Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[REQ] Include the variables of nested schemas in each CodegenProperty #18598

Open
tyler-mairose-sp opened this issue May 7, 2024 · 0 comments
Open

[REQ] Include the variables of nested schemas in each CodegenProperty #18598

tyler-mairose-sp opened this issue May 7, 2024 · 0 comments
Labels
Enhancement: Feature

Comments

@tyler-mairose-sp
Copy link
Contributor

tyler-mairose-sp commented May 7, 2024
edited

Is your feature request related to a problem? Please describe.

I am attempting to create automated tests and documentation from a complex schema object. The language I am currently working in is python although I believe this would be a feature request of the Generator.

I am using the jar file for version 7.2.0 of the generator.

Given the following path spec, I am not able to access any vars past the first level of properties. I would want to use examples that are on each property but that doesn't give me quite what I need/expect.

Using what is available now I can generate the following example, which is mostly correct minus the nested objects like owner, source, etc...

Mustache:

    {{#bodyParams}}
    {{#vars}}
    {{name}} = {{{example}}}
    {{/vars}}
    {{/bodyParams}}

    create_access_profile_request = sailpoint.v3.CreateAccessProfileRequest(
        id="2c91808a7190d06e01719938fcd20792",
        name="Employee-database-read-write",
        description="Collection of entitlements to read/write the employee database",
        created="2021-03-01T22:32:58.104Z",
        modified="2021-03-02T20:22:28.104Z",
        enabled=True,
        owner=sailpoint.v3.models.create_access_profile_request_owner.createAccessProfile_request_owner(
            type="IDENTITY",
            id="2c9180a46faadee4016fb4e018c20639",
            name="support",
        ),
        source=sailpoint.v3.models.create_access_profile_request_source.createAccessProfile_request_source(
            id="2c91809773dee3610173fdb0b6061ef4",
            type="SOURCE",
            name="ODS-AD-SOURCE",
        ),
        entitlements=[
            sailpoint.v3.models.create_access_profile_request_entitlements_inner.createAccessProfile_request_entitlements_inner(
                type="ENTITLEMENT",
                id="2c91809773dee32014e13e122092014e",
                name="CN=entitlement.490efde5,OU=OrgCo,OU=ServiceDept,DC=HQAD,DC=local",
            )
        ],
        requestable=True,
        access_request_config=sailpoint.v3.models.create_access_profile_request_access_request_config.createAccessProfile_request_accessRequestConfig(
            comments_required=True,
            denial_comments_required=True,
            approval_schemes=[
                sailpoint.v3.models.create_access_profile_request_access_request_config_approval_schemes_inner.createAccessProfile_request_accessRequestConfig_approvalSchemes_inner(
                    approver_type="GOVERNANCE_GROUP",
                    approver_id="46c79819-a69f-49a2-becb-12c971ae66c6",
                )
            ],
        ),
        revocation_request_config=sailpoint.v3.models.create_access_profile_request_revocation_request_config.createAccessProfile_request_revocationRequestConfig(
            approval_schemes=[
                sailpoint.v3.models.create_access_profile_request_access_request_config_approval_schemes_inner.createAccessProfile_request_accessRequestConfig_approvalSchemes_inner(
                    approver_type="GOVERNANCE_GROUP",
                    approver_id="46c79819-a69f-49a2-becb-12c971ae66c6",
                )
            ],
        ),
        segments=[
            "f7b1b8a3-5fed-4fd4-ad29-82014e137e19",
            "29cb6c06-1da8-43ea-8be4-b3125f248f2a",
        ],
        provisioning_criteria=sailpoint.v3.models.create_access_profile_request_provisioning_criteria.createAccessProfile_request_provisioningCriteria(
            operation="EQUALS",
            attribute="email",
            value="carlee.cert1c9f9b6fd@mailinator.com",
            children=[
                sailpoint.v3.models.create_access_profile_request_provisioning_criteria_children_inner.createAccessProfile_request_provisioningCriteria_children_inner(
                    operation="EQUALS",
                    attribute="email",
                    value="carlee.cert1c9f9b6fd@mailinator.com",
                )
            ],
        ),
    )
paths:
  /access-profiles:
    post:
      operationId: createAccessProfile
      tags:
        - Access Profiles
      summary: Create an Access Profile
      description: >-
        This API creates an Access Profile.

        A token with API, ORG_ADMIN, ROLE_ADMIN, ROLE_SUBADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to
        call this API. In addition, a token with only ROLE_SUBADMIN or SOURCE_SUBADMIN authority must be associated with the
        Access Profile's Source.

        The maximum supported length for the description field is 2000 characters.
        Longer descriptions will be preserved for existing access profiles, however, any new access profiles as well as any updates to existing descriptions will be limited to 2000 characters.
      requestBody:
        required: true
        content:
          application/json:
            schema:
              type: object
              description: Access Profile
              properties:
                id:
                  type: string
                  description: The ID of the Access Profile
                  example: 2c91808a7190d06e01719938fcd20792
                  readOnly: true
                name:
                  type: string
                  description: Name of the Access Profile
                  example: Employee-database-read-write
                description:
                  type: string
                  nullable: true
                  description: Information about the Access Profile
                  example: Collection of entitlements to read/write the employee database
                created:
                  type: string
                  description: Date the Access Profile was created
                  format: 'date-time'
                  example: '2021-03-01T22:32:58.104Z'
                  readOnly: true
                modified:
                  type: string
                  description: Date the Access Profile was last modified.
                  format: 'date-time'
                  example: '2021-03-02T20:22:28.104Z'
                  readOnly: true
                enabled:
                  type: boolean
                  default: true
                  description: Whether the Access Profile is enabled. If the Access Profile is enabled then you must include at least one Entitlement.
                  example: true
                owner:
                  type: object
                  nullable: false
                  description: The owner of this object.
                  properties:
                    type:
                      type: string 
                      enum: 
                        - IDENTITY
                      description: Owner type. This field must be either left null or set to 'IDENTITY' on input, otherwise a 400 Bad Request error will result.
                      example: 'IDENTITY'
                    id:
                      type: string
                      description: Identity id
                      example: '2c9180a46faadee4016fb4e018c20639'
                    name:
                      type: string
                      description: Human-readable display name of the owner. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner's display name, otherwise a 400 Bad Request error will result.
                      example: 'support'
                source:
                  type: object
                  properties:
                      id:
                        type: string
                        description: The ID of the Source with with which the Access Profile is associated
                        example: 2c91809773dee3610173fdb0b6061ef4
                      type:
                        type: string
                        enum:
                          - SOURCE
                        description: The type of the Source, will always be SOURCE
                        example: SOURCE
                      name:
                        type: string
                        description: The display name of the associated Source
                        example: "ODS-AD-SOURCE"
                entitlements:
                  type: array
                  nullable: true
                  description: A list of entitlements associated with the Access Profile. If enabled is false this is allowed to be empty otherwise it needs to contain at least one Entitlement.
                  items:
                    type: object
                    description: Entitlement including a specific set of access.
                    properties:
                      type:
                        type: string 
                        description: Entitlement's DTO type. 
                        enum: 
                          - ENTITLEMENT
                        example: ENTITLEMENT
                      id:
                        type: string
                        description: Entitlement's ID. 
                        example: 2c91809773dee32014e13e122092014e
                      name:
                        type: string
                        nullable: true
                        description: Entitlement's display name. 
                        example: "CN=entitlement.490efde5,OU=OrgCo,OU=ServiceDept,DC=HQAD,DC=local"
                requestable:
                  type: boolean
                  default: true
                  description: >- 
                    Whether the Access Profile is requestable via access request. Currently, making an Access Profile non-requestable is only supported 
                    for customers enabled with the new Request Center. Otherwise, attempting to create an Access Profile with a value 
                    **false** in this field results in a 400 error.
                  example: true
                accessRequestConfig:
                  type: object
                  nullable : true
                  properties:
                    commentsRequired:
                      type: boolean
                      description: Whether the requester of the containing object must provide comments justifying the request
                      example: true
                      nullable: true
                      default: false
                    denialCommentsRequired:
                      type: boolean
                      description: Whether an approver must provide comments when denying the request
                      example: true
                      nullable: true
                      default: false
                    approvalSchemes:
                      type: array
                      nullable : true
                      description: List describing the steps in approving the request
                      items:
                        type: object
                        properties:
                          approverType:
                            type: string
                            enum:
                              - APP_OWNER
                              - OWNER
                              - SOURCE_OWNER
                              - MANAGER
                              - GOVERNANCE_GROUP
                            description: >-
                              Describes the individual or group that is responsible for an approval step. Values are as follows.

                              **APP_OWNER**: The owner of the Application


                              **OWNER**: Owner of the associated Access Profile or Role


                              **SOURCE_OWNER**: Owner of the Source associated with an Access Profile


                              **MANAGER**: Manager of the Identity making the request


                              **GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field
                            
                            example: GOVERNANCE_GROUP
                          approverId:
                            type: string
                            nullable: true
                            description: Id of the specific approver, used only when approverType is GOVERNANCE_GROUP
                            example: 46c79819-a69f-49a2-becb-12c971ae66c6
                revocationRequestConfig:
                  type: object
                  nullable : true
                  properties:
                    approvalSchemes:
                      type: array
                      nullable: true
                      description: List describing the steps in approving the revocation request
                      items:
                        type: object
                        properties:
                          approverType:
                            type: string
                            enum:
                              - APP_OWNER
                              - OWNER
                              - SOURCE_OWNER
                              - MANAGER
                              - GOVERNANCE_GROUP
                            description: >-
                              Describes the individual or group that is responsible for an approval step. Values are as follows.

                              **APP_OWNER**: The owner of the Application


                              **OWNER**: Owner of the associated Access Profile or Role


                              **SOURCE_OWNER**: Owner of the Source associated with an Access Profile


                              **MANAGER**: Manager of the Identity making the request


                              **GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field
                            
                            example: GOVERNANCE_GROUP
                          approverId:
                            type: string
                            nullable: true
                            description: Id of the specific approver, used only when approverType is GOVERNANCE_GROUP
                            example: 46c79819-a69f-49a2-becb-12c971ae66c6
                segments:
                  type: array
                  nullable: true
                  items:
                    type: string
                  description: List of IDs of segments, if any, to which this Access Profile is assigned.
                  example: [
                      "f7b1b8a3-5fed-4fd4-ad29-82014e137e19",
                      "29cb6c06-1da8-43ea-8be4-b3125f248f2a"
                  ]
                provisioningCriteria:
                  type: object
                  nullable: true
                  description: Defines matching criteria for an Account to be provisioned with a specific Access Profile
                  properties:
                      operation:
                        type: string
                        enum:
                            - EQUALS
                            - NOT_EQUALS
                            - CONTAINS
                            - HAS
                            - AND
                            - OR
                        description: Supported operations on ProvisioningCriteria
                        example: EQUALS
                      attribute:
                          type: string
                          description: >-
                              Name of the Account attribute to be tested. If **operation** is one of EQUALS, NOT_EQUALS, CONTAINS, or HAS,
                              this field is required. Otherwise, specifying it is an error.
                          example: email
                          nullable: true
                      value:
                          type: string
                          nullable: true
                          description: >-
                              String value to test the Account attribute w/r/t the specified operation. If the operation is one of EQUALS,
                              NOT_EQUALS, or CONTAINS, this field is required. Otherwise, specifying it is an error. If the Attribute is
                              not String-typed, it will be converted to the appropriate type.
                          example: "carlee.cert1c9f9b6fd@mailinator.com"
                      children:
                          type: array
                          items:
                            type: object
                            description: Defines matching criteria for an Account to be provisioned with a specific Access Profile
                            properties:
                                operation:
                                    type: string
                                    enum:
                                        - EQUALS
                                        - NOT_EQUALS
                                        - CONTAINS
                                        - HAS
                                        - AND
                                        - OR
                                    description: Supported operations on ProvisioningCriteria
                                    example: EQUALS
                                attribute:
                                    type: string
                                    description: >-
                                        Name of the Account attribute to be tested. If **operation** is one of EQUALS, NOT_EQUALS, CONTAINS, or HAS,
                                        this field is required. Otherwise, specifying it is an error.
                                    example: email
                                    nullable: true
                                value:
                                    type: string
                                    nullable: true
                                    description: >-
                                        String value to test the Account attribute w/r/t the specified operation. If the operation is one of EQUALS,
                                        NOT_EQUALS, or CONTAINS, this field is required. Otherwise, specifying it is an error. If the Attribute is
                                        not String-typed, it will be converted to the appropriate type.
                                    example: "carlee.cert1c9f9b6fd@mailinator.com"
                                children:
                                    type: array
                                    items:
                                      type: object
                                      description: Defines matching criteria for an Account to be provisioned with a specific Access Profile
                                      properties:
                                          operation:
                                            type: string
                                            enum:
                                                - EQUALS
                                                - NOT_EQUALS
                                                - CONTAINS
                                                - HAS
                                                - AND
                                                - OR
                                            description: Supported operations on ProvisioningCriteria
                                            example: EQUALS
                                          attribute:
                                              type: string
                                              description: >-
                                                  Name of the Account attribute to be tested. If **operation** is one of EQUALS, NOT_EQUALS, CONTAINS, or HAS,
                                                  this field is required. Otherwise, specifying it is an error.
                                              example: email
                                              nullable: true
                                          value:
                                              type: string
                                              description: >-
                                                  String value to test the Account attribute w/r/t the specified operation. If the operation is one of EQUALS,
                                                  NOT_EQUALS, or CONTAINS, this field is required. Otherwise, specifying it is an error. If the Attribute is
                                                  not String-typed, it will be converted to the appropriate type.
                                              example: "carlee.cert1c9f9b6fd@mailinator.com"
                                          children:
                                              type: string
                                              description: >-
                                                  Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum
                                                  of three levels of criteria are supported, including leaf nodes.
                                              example: null
                                              nullable: true
                                    nullable: true
                                    description: >-
                                        Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum
                                        of three levels of criteria are supported, including leaf nodes.
                                    example: null
                          nullable: true
                          description: >-
                              Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum
                              of three levels of criteria are supported, including leaf nodes.
                          example: null
              required:
                - owner
                - name
                - source

      responses:
        '201':
          description: Access Profile created
          content:
            application/json:
              schema:
                type: object
      security:
        - UserContextAuth: [idn:access-profile:manage]

Describe the solution you'd like

What I would expect it to look like is below:

    create_access_profile_request = sailpoint.v3.CreateAccessProfileRequest(
        id="2c91808a7190d06e01719938fcd20792",
        name="Employee-database-read-write",
        description="Collection of entitlements to read/write the employee database",
        created="2021-03-01T22:32:58.104Z",
        modified="2021-03-02T20:22:28.104Z",
        enabled=True,
        owner=sailpoint.v3.CreateAccessProfileRequestOwner(
            type="IDENTITY",
            id="2c9180a46faadee4016fb4e018c20639",
            name="support",
        ),
        source=sailpoint.v3.CreateAccessProfileRequestSource(
            id="2c91809773dee3610173fdb0b6061ef4",
            type="SOURCE",
            name="ODS-AD-SOURCE",
        ),
        entitlements=[
            sailpoint.v3.CreateAccessProfileRequestEntitlementsInner(
                type="ENTITLEMENT",
                id="2c91809773dee32014e13e122092014e",
                name="CN=entitlement.490efde5,OU=OrgCo,OU=ServiceDept,DC=HQAD,DC=local",
            )
        ],
        requestable=True,
        access_request_config=sailpoint.v3.CreateAccessProfileRequestAccessRequestConfig(
            comments_required=True,
            denial_comments_required=True,
            approval_schemes=[
                sailpoint.v3.CreateAccessProfileRequestAccessRequestConfigApprovalSchemesInner(
                    approver_type="GOVERNANCE_GROUP",
                    approver_id="46c79819-a69f-49a2-becb-12c971ae66c6",
                )
            ],
        ),
        revocation_request_config=sailpoint.v3.CreateAccessProfileRequestRevocationRequestConfig(
            approval_schemes=[
                sailpoint.v3.CreateAccessProfileRequestAccessRequestConfigApprovalSchemesInner(
                    approver_type="GOVERNANCE_GROUP",
                    approver_id="46c79819-a69f-49a2-becb-12c971ae66c6",
                )
            ],
        ),
        segments=[
            "f7b1b8a3-5fed-4fd4-ad29-82014e137e19",
            "29cb6c06-1da8-43ea-8be4-b3125f248f2a",
        ],
        provisioning_criteria=sailpoint.v3.CreateAccessProfileRequestProvisioningCriteria(
            operation="EQUALS",
            attribute="email",
            value="carlee.cert1c9f9b6fd@mailinator.com",
            children=[
                sailpoint.v3.CreateAccessProfileRequestProvisioningCriteriaChildrenInner(
                    operation="EQUALS",
                    attribute="email",
                    value="carlee.cert1c9f9b6fd@mailinator.com",
                )
            ],
        ),
    )

It looks like I have access to the CamelCased initializers for each nested variable( owner, source, etc...) on the CodegenProperty but the vars object is empty for any nested variables. I am thinking I could build out the example code myself in the mustache template if I had access to all nested variables.

Describe alternatives you've considered

Additional context
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Enhancement: Feature
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@tyler-mairose-sp