse-templates_riskTemplateResponse' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "401": - description: Unauthorized + "500": + description: Internal Server Error schema: $ref: '#/definitions/api.Error' - "404": - description: Not Found + security: + - OAuth2Password: [] + summary: List risk templates + tags: + - Risk Templates + post: + consumes: + - application/json + description: Create a risk template with threat references and remediation template/tasks. + parameters: + - description: Risk template payload + in: body + name: template + required: true + schema: + $ref: '#/definitions/templates.upsertRiskTemplateRequest' + produces: + - application/json + responses: + "201": + description: Created + schema: + $ref: '#/definitions/templates.riskTemplateDataResponse' + "400": + description: Bad Request schema: $ref: '#/definitions/api.Error' "500": @@ -13789,40 +20402,28 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Get merge section + summary: Create risk template tags: - - Profile - put: - consumes: - - application/json - description: Updates the merge information for a specific profile + - Risk Templates + /risk-templates/{id}: + delete: + description: Delete a risk template and its associated threat references and + remediation data. parameters: - - description: Profile ID + - description: Risk Template ID in: path name: id required: true type: string - - description: Merge data to update - in: body - name: request - required: true - schema: - $ref: '#/definitions/oscalTypes_1_1_3.Merge' produces: - application/json responses: - "200": - description: OK - schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Merge' + "204": + description: No Content "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "401": - description: Unauthorized - schema: - $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -13833,14 +20434,13 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Update Merge + summary: Delete risk template tags: - - Profile - /oscal/profiles/{id}/modify: + - Risk Templates get: - description: Retrieves the modify section for a specific profile. + description: Get a risk template by ID. parameters: - - description: Profile ID + - description: Risk Template ID in: path name: id required: true @@ -13851,7 +20451,7 @@ paths: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Modify' + $ref: '#/definitions/templates.riskTemplateDataResponse' "400": description: Bad Request schema: @@ -13866,32 +20466,39 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Get modify section + summary: Get risk template tags: - - Profile - /oscal/profiles/{id}/resolve: - post: - description: Resolves a Profiled identified by the "profile ID" param and stores - a new catalog in the database + - Risk Templates + put: + consumes: + - application/json + description: Update a risk template and atomically replace threat refs and remediation + tasks. parameters: - - description: Profile ID + - description: Risk Template ID in: path name: id required: true type: string + - description: Risk template payload + in: body + name: template + required: true + schema: + $ref: '#/definitions/templates.upsertRiskTemplateRequest' produces: - application/json responses: - "201": - description: Created + "200": + description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscal_ProfileHandler' + $ref: '#/definitions/templates.riskTemplateDataResponse' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "401": - description: Unauthorized + "404": + description: Not Found schema: $ref: '#/definitions/api.Error' "500": @@ -13900,18 +20507,64 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Resolves a Profile as a stored catalog + summary: Update risk template tags: - - Profile - /oscal/profiles/{id}/resolved: + - Risk Templates + /risks: get: - description: Returns a resolved OSCAL catalog based on a given Profile ID, applying - all imports and modifications. + description: Lists risk register entries with filtering, sorting, and pagination. parameters: - - description: Profile ID - in: path - name: id - required: true + - description: Risk status + in: query + name: status + type: string + - description: Risk likelihood + in: query + name: likelihood + type: string + - description: Risk impact + in: query + name: impact + type: string + - description: SSP ID + in: query + name: sspId + type: string + - description: Control ID + in: query + name: controlId + type: string + - description: Evidence ID + in: query + name: evidenceId + type: string + - description: Owner kind + in: query + name: ownerKind + type: string + - description: Owner reference + in: query + name: ownerRef + type: string + - description: Review deadline upper bound (RFC3339) + in: query + name: reviewDeadlineBefore + type: string + - description: Page number + in: query + name: page + type: integer + - description: Page size + in: query + name: limit + type: integer + - description: Sort field + in: query + name: sort + type: string + - description: Sort order (asc|desc) + in: query + name: order type: string produces: - application/json @@ -13919,48 +20572,38 @@ paths: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Catalog' + $ref: '#/definitions/service.ListResponse-handler_riskResponse' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "401": - description: Unauthorized - schema: - $ref: '#/definitions/api.Error' - "404": - description: Not Found - schema: - $ref: '#/definitions/api.Error' "500": description: Internal Server Error schema: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Get Resolved Profile + summary: List risks tags: - - Profile - /oscal/profiles/build-props: + - Risks post: consumes: - application/json - description: Generates a Profile selecting controls from a catalog based on - prop matching rules. Returns the created Profile and the matched control IDs. + description: Creates a risk register entry. parameters: - - description: Prop matching request + - description: Risk payload in: body - name: request + name: risk required: true schema: - $ref: '#/definitions/oscal.BuildByPropsRequest' + $ref: '#/definitions/handler.createRiskRequest' produces: - application/json responses: "201": description: Created schema: - $ref: '#/definitions/handler.GenericDataResponse-oscal_BuildByPropsResponse' + $ref: '#/definitions/handler.GenericDataResponse-handler_riskResponse' "400": description: Bad Request schema: @@ -13969,35 +20612,33 @@ paths: description: Unauthorized schema: $ref: '#/definitions/api.Error' - "404": - description: Not Found - schema: - $ref: '#/definitions/api.Error' "500": description: Internal Server Error schema: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Build Profile by Control Props + summary: Create risk tags: - - Profile - /oscal/roles: - get: - description: Retrieves all roles. - produces: - - application/json + - Risks + /risks/{id}: + delete: + description: Deletes a risk register entry and link rows by ID. + parameters: + - description: Risk ID + in: path + name: id + required: true + type: string responses: - "200": - description: OK - schema: - $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_Role' + "204": + description: No Content "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "401": - description: Unauthorized + "404": + description: Not Found schema: $ref: '#/definitions/api.Error' "500": @@ -14006,14 +20647,13 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: List roles + summary: Delete risk tags: - - Oscal - /oscal/roles/{id}: + - Risks get: - description: Retrieves a single Role by its unique ID. + description: Retrieves a risk register entry by ID. parameters: - - description: Party ID + - description: Risk ID in: path name: id required: true @@ -14024,15 +20664,11 @@ paths: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Role' + $ref: '#/definitions/handler.GenericDataResponse-handler_riskResponse' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "401": - description: Unauthorized - schema: - $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -14043,25 +20679,38 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Get a Role + summary: Get risk tags: - - Oscal - /oscal/system-security-plans: - get: - description: Retrieves all System Security Plans. + - Risks + put: + consumes: + - application/json + description: Updates a risk register entry by ID. + parameters: + - description: Risk ID + in: path + name: id + required: true + type: string + - description: Risk payload + in: body + name: risk + required: true + schema: + $ref: '#/definitions/handler.updateRiskRequest' produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_SystemSecurityPlan' + $ref: '#/definitions/handler.GenericDataResponse-handler_riskResponse' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "401": - description: Unauthorized + "404": + description: Not Found schema: $ref: '#/definitions/api.Error' "500": @@ -14070,35 +20719,38 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: List System Security Plans + summary: Update risk tags: - - System Security Plans + - Risks + /risks/{id}/accept: post: consumes: - application/json - description: Creates a System Security Plan from input. + description: Accepts a risk with required justification and a future review + deadline. parameters: - - description: SSP data + - description: Risk ID + in: path + name: id + required: true + type: string + - description: Accept payload in: body - name: ssp + name: body required: true schema: - $ref: '#/definitions/oscalTypes_1_1_3.SystemSecurityPlan' + $ref: '#/definitions/handler.acceptRiskRequest' produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_SystemSecurityPlan' + $ref: '#/definitions/handler.GenericDataResponse-handler_riskResponse' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "401": - description: Unauthorized - schema: - $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -14109,59 +20761,37 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Create a System Security Plan - tags: - - System Security Plans - /oscal/system-security-plans/{id}: - delete: - description: Deletes an existing System Security Plan and all its related data. - parameters: - - description: SSP ID - in: path - name: id - required: true - type: string - responses: - "204": - description: No Content - "400": - description: Bad Request - schema: - $ref: '#/definitions/api.Error' - "404": - description: Not Found - schema: - $ref: '#/definitions/api.Error' - "500": - description: Internal Server Error - schema: - $ref: '#/definitions/api.Error' - summary: Delete a System Security Plan + summary: Accept risk tags: - - System Security Plans + - Risks + /risks/{id}/components: get: - description: Retrieves a single System Security Plan by its unique ID. + description: Lists components linked to a risk. parameters: - - description: System Security Plan ID + - description: Risk ID in: path name: id required: true type: string + - description: Page number + in: query + name: page + type: integer + - description: Page size + in: query + name: limit + type: integer produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_SystemSecurityPlan' + $ref: '#/definitions/service.ListResponse-risks_RiskComponentLink' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "401": - description: Unauthorized - schema: - $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -14172,32 +20802,32 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Get a System Security Plan + summary: List risk component links tags: - - System Security Plans - put: + - Risks + post: consumes: - application/json - description: Updates an existing System Security Plan. + description: Idempotently links a component to a risk. parameters: - - description: SSP ID + - description: Risk ID in: path name: id required: true type: string - - description: SSP data + - description: Component link payload in: body - name: ssp + name: link required: true schema: - $ref: '#/definitions/oscalTypes_1_1_3.SystemSecurityPlan' + $ref: '#/definitions/handler.addComponentLinkRequest' produces: - application/json responses: - "200": - description: OK + "201": + description: Created schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_SystemSecurityPlan' + $ref: '#/definitions/handler.GenericDataResponse-risks_RiskComponentLink' "400": description: Bad Request schema: @@ -14210,25 +20840,35 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Update a System Security Plan + security: + - OAuth2Password: [] + summary: Link component to risk tags: - - System Security Plans - /oscal/system-security-plans/{id}/back-matter: + - Risks + /risks/{id}/controls: get: - description: Retrieves back-matter for a given SSP. + description: Lists controls linked to a risk. parameters: - - description: SSP ID + - description: Risk ID in: path name: id required: true type: string + - description: Page number + in: query + name: page + type: integer + - description: Page size + in: query + name: limit + type: integer produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_BackMatter' + $ref: '#/definitions/service.ListResponse-risks_RiskControlLink' "400": description: Bad Request schema: @@ -14241,32 +20881,34 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Get SSP back-matter + security: + - OAuth2Password: [] + summary: List risk control links tags: - - System Security Plans - put: + - Risks + post: consumes: - application/json - description: Updates back-matter for a given SSP. + description: Idempotently links a control to a risk. parameters: - - description: SSP ID + - description: Risk ID in: path name: id required: true type: string - - description: Back Matter data + - description: Control link payload in: body - name: back-matter + name: link required: true schema: - $ref: '#/definitions/oscalTypes_1_1_3.BackMatter' + $ref: '#/definitions/handler.addControlLinkRequest' produces: - application/json responses: - "200": - description: OK + "201": + description: Created schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_BackMatter' + $ref: '#/definitions/handler.GenericDataResponse-risks_RiskControlLink' "400": description: Bad Request schema: @@ -14279,25 +20921,35 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Update SSP back-matter + security: + - OAuth2Password: [] + summary: Link control to risk tags: - - System Security Plans - /oscal/system-security-plans/{id}/back-matter/resources: + - Risks + /risks/{id}/evidence: get: - description: Retrieves all back-matter resources for a given SSP. + description: Lists evidence IDs linked to a risk. parameters: - - description: SSP ID + - description: Risk ID in: path name: id required: true type: string + - description: Page number + in: query + name: page + type: integer + - description: Page size + in: query + name: limit + type: integer produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_Resource' + $ref: '#/definitions/service.ListResponse-uuid_UUID' "400": description: Bad Request schema: @@ -14310,32 +20962,34 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Get back-matter resources for a SSP + security: + - OAuth2Password: [] + summary: List risk evidence links tags: - - System Security Plans + - Risks post: consumes: - application/json - description: Creates a new back-matter resource for a given SSP. + description: Idempotently links an evidence item to a risk. parameters: - - description: SSP ID + - description: Risk ID in: path name: id required: true type: string - - description: Resource data + - description: Evidence link payload in: body - name: resource + name: link required: true schema: - $ref: '#/definitions/oscalTypes_1_1_3.Resource' + $ref: '#/definitions/handler.addEvidenceLinkRequest' produces: - application/json responses: "201": description: Created schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Resource' + $ref: '#/definitions/handler.GenericDataResponse-risks_RiskEvidenceLink' "400": description: Bad Request schema: @@ -14348,21 +21002,23 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Create a new back-matter resource for a SSP + security: + - OAuth2Password: [] + summary: Link evidence to risk tags: - - System Security Plans - /oscal/system-security-plans/{id}/back-matter/resources/{resourceId}: + - Risks + /risks/{id}/evidence/{evidenceId}: delete: - description: Deletes an existing back-matter resource for a given SSP. + description: Deletes the link between a risk and evidence item. parameters: - - description: SSP ID + - description: Risk ID in: path name: id required: true type: string - - description: Resource ID + - description: Evidence ID in: path - name: resourceId + name: evidenceId required: true type: string responses: @@ -14380,37 +21036,36 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Delete a back-matter resource from a SSP + security: + - OAuth2Password: [] + summary: Delete risk evidence link tags: - - System Security Plans - put: + - Risks + /risks/{id}/review: + post: consumes: - application/json - description: Updates an existing back-matter resource for a given SSP. + description: Records a structured review for an accepted risk. nextReviewDeadline + is required for decision=extend and must be omitted for decision=reopen. parameters: - - description: SSP ID + - description: Risk ID in: path name: id required: true type: string - - description: Resource ID - in: path - name: resourceId - required: true - type: string - - description: Resource data + - description: Review payload in: body - name: resource + name: body required: true schema: - $ref: '#/definitions/oscalTypes_1_1_3.Resource' + $ref: '#/definitions/handler.reviewRiskRequest' produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Resource' + $ref: '#/definitions/handler.GenericDataResponse-handler_riskResponse' "400": description: Bad Request schema: @@ -14423,34 +21078,39 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Update a back-matter resource for a SSP + security: + - OAuth2Password: [] + summary: Review risk tags: - - System Security Plans - /oscal/system-security-plans/{id}/control-implementation: + - Risks + /risks/{id}/subjects: get: - description: Retrieves the Control Implementation for a given System Security - Plan. + description: Lists subjects linked to a risk. parameters: - - description: System Security Plan ID + - description: Risk ID in: path name: id required: true type: string + - description: Page number + in: query + name: page + type: integer + - description: Page size + in: query + name: limit + type: integer produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_ControlImplementation' + $ref: '#/definitions/service.ListResponse-risks_RiskSubjectLink' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "401": - description: Unauthorized - schema: - $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -14461,33 +21121,32 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Get Control Implementation + summary: List risk subject links tags: - - System Security Plans - put: + - Risks + post: consumes: - application/json - description: Updates the Control Implementation for a given System Security - Plan. + description: Idempotently links a subject to a risk. parameters: - - description: System Security Plan ID + - description: Risk ID in: path name: id required: true type: string - - description: Updated Control Implementation object + - description: Subject link payload in: body - name: control-implementation + name: link required: true schema: - $ref: '#/definitions/oscalTypes_1_1_3.ControlImplementation' + $ref: '#/definitions/handler.addSubjectLinkRequest' produces: - application/json responses: - "200": - description: OK + "201": + description: Created schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_ControlImplementation' + $ref: '#/definitions/handler.GenericDataResponse-risks_RiskSubjectLink' "400": description: Bad Request schema: @@ -14500,25 +21159,75 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Update Control Implementation + security: + - OAuth2Password: [] + summary: Link subject to risk tags: - - System Security Plans - /oscal/system-security-plans/{id}/control-implementation/implemented-requirements: + - Risks + /ssp/{sspId}/risks: get: - description: Retrieves all implemented requirements for a given SSP. + description: Lists risk register entries scoped to an SSP. parameters: - description: SSP ID in: path - name: id + name: sspId required: true type: string + - description: Risk status + in: query + name: status + type: string + - description: Risk likelihood + in: query + name: likelihood + type: string + - description: Risk impact + in: query + name: impact + type: string + - description: Control ID + in: query + name: controlId + type: string + - description: Evidence ID + in: query + name: evidenceId + type: string + - description: Owner kind + in: query + name: ownerKind + type: string + - description: Owner reference + in: query + name: ownerRef + type: string + - description: Review deadline upper bound (RFC3339) + in: query + name: reviewDeadlineBefore + type: string + - description: Page number + in: query + name: page + type: integer + - description: Page size + in: query + name: limit + type: integer + - description: Sort field + in: query + name: sort + type: string + - description: Sort order (asc|desc) + in: query + name: order + type: string produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_ImplementedRequirement' + $ref: '#/definitions/service.ListResponse-handler_riskResponse' "400": description: Bad Request schema: @@ -14531,32 +21240,34 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Get implemented requirements for a SSP + security: + - OAuth2Password: [] + summary: List risks for SSP tags: - - System Security Plans + - Risks post: consumes: - application/json - description: Creates a new implemented requirement for a given SSP. + description: Creates a risk register entry scoped to an SSP. parameters: - description: SSP ID in: path - name: id + name: sspId required: true type: string - - description: Implemented Requirement data + - description: Risk payload in: body - name: requirement + name: risk required: true schema: - $ref: '#/definitions/oscalTypes_1_1_3.ImplementedRequirement' + $ref: '#/definitions/handler.createRiskRequest' produces: - application/json responses: "201": description: Created schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_ImplementedRequirement' + $ref: '#/definitions/handler.GenericDataResponse-handler_riskResponse' "400": description: Bad Request schema: @@ -14569,21 +21280,23 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Create a new implemented requirement for a SSP + security: + - OAuth2Password: [] + summary: Create risk for SSP tags: - - System Security Plans - /oscal/system-security-plans/{id}/control-implementation/implemented-requirements/{reqId}: + - Risks + /ssp/{sspId}/risks/{id}: delete: - description: Deletes an existing implemented requirement for a given SSP. + description: Deletes a risk register entry by ID scoped to an SSP. parameters: - description: SSP ID in: path - name: id + name: sspId required: true type: string - - description: Requirement ID + - description: Risk ID in: path - name: reqId + name: id required: true type: string responses: @@ -14601,37 +21314,31 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Delete an implemented requirement from a SSP + security: + - OAuth2Password: [] + summary: Delete risk for SSP tags: - - System Security Plans - put: - consumes: - - application/json - description: Updates an existing implemented requirement for a given SSP. + - Risks + get: + description: Retrieves a risk register entry by ID scoped to an SSP. parameters: - description: SSP ID in: path - name: id + name: sspId required: true type: string - - description: Requirement ID + - description: Risk ID in: path - name: reqId + name: id required: true type: string - - description: Implemented Requirement data - in: body - name: requirement - required: true - schema: - $ref: '#/definitions/oscalTypes_1_1_3.ImplementedRequirement' produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_ImplementedRequirement' + $ref: '#/definitions/handler.GenericDataResponse-handler_riskResponse' "400": description: Bad Request schema: @@ -14644,89 +21351,39 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Update an implemented requirement for a SSP + security: + - OAuth2Password: [] + summary: Get risk for SSP tags: - - System Security Plans - /oscal/system-security-plans/{id}/control-implementation/implemented-requirements/{reqId}/by-components/{byComponentId}: + - Risks put: consumes: - application/json - description: Updates an existing by-component that belongs to an implemented - requirement for a given SSP. + description: Updates a risk register entry by ID scoped to an SSP. parameters: - description: SSP ID in: path - name: id - required: true - type: string - - description: Requirement ID - in: path - name: reqId - required: true - type: string - - description: By-Component ID - in: path - name: byComponentId + name: sspId required: true type: string - - description: By-Component data - in: body - name: by-component - required: true - schema: - $ref: '#/definitions/oscalTypes_1_1_3.ByComponent' - produces: - - application/json - responses: - "200": - description: OK - schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_ByComponent' - "400": - description: Bad Request - schema: - $ref: '#/definitions/api.Error' - "404": - description: Not Found - schema: - $ref: '#/definitions/api.Error' - "500": - description: Internal Server Error - schema: - $ref: '#/definitions/api.Error' - summary: Update a by-component within an implemented requirement - tags: - - System Security Plans - /oscal/system-security-plans/{id}/control-implementation/implemented-requirements/{reqId}/statements: - post: - consumes: - - application/json - description: Creates a new statement within an implemented requirement for a - given SSP. - parameters: - - description: SSP ID + - description: Risk ID in: path name: id required: true type: string - - description: Requirement ID - in: path - name: reqId - required: true - type: string - - description: Statement data + - description: Risk payload in: body - name: statement + name: risk required: true schema: - $ref: '#/definitions/oscalTypes_1_1_3.Statement' + $ref: '#/definitions/handler.updateRiskRequest' produces: - application/json responses: - "201": - description: Created + "200": + description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Statement' + $ref: '#/definitions/handler.GenericDataResponse-handler_riskResponse' "400": description: Bad Request schema: @@ -14739,44 +21396,40 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Create a new statement within an implemented requirement + security: + - OAuth2Password: [] + summary: Update risk for SSP tags: - - System Security Plans - /oscal/system-security-plans/{id}/control-implementation/implemented-requirements/{reqId}/statements/{stmtId}: - put: + - Risks + /ssp/{sspId}/risks/{id}/accept: + post: consumes: - application/json - description: Updates an existing statement within an implemented requirement - for a given SSP. + description: Accepts a risk by ID scoped to an SSP. parameters: - description: SSP ID in: path - name: id - required: true - type: string - - description: Requirement ID - in: path - name: reqId + name: sspId required: true type: string - - description: Statement ID + - description: Risk ID in: path - name: stmtId + name: id required: true type: string - - description: Statement data + - description: Accept payload in: body - name: statement + name: body required: true schema: - $ref: '#/definitions/oscalTypes_1_1_3.Statement' + $ref: '#/definitions/handler.acceptRiskRequest' produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Statement' + $ref: '#/definitions/handler.GenericDataResponse-handler_riskResponse' "400": description: Bad Request schema: @@ -14789,44 +21442,41 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Update a statement within an implemented requirement + security: + - OAuth2Password: [] + summary: Accept risk for SSP tags: - - System Security Plans - /oscal/system-security-plans/{id}/control-implementation/implemented-requirements/{reqId}/statements/{stmtId}/by-components: + - Risks + /ssp/{sspId}/risks/{id}/review: post: consumes: - application/json - description: Create a by-component within an existing statement within an implemented - requirement for a given SSP. + description: Records a risk review by ID scoped to an SSP. nextReviewDeadline + is required for decision=extend and must be omitted for decision=reopen. parameters: - description: SSP ID in: path - name: id - required: true - type: string - - description: Requirement ID - in: path - name: reqId + name: sspId required: true type: string - - description: Statement ID + - description: Risk ID in: path - name: stmtId + name: id required: true type: string - - description: By-Component data + - description: Review payload in: body - name: by-component + name: body required: true schema: - $ref: '#/definitions/oscalTypes_1_1_3.ByComponent' + $ref: '#/definitions/handler.reviewRiskRequest' produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_ByComponent' + $ref: '#/definitions/handler.GenericDataResponse-handler_riskResponse' "400": description: Bad Request schema: @@ -14839,117 +21489,87 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Create a by-component within a statement (within an implemented requirement) + security: + - OAuth2Password: [] + summary: Review risk for SSP tags: - - System Security Plans - ? /oscal/system-security-plans/{id}/control-implementation/implemented-requirements/{reqId}/statements/{stmtId}/by-components/{byComponentId} - : delete: - consumes: - - application/json - description: Deletes a by-component within an existing statement within an implemented - requirement for a given SSP. + - Risks + /subject-templates: + get: + description: List subject templates with optional filters and pagination. parameters: - - description: SSP ID - in: path - name: id - required: true - type: string - - description: Requirement ID - in: path - name: reqId - required: true - type: string - - description: Statement ID - in: path - name: stmtId - required: true + - description: Subject type + in: query + name: type type: string - - description: By-Component ID - in: path - name: byComponentId - required: true + - description: Source mode + in: query + name: sourceMode type: string + - description: Page number + in: query + name: page + type: integer + - description: Page size + in: query + name: limit + type: integer produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_ByComponent' + $ref: '#/definitions/service.ListResponse-templates_subjectTemplateResponse' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "404": - description: Not Found - schema: - $ref: '#/definitions/api.Error' "500": description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Delete a by-component within a statement (within an implemented requirement) + security: + - OAuth2Password: [] + summary: List subject templates tags: - - System Security Plans - put: + - Subject Templates + post: consumes: - application/json - description: Updates a by-component within an existing statement within an implemented - requirement for a given SSP. + description: Create a subject template with selector labels and label schema. parameters: - - description: SSP ID - in: path - name: id - required: true - type: string - - description: Requirement ID - in: path - name: reqId - required: true - type: string - - description: Statement ID - in: path - name: stmtId - required: true - type: string - - description: By-Component ID - in: path - name: byComponentId - required: true - type: string - - description: By-Component data + - description: Subject template payload in: body - name: by-component + name: template required: true schema: - $ref: '#/definitions/oscalTypes_1_1_3.ByComponent' + $ref: '#/definitions/templates.upsertSubjectTemplateRequest' produces: - application/json responses: - "200": - description: OK + "201": + description: Created schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_ByComponent' + $ref: '#/definitions/templates.subjectTemplateDataResponse' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "404": - description: Not Found - schema: - $ref: '#/definitions/api.Error' "500": description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Update a by-component within a statement (within an implemented requirement) + security: + - OAuth2Password: [] + summary: Create subject template tags: - - System Security Plans - /oscal/system-security-plans/{id}/import-profile: + - Subject Templates + /subject-templates/{id}: get: - description: Retrieves import-profile for a given SSP. + description: Get a subject template by ID. parameters: - - description: SSP ID + - description: Subject Template ID in: path name: id required: true @@ -14960,7 +21580,7 @@ paths: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_ImportProfile' + $ref: '#/definitions/templates.subjectTemplateDataResponse' "400": description: Bad Request schema: @@ -14973,32 +21593,35 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Get SSP import-profile + security: + - OAuth2Password: [] + summary: Get subject template tags: - - System Security Plans + - Subject Templates put: consumes: - application/json - description: Updates import-profile for a given SSP. + description: Update a subject template and atomically replace selector labels + and label schema. parameters: - - description: SSP ID + - description: Subject Template ID in: path name: id required: true type: string - - description: Import Profile data + - description: Subject template payload in: body - name: import-profile + name: template required: true schema: - $ref: '#/definitions/oscalTypes_1_1_3.ImportProfile' + $ref: '#/definitions/templates.upsertSubjectTemplateRequest' produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_ImportProfile' + $ref: '#/definitions/templates.subjectTemplateDataResponse' "400": description: Bad Request schema: @@ -15011,27 +21634,66 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Update SSP import-profile + security: + - OAuth2Password: [] + summary: Update subject template tags: - - System Security Plans - /oscal/system-security-plans/{id}/metadata: - get: - description: Retrieves metadata for a given SSP. + - Subject Templates + /users/{id}/change-password: + post: + consumes: + - application/json + description: Changes the password for a user by ID parameters: - - description: SSP ID + - description: User ID in: path name: id required: true type: string + - description: Change Password Request + in: body + name: changePasswordRequest + required: true + schema: + $ref: '#/definitions/handler.UserHandler' + produces: + - application/json + responses: + "204": + description: No Content + "400": + description: Bad Request + schema: + $ref: '#/definitions/api.Error' + "401": + description: Unauthorized + schema: + $ref: '#/definitions/api.Error' + "404": + description: Not Found + schema: + $ref: '#/definitions/api.Error' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/api.Error' + security: + - OAuth2Password: [] + summary: Change password for a specific user + tags: + - Users + /users/me: + get: + description: Retrieves the details of the currently logged-in user produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Metadata' - "400": - description: Bad Request + $ref: '#/definitions/handler.GenericDataResponse-relational_User' + "401": + description: Unauthorized schema: $ref: '#/definitions/api.Error' "404": @@ -15042,68 +21704,56 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Get SSP metadata + security: + - OAuth2Password: [] + summary: Get logged-in user details tags: - - System Security Plans - put: + - Users + /users/me/change-password: + post: consumes: - application/json - description: Updates metadata for a given SSP. + description: Changes the password for the currently logged-in user parameters: - - description: SSP ID - in: path - name: id - required: true - type: string - - description: Metadata data + - description: Change Password Request in: body - name: metadata + name: changePasswordRequest required: true schema: - $ref: '#/definitions/oscalTypes_1_1_3.Metadata' + $ref: '#/definitions/handler.UserHandler' produces: - application/json responses: - "200": - description: OK - schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Metadata' + "204": + description: No Content "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "404": - description: Not Found + "401": + description: Unauthorized schema: $ref: '#/definitions/api.Error' "500": description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Update SSP metadata - tags: - - System Security Plans - /oscal/system-security-plans/{id}/profile: - get: - description: Retrieves the Profile attached to the specified System Security - Plan. - parameters: - - description: System Security Plan ID - in: path - name: id - required: true - type: string + security: + - OAuth2Password: [] + summary: Change password for logged-in user + tags: + - Users + /users/me/subscriptions: + get: + description: Gets the current user's digest and workflow notification email + preferences produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Profile' - "400": - description: Bad Request - schema: - $ref: '#/definitions/api.Error' + $ref: '#/definitions/handler.GenericDataResponse-handler_SubscriptionsResponse' "401": description: Unauthorized schema: @@ -15118,36 +21768,36 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Get Profile for a System Security Plan + summary: Get notification preferences tags: - - System Security Plans + - Users put: consumes: - application/json - description: Associates a given Profile with a System Security Plan. + description: Updates the current user's digest and workflow notification email + preferences parameters: - - description: SSP ID - in: path - name: id - required: true - type: string - - description: Profile ID to attach + - description: Notification preferences in: body - name: profileId + name: subscription required: true schema: - type: string + $ref: '#/definitions/handler.UpdateSubscriptionsRequest' produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_SystemSecurityPlan' + $ref: '#/definitions/handler.GenericDataResponse-handler_SubscriptionsResponse' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' + "401": + description: Unauthorized + schema: + $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -15156,18 +21806,23 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Attach a Profile to a System Security Plan + security: + - OAuth2Password: [] + summary: Update notification preferences tags: - - System Security Plans - /oscal/system-security-plans/{id}/system-characteristics: + - Users + /workflows/control-relationships: get: - description: Retrieves the System Characteristics for a given System Security - Plan. + description: List all control relationships, optionally filtered by workflow + definition parameters: - - description: System Security Plan ID - in: path - name: id - required: true + - description: Workflow Definition ID + in: query + name: workflow_definition_id + type: string + - description: Control ID + in: query + name: control_id type: string produces: - application/json @@ -15175,7 +21830,7 @@ paths: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_SystemCharacteristics' + $ref: '#/definitions/workflows.ControlRelationshipListResponse' "400": description: Bad Request schema: @@ -15184,43 +21839,33 @@ paths: description: Unauthorized schema: $ref: '#/definitions/api.Error' - "404": - description: Not Found - schema: - $ref: '#/definitions/api.Error' "500": description: Internal Server Error schema: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Get System Characteristics + summary: List control relationships tags: - - System Security Plans - put: + - Control Relationships + post: consumes: - application/json - description: Updates the System Characteristics for a given System Security - Plan. + description: Create a new control relationship for a workflow parameters: - - description: System Security Plan ID - in: path - name: id - required: true - type: string - - description: Updated System Characteristics object + - description: Control relationship details in: body - name: characteristics + name: request required: true schema: - $ref: '#/definitions/oscalTypes_1_1_3.SystemCharacteristics' + $ref: '#/definitions/workflows.CreateControlRelationshipRequest' produces: - application/json responses: - "200": - description: OK + "201": + description: Created schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_SystemCharacteristics' + $ref: '#/definitions/workflows.ControlRelationshipResponse' "400": description: Bad Request schema: @@ -15229,36 +21874,27 @@ paths: description: Unauthorized schema: $ref: '#/definitions/api.Error' - "404": - description: Not Found - schema: - $ref: '#/definitions/api.Error' "500": description: Internal Server Error schema: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Update System Characteristics + summary: Create control relationship tags: - - System Security Plans - /oscal/system-security-plans/{id}/system-characteristics/authorization-boundary: - get: - description: Retrieves the Authorization Boundary for a given System Security - Plan. + - Control Relationships + /workflows/control-relationships/{id}: + delete: + description: Delete a control relationship parameters: - - description: System Security Plan ID + - description: Control Relationship ID in: path name: id required: true type: string - produces: - - application/json responses: - "200": - description: OK - schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_AuthorizationBoundary' + "204": + description: No Content "400": description: Bad Request schema: @@ -15277,34 +21913,24 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Get Authorization Boundary + summary: Delete control relationship tags: - - System Security Plans - /oscal/system-security-plans/{id}/system-characteristics/authorization-boundary/diagrams: - post: - consumes: - - application/json - description: Creates a new Diagram under the Authorization Boundary of a System - Security Plan. + - Control Relationships + get: + description: Get control relationship by ID parameters: - - description: System Security Plan ID + - description: Control Relationship ID in: path name: id required: true type: string - - description: Diagram object to create - in: body - name: diagram - required: true - schema: - $ref: '#/definitions/oscalTypes_1_1_3.Diagram' produces: - application/json responses: - "201": - description: Created + "200": + description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Diagram' + $ref: '#/definitions/workflows.ControlRelationshipResponse' "400": description: Bad Request schema: @@ -15323,29 +21949,32 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Create an Authorization Boundary Diagram + summary: Get control relationship tags: - - System Security Plans - /oscal/system-security-plans/{id}/system-characteristics/authorization-boundary/diagrams/{diagram}: - delete: - description: Deletes a specific Diagram under the Authorization Boundary of - a System Security Plan. + - Control Relationships + put: + consumes: + - application/json + description: Update an existing control relationship parameters: - - description: System Security Plan ID + - description: Control Relationship ID in: path name: id required: true type: string - - description: Diagram ID - in: path - name: diagram + - description: Update details + in: body + name: request required: true - type: string + schema: + $ref: '#/definitions/workflows.UpdateControlRelationshipRequest' produces: - application/json responses: - "204": - description: No Content + "200": + description: OK + schema: + $ref: '#/definitions/workflows.ControlRelationshipResponse' "400": description: Bad Request schema: @@ -15364,38 +21993,25 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Delete an Authorization Boundary Diagram + summary: Update control relationship tags: - - System Security Plans + - Control Relationships + /workflows/control-relationships/{id}/activate: put: - consumes: - - application/json - description: Updates a specific Diagram under the Authorization Boundary of - a System Security Plan. + description: Activate a control relationship parameters: - - description: System Security Plan ID + - description: Control Relationship ID in: path name: id required: true type: string - - description: Diagram ID - in: path - name: diagram - required: true - type: string - - description: Updated Diagram object - in: body - name: diagram - required: true - schema: - $ref: '#/definitions/oscalTypes_1_1_3.Diagram' produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Diagram' + $ref: '#/definitions/workflows.ControlRelationshipResponse' "400": description: Bad Request schema: @@ -15414,14 +22030,14 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Update an Authorization Boundary Diagram + summary: Activate control relationship tags: - - System Security Plans - /oscal/system-security-plans/{id}/system-characteristics/data-flow: - get: - description: Retrieves the Data Flow for a given System Security Plan. + - Control Relationships + /workflows/control-relationships/{id}/deactivate: + put: + description: Deactivate a control relationship parameters: - - description: System Security Plan ID + - description: Control Relationship ID in: path name: id required: true @@ -15432,7 +22048,7 @@ paths: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_DataFlow' + $ref: '#/definitions/workflows.ControlRelationshipResponse' "400": description: Bad Request schema: @@ -15451,75 +22067,50 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Get Data Flow + summary: Deactivate control relationship tags: - - System Security Plans - /oscal/system-security-plans/{id}/system-characteristics/data-flow/diagrams: - post: - consumes: - - application/json - description: Creates a new Diagram under the Data Flow of a System Security - Plan. - parameters: - - description: System Security Plan ID - in: path - name: id - required: true - type: string - - description: Diagram object to create - in: body - name: diagram - required: true - schema: - $ref: '#/definitions/oscalTypes_1_1_3.Diagram' + - Control Relationships + /workflows/definitions: + get: + description: List all workflow definition templates produces: - application/json responses: - "201": - description: Created - schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Diagram' - "400": - description: Bad Request + "200": + description: OK schema: - $ref: '#/definitions/api.Error' + $ref: '#/definitions/workflows.WorkflowDefinitionListResponse' "401": description: Unauthorized schema: $ref: '#/definitions/api.Error' - "404": - description: Not Found - schema: - $ref: '#/definitions/api.Error' "500": description: Internal Server Error schema: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Create a Data Flow Diagram + summary: List workflow definitions tags: - - System Security Plans - /oscal/system-security-plans/{id}/system-characteristics/data-flow/diagrams/{diagram}: - delete: - description: Deletes a specific Diagram under the Data Flow of a System Security - Plan. + - Workflow Definitions + post: + consumes: + - application/json + description: Create a new workflow definition template parameters: - - description: System Security Plan ID - in: path - name: id - required: true - type: string - - description: Diagram ID - in: path - name: diagram + - description: Workflow definition details + in: body + name: request required: true - type: string + schema: + $ref: '#/definitions/workflows.CreateWorkflowDefinitionRequest' produces: - application/json responses: - "204": - description: No Content + "201": + description: Created + schema: + $ref: '#/definitions/workflows.WorkflowDefinitionResponse' "400": description: Bad Request schema: @@ -15528,48 +22119,29 @@ paths: description: Unauthorized schema: $ref: '#/definitions/api.Error' - "404": - description: Not Found - schema: - $ref: '#/definitions/api.Error' "500": description: Internal Server Error schema: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Delete a Data Flow Diagram + summary: Create workflow definition tags: - - System Security Plans - put: - consumes: - - application/json - description: Updates a specific Diagram under the Data Flow of a System Security - Plan. + - Workflow Definitions + /workflows/definitions/{id}: + delete: + description: Delete workflow definition by ID parameters: - - description: System Security Plan ID + - description: Workflow Definition ID in: path name: id required: true type: string - - description: Diagram ID - in: path - name: diagram - required: true - type: string - - description: Updated Diagram object - in: body - name: diagram - required: true - schema: - $ref: '#/definitions/oscalTypes_1_1_3.Diagram' produces: - application/json responses: - "200": - description: OK - schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Diagram' + "204": + description: No Content "400": description: Bad Request schema: @@ -15588,15 +22160,13 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Update a Data Flow Diagram + summary: Delete workflow definition tags: - - System Security Plans - /oscal/system-security-plans/{id}/system-characteristics/network-architecture: + - Workflow Definitions get: - description: Retrieves the Network Architecture for a given System Security - Plan. + description: Get workflow definition by ID parameters: - - description: System Security Plan ID + - description: Workflow Definition ID in: path name: id required: true @@ -15607,7 +22177,7 @@ paths: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_NetworkArchitecture' + $ref: '#/definitions/workflows.WorkflowDefinitionResponse' "400": description: Bad Request schema: @@ -15626,34 +22196,32 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Get Network Architecture + summary: Get workflow definition tags: - - System Security Plans - /oscal/system-security-plans/{id}/system-characteristics/network-architecture/diagrams: - post: + - Workflow Definitions + put: consumes: - application/json - description: Creates a new Diagram under the Network Architecture of a System - Security Plan. + description: Update workflow definition by ID parameters: - - description: System Security Plan ID + - description: Workflow Definition ID in: path name: id required: true type: string - - description: Diagram object to create + - description: Updated workflow definition details in: body - name: diagram + name: request required: true schema: - $ref: '#/definitions/oscalTypes_1_1_3.Diagram' + $ref: '#/definitions/workflows.UpdateWorkflowDefinitionRequest' produces: - application/json responses: - "201": - description: Created + "200": + description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Diagram' + $ref: '#/definitions/workflows.WorkflowDefinitionResponse' "400": description: Bad Request schema: @@ -15672,29 +22240,33 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Create a Network Architecture Diagram + summary: Update workflow definition tags: - - System Security Plans - /oscal/system-security-plans/{id}/system-characteristics/network-architecture/diagrams/{diagram}: - delete: - description: Deletes a specific Diagram under the Network Architecture of a - System Security Plan. + - Workflow Definitions + /workflows/executions: + get: + description: List all executions for a workflow instance parameters: - - description: System Security Plan ID - in: path - name: id - required: true - type: string - - description: Diagram ID - in: path - name: diagram + - description: Workflow Instance ID + in: query + name: workflow_instance_id required: true type: string + - description: Limit + in: query + name: limit + type: integer + - description: Offset + in: query + name: offset + type: integer produces: - application/json responses: - "204": - description: No Content + "200": + description: OK + schema: + $ref: '#/definitions/workflows.WorkflowExecutionListResponse' "400": description: Bad Request schema: @@ -15703,48 +22275,33 @@ paths: description: Unauthorized schema: $ref: '#/definitions/api.Error' - "404": - description: Not Found - schema: - $ref: '#/definitions/api.Error' "500": description: Internal Server Error schema: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Delete a Network Architecture Diagram + summary: List workflow executions tags: - - System Security Plans - put: + - Workflow Executions + post: consumes: - application/json - description: Updates a specific Diagram under the Network Architecture of a - System Security Plan. + description: Start a new execution of a workflow instance parameters: - - description: System Security Plan ID - in: path - name: id - required: true - type: string - - description: Diagram ID - in: path - name: diagram - required: true - type: string - - description: Updated Diagram object + - description: Execution details in: body - name: diagram + name: request required: true schema: - $ref: '#/definitions/oscalTypes_1_1_3.Diagram' + $ref: '#/definitions/workflows.StartWorkflowExecutionRequest' produces: - application/json responses: - "200": - description: OK + "201": + description: Created schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_Diagram' + $ref: '#/definitions/workflows.WorkflowExecutionResponse' "400": description: Bad Request schema: @@ -15753,25 +22310,20 @@ paths: description: Unauthorized schema: $ref: '#/definitions/api.Error' - "404": - description: Not Found - schema: - $ref: '#/definitions/api.Error' "500": description: Internal Server Error schema: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Update a Network Architecture Diagram + summary: Start workflow execution tags: - - System Security Plans - /oscal/system-security-plans/{id}/system-implementation: + - Workflow Executions + /workflows/executions/{id}: get: - description: Retrieves the System Implementation for a given System Security - Plan. + description: Get workflow execution by ID parameters: - - description: System Security Plan ID + - description: Workflow Execution ID in: path name: id required: true @@ -15782,7 +22334,7 @@ paths: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_SystemImplementation' + $ref: '#/definitions/workflows.WorkflowExecutionResponse' "400": description: Bad Request schema: @@ -15801,32 +22353,33 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Get System Implementation + summary: Get workflow execution tags: - - System Security Plans + - Workflow Executions + /workflows/executions/{id}/cancel: put: consumes: - application/json - description: Updates the System Implementation for a given System Security Plan. + description: Cancel a running workflow execution parameters: - - description: System Security Plan ID + - description: Workflow Execution ID in: path name: id required: true type: string - - description: Updated System Implementation object + - description: Cancel details in: body - name: system-implementation + name: request required: true schema: - $ref: '#/definitions/oscalTypes_1_1_3.SystemImplementation' + $ref: '#/definitions/workflows.CancelWorkflowExecutionRequest' produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_SystemImplementation' + $ref: '#/definitions/workflows.WorkflowExecutionResponse' "400": description: Bad Request schema: @@ -15845,15 +22398,14 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Update System Implementation + summary: Cancel workflow execution tags: - - System Security Plans - /oscal/system-security-plans/{id}/system-implementation/components: + - Workflow Executions + /workflows/executions/{id}/metrics: get: - description: Retrieves components in the System Implementation for a given System - Security Plan. + description: Get performance metrics for a workflow execution parameters: - - description: System Security Plan ID + - description: Workflow Execution ID in: path name: id required: true @@ -15864,7 +22416,7 @@ paths: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_SystemComponent' + $ref: '#/definitions/workflows.WorkflowExecutionMetricsResponse' "400": description: Bad Request schema: @@ -15883,36 +22435,41 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: List System Implementation Components + summary: Get workflow execution metrics tags: - - System Security Plans - post: + - Workflow Executions + /workflows/executions/{id}/reassign-role: + put: consumes: - application/json - description: Creates a new system component for a given SSP. + description: Reassign eligible steps in an execution for a given role parameters: - - description: SSP ID + - description: Workflow Execution ID in: path name: id required: true type: string - - description: System Component data + - description: Bulk reassignment details in: body - name: component + name: request required: true schema: - $ref: '#/definitions/oscalTypes_1_1_3.SystemComponent' + $ref: '#/definitions/workflows.ReassignRoleRequest' produces: - application/json responses: - "201": - description: Created + "200": + description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_SystemComponent' + $ref: '#/definitions/workflows.BulkReassignRoleResponse' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' + "401": + description: Unauthorized + schema: + $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -15921,30 +22478,35 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Create a new system component + security: + - OAuth2Password: [] + summary: Bulk reassign steps by role tags: - - System Security Plans - /oscal/system-security-plans/{id}/system-implementation/components/{componentId}: - delete: - description: Deletes an existing system component for a given SSP. + - Workflow Executions + /workflows/executions/{id}/retry: + post: + description: Create a new execution to retry a failed workflow parameters: - - description: SSP ID + - description: Workflow Execution ID in: path name: id required: true type: string - - description: Component ID - in: path - name: componentId - required: true - type: string + produces: + - application/json responses: - "204": - description: No Content + "201": + description: Created + schema: + $ref: '#/definitions/workflows.WorkflowExecutionResponse' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' + "401": + description: Unauthorized + schema: + $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -15953,30 +22515,27 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Delete a system component + security: + - OAuth2Password: [] + summary: Retry workflow execution tags: - - System Security Plans + - Workflow Executions + /workflows/executions/{id}/status: get: - description: Retrieves component in the System Implementation for a given System - Security Plan. + description: Get detailed status of a workflow execution including step counts parameters: - - description: System Security Plan ID + - description: Workflow Execution ID in: path name: id required: true type: string - - description: Component ID - in: path - name: componentId - required: true - type: string produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_SystemComponent' + $ref: '#/definitions/workflows.WorkflowExecutionStatusResponse' "400": description: Bad Request schema: @@ -15995,69 +22554,63 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Get System Implementation Component + summary: Get workflow execution status tags: - - System Security Plans - put: - consumes: - - application/json - description: Updates an existing system component for a given SSP. + - Workflow Executions + /workflows/instances: + get: + description: List all workflow instances with optional filtering parameters: - - description: SSP ID - in: path - name: id - required: true + - description: Filter by Workflow Definition ID + in: query + name: workflow_definition_id type: string - - description: Component ID - in: path - name: componentId - required: true + - description: Filter by System Security Plan ID + in: query + name: system_security_plan_id type: string - - description: System Component data - in: body - name: component - required: true - schema: - $ref: '#/definitions/oscalTypes_1_1_3.SystemComponent' + - description: Filter by Active Status + in: query + name: is_active + type: boolean produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_SystemComponent' - "400": - description: Bad Request - schema: - $ref: '#/definitions/api.Error' - "404": - description: Not Found + $ref: '#/definitions/workflows.WorkflowInstanceListResponse' + "401": + description: Unauthorized schema: $ref: '#/definitions/api.Error' "500": description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Update a system component + security: + - OAuth2Password: [] + summary: List workflow instances tags: - - System Security Plans - /oscal/system-security-plans/{id}/system-implementation/inventory-items: - get: - description: Retrieves inventory items in the System Implementation for a given - System Security Plan. + - Workflow Instances + post: + consumes: + - application/json + description: Create a new workflow instance for a specific system parameters: - - description: System Security Plan ID - in: path - name: id + - description: Workflow instance details + in: body + name: request required: true - type: string + schema: + $ref: '#/definitions/workflows.CreateWorkflowInstanceRequest' produces: - application/json responses: - "200": - description: OK + "201": + description: Created schema: - $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_InventoryItem' + $ref: '#/definitions/workflows.WorkflowInstanceResponse' "400": description: Bad Request schema: @@ -16066,46 +22619,37 @@ paths: description: Unauthorized schema: $ref: '#/definitions/api.Error' - "404": - description: Not Found - schema: - $ref: '#/definitions/api.Error' "500": description: Internal Server Error schema: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: List System Implementation Inventory Items + summary: Create workflow instance tags: - - System Security Plans - post: - consumes: - - application/json - description: Creates a new inventory item for a given SSP. + - Workflow Instances + /workflows/instances/{id}: + delete: + description: Delete workflow instance by ID parameters: - - description: SSP ID + - description: Workflow Instance ID in: path name: id required: true type: string - - description: Inventory Item data - in: body - name: item - required: true - schema: - $ref: '#/definitions/oscalTypes_1_1_3.InventoryItem' produces: - application/json responses: - "201": - description: Created - schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_InventoryItem' + "204": + description: No Content "400": description: Bad Request schema: $ref: '#/definitions/api.Error' + "401": + description: Unauthorized + schema: + $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -16114,30 +22658,34 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Create a new inventory item + security: + - OAuth2Password: [] + summary: Delete workflow instance tags: - - System Security Plans - /oscal/system-security-plans/{id}/system-implementation/inventory-items/{itemId}: - delete: - description: Deletes an existing inventory item for a given SSP. + - Workflow Instances + get: + description: Get workflow instance by ID parameters: - - description: SSP ID + - description: Workflow Instance ID in: path name: id required: true type: string - - description: Item ID - in: path - name: itemId - required: true - type: string + produces: + - application/json responses: - "204": - description: No Content + "200": + description: OK + schema: + $ref: '#/definitions/workflows.WorkflowInstanceResponse' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' + "401": + description: Unauthorized + schema: + $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -16146,41 +22694,42 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Delete an inventory item + security: + - OAuth2Password: [] + summary: Get workflow instance tags: - - System Security Plans + - Workflow Instances put: consumes: - application/json - description: Updates an existing inventory item for a given SSP. + description: Update workflow instance by ID parameters: - - description: SSP ID + - description: Workflow Instance ID in: path name: id required: true type: string - - description: Item ID - in: path - name: itemId - required: true - type: string - - description: Inventory Item data + - description: Updated workflow instance details in: body - name: item + name: request required: true schema: - $ref: '#/definitions/oscalTypes_1_1_3.InventoryItem' + $ref: '#/definitions/workflows.UpdateWorkflowInstanceRequest' produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_InventoryItem' + $ref: '#/definitions/workflows.WorkflowInstanceResponse' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' + "401": + description: Unauthorized + schema: + $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -16189,15 +22738,16 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Update an inventory item + security: + - OAuth2Password: [] + summary: Update workflow instance tags: - - System Security Plans - /oscal/system-security-plans/{id}/system-implementation/leveraged-authorizations: - get: - description: Retrieves leveraged authorizations in the System Implementation - for a given System Security Plan. + - Workflow Instances + /workflows/instances/{id}/activate: + put: + description: Activate a workflow instance to enable scheduled executions parameters: - - description: System Security Plan ID + - description: Workflow Instance ID in: path name: id required: true @@ -16208,7 +22758,7 @@ paths: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_LeveragedAuthorization' + $ref: '#/definitions/workflows.WorkflowInstanceResponse' "400": description: Bad Request schema: @@ -16227,36 +22777,33 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: List System Implementation Leveraged Authorizations + summary: Activate workflow instance tags: - - System Security Plans - post: - consumes: - - application/json - description: Creates a new leveraged authorization for a given SSP. + - Workflow Instances + /workflows/instances/{id}/deactivate: + put: + description: Deactivate a workflow instance to disable scheduled executions parameters: - - description: SSP ID + - description: Workflow Instance ID in: path name: id required: true type: string - - description: Leveraged Authorization data - in: body - name: auth - required: true - schema: - $ref: '#/definitions/oscalTypes_1_1_3.LeveragedAuthorization' produces: - application/json responses: - "201": - description: Created + "200": + description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_LeveragedAuthorization' + $ref: '#/definitions/workflows.WorkflowInstanceResponse' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' + "401": + description: Unauthorized + schema: + $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -16265,73 +22812,102 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Create a new leveraged authorization + security: + - OAuth2Password: [] + summary: Deactivate workflow instance tags: - - System Security Plans - /oscal/system-security-plans/{id}/system-implementation/leveraged-authorizations/{authId}: - delete: - description: Deletes an existing leveraged authorization for a given SSP. + - Workflow Instances + /workflows/role-assignments: + get: + description: List all role assignments, optionally filtered by workflow instance parameters: - - description: SSP ID - in: path - name: id - required: true + - description: Workflow Instance ID + in: query + name: workflow_instance_id type: string - - description: Authorization ID - in: path - name: authId - required: true + - description: Role Name + in: query + name: role_name type: string + produces: + - application/json responses: - "204": - description: No Content + "200": + description: OK + schema: + $ref: '#/definitions/workflows.RoleAssignmentListResponse' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' - "404": - description: Not Found + "401": + description: Unauthorized schema: $ref: '#/definitions/api.Error' "500": description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Delete a leveraged authorization + security: + - OAuth2Password: [] + summary: List role assignments tags: - - System Security Plans - put: + - Role Assignments + post: consumes: - application/json - description: Updates an existing leveraged authorization for a given SSP. + description: Create a new role assignment for a workflow instance parameters: - - description: SSP ID - in: path - name: id - required: true - type: string - - description: Authorization ID - in: path - name: authId - required: true - type: string - - description: Leveraged Authorization data + - description: Role assignment details in: body - name: auth + name: request required: true schema: - $ref: '#/definitions/oscalTypes_1_1_3.LeveragedAuthorization' + $ref: '#/definitions/workflows.CreateRoleAssignmentRequest' produces: - application/json responses: - "200": - description: OK + "201": + description: Created schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_LeveragedAuthorization' + $ref: '#/definitions/workflows.RoleAssignmentResponse' + "400": + description: Bad Request + schema: + $ref: '#/definitions/api.Error' + "401": + description: Unauthorized + schema: + $ref: '#/definitions/api.Error' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/api.Error' + security: + - OAuth2Password: [] + summary: Create role assignment + tags: + - Role Assignments + /workflows/role-assignments/{id}: + delete: + description: Delete a role assignment + parameters: + - description: Role Assignment ID + in: path + name: id + required: true + type: string + responses: + "204": + description: No Content "400": description: Bad Request schema: $ref: '#/definitions/api.Error' + "401": + description: Unauthorized + schema: + $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -16340,15 +22916,15 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Update a leveraged authorization + security: + - OAuth2Password: [] + summary: Delete role assignment tags: - - System Security Plans - /oscal/system-security-plans/{id}/system-implementation/users: + - Role Assignments get: - description: Retrieves users in the System Implementation for a given System - Security Plan. + description: Get role assignment by ID parameters: - - description: System Security Plan ID + - description: Role Assignment ID in: path name: id required: true @@ -16359,7 +22935,7 @@ paths: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataListResponse-oscalTypes_1_1_3_SystemUser' + $ref: '#/definitions/workflows.RoleAssignmentResponse' "400": description: Bad Request schema: @@ -16378,36 +22954,40 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: List System Implementation Users + summary: Get role assignment tags: - - System Security Plans - post: + - Role Assignments + put: consumes: - application/json - description: Creates a new system user for a given SSP. + description: Update an existing role assignment parameters: - - description: SSP ID + - description: Role Assignment ID in: path name: id required: true type: string - - description: System User data + - description: Update details in: body - name: user + name: request required: true schema: - $ref: '#/definitions/oscalTypes_1_1_3.SystemUser' + $ref: '#/definitions/workflows.UpdateRoleAssignmentRequest' produces: - application/json responses: - "201": - description: Created + "200": + description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_SystemUser' + $ref: '#/definitions/workflows.RoleAssignmentResponse' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' + "401": + description: Unauthorized + schema: + $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -16416,30 +22996,35 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Create a new system user + security: + - OAuth2Password: [] + summary: Update role assignment tags: - - System Security Plans - /oscal/system-security-plans/{id}/system-implementation/users/{userId}: - delete: - description: Deletes an existing system user for a given SSP. + - Role Assignments + /workflows/role-assignments/{id}/activate: + put: + description: Activate a role assignment parameters: - - description: SSP ID + - description: Role Assignment ID in: path name: id required: true type: string - - description: User ID - in: path - name: userId - required: true - type: string + produces: + - application/json responses: - "204": - description: No Content + "200": + description: OK + schema: + $ref: '#/definitions/workflows.RoleAssignmentResponse' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' + "401": + description: Unauthorized + schema: + $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -16448,41 +23033,35 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Delete a system user + security: + - OAuth2Password: [] + summary: Activate role assignment tags: - - System Security Plans + - Role Assignments + /workflows/role-assignments/{id}/deactivate: put: - consumes: - - application/json - description: Updates an existing system user for a given SSP. + description: Deactivate a role assignment parameters: - - description: SSP ID + - description: Role Assignment ID in: path name: id required: true type: string - - description: User ID - in: path - name: userId - required: true - type: string - - description: System User data - in: body - name: user - required: true - schema: - $ref: '#/definitions/oscalTypes_1_1_3.SystemUser' produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-oscalTypes_1_1_3_SystemUser' + $ref: '#/definitions/workflows.RoleAssignmentResponse' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' + "401": + description: Unauthorized + schema: + $ref: '#/definitions/api.Error' "404": description: Not Found schema: @@ -16491,28 +23070,19 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Update a system user + security: + - OAuth2Password: [] + summary: Deactivate role assignment tags: - - System Security Plans - /poam-items: + - Role Assignments + /workflows/step-executions: get: - description: List POAM items filtered by status, sspId, riskId, or deadlineBefore. + description: List all step executions for a workflow execution parameters: - - description: open|in-progress|completed|overdue - in: query - name: status - type: string - - description: SSP UUID - in: query - name: sspId - type: string - - description: Risk UUID - in: query - name: riskId - type: string - - description: RFC3339 timestamp + - description: Workflow Execution ID in: query - name: deadlineBefore + name: workflow_execution_id + required: true type: string produces: - application/json @@ -16520,75 +23090,110 @@ paths: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataListResponse-relational_CcfPoamItem' + $ref: '#/definitions/workflows.StepExecutionListResponse' + "400": + description: Bad Request + schema: + $ref: '#/definitions/api.Error' + "401": + description: Unauthorized + schema: + $ref: '#/definitions/api.Error' "500": description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: List POAM items + security: + - OAuth2Password: [] + summary: List step executions tags: - - POAM Items - post: - consumes: - - application/json - description: Creates a POAM item with optional milestones and risk links in - a single transaction. + - Step Executions + /workflows/step-executions/{id}: + get: + description: Get step execution by ID parameters: - - description: POAM item payload - in: body - name: body + - description: Step Execution ID + in: path + name: id required: true - schema: - $ref: '#/definitions/handler.createPoam' + type: string produces: - application/json responses: - "201": - description: Created + "200": + description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-relational_CcfPoamItem' + $ref: '#/definitions/workflows.StepExecutionResponse' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' + "401": + description: Unauthorized + schema: + $ref: '#/definitions/api.Error' + "404": + description: Not Found + schema: + $ref: '#/definitions/api.Error' "500": description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Create a POAM item + security: + - OAuth2Password: [] + summary: Get step execution tags: - - POAM Items - /poam-items/{id}: - delete: - description: Deletes a POAM item and cascades to milestones and risk links. + - Step Executions + /workflows/step-executions/{id}/can-transition: + get: + description: Check if a user has permission to transition a step execution parameters: - - description: POAM item ID + - description: Step Execution ID in: path name: id required: true type: string + - description: User ID + in: query + name: user_id + required: true + type: string + - description: User Type (user, group, email) + in: query + name: user_type + required: true + type: string produces: - application/json responses: - "204": - description: no content + "200": + description: OK schema: - type: string + additionalProperties: true + type: object "400": description: Bad Request schema: $ref: '#/definitions/api.Error' + "404": + description: Not Found + schema: + $ref: '#/definitions/api.Error' "500": description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Delete POAM item + security: + - OAuth2Password: [] + summary: Check if user can transition step tags: - - POAM Items + - Step Executions + /workflows/step-executions/{id}/evidence-requirements: get: - description: Get a POAM item with its milestones and risk links. + description: Get the evidence requirements for a step execution parameters: - - description: POAM item ID + - description: Step Execution ID in: path name: id required: true @@ -16599,7 +23204,8 @@ paths: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-handler_PoamItemWithLinksResponse' + additionalProperties: true + type: object "400": description: Bad Request schema: @@ -16612,199 +23218,255 @@ paths: description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Get POAM item + security: + - OAuth2Password: [] + summary: Get evidence requirements for step tags: - - POAM Items + - Step Executions + /workflows/step-executions/{id}/fail: put: consumes: - application/json - description: Updates mutable fields of a POAM item. + description: Mark a step execution as failed with a reason parameters: - - description: POAM item ID + - description: Step Execution ID in: path name: id required: true type: string - - description: Fields to update + - description: Failure details in: body - name: body + name: request required: true schema: - additionalProperties: true - type: object + $ref: '#/definitions/workflows.FailStepRequest' produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-relational_CcfPoamItem' + $ref: '#/definitions/workflows.StepExecutionResponse' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' + "401": + description: Unauthorized + schema: + $ref: '#/definitions/api.Error' + "404": + description: Not Found + schema: + $ref: '#/definitions/api.Error' "500": description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Update POAM item + security: + - OAuth2Password: [] + summary: Fail step execution tags: - - POAM Items - /poam-items/{id}/milestones: - get: - description: List all milestones for a POAM item. + - Step Executions + /workflows/step-executions/{id}/reassign: + put: + consumes: + - application/json + description: Reassign a step execution to a new assignee parameters: - - description: POAM item ID + - description: Step Execution ID in: path name: id required: true type: string + - description: Reassignment details + in: body + name: request + required: true + schema: + $ref: '#/definitions/workflows.ReassignStepRequest' produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataListResponse-relational_CcfPoamItemMilestone' + $ref: '#/definitions/workflows.StepExecutionResponse' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' + "401": + description: Unauthorized + schema: + $ref: '#/definitions/api.Error' + "404": + description: Not Found + schema: + $ref: '#/definitions/api.Error' "500": description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: List milestones + security: + - OAuth2Password: [] + summary: Reassign step execution tags: - - POAM Items - post: + - Step Executions + /workflows/step-executions/{id}/transition: + put: consumes: - application/json - description: Add a milestone to a POAM item. + description: Transition a step execution status with role verification and evidence + validation parameters: - - description: POAM item ID + - description: Step Execution ID in: path name: id required: true type: string - - description: Milestone payload + - description: Transition request in: body - name: body + name: request required: true schema: - $ref: '#/definitions/handler.createMilestone' + $ref: '#/definitions/workflows.TransitionStepRequest' produces: - application/json responses: - "201": - description: Created + "200": + description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-relational_CcfPoamItemMilestone' + $ref: '#/definitions/workflows.StepExecutionResponse' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' + "401": + description: Unauthorized + schema: + $ref: '#/definitions/api.Error' + "403": + description: Forbidden + schema: + $ref: '#/definitions/api.Error' + "404": + description: Not Found + schema: + $ref: '#/definitions/api.Error' "500": description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Add milestone + security: + - OAuth2Password: [] + summary: Transition step execution status tags: - - POAM Items - /poam-items/{id}/milestones/{milestoneId}: - delete: - description: Delete a milestone from a POAM item. + - Step Executions + /workflows/step-executions/my: + get: + description: List all step executions assigned to the current user with optional + filters and pagination parameters: - - description: POAM item ID - in: path - name: id - required: true + - description: Filter by status (pending, in_progress, blocked) + in: query + name: status type: string - - description: Milestone ID - in: path - name: milestoneId - required: true + - description: Filter by due date before (RFC3339 format) + in: query + name: due_before + type: string + - description: Filter by due date after (RFC3339 format) + in: query + name: due_after + type: string + - description: Filter by workflow definition ID + in: query + name: workflow_definition_id type: string + - description: Limit (default 20, max 100) + in: query + name: limit + type: integer + - description: Offset (default 0) + in: query + name: offset + type: integer produces: - application/json responses: - "204": - description: no content + "200": + description: OK schema: - type: string + $ref: '#/definitions/workflows.MyAssignmentsResponse' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' + "401": + description: Unauthorized + schema: + $ref: '#/definitions/api.Error' "500": description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Delete milestone + security: + - OAuth2Password: [] + summary: List my step assignments tags: - - POAM Items - put: - consumes: - - application/json - description: Update milestone fields; when status becomes completed, sets completed_at. + - Step Executions + /workflows/steps: + get: + description: List all step definitions for a workflow definition parameters: - - description: POAM item ID - in: path - name: id - required: true - type: string - - description: Milestone ID - in: path - name: milestoneId + - description: Workflow Definition ID + in: query + name: workflow_definition_id required: true type: string - - description: Fields to update - in: body - name: body - required: true - schema: - additionalProperties: true - type: object produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-relational_CcfPoamItemMilestone' + $ref: '#/definitions/workflows.WorkflowStepDefinitionListResponse' "400": description: Bad Request schema: $ref: '#/definitions/api.Error' + "401": + description: Unauthorized + schema: + $ref: '#/definitions/api.Error' "500": description: Internal Server Error schema: $ref: '#/definitions/api.Error' - summary: Update milestone + security: + - OAuth2Password: [] + summary: List workflow step definitions tags: - - POAM Items - /users/{id}/change-password: + - Workflow Step Definitions post: consumes: - application/json - description: Changes the password for a user by ID + description: Create a new step definition for a workflow parameters: - - description: User ID - in: path - name: id - required: true - type: string - - description: Change Password Request + - description: Step definition details in: body - name: changePasswordRequest + name: request required: true schema: - $ref: '#/definitions/handler.UserHandler' + $ref: '#/definitions/workflows.CreateWorkflowStepDefinitionRequest' produces: - application/json responses: - "204": - description: No Content + "201": + description: Created + schema: + $ref: '#/definitions/workflows.WorkflowStepDefinitionResponse' "400": description: Bad Request schema: @@ -16813,29 +23475,33 @@ paths: description: Unauthorized schema: $ref: '#/definitions/api.Error' - "404": - description: Not Found - schema: - $ref: '#/definitions/api.Error' "500": description: Internal Server Error schema: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Change password for a specific user + summary: Create workflow step definition tags: - - Users - /users/me: - get: - description: Retrieves the details of the currently logged-in user + - Workflow Step Definitions + /workflows/steps/{id}: + delete: + description: Delete workflow step definition by ID + parameters: + - description: Step Definition ID + in: path + name: id + required: true + type: string produces: - application/json responses: - "200": - description: OK + "204": + description: No Content + "400": + description: Bad Request schema: - $ref: '#/definitions/handler.GenericDataResponse-relational_User' + $ref: '#/definitions/api.Error' "401": description: Unauthorized schema: @@ -16850,26 +23516,24 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Get logged-in user details + summary: Delete workflow step definition tags: - - Users - /users/me/change-password: - post: - consumes: - - application/json - description: Changes the password for the currently logged-in user + - Workflow Step Definitions + get: + description: Get workflow step definition by ID parameters: - - description: Change Password Request - in: body - name: changePasswordRequest + - description: Step Definition ID + in: path + name: id required: true - schema: - $ref: '#/definitions/handler.UserHandler' + type: string produces: - application/json responses: - "204": - description: No Content + "200": + description: OK + schema: + $ref: '#/definitions/workflows.WorkflowStepDefinitionResponse' "400": description: Bad Request schema: @@ -16878,25 +23542,46 @@ paths: description: Unauthorized schema: $ref: '#/definitions/api.Error' + "404": + description: Not Found + schema: + $ref: '#/definitions/api.Error' "500": description: Internal Server Error schema: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Change password for logged-in user + summary: Get workflow step definition tags: - - Users - /users/me/digest-subscription: - get: - description: Gets the current user's digest email subscription status + - Workflow Step Definitions + put: + consumes: + - application/json + description: Update workflow step definition by ID + parameters: + - description: Step Definition ID + in: path + name: id + required: true + type: string + - description: Updated step definition details + in: body + name: request + required: true + schema: + $ref: '#/definitions/workflows.UpdateWorkflowStepDefinitionRequest' produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-handler_UserHandler' + $ref: '#/definitions/workflows.WorkflowStepDefinitionResponse' + "400": + description: Bad Request + schema: + $ref: '#/definitions/api.Error' "401": description: Unauthorized schema: @@ -16911,27 +23596,25 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Get digest subscription status + summary: Update workflow step definition tags: - - Users - put: - consumes: - - application/json - description: Updates the current user's digest email subscription status + - Workflow Step Definitions + /workflows/steps/{id}/dependencies: + get: + description: Get all dependencies for a workflow step definition parameters: - - description: Subscription status - in: body - name: subscription + - description: Step Definition ID + in: path + name: id required: true - schema: - $ref: '#/definitions/handler.UserHandler' + type: string produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/handler.GenericDataResponse-handler_UserHandler' + $ref: '#/definitions/workflows.WorkflowStepDefinitionListResponse' "400": description: Bad Request schema: @@ -16950,9 +23633,9 @@ paths: $ref: '#/definitions/api.Error' security: - OAuth2Password: [] - summary: Update digest subscription status + summary: Get step dependencies tags: - - Users + - Workflow Step Definitions produces: - application/json securityDefinitions: diff --git a/internal/api/handler/poam_items.go b/internal/api/handler/poam_items.go index 25ecaec9..1a56238b 100644 --- a/internal/api/handler/poam_items.go +++ b/internal/api/handler/poam_items.go @@ -63,29 +63,29 @@ func (h *PoamItemsHandler) Register(g *echo.Group) { // --------------------------------------------------------------------------- type createPoamItemRequest struct { - SspID string `json:"sspId" validate:"required"` - Title string `json:"title" validate:"required"` - Description string `json:"description"` - Status string `json:"status"` - SourceType string `json:"sourceType"` - PrimaryOwnerUserID *string `json:"primaryOwnerUserId"` - PlannedCompletionDate *time.Time `json:"plannedCompletionDate"` - CreatedFromRiskID *string `json:"createdFromRiskId"` - AcceptanceRationale *string `json:"acceptanceRationale"` - RiskIDs []string `json:"riskIds"` - EvidenceIDs []string `json:"evidenceIds"` - ControlRefs []poamControlRefRequest `json:"controlRefs"` - FindingIDs []string `json:"findingIds"` - Milestones []createMilestoneRequest `json:"milestones"` + SspID string `json:"sspId" validate:"required"` + Title string `json:"title" validate:"required"` + Description string `json:"description"` + Status string `json:"status"` + SourceType string `json:"sourceType"` + PrimaryOwnerUserID *string `json:"primaryOwnerUserId"` + PlannedCompletionDate *time.Time `json:"plannedCompletionDate"` + CreatedFromRiskID *string `json:"createdFromRiskId"` + AcceptanceRationale *string `json:"acceptanceRationale"` + RiskIDs []string `json:"riskIds"` + EvidenceIDs []string `json:"evidenceIds"` + ControlRefs []poamControlRefRequest `json:"controlRefs"` + FindingIDs []string `json:"findingIds"` + Milestones []createMilestoneRequest `json:"milestones"` } type updatePoamItemRequest struct { - Title *string `json:"title"` - Description *string `json:"description"` - Status *string `json:"status"` - PrimaryOwnerUserID *string `json:"primaryOwnerUserId"` - PlannedCompletionDate *time.Time `json:"plannedCompletionDate"` - AcceptanceRationale *string `json:"acceptanceRationale"` + Title *string `json:"title"` + Description *string `json:"description"` + Status *string `json:"status"` + PrimaryOwnerUserID *string `json:"primaryOwnerUserId"` + PlannedCompletionDate *time.Time `json:"plannedCompletionDate"` + AcceptanceRationale *string `json:"acceptanceRationale"` // Link management — add/remove in the same call as scalar updates. AddRiskIDs []string `json:"addRiskIds"` RemoveRiskIDs []string `json:"removeRiskIds"` @@ -257,20 +257,20 @@ func toMilestoneResponse(m *poamsvc.PoamItemMilestone) milestoneResponse { // List godoc // -// @Summary List POAM items -// @Tags POAM Items -// @Produce json -// @Param status query string false "Filter by status (open|in-progress|completed|overdue)" -// @Param sspId query string false "Filter by SSP UUID" -// @Param riskId query string false "Filter by linked risk UUID" -// @Param deadlineBefore query string false "Filter by planned_completion_date before (RFC3339)" -// @Param overdueOnly query bool false "Return only overdue items" -// @Param ownerRef query string false "Filter by primary_owner_user_id UUID" -// @Success 200 {object} GenericDataListResponse[poamItemResponse] -// @Failure 400 {object} api.Error -// @Failure 500 {object} api.Error -// @Security OAuth2Password -// @Router /poam-items [get] +// @Summary List POAM items +// @Tags POAM Items +// @Produce json +// @Param status query string false "Filter by status (open|in-progress|completed|overdue)" +// @Param sspId query string false "Filter by SSP UUID" +// @Param riskId query string false "Filter by linked risk UUID" +// @Param deadlineBefore query string false "Filter by planned_completion_date before (RFC3339)" +// @Param overdueOnly query bool false "Return only overdue items" +// @Param ownerRef query string false "Filter by primary_owner_user_id UUID" +// @Success 200 {object} GenericDataListResponse[poamItemResponse] +// @Failure 400 {object} api.Error +// @Failure 500 {object} api.Error +// @Security OAuth2Password +// @Router /poam-items [get] func (h *PoamItemsHandler) List(c echo.Context) error { filters, err := parsePoamListFilters(c) if err != nil { @@ -289,17 +289,17 @@ func (h *PoamItemsHandler) List(c echo.Context) error { // Create godoc // -// @Summary Create a POAM item -// @Tags POAM Items -// @Accept json -// @Produce json -// @Param body body createPoamItemRequest true "POAM item payload" -// @Success 201 {object} GenericDataResponse[poamItemResponse] -// @Failure 400 {object} api.Error -// @Failure 404 {object} api.Error -// @Failure 500 {object} api.Error -// @Security OAuth2Password -// @Router /poam-items [post] +// @Summary Create a POAM item +// @Tags POAM Items +// @Accept json +// @Produce json +// @Param body body createPoamItemRequest true "POAM item payload" +// @Success 201 {object} GenericDataResponse[poamItemResponse] +// @Failure 400 {object} api.Error +// @Failure 404 {object} api.Error +// @Failure 500 {object} api.Error +// @Security OAuth2Password +// @Router /poam-items [post] func (h *PoamItemsHandler) Create(c echo.Context) error { var in createPoamItemRequest if err := c.Bind(&in); err != nil { @@ -401,16 +401,16 @@ func (h *PoamItemsHandler) Create(c echo.Context) error { // Get godoc // -// @Summary Get a POAM item -// @Tags POAM Items -// @Produce json -// @Param id path string true "POAM item ID" -// @Success 200 {object} GenericDataResponse[poamItemResponse] -// @Failure 400 {object} api.Error -// @Failure 404 {object} api.Error -// @Failure 500 {object} api.Error -// @Security OAuth2Password -// @Router /poam-items/{id} [get] +// @Summary Get a POAM item +// @Tags POAM Items +// @Produce json +// @Param id path string true "POAM item ID" +// @Success 200 {object} GenericDataResponse[poamItemResponse] +// @Failure 400 {object} api.Error +// @Failure 404 {object} api.Error +// @Failure 500 {object} api.Error +// @Security OAuth2Password +// @Router /poam-items/{id} [get] func (h *PoamItemsHandler) Get(c echo.Context) error { id, err := uuid.Parse(c.Param("id")) if err != nil { @@ -428,18 +428,18 @@ func (h *PoamItemsHandler) Get(c echo.Context) error { // Update godoc // -// @Summary Update a POAM item -// @Tags POAM Items -// @Accept json -// @Produce json -// @Param id path string true "POAM item ID" -// @Param body body updatePoamItemRequest true "Update payload" -// @Success 200 {object} GenericDataResponse[poamItemResponse] -// @Failure 400 {object} api.Error -// @Failure 404 {object} api.Error -// @Failure 500 {object} api.Error -// @Security OAuth2Password -// @Router /poam-items/{id} [put] +// @Summary Update a POAM item +// @Tags POAM Items +// @Accept json +// @Produce json +// @Param id path string true "POAM item ID" +// @Param body body updatePoamItemRequest true "Update payload" +// @Success 200 {object} GenericDataResponse[poamItemResponse] +// @Failure 400 {object} api.Error +// @Failure 404 {object} api.Error +// @Failure 500 {object} api.Error +// @Security OAuth2Password +// @Router /poam-items/{id} [put] func (h *PoamItemsHandler) Update(c echo.Context) error { id, err := uuid.Parse(c.Param("id")) if err != nil { @@ -530,15 +530,15 @@ func (h *PoamItemsHandler) Update(c echo.Context) error { // Delete godoc // -// @Summary Delete a POAM item -// @Tags POAM Items -// @Param id path string true "POAM item ID" -// @Success 204 "No Content" -// @Failure 400 {object} api.Error -// @Failure 404 {object} api.Error -// @Failure 500 {object} api.Error -// @Security OAuth2Password -// @Router /poam-items/{id} [delete] +// @Summary Delete a POAM item +// @Tags POAM Items +// @Param id path string true "POAM item ID" +// @Success 204 "No Content" +// @Failure 400 {object} api.Error +// @Failure 404 {object} api.Error +// @Failure 500 {object} api.Error +// @Security OAuth2Password +// @Router /poam-items/{id} [delete] func (h *PoamItemsHandler) Delete(c echo.Context) error { id, err := uuid.Parse(c.Param("id")) if err != nil { @@ -559,16 +559,16 @@ func (h *PoamItemsHandler) Delete(c echo.Context) error { // ListMilestones godoc // -// @Summary List milestones for a POAM item -// @Tags POAM Items -// @Produce json -// @Param id path string true "POAM item ID" -// @Success 200 {object} GenericDataListResponse[milestoneResponse] -// @Failure 400 {object} api.Error -// @Failure 404 {object} api.Error -// @Failure 500 {object} api.Error -// @Security OAuth2Password -// @Router /poam-items/{id}/milestones [get] +// @Summary List milestones for a POAM item +// @Tags POAM Items +// @Produce json +// @Param id path string true "POAM item ID" +// @Success 200 {object} GenericDataListResponse[milestoneResponse] +// @Failure 400 {object} api.Error +// @Failure 404 {object} api.Error +// @Failure 500 {object} api.Error +// @Security OAuth2Password +// @Router /poam-items/{id}/milestones [get] func (h *PoamItemsHandler) ListMilestones(c echo.Context) error { id, err := uuid.Parse(c.Param("id")) if err != nil { @@ -593,18 +593,18 @@ func (h *PoamItemsHandler) ListMilestones(c echo.Context) error { // AddMilestone godoc // -// @Summary Add a milestone to a POAM item -// @Tags POAM Items -// @Accept json -// @Produce json -// @Param id path string true "POAM item ID" -// @Param body body createMilestoneRequest true "Milestone payload" -// @Success 201 {object} GenericDataResponse[milestoneResponse] -// @Failure 400 {object} api.Error -// @Failure 404 {object} api.Error -// @Failure 500 {object} api.Error -// @Security OAuth2Password -// @Router /poam-items/{id}/milestones [post] +// @Summary Add a milestone to a POAM item +// @Tags POAM Items +// @Accept json +// @Produce json +// @Param id path string true "POAM item ID" +// @Param body body createMilestoneRequest true "Milestone payload" +// @Success 201 {object} GenericDataResponse[milestoneResponse] +// @Failure 400 {object} api.Error +// @Failure 404 {object} api.Error +// @Failure 500 {object} api.Error +// @Security OAuth2Password +// @Router /poam-items/{id}/milestones [post] func (h *PoamItemsHandler) AddMilestone(c echo.Context) error { id, err := uuid.Parse(c.Param("id")) if err != nil { @@ -641,19 +641,19 @@ func (h *PoamItemsHandler) AddMilestone(c echo.Context) error { // UpdateMilestone godoc // -// @Summary Update a milestone -// @Tags POAM Items -// @Accept json -// @Produce json -// @Param id path string true "POAM item ID" -// @Param milestoneId path string true "Milestone ID" -// @Param body body updateMilestoneRequest true "Milestone update payload" -// @Success 200 {object} GenericDataResponse[milestoneResponse] -// @Failure 400 {object} api.Error -// @Failure 404 {object} api.Error -// @Failure 500 {object} api.Error -// @Security OAuth2Password -// @Router /poam-items/{id}/milestones/{milestoneId} [put] +// @Summary Update a milestone +// @Tags POAM Items +// @Accept json +// @Produce json +// @Param id path string true "POAM item ID" +// @Param milestoneId path string true "Milestone ID" +// @Param body body updateMilestoneRequest true "Milestone update payload" +// @Success 200 {object} GenericDataResponse[milestoneResponse] +// @Failure 400 {object} api.Error +// @Failure 404 {object} api.Error +// @Failure 500 {object} api.Error +// @Security OAuth2Password +// @Router /poam-items/{id}/milestones/{milestoneId} [put] func (h *PoamItemsHandler) UpdateMilestone(c echo.Context) error { id, err := uuid.Parse(c.Param("id")) if err != nil { @@ -688,16 +688,16 @@ func (h *PoamItemsHandler) UpdateMilestone(c echo.Context) error { // DeleteMilestone godoc // -// @Summary Delete a milestone -// @Tags POAM Items -// @Param id path string true "POAM item ID" -// @Param milestoneId path string true "Milestone ID" -// @Success 204 "No Content" -// @Failure 400 {object} api.Error -// @Failure 404 {object} api.Error -// @Failure 500 {object} api.Error -// @Security OAuth2Password -// @Router /poam-items/{id}/milestones/{milestoneId} [delete] +// @Summary Delete a milestone +// @Tags POAM Items +// @Param id path string true "POAM item ID" +// @Param milestoneId path string true "Milestone ID" +// @Success 204 "No Content" +// @Failure 400 {object} api.Error +// @Failure 404 {object} api.Error +// @Failure 500 {object} api.Error +// @Security OAuth2Password +// @Router /poam-items/{id}/milestones/{milestoneId} [delete] func (h *PoamItemsHandler) DeleteMilestone(c echo.Context) error { id, err := uuid.Parse(c.Param("id")) if err != nil { @@ -722,16 +722,16 @@ func (h *PoamItemsHandler) DeleteMilestone(c echo.Context) error { // ListRisks godoc // -// @Summary List linked risks -// @Tags POAM Items -// @Produce json -// @Param id path string true "POAM item ID" -// @Success 200 {object} GenericDataListResponse[poamsvc.PoamItemRiskLink] -// @Failure 400 {object} api.Error -// @Failure 404 {object} api.Error -// @Failure 500 {object} api.Error -// @Security OAuth2Password -// @Router /poam-items/{id}/risks [get] +// @Summary List linked risks +// @Tags POAM Items +// @Produce json +// @Param id path string true "POAM item ID" +// @Success 200 {object} GenericDataListResponse[poamsvc.PoamItemRiskLink] +// @Failure 400 {object} api.Error +// @Failure 404 {object} api.Error +// @Failure 500 {object} api.Error +// @Security OAuth2Password +// @Router /poam-items/{id}/risks [get] func (h *PoamItemsHandler) ListRisks(c echo.Context) error { id, err := uuid.Parse(c.Param("id")) if err != nil { @@ -752,18 +752,18 @@ func (h *PoamItemsHandler) ListRisks(c echo.Context) error { // AddRiskLink godoc // -// @Summary Add a risk link -// @Tags POAM Items -// @Accept json -// @Produce json -// @Param id path string true "POAM item ID" -// @Param body body addLinkRequest true "Risk ID payload" -// @Success 201 {object} GenericDataResponse[poamsvc.PoamItemRiskLink] -// @Failure 400 {object} api.Error -// @Failure 404 {object} api.Error -// @Failure 500 {object} api.Error -// @Security OAuth2Password -// @Router /poam-items/{id}/risks [post] +// @Summary Add a risk link +// @Tags POAM Items +// @Accept json +// @Produce json +// @Param id path string true "POAM item ID" +// @Param body body addLinkRequest true "Risk ID payload" +// @Success 201 {object} GenericDataResponse[poamsvc.PoamItemRiskLink] +// @Failure 400 {object} api.Error +// @Failure 404 {object} api.Error +// @Failure 500 {object} api.Error +// @Security OAuth2Password +// @Router /poam-items/{id}/risks [post] func (h *PoamItemsHandler) AddRiskLink(c echo.Context) error { id, err := uuid.Parse(c.Param("id")) if err != nil { @@ -795,16 +795,16 @@ func (h *PoamItemsHandler) AddRiskLink(c echo.Context) error { // DeleteRiskLink godoc // -// @Summary Delete a risk link -// @Tags POAM Items -// @Param id path string true "POAM item ID" -// @Param riskId path string true "Risk ID" -// @Success 204 "No Content" -// @Failure 400 {object} api.Error -// @Failure 404 {object} api.Error -// @Failure 500 {object} api.Error -// @Security OAuth2Password -// @Router /poam-items/{id}/risks/{riskId} [delete] +// @Summary Delete a risk link +// @Tags POAM Items +// @Param id path string true "POAM item ID" +// @Param riskId path string true "Risk ID" +// @Success 204 "No Content" +// @Failure 400 {object} api.Error +// @Failure 404 {object} api.Error +// @Failure 500 {object} api.Error +// @Security OAuth2Password +// @Router /poam-items/{id}/risks/{riskId} [delete] func (h *PoamItemsHandler) DeleteRiskLink(c echo.Context) error { id, err := uuid.Parse(c.Param("id")) if err != nil { @@ -829,16 +829,16 @@ func (h *PoamItemsHandler) DeleteRiskLink(c echo.Context) error { // ListEvidence godoc // -// @Summary List linked evidence -// @Tags POAM Items -// @Produce json -// @Param id path string true "POAM item ID" -// @Success 200 {object} GenericDataListResponse[poamsvc.PoamItemEvidenceLink] -// @Failure 400 {object} api.Error -// @Failure 404 {object} api.Error -// @Failure 500 {object} api.Error -// @Security OAuth2Password -// @Router /poam-items/{id}/evidence [get] +// @Summary List linked evidence +// @Tags POAM Items +// @Produce json +// @Param id path string true "POAM item ID" +// @Success 200 {object} GenericDataListResponse[poamsvc.PoamItemEvidenceLink] +// @Failure 400 {object} api.Error +// @Failure 404 {object} api.Error +// @Failure 500 {object} api.Error +// @Security OAuth2Password +// @Router /poam-items/{id}/evidence [get] func (h *PoamItemsHandler) ListEvidence(c echo.Context) error { id, err := uuid.Parse(c.Param("id")) if err != nil { @@ -859,18 +859,18 @@ func (h *PoamItemsHandler) ListEvidence(c echo.Context) error { // AddEvidenceLink godoc // -// @Summary Add an evidence link -// @Tags POAM Items -// @Accept json -// @Produce json -// @Param id path string true "POAM item ID" -// @Param body body addLinkRequest true "Evidence ID payload" -// @Success 201 {object} GenericDataResponse[poamsvc.PoamItemEvidenceLink] -// @Failure 400 {object} api.Error -// @Failure 404 {object} api.Error -// @Failure 500 {object} api.Error -// @Security OAuth2Password -// @Router /poam-items/{id}/evidence [post] +// @Summary Add an evidence link +// @Tags POAM Items +// @Accept json +// @Produce json +// @Param id path string true "POAM item ID" +// @Param body body addLinkRequest true "Evidence ID payload" +// @Success 201 {object} GenericDataResponse[poamsvc.PoamItemEvidenceLink] +// @Failure 400 {object} api.Error +// @Failure 404 {object} api.Error +// @Failure 500 {object} api.Error +// @Security OAuth2Password +// @Router /poam-items/{id}/evidence [post] func (h *PoamItemsHandler) AddEvidenceLink(c echo.Context) error { id, err := uuid.Parse(c.Param("id")) if err != nil { @@ -902,16 +902,16 @@ func (h *PoamItemsHandler) AddEvidenceLink(c echo.Context) error { // DeleteEvidenceLink godoc // -// @Summary Delete an evidence link -// @Tags POAM Items -// @Param id path string true "POAM item ID" -// @Param evidenceId path string true "Evidence ID" -// @Success 204 "No Content" -// @Failure 400 {object} api.Error -// @Failure 404 {object} api.Error -// @Failure 500 {object} api.Error -// @Security OAuth2Password -// @Router /poam-items/{id}/evidence/{evidenceId} [delete] +// @Summary Delete an evidence link +// @Tags POAM Items +// @Param id path string true "POAM item ID" +// @Param evidenceId path string true "Evidence ID" +// @Success 204 "No Content" +// @Failure 400 {object} api.Error +// @Failure 404 {object} api.Error +// @Failure 500 {object} api.Error +// @Security OAuth2Password +// @Router /poam-items/{id}/evidence/{evidenceId} [delete] func (h *PoamItemsHandler) DeleteEvidenceLink(c echo.Context) error { id, err := uuid.Parse(c.Param("id")) if err != nil { @@ -936,16 +936,16 @@ func (h *PoamItemsHandler) DeleteEvidenceLink(c echo.Context) error { // ListControls godoc // -// @Summary List linked controls -// @Tags POAM Items -// @Produce json -// @Param id path string true "POAM item ID" -// @Success 200 {object} GenericDataListResponse[poamsvc.PoamItemControlLink] -// @Failure 400 {object} api.Error -// @Failure 404 {object} api.Error -// @Failure 500 {object} api.Error -// @Security OAuth2Password -// @Router /poam-items/{id}/controls [get] +// @Summary List linked controls +// @Tags POAM Items +// @Produce json +// @Param id path string true "POAM item ID" +// @Success 200 {object} GenericDataListResponse[poamsvc.PoamItemControlLink] +// @Failure 400 {object} api.Error +// @Failure 404 {object} api.Error +// @Failure 500 {object} api.Error +// @Security OAuth2Password +// @Router /poam-items/{id}/controls [get] func (h *PoamItemsHandler) ListControls(c echo.Context) error { id, err := uuid.Parse(c.Param("id")) if err != nil { @@ -966,18 +966,18 @@ func (h *PoamItemsHandler) ListControls(c echo.Context) error { // AddControlLink godoc // -// @Summary Add a control link -// @Tags POAM Items -// @Accept json -// @Produce json -// @Param id path string true "POAM item ID" -// @Param body body poamControlRefRequest true "Control ref payload" -// @Success 201 {object} GenericDataResponse[poamsvc.PoamItemControlLink] -// @Failure 400 {object} api.Error -// @Failure 404 {object} api.Error -// @Failure 500 {object} api.Error -// @Security OAuth2Password -// @Router /poam-items/{id}/controls [post] +// @Summary Add a control link +// @Tags POAM Items +// @Accept json +// @Produce json +// @Param id path string true "POAM item ID" +// @Param body body poamControlRefRequest true "Control ref payload" +// @Success 201 {object} GenericDataResponse[poamsvc.PoamItemControlLink] +// @Failure 400 {object} api.Error +// @Failure 404 {object} api.Error +// @Failure 500 {object} api.Error +// @Security OAuth2Password +// @Router /poam-items/{id}/controls [post] func (h *PoamItemsHandler) AddControlLink(c echo.Context) error { id, err := uuid.Parse(c.Param("id")) if err != nil { @@ -1009,17 +1009,17 @@ func (h *PoamItemsHandler) AddControlLink(c echo.Context) error { // DeleteControlLink godoc // -// @Summary Delete a control link -// @Tags POAM Items -// @Param id path string true "POAM item ID" -// @Param catalogId path string true "Catalog ID" -// @Param controlId path string true "Control ID" -// @Success 204 "No Content" -// @Failure 400 {object} api.Error -// @Failure 404 {object} api.Error -// @Failure 500 {object} api.Error -// @Security OAuth2Password -// @Router /poam-items/{id}/controls/{catalogId}/{controlId} [delete] +// @Summary Delete a control link +// @Tags POAM Items +// @Param id path string true "POAM item ID" +// @Param catalogId path string true "Catalog ID" +// @Param controlId path string true "Control ID" +// @Success 204 "No Content" +// @Failure 400 {object} api.Error +// @Failure 404 {object} api.Error +// @Failure 500 {object} api.Error +// @Security OAuth2Password +// @Router /poam-items/{id}/controls/{catalogId}/{controlId} [delete] func (h *PoamItemsHandler) DeleteControlLink(c echo.Context) error { id, err := uuid.Parse(c.Param("id")) if err != nil { @@ -1048,16 +1048,16 @@ func (h *PoamItemsHandler) DeleteControlLink(c echo.Context) error { // ListFindings godoc // -// @Summary List linked findings -// @Tags POAM Items -// @Produce json -// @Param id path string true "POAM item ID" -// @Success 200 {object} GenericDataListResponse[poamsvc.PoamItemFindingLink] -// @Failure 400 {object} api.Error -// @Failure 404 {object} api.Error -// @Failure 500 {object} api.Error -// @Security OAuth2Password -// @Router /poam-items/{id}/findings [get] +// @Summary List linked findings +// @Tags POAM Items +// @Produce json +// @Param id path string true "POAM item ID" +// @Success 200 {object} GenericDataListResponse[poamsvc.PoamItemFindingLink] +// @Failure 400 {object} api.Error +// @Failure 404 {object} api.Error +// @Failure 500 {object} api.Error +// @Security OAuth2Password +// @Router /poam-items/{id}/findings [get] func (h *PoamItemsHandler) ListFindings(c echo.Context) error { id, err := uuid.Parse(c.Param("id")) if err != nil { @@ -1078,18 +1078,18 @@ func (h *PoamItemsHandler) ListFindings(c echo.Context) error { // AddFindingLink godoc // -// @Summary Add a finding link -// @Tags POAM Items -// @Accept json -// @Produce json -// @Param id path string true "POAM item ID" -// @Param body body addLinkRequest true "Finding ID payload" -// @Success 201 {object} GenericDataResponse[poamsvc.PoamItemFindingLink] -// @Failure 400 {object} api.Error -// @Failure 404 {object} api.Error -// @Failure 500 {object} api.Error -// @Security OAuth2Password -// @Router /poam-items/{id}/findings [post] +// @Summary Add a finding link +// @Tags POAM Items +// @Accept json +// @Produce json +// @Param id path string true "POAM item ID" +// @Param body body addLinkRequest true "Finding ID payload" +// @Success 201 {object} GenericDataResponse[poamsvc.PoamItemFindingLink] +// @Failure 400 {object} api.Error +// @Failure 404 {object} api.Error +// @Failure 500 {object} api.Error +// @Security OAuth2Password +// @Router /poam-items/{id}/findings [post] func (h *PoamItemsHandler) AddFindingLink(c echo.Context) error { id, err := uuid.Parse(c.Param("id")) if err != nil { @@ -1121,16 +1121,16 @@ func (h *PoamItemsHandler) AddFindingLink(c echo.Context) error { // DeleteFindingLink godoc // -// @Summary Delete a finding link -// @Tags POAM Items -// @Param id path string true "POAM item ID" -// @Param findingId path string true "Finding ID" -// @Success 204 "No Content" -// @Failure 400 {object} api.Error -// @Failure 404 {object} api.Error -// @Failure 500 {object} api.Error -// @Security OAuth2Password -// @Router /poam-items/{id}/findings/{findingId} [delete] +// @Summary Delete a finding link +// @Tags POAM Items +// @Param id path string true "POAM item ID" +// @Param findingId path string true "Finding ID" +// @Success 204 "No Content" +// @Failure 400 {object} api.Error +// @Failure 404 {object} api.Error +// @Failure 500 {object} api.Error +// @Security OAuth2Password +// @Router /poam-items/{id}/findings/{findingId} [delete] func (h *PoamItemsHandler) DeleteFindingLink(c echo.Context) error { id, err := uuid.Parse(c.Param("id")) if err != nil { diff --git a/internal/service/relational/poam/models.go b/internal/service/relational/poam/models.go index bcbc6974..ccedd1c8 100644 --- a/internal/service/relational/poam/models.go +++ b/internal/service/relational/poam/models.go @@ -151,10 +151,10 @@ func (m *PoamItemMilestone) BeforeCreate(_ *gorm.DB) error { // Uses a composite primary key and OnDelete:CASCADE to match the Risk service // link table pattern (e.g., risk_evidence_links). type PoamItemRiskLink struct { - PoamItemID uuid.UUID `gorm:"type:uuid;primaryKey" json:"poamItemId"` - RiskID uuid.UUID `gorm:"type:uuid;primaryKey;index" json:"riskId"` - CreatedAt time.Time ` json:"createdAt"` - PoamItem *PoamItem `json:"-" gorm:"foreignKey:PoamItemID;references:ID;constraint:OnDelete:CASCADE"` + PoamItemID uuid.UUID `gorm:"type:uuid;primaryKey" json:"poamItemId"` + RiskID uuid.UUID `gorm:"type:uuid;primaryKey;index" json:"riskId"` + CreatedAt time.Time ` json:"createdAt"` + PoamItem *PoamItem `json:"-" gorm:"foreignKey:PoamItemID;references:ID;constraint:OnDelete:CASCADE"` } // TableName returns the physical table name. @@ -162,10 +162,10 @@ func (PoamItemRiskLink) TableName() string { return "ccf_poam_item_risk_links" } // PoamItemEvidenceLink is the join table linking PoamItems to Evidence records. type PoamItemEvidenceLink struct { - PoamItemID uuid.UUID `gorm:"type:uuid;primaryKey" json:"poamItemId"` - EvidenceID uuid.UUID `gorm:"type:uuid;primaryKey;index" json:"evidenceId"` - CreatedAt time.Time ` json:"createdAt"` - PoamItem *PoamItem `json:"-" gorm:"foreignKey:PoamItemID;references:ID;constraint:OnDelete:CASCADE"` + PoamItemID uuid.UUID `gorm:"type:uuid;primaryKey" json:"poamItemId"` + EvidenceID uuid.UUID `gorm:"type:uuid;primaryKey;index" json:"evidenceId"` + CreatedAt time.Time ` json:"createdAt"` + PoamItem *PoamItem `json:"-" gorm:"foreignKey:PoamItemID;references:ID;constraint:OnDelete:CASCADE"` } // TableName returns the physical table name. @@ -173,11 +173,11 @@ func (PoamItemEvidenceLink) TableName() string { return "ccf_poam_item_evidence_ // PoamItemControlLink is the join table linking PoamItems to Controls. type PoamItemControlLink struct { - PoamItemID uuid.UUID `gorm:"type:uuid;primaryKey" json:"poamItemId"` - CatalogID uuid.UUID `gorm:"type:uuid;primaryKey;index" json:"catalogId"` - ControlID string `gorm:"type:text;not null;primaryKey" json:"controlId"` - CreatedAt time.Time ` json:"createdAt"` - PoamItem *PoamItem `json:"-" gorm:"foreignKey:PoamItemID;references:ID;constraint:OnDelete:CASCADE"` + PoamItemID uuid.UUID `gorm:"type:uuid;primaryKey" json:"poamItemId"` + CatalogID uuid.UUID `gorm:"type:uuid;primaryKey;index" json:"catalogId"` + ControlID string `gorm:"type:text;not null;primaryKey" json:"controlId"` + CreatedAt time.Time ` json:"createdAt"` + PoamItem *PoamItem `json:"-" gorm:"foreignKey:PoamItemID;references:ID;constraint:OnDelete:CASCADE"` } // TableName returns the physical table name. @@ -185,10 +185,10 @@ func (PoamItemControlLink) TableName() string { return "ccf_poam_item_control_li // PoamItemFindingLink is the join table linking PoamItems to Findings. type PoamItemFindingLink struct { - PoamItemID uuid.UUID `gorm:"type:uuid;primaryKey" json:"poamItemId"` - FindingID uuid.UUID `gorm:"type:uuid;primaryKey;index" json:"findingId"` - CreatedAt time.Time ` json:"createdAt"` - PoamItem *PoamItem `json:"-" gorm:"foreignKey:PoamItemID;references:ID;constraint:OnDelete:CASCADE"` + PoamItemID uuid.UUID `gorm:"type:uuid;primaryKey" json:"poamItemId"` + FindingID uuid.UUID `gorm:"type:uuid;primaryKey;index" json:"findingId"` + CreatedAt time.Time ` json:"createdAt"` + PoamItem *PoamItem `json:"-" gorm:"foreignKey:PoamItemID;references:ID;constraint:OnDelete:CASCADE"` } // TableName returns the physical table name. diff --git a/internal/service/relational/poam/service.go b/internal/service/relational/poam/service.go index 2ef44ca8..ea39f155 100644 --- a/internal/service/relational/poam/service.go +++ b/internal/service/relational/poam/service.go @@ -56,14 +56,14 @@ type UpdatePoamItemParams struct { PlannedCompletionDate *time.Time AcceptanceRationale *string // Link management — applied inside the same transaction as the scalar update. - AddRiskIDs []uuid.UUID - RemoveRiskIDs []uuid.UUID - AddEvidenceIDs []uuid.UUID + AddRiskIDs []uuid.UUID + RemoveRiskIDs []uuid.UUID + AddEvidenceIDs []uuid.UUID RemoveEvidenceIDs []uuid.UUID - AddControlRefs []ControlRef + AddControlRefs []ControlRef RemoveControlRefs []ControlRef - AddFindingIDs []uuid.UUID - RemoveFindingIDs []uuid.UUID + AddFindingIDs []uuid.UUID + RemoveFindingIDs []uuid.UUID } // CreateMilestoneParams carries all data required to create a single milestone. From 3d408ac0db15f6b26b1d89f26bb7736829e6877b Mon Sep 17 00:00:00 2001 From: AKAbdulHanif Date: Mon, 9 Mar 2026 08:27:29 -0400 Subject: [PATCH 22/28] fix(poam): rename poamAddControlLinkRequest -> poamControlRefRequest in test The AddControlLink test at line 910 still referenced the old type name poamAddControlLinkRequest. The correct type is poamControlRefRequest (the same struct used for both create-time and standalone link endpoints). go vet -tags integration now passes cleanly. --- internal/api/handler/poam_items_integration_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internal/api/handler/poam_items_integration_test.go b/internal/api/handler/poam_items_integration_test.go index 17c0291d..0e5e1c5f 100644 --- a/internal/api/handler/poam_items_integration_test.go +++ b/internal/api/handler/poam_items_integration_test.go @@ -907,7 +907,7 @@ func (suite *PoamItemsApiIntegrationSuite) TestAddControlLink() { sspID := uuid.New() item := suite.seedItem(sspID, "Add control link test", "open") catalogID := uuid.New() - body := poamAddControlLinkRequest{CatalogID: catalogID.String(), ControlID: "AC-3"} + body := poamControlRefRequest{CatalogID: catalogID.String(), ControlID: "AC-3"} raw, _ := json.Marshal(body) rec := httptest.NewRecorder() req := httptest.NewRequest(http.MethodPost, fmt.Sprintf("/api/poam-items/%s/controls", item.ID), bytes.NewReader(raw)) From 223385c02a85a262fee0d2acf6a56326ffe623de Mon Sep 17 00:00:00 2001 From: AKAbdulHanif Date: Mon, 9 Mar 2026 08:38:03 -0400 Subject: [PATCH 23/28] fix(poam): add JWT auth tokens to all integration test requests The POAM route group uses JWTMiddleware, so every test request must carry a valid Bearer token. Introduce an authedReq() suite helper that calls GetAuthToken() and sets the Authorization header, then update all 47 HTTP calls in the test file to use it. Also remove the now-unused 'strings' import and the blank-identifier workaround that was keeping it alive. --- .../handler/poam_items_integration_test.go | 201 +++++++----------- 1 file changed, 74 insertions(+), 127 deletions(-) diff --git a/internal/api/handler/poam_items_integration_test.go b/internal/api/handler/poam_items_integration_test.go index 0e5e1c5f..13d52465 100644 --- a/internal/api/handler/poam_items_integration_test.go +++ b/internal/api/handler/poam_items_integration_test.go @@ -9,7 +9,6 @@ import ( "fmt" "net/http" "net/http/httptest" - "strings" "testing" "time" @@ -43,6 +42,26 @@ func (suite *PoamItemsApiIntegrationSuite) newServer() *api.Server { return server } +// authedReq creates an authenticated HTTP request with a valid JWT token. +// body may be nil for requests without a payload (GET, DELETE). +func (suite *PoamItemsApiIntegrationSuite) authedReq(method, path string, body []byte) (*httptest.ResponseRecorder, *http.Request) { + token, err := suite.GetAuthToken() + suite.Require().NoError(err) + + var reader *bytes.Reader + if body != nil { + reader = bytes.NewReader(body) + } else { + reader = bytes.NewReader([]byte{}) + } + + rec := httptest.NewRecorder() + req := httptest.NewRequest(method, path, reader) + req.Header.Set(echo.HeaderContentType, echo.MIMEApplicationJSON) + req.Header.Set(echo.HeaderAuthorization, "Bearer "+*token) + return rec, req +} + // seedItem inserts a PoamItem directly into the DB, bypassing the API. func (suite *PoamItemsApiIntegrationSuite) seedItem(sspID uuid.UUID, title, status string) poamsvc.PoamItem { item := poamsvc.PoamItem{ @@ -85,9 +104,7 @@ func (suite *PoamItemsApiIntegrationSuite) TestCreate_MinimalPayload() { Status: "open", } raw, _ := json.Marshal(body) - rec := httptest.NewRecorder() - req := httptest.NewRequest(http.MethodPost, "/api/poam-items", bytes.NewReader(raw)) - req.Header.Set(echo.HeaderContentType, echo.MIMEApplicationJSON) + rec, req := suite.authedReq(http.MethodPost, "/api/poam-items", raw) suite.newServer().E().ServeHTTP(rec, req) assert.Equal(suite.T(), http.StatusCreated, rec.Code) var resp GenericDataResponse[poamItemResponse] @@ -114,9 +131,7 @@ func (suite *PoamItemsApiIntegrationSuite) TestCreate_WithMilestonesAndLinks() { }, } raw, _ := json.Marshal(body) - rec := httptest.NewRecorder() - req := httptest.NewRequest(http.MethodPost, "/api/poam-items", bytes.NewReader(raw)) - req.Header.Set(echo.HeaderContentType, echo.MIMEApplicationJSON) + rec, req := suite.authedReq(http.MethodPost, "/api/poam-items", raw) suite.newServer().E().ServeHTTP(rec, req) assert.Equal(suite.T(), http.StatusCreated, rec.Code) var resp GenericDataResponse[poamItemResponse] @@ -139,9 +154,7 @@ func (suite *PoamItemsApiIntegrationSuite) TestCreate_WithRiskLinks() { RiskIDs: []string{riskID.String()}, } raw, _ := json.Marshal(body) - rec := httptest.NewRecorder() - req := httptest.NewRequest(http.MethodPost, "/api/poam-items", bytes.NewReader(raw)) - req.Header.Set(echo.HeaderContentType, echo.MIMEApplicationJSON) + rec, req := suite.authedReq(http.MethodPost, "/api/poam-items", raw) suite.newServer().E().ServeHTTP(rec, req) assert.Equal(suite.T(), http.StatusCreated, rec.Code) var resp GenericDataResponse[poamItemResponse] @@ -170,9 +183,7 @@ func (suite *PoamItemsApiIntegrationSuite) TestCreate_WithAllLinkTypes() { ControlRefs: []poamControlRefRequest{{CatalogID: catalogID.String(), ControlID: "AC-1"}}, } raw, _ := json.Marshal(body) - rec := httptest.NewRecorder() - req := httptest.NewRequest(http.MethodPost, "/api/poam-items", bytes.NewReader(raw)) - req.Header.Set(echo.HeaderContentType, echo.MIMEApplicationJSON) + rec, req := suite.authedReq(http.MethodPost, "/api/poam-items", raw) suite.newServer().E().ServeHTTP(rec, req) assert.Equal(suite.T(), http.StatusCreated, rec.Code) var resp GenericDataResponse[poamItemResponse] @@ -197,9 +208,7 @@ func (suite *PoamItemsApiIntegrationSuite) TestCreate_InvalidSspID() { suite.Require().NoError(suite.Migrator.Refresh()) body := map[string]interface{}{"sspId": "not-a-uuid", "title": "X", "status": "open"} raw, _ := json.Marshal(body) - rec := httptest.NewRecorder() - req := httptest.NewRequest(http.MethodPost, "/api/poam-items", bytes.NewReader(raw)) - req.Header.Set(echo.HeaderContentType, echo.MIMEApplicationJSON) + rec, req := suite.authedReq(http.MethodPost, "/api/poam-items", raw) suite.newServer().E().ServeHTTP(rec, req) assert.Equal(suite.T(), http.StatusBadRequest, rec.Code) } @@ -214,8 +223,7 @@ func (suite *PoamItemsApiIntegrationSuite) TestList_NoFilter() { suite.seedItem(sspID, "Item A", "open") suite.seedItem(sspID, "Item B", "in-progress") suite.seedItem(uuid.New(), "Item C", "completed") - rec := httptest.NewRecorder() - req := httptest.NewRequest(http.MethodGet, "/api/poam-items", nil) + rec, req := suite.authedReq(http.MethodGet, "/api/poam-items", nil) suite.newServer().E().ServeHTTP(rec, req) assert.Equal(suite.T(), http.StatusOK, rec.Code) var resp GenericDataListResponse[poamItemResponse] @@ -229,8 +237,7 @@ func (suite *PoamItemsApiIntegrationSuite) TestList_FilterByStatus() { suite.seedItem(sspID, "Open item", "open") suite.seedItem(sspID, "In-progress item", "in-progress") suite.seedItem(sspID, "Completed item", "completed") - rec := httptest.NewRecorder() - req := httptest.NewRequest(http.MethodGet, "/api/poam-items?status=open", nil) + rec, req := suite.authedReq(http.MethodGet, "/api/poam-items?status=open", nil) suite.newServer().E().ServeHTTP(rec, req) assert.Equal(suite.T(), http.StatusOK, rec.Code) var resp GenericDataListResponse[poamItemResponse] @@ -246,8 +253,7 @@ func (suite *PoamItemsApiIntegrationSuite) TestList_FilterBySspId() { suite.seedItem(sspA, "SSP-A item 1", "open") suite.seedItem(sspA, "SSP-A item 2", "open") suite.seedItem(sspB, "SSP-B item", "open") - rec := httptest.NewRecorder() - req := httptest.NewRequest(http.MethodGet, fmt.Sprintf("/api/poam-items?sspId=%s", sspA), nil) + rec, req := suite.authedReq(http.MethodGet, fmt.Sprintf("/api/poam-items?sspId=%s", sspA), nil) suite.newServer().E().ServeHTTP(rec, req) assert.Equal(suite.T(), http.StatusOK, rec.Code) var resp GenericDataListResponse[poamItemResponse] @@ -265,8 +271,7 @@ func (suite *PoamItemsApiIntegrationSuite) TestList_FilterByRiskId() { item1 := suite.seedItem(sspID, "Linked to risk", "open") suite.seedItem(sspID, "Not linked", "open") suite.Require().NoError(suite.DB.Create(&poamsvc.PoamItemRiskLink{PoamItemID: item1.ID, RiskID: riskID}).Error) - rec := httptest.NewRecorder() - req := httptest.NewRequest(http.MethodGet, fmt.Sprintf("/api/poam-items?riskId=%s", riskID), nil) + rec, req := suite.authedReq(http.MethodGet, fmt.Sprintf("/api/poam-items?riskId=%s", riskID), nil) suite.newServer().E().ServeHTTP(rec, req) assert.Equal(suite.T(), http.StatusOK, rec.Code) var resp GenericDataListResponse[poamItemResponse] @@ -293,8 +298,7 @@ func (suite *PoamItemsApiIntegrationSuite) TestList_FilterByDueBefore() { suite.Require().NoError(suite.DB.Create(&itemPast).Error) suite.Require().NoError(suite.DB.Create(&itemFuture).Error) cutoff := time.Now().UTC().Format(time.RFC3339) - rec := httptest.NewRecorder() - req := httptest.NewRequest(http.MethodGet, fmt.Sprintf("/api/poam-items?dueBefore=%s", cutoff), nil) + rec, req := suite.authedReq(http.MethodGet, fmt.Sprintf("/api/poam-items?dueBefore=%s", cutoff), nil) suite.newServer().E().ServeHTTP(rec, req) assert.Equal(suite.T(), http.StatusOK, rec.Code) var resp GenericDataListResponse[poamItemResponse] @@ -326,8 +330,7 @@ func (suite *PoamItemsApiIntegrationSuite) TestList_FilterOverdueOnly() { suite.Require().NoError(suite.DB.Create(&overdueItem).Error) suite.Require().NoError(suite.DB.Create(&completedPast).Error) suite.Require().NoError(suite.DB.Create(&futureItem).Error) - rec := httptest.NewRecorder() - req := httptest.NewRequest(http.MethodGet, "/api/poam-items?overdueOnly=true", nil) + rec, req := suite.authedReq(http.MethodGet, "/api/poam-items?overdueOnly=true", nil) suite.newServer().E().ServeHTTP(rec, req) assert.Equal(suite.T(), http.StatusOK, rec.Code) var resp GenericDataListResponse[poamItemResponse] @@ -353,8 +356,7 @@ func (suite *PoamItemsApiIntegrationSuite) TestList_FilterByOwnerRef() { } suite.Require().NoError(suite.DB.Create(&itemOwned).Error) suite.Require().NoError(suite.DB.Create(&itemOther).Error) - rec := httptest.NewRecorder() - req := httptest.NewRequest(http.MethodGet, fmt.Sprintf("/api/poam-items?ownerRef=%s", ownerID), nil) + rec, req := suite.authedReq(http.MethodGet, fmt.Sprintf("/api/poam-items?ownerRef=%s", ownerID), nil) suite.newServer().E().ServeHTTP(rec, req) assert.Equal(suite.T(), http.StatusOK, rec.Code) var resp GenericDataListResponse[poamItemResponse] @@ -373,8 +375,7 @@ func (suite *PoamItemsApiIntegrationSuite) TestGet_Exists() { item := suite.seedItem(sspID, "Get test item", "open") suite.seedMilestone(item.ID, "Milestone A", "planned", 0) suite.seedMilestone(item.ID, "Milestone B", "planned", 1) - rec := httptest.NewRecorder() - req := httptest.NewRequest(http.MethodGet, fmt.Sprintf("/api/poam-items/%s", item.ID), nil) + rec, req := suite.authedReq(http.MethodGet, fmt.Sprintf("/api/poam-items/%s", item.ID), nil) suite.newServer().E().ServeHTTP(rec, req) assert.Equal(suite.T(), http.StatusOK, rec.Code) var resp GenericDataResponse[poamItemResponse] @@ -387,16 +388,14 @@ func (suite *PoamItemsApiIntegrationSuite) TestGet_Exists() { func (suite *PoamItemsApiIntegrationSuite) TestGet_NotFound() { suite.Require().NoError(suite.Migrator.Refresh()) - rec := httptest.NewRecorder() - req := httptest.NewRequest(http.MethodGet, fmt.Sprintf("/api/poam-items/%s", uuid.New()), nil) + rec, req := suite.authedReq(http.MethodGet, fmt.Sprintf("/api/poam-items/%s", uuid.New()), nil) suite.newServer().E().ServeHTTP(rec, req) assert.Equal(suite.T(), http.StatusNotFound, rec.Code) } func (suite *PoamItemsApiIntegrationSuite) TestGet_InvalidUUID() { suite.Require().NoError(suite.Migrator.Refresh()) - rec := httptest.NewRecorder() - req := httptest.NewRequest(http.MethodGet, "/api/poam-items/not-a-uuid", nil) + rec, req := suite.authedReq(http.MethodGet, "/api/poam-items/not-a-uuid", nil) suite.newServer().E().ServeHTTP(rec, req) assert.Equal(suite.T(), http.StatusBadRequest, rec.Code) } @@ -413,8 +412,7 @@ func (suite *PoamItemsApiIntegrationSuite) TestGet_IncludesAllLinkSets() { suite.DB.Create(&poamsvc.PoamItemEvidenceLink{PoamItemID: item.ID, EvidenceID: evidenceID}) suite.DB.Create(&poamsvc.PoamItemFindingLink{PoamItemID: item.ID, FindingID: findingID}) suite.DB.Create(&poamsvc.PoamItemControlLink{PoamItemID: item.ID, CatalogID: catalogID, ControlID: "AC-2"}) - rec := httptest.NewRecorder() - req := httptest.NewRequest(http.MethodGet, fmt.Sprintf("/api/poam-items/%s", item.ID), nil) + rec, req := suite.authedReq(http.MethodGet, fmt.Sprintf("/api/poam-items/%s", item.ID), nil) suite.newServer().E().ServeHTTP(rec, req) assert.Equal(suite.T(), http.StatusOK, rec.Code) var resp GenericDataResponse[poamItemResponse] @@ -437,9 +435,7 @@ func (suite *PoamItemsApiIntegrationSuite) TestUpdate_ScalarFields() { newDesc := "Updated description" body := updatePoamItemRequest{Title: &newTitle, Description: &newDesc} raw, _ := json.Marshal(body) - rec := httptest.NewRecorder() - req := httptest.NewRequest(http.MethodPut, fmt.Sprintf("/api/poam-items/%s", item.ID), bytes.NewReader(raw)) - req.Header.Set(echo.HeaderContentType, echo.MIMEApplicationJSON) + rec, req := suite.authedReq(http.MethodPut, fmt.Sprintf("/api/poam-items/%s", item.ID), raw) suite.newServer().E().ServeHTTP(rec, req) assert.Equal(suite.T(), http.StatusOK, rec.Code) var resp GenericDataResponse[poamItemResponse] @@ -455,9 +451,7 @@ func (suite *PoamItemsApiIntegrationSuite) TestUpdate_StatusToCompleted_SetsComp newStatus := "completed" body := updatePoamItemRequest{Status: &newStatus} raw, _ := json.Marshal(body) - rec := httptest.NewRecorder() - req := httptest.NewRequest(http.MethodPut, fmt.Sprintf("/api/poam-items/%s", item.ID), bytes.NewReader(raw)) - req.Header.Set(echo.HeaderContentType, echo.MIMEApplicationJSON) + rec, req := suite.authedReq(http.MethodPut, fmt.Sprintf("/api/poam-items/%s", item.ID), raw) suite.newServer().E().ServeHTTP(rec, req) assert.Equal(suite.T(), http.StatusOK, rec.Code) var updated poamsvc.PoamItem @@ -475,9 +469,7 @@ func (suite *PoamItemsApiIntegrationSuite) TestUpdate_StatusChange_SetsLastStatu newStatus := "in-progress" body := updatePoamItemRequest{Status: &newStatus} raw, _ := json.Marshal(body) - rec := httptest.NewRecorder() - req := httptest.NewRequest(http.MethodPut, fmt.Sprintf("/api/poam-items/%s", item.ID), bytes.NewReader(raw)) - req.Header.Set(echo.HeaderContentType, echo.MIMEApplicationJSON) + rec, req := suite.authedReq(http.MethodPut, fmt.Sprintf("/api/poam-items/%s", item.ID), raw) suite.newServer().E().ServeHTTP(rec, req) assert.Equal(suite.T(), http.StatusOK, rec.Code) var updated poamsvc.PoamItem @@ -490,9 +482,7 @@ func (suite *PoamItemsApiIntegrationSuite) TestUpdate_NotFound() { newTitle := "Ghost" body := updatePoamItemRequest{Title: &newTitle} raw, _ := json.Marshal(body) - rec := httptest.NewRecorder() - req := httptest.NewRequest(http.MethodPut, fmt.Sprintf("/api/poam-items/%s", uuid.New()), bytes.NewReader(raw)) - req.Header.Set(echo.HeaderContentType, echo.MIMEApplicationJSON) + rec, req := suite.authedReq(http.MethodPut, fmt.Sprintf("/api/poam-items/%s", uuid.New()), raw) suite.newServer().E().ServeHTTP(rec, req) assert.Equal(suite.T(), http.StatusNotFound, rec.Code) } @@ -510,8 +500,7 @@ func (suite *PoamItemsApiIntegrationSuite) TestDelete_CascadesAllLinks() { suite.DB.Create(&poamsvc.PoamItemRiskLink{PoamItemID: item.ID, RiskID: riskID}) evidenceID := uuid.New() suite.DB.Create(&poamsvc.PoamItemEvidenceLink{PoamItemID: item.ID, EvidenceID: evidenceID}) - rec := httptest.NewRecorder() - req := httptest.NewRequest(http.MethodDelete, fmt.Sprintf("/api/poam-items/%s", item.ID), nil) + rec, req := suite.authedReq(http.MethodDelete, fmt.Sprintf("/api/poam-items/%s", item.ID), nil) suite.newServer().E().ServeHTTP(rec, req) assert.Equal(suite.T(), http.StatusNoContent, rec.Code) var count int64 @@ -527,8 +516,7 @@ func (suite *PoamItemsApiIntegrationSuite) TestDelete_CascadesAllLinks() { func (suite *PoamItemsApiIntegrationSuite) TestDelete_NotFound() { suite.Require().NoError(suite.Migrator.Refresh()) - rec := httptest.NewRecorder() - req := httptest.NewRequest(http.MethodDelete, fmt.Sprintf("/api/poam-items/%s", uuid.New()), nil) + rec, req := suite.authedReq(http.MethodDelete, fmt.Sprintf("/api/poam-items/%s", uuid.New()), nil) suite.newServer().E().ServeHTTP(rec, req) assert.Equal(suite.T(), http.StatusNotFound, rec.Code) } @@ -544,8 +532,7 @@ func (suite *PoamItemsApiIntegrationSuite) TestListMilestones_OrderedByIndex() { suite.seedMilestone(item.ID, "Third", "planned", 2) suite.seedMilestone(item.ID, "First", "planned", 0) suite.seedMilestone(item.ID, "Second", "planned", 1) - rec := httptest.NewRecorder() - req := httptest.NewRequest(http.MethodGet, fmt.Sprintf("/api/poam-items/%s/milestones", item.ID), nil) + rec, req := suite.authedReq(http.MethodGet, fmt.Sprintf("/api/poam-items/%s/milestones", item.ID), nil) suite.newServer().E().ServeHTTP(rec, req) assert.Equal(suite.T(), http.StatusOK, rec.Code) var resp GenericDataListResponse[milestoneResponse] @@ -558,8 +545,7 @@ func (suite *PoamItemsApiIntegrationSuite) TestListMilestones_OrderedByIndex() { func (suite *PoamItemsApiIntegrationSuite) TestListMilestones_ParentNotFound() { suite.Require().NoError(suite.Migrator.Refresh()) - rec := httptest.NewRecorder() - req := httptest.NewRequest(http.MethodGet, fmt.Sprintf("/api/poam-items/%s/milestones", uuid.New()), nil) + rec, req := suite.authedReq(http.MethodGet, fmt.Sprintf("/api/poam-items/%s/milestones", uuid.New()), nil) suite.newServer().E().ServeHTTP(rec, req) assert.Equal(suite.T(), http.StatusNotFound, rec.Code) } @@ -581,9 +567,7 @@ func (suite *PoamItemsApiIntegrationSuite) TestAddMilestone() { OrderIndex: 0, } raw, _ := json.Marshal(body) - rec := httptest.NewRecorder() - req := httptest.NewRequest(http.MethodPost, fmt.Sprintf("/api/poam-items/%s/milestones", item.ID), bytes.NewReader(raw)) - req.Header.Set(echo.HeaderContentType, echo.MIMEApplicationJSON) + rec, req := suite.authedReq(http.MethodPost, fmt.Sprintf("/api/poam-items/%s/milestones", item.ID), raw) suite.newServer().E().ServeHTTP(rec, req) assert.Equal(suite.T(), http.StatusCreated, rec.Code) var resp GenericDataResponse[milestoneResponse] @@ -597,9 +581,7 @@ func (suite *PoamItemsApiIntegrationSuite) TestAddMilestone_ParentNotFound() { suite.Require().NoError(suite.Migrator.Refresh()) body := createMilestoneRequest{Title: "Ghost MS", Status: "planned"} raw, _ := json.Marshal(body) - rec := httptest.NewRecorder() - req := httptest.NewRequest(http.MethodPost, fmt.Sprintf("/api/poam-items/%s/milestones", uuid.New()), bytes.NewReader(raw)) - req.Header.Set(echo.HeaderContentType, echo.MIMEApplicationJSON) + rec, req := suite.authedReq(http.MethodPost, fmt.Sprintf("/api/poam-items/%s/milestones", uuid.New()), raw) suite.newServer().E().ServeHTTP(rec, req) assert.Equal(suite.T(), http.StatusNotFound, rec.Code) } @@ -616,13 +598,11 @@ func (suite *PoamItemsApiIntegrationSuite) TestUpdateMilestone_MarkCompleted_Set newStatus := "completed" body := updateMilestoneRequest{Status: &newStatus} raw, _ := json.Marshal(body) - rec := httptest.NewRecorder() - req := httptest.NewRequest( + rec, req := suite.authedReq( http.MethodPut, fmt.Sprintf("/api/poam-items/%s/milestones/%s", item.ID, ms.ID), - bytes.NewReader(raw), + raw, ) - req.Header.Set(echo.HeaderContentType, echo.MIMEApplicationJSON) suite.newServer().E().ServeHTTP(rec, req) assert.Equal(suite.T(), http.StatusOK, rec.Code) var updated poamsvc.PoamItemMilestone @@ -639,13 +619,11 @@ func (suite *PoamItemsApiIntegrationSuite) TestUpdateMilestone_UpdateTitle() { newTitle := "New title" body := updateMilestoneRequest{Title: &newTitle} raw, _ := json.Marshal(body) - rec := httptest.NewRecorder() - req := httptest.NewRequest( + rec, req := suite.authedReq( http.MethodPut, fmt.Sprintf("/api/poam-items/%s/milestones/%s", item.ID, ms.ID), - bytes.NewReader(raw), + raw, ) - req.Header.Set(echo.HeaderContentType, echo.MIMEApplicationJSON) suite.newServer().E().ServeHTTP(rec, req) assert.Equal(suite.T(), http.StatusOK, rec.Code) var resp GenericDataResponse[milestoneResponse] @@ -661,13 +639,11 @@ func (suite *PoamItemsApiIntegrationSuite) TestUpdateMilestone_UpdateOrderIndex( newOrder := 5 body := updateMilestoneRequest{OrderIndex: &newOrder} raw, _ := json.Marshal(body) - rec := httptest.NewRecorder() - req := httptest.NewRequest( + rec, req := suite.authedReq( http.MethodPut, fmt.Sprintf("/api/poam-items/%s/milestones/%s", item.ID, ms.ID), - bytes.NewReader(raw), + raw, ) - req.Header.Set(echo.HeaderContentType, echo.MIMEApplicationJSON) suite.newServer().E().ServeHTTP(rec, req) assert.Equal(suite.T(), http.StatusOK, rec.Code) var resp GenericDataResponse[milestoneResponse] @@ -682,13 +658,11 @@ func (suite *PoamItemsApiIntegrationSuite) TestUpdateMilestone_NotFound() { newStatus := "completed" body := updateMilestoneRequest{Status: &newStatus} raw, _ := json.Marshal(body) - rec := httptest.NewRecorder() - req := httptest.NewRequest( + rec, req := suite.authedReq( http.MethodPut, fmt.Sprintf("/api/poam-items/%s/milestones/%s", item.ID, uuid.New()), - bytes.NewReader(raw), + raw, ) - req.Header.Set(echo.HeaderContentType, echo.MIMEApplicationJSON) suite.newServer().E().ServeHTTP(rec, req) assert.Equal(suite.T(), http.StatusNotFound, rec.Code) } @@ -702,8 +676,7 @@ func (suite *PoamItemsApiIntegrationSuite) TestDeleteMilestone() { sspID := uuid.New() item := suite.seedItem(sspID, "Delete MS test", "open") ms := suite.seedMilestone(item.ID, "To delete", "planned", 0) - rec := httptest.NewRecorder() - req := httptest.NewRequest( + rec, req := suite.authedReq( http.MethodDelete, fmt.Sprintf("/api/poam-items/%s/milestones/%s", item.ID, ms.ID), nil, @@ -719,8 +692,7 @@ func (suite *PoamItemsApiIntegrationSuite) TestDeleteMilestone_NotFound() { suite.Require().NoError(suite.Migrator.Refresh()) sspID := uuid.New() item := suite.seedItem(sspID, "Parent exists", "open") - rec := httptest.NewRecorder() - req := httptest.NewRequest( + rec, req := suite.authedReq( http.MethodDelete, fmt.Sprintf("/api/poam-items/%s/milestones/%s", item.ID, uuid.New()), nil, @@ -739,8 +711,7 @@ func (suite *PoamItemsApiIntegrationSuite) TestListRisks() { item := suite.seedItem(sspID, "Risk list test", "open") suite.DB.Create(&poamsvc.PoamItemRiskLink{PoamItemID: item.ID, RiskID: uuid.New()}) suite.DB.Create(&poamsvc.PoamItemRiskLink{PoamItemID: item.ID, RiskID: uuid.New()}) - rec := httptest.NewRecorder() - req := httptest.NewRequest(http.MethodGet, fmt.Sprintf("/api/poam-items/%s/risks", item.ID), nil) + rec, req := suite.authedReq(http.MethodGet, fmt.Sprintf("/api/poam-items/%s/risks", item.ID), nil) suite.newServer().E().ServeHTTP(rec, req) assert.Equal(suite.T(), http.StatusOK, rec.Code) var resp GenericDataListResponse[poamsvc.PoamItemRiskLink] @@ -753,8 +724,7 @@ func (suite *PoamItemsApiIntegrationSuite) TestListEvidence() { sspID := uuid.New() item := suite.seedItem(sspID, "Evidence list test", "open") suite.DB.Create(&poamsvc.PoamItemEvidenceLink{PoamItemID: item.ID, EvidenceID: uuid.New()}) - rec := httptest.NewRecorder() - req := httptest.NewRequest(http.MethodGet, fmt.Sprintf("/api/poam-items/%s/evidence", item.ID), nil) + rec, req := suite.authedReq(http.MethodGet, fmt.Sprintf("/api/poam-items/%s/evidence", item.ID), nil) suite.newServer().E().ServeHTTP(rec, req) assert.Equal(suite.T(), http.StatusOK, rec.Code) var resp GenericDataListResponse[poamsvc.PoamItemEvidenceLink] @@ -767,8 +737,7 @@ func (suite *PoamItemsApiIntegrationSuite) TestListControls() { sspID := uuid.New() item := suite.seedItem(sspID, "Control list test", "open") suite.DB.Create(&poamsvc.PoamItemControlLink{PoamItemID: item.ID, CatalogID: uuid.New(), ControlID: "SI-2"}) - rec := httptest.NewRecorder() - req := httptest.NewRequest(http.MethodGet, fmt.Sprintf("/api/poam-items/%s/controls", item.ID), nil) + rec, req := suite.authedReq(http.MethodGet, fmt.Sprintf("/api/poam-items/%s/controls", item.ID), nil) suite.newServer().E().ServeHTTP(rec, req) assert.Equal(suite.T(), http.StatusOK, rec.Code) var resp GenericDataListResponse[poamsvc.PoamItemControlLink] @@ -782,8 +751,7 @@ func (suite *PoamItemsApiIntegrationSuite) TestListFindings() { sspID := uuid.New() item := suite.seedItem(sspID, "Finding list test", "open") suite.DB.Create(&poamsvc.PoamItemFindingLink{PoamItemID: item.ID, FindingID: uuid.New()}) - rec := httptest.NewRecorder() - req := httptest.NewRequest(http.MethodGet, fmt.Sprintf("/api/poam-items/%s/findings", item.ID), nil) + rec, req := suite.authedReq(http.MethodGet, fmt.Sprintf("/api/poam-items/%s/findings", item.ID), nil) suite.newServer().E().ServeHTTP(rec, req) assert.Equal(suite.T(), http.StatusOK, rec.Code) var resp GenericDataListResponse[poamsvc.PoamItemFindingLink] @@ -795,8 +763,7 @@ func (suite *PoamItemsApiIntegrationSuite) TestListLinks_ParentNotFound() { suite.Require().NoError(suite.Migrator.Refresh()) ghostID := uuid.New() for _, path := range []string{"risks", "evidence", "controls", "findings"} { - rec := httptest.NewRecorder() - req := httptest.NewRequest(http.MethodGet, fmt.Sprintf("/api/poam-items/%s/%s", ghostID, path), nil) + rec, req := suite.authedReq(http.MethodGet, fmt.Sprintf("/api/poam-items/%s/%s", ghostID, path), nil) suite.newServer().E().ServeHTTP(rec, req) assert.Equal(suite.T(), http.StatusNotFound, rec.Code, "expected 404 for /poam-items/:id/%s with unknown parent", path) } @@ -813,9 +780,7 @@ func (suite *PoamItemsApiIntegrationSuite) TestAddRiskLink() { riskID := uuid.New() body := addLinkRequest{ID: riskID.String()} raw, _ := json.Marshal(body) - rec := httptest.NewRecorder() - req := httptest.NewRequest(http.MethodPost, fmt.Sprintf("/api/poam-items/%s/risks", item.ID), bytes.NewReader(raw)) - req.Header.Set(echo.HeaderContentType, echo.MIMEApplicationJSON) + rec, req := suite.authedReq(http.MethodPost, fmt.Sprintf("/api/poam-items/%s/risks", item.ID), raw) suite.newServer().E().ServeHTTP(rec, req) assert.Equal(suite.T(), http.StatusCreated, rec.Code) var count int64 @@ -829,8 +794,7 @@ func (suite *PoamItemsApiIntegrationSuite) TestDeleteRiskLink() { item := suite.seedItem(sspID, "Delete risk link test", "open") riskID := uuid.New() suite.Require().NoError(suite.DB.Create(&poamsvc.PoamItemRiskLink{PoamItemID: item.ID, RiskID: riskID}).Error) - rec := httptest.NewRecorder() - req := httptest.NewRequest(http.MethodDelete, fmt.Sprintf("/api/poam-items/%s/risks/%s", item.ID, riskID), nil) + rec, req := suite.authedReq(http.MethodDelete, fmt.Sprintf("/api/poam-items/%s/risks/%s", item.ID, riskID), nil) suite.newServer().E().ServeHTTP(rec, req) assert.Equal(suite.T(), http.StatusNoContent, rec.Code) var count int64 @@ -845,9 +809,7 @@ func (suite *PoamItemsApiIntegrationSuite) TestAddEvidenceLink() { evidenceID := uuid.New() body := addLinkRequest{ID: evidenceID.String()} raw, _ := json.Marshal(body) - rec := httptest.NewRecorder() - req := httptest.NewRequest(http.MethodPost, fmt.Sprintf("/api/poam-items/%s/evidence", item.ID), bytes.NewReader(raw)) - req.Header.Set(echo.HeaderContentType, echo.MIMEApplicationJSON) + rec, req := suite.authedReq(http.MethodPost, fmt.Sprintf("/api/poam-items/%s/evidence", item.ID), raw) suite.newServer().E().ServeHTTP(rec, req) assert.Equal(suite.T(), http.StatusCreated, rec.Code) var count int64 @@ -861,8 +823,7 @@ func (suite *PoamItemsApiIntegrationSuite) TestDeleteEvidenceLink() { item := suite.seedItem(sspID, "Delete evidence link test", "open") evidenceID := uuid.New() suite.Require().NoError(suite.DB.Create(&poamsvc.PoamItemEvidenceLink{PoamItemID: item.ID, EvidenceID: evidenceID}).Error) - rec := httptest.NewRecorder() - req := httptest.NewRequest(http.MethodDelete, fmt.Sprintf("/api/poam-items/%s/evidence/%s", item.ID, evidenceID), nil) + rec, req := suite.authedReq(http.MethodDelete, fmt.Sprintf("/api/poam-items/%s/evidence/%s", item.ID, evidenceID), nil) suite.newServer().E().ServeHTTP(rec, req) assert.Equal(suite.T(), http.StatusNoContent, rec.Code) var count int64 @@ -877,9 +838,7 @@ func (suite *PoamItemsApiIntegrationSuite) TestAddFindingLink() { findingID := uuid.New() body := addLinkRequest{ID: findingID.String()} raw, _ := json.Marshal(body) - rec := httptest.NewRecorder() - req := httptest.NewRequest(http.MethodPost, fmt.Sprintf("/api/poam-items/%s/findings", item.ID), bytes.NewReader(raw)) - req.Header.Set(echo.HeaderContentType, echo.MIMEApplicationJSON) + rec, req := suite.authedReq(http.MethodPost, fmt.Sprintf("/api/poam-items/%s/findings", item.ID), raw) suite.newServer().E().ServeHTTP(rec, req) assert.Equal(suite.T(), http.StatusCreated, rec.Code) var count int64 @@ -893,8 +852,7 @@ func (suite *PoamItemsApiIntegrationSuite) TestDeleteFindingLink() { item := suite.seedItem(sspID, "Delete finding link test", "open") findingID := uuid.New() suite.Require().NoError(suite.DB.Create(&poamsvc.PoamItemFindingLink{PoamItemID: item.ID, FindingID: findingID}).Error) - rec := httptest.NewRecorder() - req := httptest.NewRequest(http.MethodDelete, fmt.Sprintf("/api/poam-items/%s/findings/%s", item.ID, findingID), nil) + rec, req := suite.authedReq(http.MethodDelete, fmt.Sprintf("/api/poam-items/%s/findings/%s", item.ID, findingID), nil) suite.newServer().E().ServeHTTP(rec, req) assert.Equal(suite.T(), http.StatusNoContent, rec.Code) var count int64 @@ -909,9 +867,7 @@ func (suite *PoamItemsApiIntegrationSuite) TestAddControlLink() { catalogID := uuid.New() body := poamControlRefRequest{CatalogID: catalogID.String(), ControlID: "AC-3"} raw, _ := json.Marshal(body) - rec := httptest.NewRecorder() - req := httptest.NewRequest(http.MethodPost, fmt.Sprintf("/api/poam-items/%s/controls", item.ID), bytes.NewReader(raw)) - req.Header.Set(echo.HeaderContentType, echo.MIMEApplicationJSON) + rec, req := suite.authedReq(http.MethodPost, fmt.Sprintf("/api/poam-items/%s/controls", item.ID), raw) suite.newServer().E().ServeHTTP(rec, req) assert.Equal(suite.T(), http.StatusCreated, rec.Code) var count int64 @@ -925,8 +881,7 @@ func (suite *PoamItemsApiIntegrationSuite) TestDeleteControlLink() { item := suite.seedItem(sspID, "Delete control link test", "open") catalogID := uuid.New() suite.Require().NoError(suite.DB.Create(&poamsvc.PoamItemControlLink{PoamItemID: item.ID, CatalogID: catalogID, ControlID: "AC-4"}).Error) - rec := httptest.NewRecorder() - req := httptest.NewRequest( + rec, req := suite.authedReq( http.MethodDelete, fmt.Sprintf("/api/poam-items/%s/controls/%s/AC-4", item.ID, catalogID), nil, @@ -952,26 +907,17 @@ func (suite *PoamItemsApiIntegrationSuite) TestCreate_DuplicateRiskLink_IsIdempo riskID := uuid.New() item := suite.seedItem(sspID, "Dup risk test", "open") - token, err := suite.GetAuthToken() - suite.Require().NoError(err) - body := fmt.Sprintf(`{"id":"%s"}`, riskID) // First POST — creates the link. - rec1 := httptest.NewRecorder() - req1 := httptest.NewRequest(http.MethodPost, - fmt.Sprintf("/api/poam-items/%s/risks", item.ID), strings.NewReader(body)) - req1.Header.Set(echo.HeaderContentType, echo.MIMEApplicationJSON) - req1.Header.Set(echo.HeaderAuthorization, "Bearer "+*token) + rec1, req1 := suite.authedReq(http.MethodPost, + fmt.Sprintf("/api/poam-items/%s/risks", item.ID), []byte(body)) suite.newServer().E().ServeHTTP(rec1, req1) assert.Equal(suite.T(), http.StatusCreated, rec1.Code, "first POST should return 201") // Second POST — idempotent, should also return 201. - rec2 := httptest.NewRecorder() - req2 := httptest.NewRequest(http.MethodPost, - fmt.Sprintf("/api/poam-items/%s/risks", item.ID), strings.NewReader(body)) - req2.Header.Set(echo.HeaderContentType, echo.MIMEApplicationJSON) - req2.Header.Set(echo.HeaderAuthorization, "Bearer "+*token) + rec2, req2 := suite.authedReq(http.MethodPost, + fmt.Sprintf("/api/poam-items/%s/risks", item.ID), []byte(body)) suite.newServer().E().ServeHTTP(rec2, req2) assert.Equal(suite.T(), http.StatusCreated, rec2.Code, "duplicate POST should be idempotent (201)") @@ -980,3 +926,4 @@ func (suite *PoamItemsApiIntegrationSuite) TestCreate_DuplicateRiskLink_IsIdempo suite.DB.Model(&poamsvc.PoamItemRiskLink{}).Where("poam_item_id = ? AND risk_id = ?", item.ID, riskID).Count(&count) assert.Equal(suite.T(), int64(1), count, "only one risk link should exist") } + From 0aa46bf2b0564a5b61f21dd558f90ce8dfbbed1e Mon Sep 17 00:00:00 2001 From: AKAbdulHanif Date: Mon, 9 Mar 2026 08:45:13 -0400 Subject: [PATCH 24/28] fix(poam): seed SSP record in TestCreate_* integration tests The Create handler calls EnsureSSPExists which queries system_security_plans. Tests that generate a random sspID without inserting the corresponding row were getting HTTP 404. Add an ensureSSP() helper and call it at the start of each TestCreate_* test that submits a valid sspId to the API. --- .../api/handler/poam_items_integration_test.go | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/internal/api/handler/poam_items_integration_test.go b/internal/api/handler/poam_items_integration_test.go index 13d52465..03a7b25b 100644 --- a/internal/api/handler/poam_items_integration_test.go +++ b/internal/api/handler/poam_items_integration_test.go @@ -13,6 +13,7 @@ import ( "time" "github.com/compliance-framework/api/internal/api" + "github.com/compliance-framework/api/internal/service/relational" poamsvc "github.com/compliance-framework/api/internal/service/relational/poam" "github.com/compliance-framework/api/internal/tests" "github.com/google/uuid" @@ -20,6 +21,7 @@ import ( "github.com/stretchr/testify/assert" "github.com/stretchr/testify/suite" "go.uber.org/zap" + "gorm.io/gorm/clause" ) // --------------------------------------------------------------------------- @@ -62,6 +64,13 @@ func (suite *PoamItemsApiIntegrationSuite) authedReq(method, path string, body [ return rec, req } +// ensureSSP seeds a SystemSecurityPlan row so that the Create handler's +// EnsureSSPExists check passes. The SSP record only needs an ID. +func (suite *PoamItemsApiIntegrationSuite) ensureSSP(id uuid.UUID) { + ssp := relational.SystemSecurityPlan{UUIDModel: relational.UUIDModel{ID: &id}} + suite.Require().NoError(suite.DB.Clauses(clause.OnConflict{DoNothing: true}).Create(&ssp).Error) +} + // seedItem inserts a PoamItem directly into the DB, bypassing the API. func (suite *PoamItemsApiIntegrationSuite) seedItem(sspID uuid.UUID, title, status string) poamsvc.PoamItem { item := poamsvc.PoamItem{ @@ -97,6 +106,7 @@ func (suite *PoamItemsApiIntegrationSuite) seedMilestone(poamID uuid.UUID, title func (suite *PoamItemsApiIntegrationSuite) TestCreate_MinimalPayload() { suite.Require().NoError(suite.Migrator.Refresh()) sspID := uuid.New() + suite.ensureSSP(sspID) body := createPoamItemRequest{ SspID: sspID.String(), Title: "Remediate secret scanning", @@ -118,6 +128,7 @@ func (suite *PoamItemsApiIntegrationSuite) TestCreate_MinimalPayload() { func (suite *PoamItemsApiIntegrationSuite) TestCreate_WithMilestonesAndLinks() { suite.Require().NoError(suite.Migrator.Refresh()) sspID := uuid.New() + suite.ensureSSP(sspID) due := time.Now().Add(30 * 24 * time.Hour).UTC().Truncate(time.Second) body := createPoamItemRequest{ SspID: sspID.String(), @@ -145,6 +156,7 @@ func (suite *PoamItemsApiIntegrationSuite) TestCreate_WithMilestonesAndLinks() { func (suite *PoamItemsApiIntegrationSuite) TestCreate_WithRiskLinks() { suite.Require().NoError(suite.Migrator.Refresh()) sspID := uuid.New() + suite.ensureSSP(sspID) riskID := uuid.New() body := createPoamItemRequest{ SspID: sspID.String(), @@ -168,6 +180,7 @@ func (suite *PoamItemsApiIntegrationSuite) TestCreate_WithRiskLinks() { func (suite *PoamItemsApiIntegrationSuite) TestCreate_WithAllLinkTypes() { suite.Require().NoError(suite.Migrator.Refresh()) sspID := uuid.New() + suite.ensureSSP(sspID) riskID := uuid.New() evidenceID := uuid.New() findingID := uuid.New() @@ -206,6 +219,7 @@ func (suite *PoamItemsApiIntegrationSuite) TestCreate_WithAllLinkTypes() { func (suite *PoamItemsApiIntegrationSuite) TestCreate_InvalidSspID() { suite.Require().NoError(suite.Migrator.Refresh()) + // No SSP seeded — invalid UUID should be rejected before the DB lookup. body := map[string]interface{}{"sspId": "not-a-uuid", "title": "X", "status": "open"} raw, _ := json.Marshal(body) rec, req := suite.authedReq(http.MethodPost, "/api/poam-items", raw) From a099859b6b019b1334e719816bc05b9d415dbd25 Mon Sep 17 00:00:00 2001 From: AKAbdulHanif Date: Mon, 9 Mar 2026 08:52:18 -0400 Subject: [PATCH 25/28] fix(poam): correct dueBefore query param to deadlineBefore in test The List handler reads 'deadlineBefore' (not 'dueBefore') from the query string. The test was sending the wrong param name so the filter was never applied, causing all items to be returned instead of just the past-due one. --- internal/api/handler/poam_items_integration_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internal/api/handler/poam_items_integration_test.go b/internal/api/handler/poam_items_integration_test.go index 03a7b25b..7dede3d5 100644 --- a/internal/api/handler/poam_items_integration_test.go +++ b/internal/api/handler/poam_items_integration_test.go @@ -312,7 +312,7 @@ func (suite *PoamItemsApiIntegrationSuite) TestList_FilterByDueBefore() { suite.Require().NoError(suite.DB.Create(&itemPast).Error) suite.Require().NoError(suite.DB.Create(&itemFuture).Error) cutoff := time.Now().UTC().Format(time.RFC3339) - rec, req := suite.authedReq(http.MethodGet, fmt.Sprintf("/api/poam-items?dueBefore=%s", cutoff), nil) + rec, req := suite.authedReq(http.MethodGet, fmt.Sprintf("/api/poam-items?deadlineBefore=%s", cutoff), nil) suite.newServer().E().ServeHTTP(rec, req) assert.Equal(suite.T(), http.StatusOK, rec.Code) var resp GenericDataListResponse[poamItemResponse] From ac30f8a4b5257aae27863d565fb8ef70e96c42d3 Mon Sep 17 00:00:00 2001 From: AKAbdulHanif Date: Tue, 10 Mar 2026 08:00:52 -0400 Subject: [PATCH 26/28] fix: address PR review comments - orderIndex in createMilestoneRequest changed to *int so explicit 0 is distinguishable from an omitted field; inline milestone loop in Create handler falls back to slice position when nil - overdueOnly filter now includes status='overdue' in the IN clause so items already persisted with that status are not silently excluded - removed blank identifier var _ = relational.SystemSecurityPlan{} and the relational import from models.go (import only needed in service.go) - added DB-level FK absence comments on all four link tables explaining the intentional cross-bounded-context design decision - added SSP-scoped routes /system-security-plans/:sspId/poam-items via RegisterSSPScoped; List and Create handlers inject the path param into filters/body automatically so clients don't repeat the SSP ID - regenerated Swagger docs --- docs/docs.go | 1 + docs/swagger.json | 1 + docs/swagger.yaml | 3 ++ internal/api/handler/api.go | 6 +++ internal/api/handler/poam_items.go | 46 +++++++++++++++++-- .../handler/poam_items_integration_test.go | 9 ++-- internal/service/relational/poam/models.go | 12 +++-- internal/service/relational/poam/queries.go | 4 +- 8 files changed, 69 insertions(+), 13 deletions(-) diff --git a/docs/docs.go b/docs/docs.go index 8bca18b8..08b2a60d 100644 --- a/docs/docs.go +++ b/docs/docs.go @@ -25776,6 +25776,7 @@ const docTemplate = `{ "type": "string" }, "orderIndex": { + "description": "OrderIndex is a pointer so that clients can explicitly set 0 without it\nbeing indistinguishable from an omitted field.", "type": "integer" }, "scheduledCompletionDate": { diff --git a/docs/swagger.json b/docs/swagger.json index b16bdfa9..10db5e57 100644 --- a/docs/swagger.json +++ b/docs/swagger.json @@ -25770,6 +25770,7 @@ "type": "string" }, "orderIndex": { + "description": "OrderIndex is a pointer so that clients can explicitly set 0 without it\nbeing indistinguishable from an omitted field.", "type": "integer" }, "scheduledCompletionDate": { diff --git a/docs/swagger.yaml b/docs/swagger.yaml index db90ea5e..bdf9a770 100644 --- a/docs/swagger.yaml +++ b/docs/swagger.yaml @@ -1522,6 +1522,9 @@ definitions: description: type: string orderIndex: + description: |- + OrderIndex is a pointer so that clients can explicitly set 0 without it + being indistinguishable from an omitted field. type: integer scheduledCompletionDate: type: string diff --git a/internal/api/handler/api.go b/internal/api/handler/api.go index 1fc14d71..6c25e2b5 100644 --- a/internal/api/handler/api.go +++ b/internal/api/handler/api.go @@ -51,9 +51,15 @@ func RegisterHandlers(server *api.Server, logger *zap.SugaredLogger, db *gorm.DB poamService := poamsvc.NewPoamService(db) poamHandler := NewPoamItemsHandler(poamService, logger) + // Flat route: /api/poam-items (supports ?sspId= query filter) poamGroup := server.API().Group("/poam-items") poamGroup.Use(middleware.JWTMiddleware(config.JWTPublicKey)) poamHandler.Register(poamGroup) + // SSP-scoped route: /api/system-security-plans/:sspId/poam-items + // The :sspId path param is automatically injected into list/create filters. + sspPoamGroup := server.API().Group("/system-security-plans/:sspId/poam-items") + sspPoamGroup.Use(middleware.JWTMiddleware(config.JWTPublicKey)) + poamHandler.RegisterSSPScoped(sspPoamGroup) riskHandler := NewRiskHandler(logger, db) riskGroup := server.API().Group("/risks") diff --git a/internal/api/handler/poam_items.go b/internal/api/handler/poam_items.go index 1a56238b..5e70afdb 100644 --- a/internal/api/handler/poam_items.go +++ b/internal/api/handler/poam_items.go @@ -30,6 +30,17 @@ func NewPoamItemsHandler(svc *poamsvc.PoamService, sugar *zap.SugaredLogger) *Po // Register mounts all POAM routes onto the given Echo group. JWT middleware // is applied at the group level in api.go. func (h *PoamItemsHandler) Register(g *echo.Group) { + h.registerRoutes(g) +} + +// RegisterSSPScoped mounts all POAM routes under an SSP-scoped group +// (e.g. /system-security-plans/:sspId/poam-items). The :sspId path param is +// extracted and injected into list/create filters automatically. +func (h *PoamItemsHandler) RegisterSSPScoped(g *echo.Group) { + h.registerRoutes(g) +} + +func (h *PoamItemsHandler) registerRoutes(g *echo.Group) { g.GET("", h.List) g.POST("", h.Create) g.GET("/:id", h.Get) @@ -102,7 +113,9 @@ type createMilestoneRequest struct { Description string `json:"description"` Status string `json:"status"` ScheduledCompletionDate *time.Time `json:"scheduledCompletionDate"` - OrderIndex int `json:"orderIndex"` + // OrderIndex is a pointer so that clients can explicitly set 0 without it + // being indistinguishable from an omitted field. + OrderIndex *int `json:"orderIndex"` } type updateMilestoneRequest struct { @@ -276,6 +289,15 @@ func (h *PoamItemsHandler) List(c echo.Context) error { if err != nil { return c.JSON(http.StatusBadRequest, api.NewError(err)) } + // When mounted under /system-security-plans/:sspId/poam-items, the sspId + // path param takes precedence over the query parameter. + if sspIDParam := c.Param("sspId"); sspIDParam != "" { + parsed, err := uuid.Parse(sspIDParam) + if err != nil { + return c.JSON(http.StatusBadRequest, api.NewError(fmt.Errorf("sspId path param must be a valid UUID"))) + } + filters.SspID = &parsed + } items, err := h.poamService.List(filters) if err != nil { return h.internalError(c, "failed to list poam items", err) @@ -305,10 +327,14 @@ func (h *PoamItemsHandler) Create(c echo.Context) error { if err := c.Bind(&in); err != nil { return c.JSON(http.StatusBadRequest, api.NewError(err)) } + // When mounted under /system-security-plans/:sspId/poam-items, the sspId + // path param overrides the body field so the client doesn't have to repeat it. + if sspIDParam := c.Param("sspId"); sspIDParam != "" { + in.SspID = sspIDParam + } if err := c.Validate(&in); err != nil { return c.JSON(http.StatusBadRequest, api.NewError(err)) } - sspID, err := uuid.Parse(in.SspID) if err != nil { return c.JSON(http.StatusBadRequest, api.NewError(fmt.Errorf("sspId must be a valid UUID"))) @@ -376,19 +402,25 @@ func (h *PoamItemsHandler) Create(c echo.Context) error { } params.ControlRefs = controlRefs - for _, mr := range in.Milestones { + for i, mr := range in.Milestones { if mr.Title == "" { return c.JSON(http.StatusBadRequest, api.NewError(fmt.Errorf("milestone title is required"))) } if mr.Status != "" && !poamsvc.MilestoneStatus(mr.Status).IsValid() { return c.JSON(http.StatusBadRequest, api.NewError(fmt.Errorf("invalid milestone status: %s", mr.Status))) } + // When orderIndex is omitted (nil), fall back to the slice position so + // ordering is still deterministic without requiring the client to set it. + msOrderIdx := i + if mr.OrderIndex != nil { + msOrderIdx = *mr.OrderIndex + } params.Milestones = append(params.Milestones, poamsvc.CreateMilestoneParams{ Title: mr.Title, Description: mr.Description, Status: mr.Status, ScheduledCompletionDate: mr.ScheduledCompletionDate, - OrderIndex: mr.OrderIndex, + OrderIndex: msOrderIdx, }) } @@ -626,12 +658,16 @@ func (h *PoamItemsHandler) AddMilestone(c echo.Context) error { if in.Status != "" && !poamsvc.MilestoneStatus(in.Status).IsValid() { return c.JSON(http.StatusBadRequest, api.NewError(fmt.Errorf("invalid milestone status: %s", in.Status))) } + var orderIdx int + if in.OrderIndex != nil { + orderIdx = *in.OrderIndex + } m, err := h.poamService.AddMilestone(id, poamsvc.CreateMilestoneParams{ Title: in.Title, Description: in.Description, Status: in.Status, ScheduledCompletionDate: in.ScheduledCompletionDate, - OrderIndex: in.OrderIndex, + OrderIndex: orderIdx, }) if err != nil { return h.internalError(c, "failed to add milestone", err) diff --git a/internal/api/handler/poam_items_integration_test.go b/internal/api/handler/poam_items_integration_test.go index 7dede3d5..283fcbd5 100644 --- a/internal/api/handler/poam_items_integration_test.go +++ b/internal/api/handler/poam_items_integration_test.go @@ -64,6 +64,9 @@ func (suite *PoamItemsApiIntegrationSuite) authedReq(method, path string, body [ return rec, req } +// intPtr is a convenience helper that returns a pointer to an int literal. +func intPtr(i int) *int { return &i } + // ensureSSP seeds a SystemSecurityPlan row so that the Create handler's // EnsureSSPExists check passes. The SSP record only needs an ID. func (suite *PoamItemsApiIntegrationSuite) ensureSSP(id uuid.UUID) { @@ -137,8 +140,8 @@ func (suite *PoamItemsApiIntegrationSuite) TestCreate_WithMilestonesAndLinks() { Status: "open", SourceType: "risk-promotion", Milestones: []createMilestoneRequest{ - {Title: "Patch staging", Status: "planned", ScheduledCompletionDate: &due, OrderIndex: 0}, - {Title: "Patch production", Status: "planned", OrderIndex: 1}, + {Title: "Patch staging", Status: "planned", ScheduledCompletionDate: &due, OrderIndex: intPtr(0)}, + {Title: "Patch production", Status: "planned", OrderIndex: intPtr(1)}, }, } raw, _ := json.Marshal(body) @@ -578,7 +581,7 @@ func (suite *PoamItemsApiIntegrationSuite) TestAddMilestone() { Description: "Deploy patched version to staging", Status: "planned", ScheduledCompletionDate: &due, - OrderIndex: 0, + OrderIndex: intPtr(0), } raw, _ := json.Marshal(body) rec, req := suite.authedReq(http.MethodPost, fmt.Sprintf("/api/poam-items/%s/milestones", item.ID), raw) diff --git a/internal/service/relational/poam/models.go b/internal/service/relational/poam/models.go index ccedd1c8..61ce18b5 100644 --- a/internal/service/relational/poam/models.go +++ b/internal/service/relational/poam/models.go @@ -4,7 +4,6 @@ import ( "fmt" "time" - "github.com/compliance-framework/api/internal/service/relational" "github.com/google/uuid" "gorm.io/gorm" ) @@ -150,6 +149,11 @@ func (m *PoamItemMilestone) BeforeCreate(_ *gorm.DB) error { // PoamItemRiskLink is the join table linking PoamItems to Risks. // Uses a composite primary key and OnDelete:CASCADE to match the Risk service // link table pattern (e.g., risk_evidence_links). +// +// Note: only the PoamItem side carries a DB-level FK constraint. The RiskID +// column intentionally has no FK back to the risks table because Risks live in +// a separate bounded context. Referential integrity on the Risk side is +// enforced at the application layer (EnsureExists checks before link creation). type PoamItemRiskLink struct { PoamItemID uuid.UUID `gorm:"type:uuid;primaryKey" json:"poamItemId"` RiskID uuid.UUID `gorm:"type:uuid;primaryKey;index" json:"riskId"` @@ -161,6 +165,7 @@ type PoamItemRiskLink struct { func (PoamItemRiskLink) TableName() string { return "ccf_poam_item_risk_links" } // PoamItemEvidenceLink is the join table linking PoamItems to Evidence records. +// EvidenceID has no DB-level FK (same cross-context reasoning as PoamItemRiskLink). type PoamItemEvidenceLink struct { PoamItemID uuid.UUID `gorm:"type:uuid;primaryKey" json:"poamItemId"` EvidenceID uuid.UUID `gorm:"type:uuid;primaryKey;index" json:"evidenceId"` @@ -172,6 +177,7 @@ type PoamItemEvidenceLink struct { func (PoamItemEvidenceLink) TableName() string { return "ccf_poam_item_evidence_links" } // PoamItemControlLink is the join table linking PoamItems to Controls. +// CatalogID/ControlID have no DB-level FK (same cross-context reasoning as PoamItemRiskLink). type PoamItemControlLink struct { PoamItemID uuid.UUID `gorm:"type:uuid;primaryKey" json:"poamItemId"` CatalogID uuid.UUID `gorm:"type:uuid;primaryKey;index" json:"catalogId"` @@ -184,6 +190,7 @@ type PoamItemControlLink struct { func (PoamItemControlLink) TableName() string { return "ccf_poam_item_control_links" } // PoamItemFindingLink is the join table linking PoamItems to Findings. +// FindingID has no DB-level FK (same cross-context reasoning as PoamItemRiskLink). type PoamItemFindingLink struct { PoamItemID uuid.UUID `gorm:"type:uuid;primaryKey" json:"poamItemId"` FindingID uuid.UUID `gorm:"type:uuid;primaryKey;index" json:"findingId"` @@ -199,6 +206,3 @@ type ControlRef struct { CatalogID uuid.UUID `json:"catalogId"` ControlID string `json:"controlId"` } - -// Ensure the relational package is imported (used for SSP existence checks in the service). -var _ = relational.SystemSecurityPlan{} diff --git a/internal/service/relational/poam/queries.go b/internal/service/relational/poam/queries.go index ca65c90f..cd9b3a74 100644 --- a/internal/service/relational/poam/queries.go +++ b/internal/service/relational/poam/queries.go @@ -39,7 +39,9 @@ func ApplyFilters(query *gorm.DB, filters ListFilters) *gorm.DB { if filters.OverdueOnly { now := time.Now().UTC() q = q.Where( - "ccf_poam_items.status IN ('open','in-progress') AND ccf_poam_items.planned_completion_date IS NOT NULL AND ccf_poam_items.planned_completion_date < ?", + // Include 'overdue' in the filter so that items already persisted with + // that status (a valid PoamItemStatus) are not silently excluded. + "ccf_poam_items.status IN ('open','in-progress','overdue') AND ccf_poam_items.planned_completion_date IS NOT NULL AND ccf_poam_items.planned_completion_date < ?", now, ) } From b94c643efa79678408508f887176c3473b953f07 Mon Sep 17 00:00:00 2001 From: AKAbdulHanif Date: Tue, 10 Mar 2026 12:17:07 -0400 Subject: [PATCH 27/28] fix(api): restore SSP-scoped risk routes dropped during rebase conflict resolution --- internal/api/handler/api.go | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/internal/api/handler/api.go b/internal/api/handler/api.go index 6c25e2b5..67d15e74 100644 --- a/internal/api/handler/api.go +++ b/internal/api/handler/api.go @@ -65,7 +65,9 @@ func RegisterHandlers(server *api.Server, logger *zap.SugaredLogger, db *gorm.DB riskGroup := server.API().Group("/risks") riskGroup.Use(middleware.JWTMiddleware(config.JWTPublicKey)) riskHandler.Register(riskGroup) - + sspRiskGroup := server.API().Group("/ssp/:sspId/risks") + sspRiskGroup.Use(middleware.JWTMiddleware(config.JWTPublicKey)) + riskHandler.RegisterSSPScoped(sspRiskGroup) riskTemplateHandler := templatehandlers.NewRiskTemplateHandler(logger, db) riskTemplateGroup := server.API().Group("/risk-templates") riskTemplateGroup.Use(middleware.JWTMiddleware(config.JWTPublicKey)) From 1e95b26988aa62b03c68b9918c3cba7b2438a00c Mon Sep 17 00:00:00 2001 From: AKAbdulHanif Date: Tue, 10 Mar 2026 12:28:10 -0400 Subject: [PATCH 28/28] fix(oscal): use composite catalog+ID key in mergeControls/mergeGroups to prevent cross-catalog collisions - Adds controlMergeKey and groupMergeKey structs (matching main branch implementation) - Fixes TestProfileControlMerging/CrossCatalog and TestProfileGroupMerging unit tests - Also fixes profiles_integration_test.go to pass nil evidenceSvc to RegisterHandlers (signature changed in main to require *APIServices) --- internal/api/handler/oscal/profiles.go | 24 ++++++++++++++----- .../oscal/profiles_integration_test.go | 2 +- 2 files changed, 19 insertions(+), 7 deletions(-) diff --git a/internal/api/handler/oscal/profiles.go b/internal/api/handler/oscal/profiles.go index 8e22654d..917e7252 100644 --- a/internal/api/handler/oscal/profiles.go +++ b/internal/api/handler/oscal/profiles.go @@ -1475,15 +1475,26 @@ func rollUpToRootGroup(db *gorm.DB, group relational.Group) (relational.Group, e return group, nil } +type controlMergeKey struct { + CatalogID uuid.UUID + ID string +} + +type groupMergeKey struct { + CatalogID uuid.UUID + ID string +} + func mergeControls(controls ...relational.Control) []relational.Control { - mapped := map[string]relational.Control{} + mapped := map[controlMergeKey]relational.Control{} for _, control := range controls { - if sub, ok := mapped[control.ID]; ok { + key := controlMergeKey{CatalogID: control.CatalogID, ID: control.ID} + if sub, ok := mapped[key]; ok { control.Controls = append(control.Controls, sub.Controls...) } control.Controls = mergeControls(control.Controls...) - mapped[control.ID] = control + mapped[key] = control } flattened := []relational.Control{} @@ -1494,16 +1505,17 @@ func mergeControls(controls ...relational.Control) []relational.Control { } func mergeGroups(groups ...relational.Group) []relational.Group { - mapped := map[string]relational.Group{} + mapped := map[groupMergeKey]relational.Group{} for _, group := range groups { - if sub, ok := mapped[group.ID]; ok { + key := groupMergeKey{CatalogID: group.CatalogID, ID: group.ID} + if sub, ok := mapped[key]; ok { group.Groups = append(group.Groups, sub.Groups...) group.Controls = append(group.Controls, sub.Controls...) } group.Controls = mergeControls(group.Controls...) group.Groups = mergeGroups(group.Groups...) - mapped[group.ID] = group + mapped[key] = group } flattened := []relational.Group{} for _, group := range mapped { diff --git a/internal/api/handler/oscal/profiles_integration_test.go b/internal/api/handler/oscal/profiles_integration_test.go index 5f776dac..2bd30f57 100644 --- a/internal/api/handler/oscal/profiles_integration_test.go +++ b/internal/api/handler/oscal/profiles_integration_test.go @@ -62,7 +62,7 @@ func (suite *ProfileIntegrationSuite) SetupSuite() { suite.logger = logger.Sugar() metrics := api.NewMetricsHandler(context.Background(), suite.logger) suite.server = api.NewServer(context.Background(), suite.logger, suite.Config, metrics) - RegisterHandlers(suite.server, suite.logger, suite.DB, suite.Config) + RegisterHandlers(suite.server, suite.logger, suite.DB, suite.Config, nil) profileFp, err := os.Open("../../../../testdata/profile_fedramp_low.json") suite.Require().NoError(err, "Failed to open profile file")