opalsecurity · andrewsy-opal · Apr 23, 2025 · Apr 23, 2025
diff --git a/.openapi-generator/FILES b/.openapi-generator/FILES
@@ -5,7 +5,7 @@
 README.md
 docs/Access.md
 docs/AccessList.md
-docs/AccessRuleCondition.md
+docs/AccessRule.md
 docs/AccessRulesApi.md
 docs/AddBundleGroupRequest.md
 docs/AddBundleResourceRequest.md
@@ -67,6 +67,7 @@ docs/GroupRemoteInfoGitlabGroup.md
 docs/GroupRemoteInfoGoogleGroup.md
 docs/GroupRemoteInfoLdapGroup.md
 docs/GroupRemoteInfoOktaGroup.md
+docs/GroupRemoteInfoSnowflakeRole.md
 docs/GroupResource.md
 docs/GroupResourceList.md
 docs/GroupTypeEnum.md
@@ -175,6 +176,7 @@ docs/UAR.md
 docs/UARReviewerAssignmentPolicyEnum.md
 docs/UARScope.md
 docs/UarsApi.md
+docs/UpdateAccessRuleInfo.md
 docs/UpdateConfigurationTemplateInfo.md
 docs/UpdateGroupBindingInfo.md
 docs/UpdateGroupBindingInfoList.md
@@ -223,7 +225,7 @@ opal_security/exceptions.py
 opal_security/models/__init__.py
 opal_security/models/access.py
 opal_security/models/access_list.py
-opal_security/models/access_rule_condition.py
+opal_security/models/access_rule.py
 opal_security/models/add_bundle_group_request.py
 opal_security/models/add_bundle_resource_request.py
 opal_security/models/add_group_resource_request.py
@@ -279,6 +281,7 @@ opal_security/models/group_remote_info_gitlab_group.py
 opal_security/models/group_remote_info_google_group.py
 opal_security/models/group_remote_info_ldap_group.py
 opal_security/models/group_remote_info_okta_group.py
+opal_security/models/group_remote_info_snowflake_role.py
 opal_security/models/group_resource.py
 opal_security/models/group_resource_list.py
 opal_security/models/group_type_enum.py
@@ -376,6 +379,7 @@ opal_security/models/ticketing_provider_enum.py
 opal_security/models/uar.py
 opal_security/models/uar_reviewer_assignment_policy_enum.py
 opal_security/models/uar_scope.py
+opal_security/models/update_access_rule_info.py
 opal_security/models/update_configuration_template_info.py
 opal_security/models/update_group_binding_info.py
 opal_security/models/update_group_binding_info_list.py
@@ -403,24 +407,4 @@ setup.cfg
 setup.py
 test-requirements.txt
 test/__init__.py
-test/test_access_rule_condition.py
-test/test_access_rules_api.py
-test/test_add_bundle_group_request.py
-test/test_add_bundle_resource_request.py
-test/test_bundle.py
-test/test_bundle_group.py
-test/test_bundle_resource.py
-test/test_bundles_api.py
-test/test_create_bundle_info.py
-test/test_group_containing_group.py
-test/test_group_containing_group_list.py
-test/test_group_with_access_level.py
-test/test_paginated_bundle_group_list.py
-test/test_paginated_bundle_list.py
-test/test_paginated_bundle_resource_list.py
-test/test_rule_clauses.py
-test/test_rule_conjunction.py
-test/test_rule_disjunction.py
-test/test_tag_selector.py
-test/test_update_resource_user_request.py
 tox.ini
diff --git a/README.md b/README.md
@@ -82,14 +82,14 @@ configuration = opal.Configuration(
 with opal.ApiClient(configuration) as api_client:
     # Create an instance of the API class
     api_instance = opal.AccessRulesApi(api_client)
-    access_rule_id = '1b978423-db0a-4037-a4cf-f79c60cb67b3' # str | The access rule ID (group ID) of the access rule.
+    update_access_rule_info = opal_security.UpdateAccessRuleInfo() # UpdateAccessRuleInfo | 
 
     try:
-        api_response = api_instance.get_access_rule(access_rule_id)
-        print("The response of AccessRulesApi->get_access_rule:\n")
+        api_response = api_instance.create_access_rule(update_access_rule_info)
+        print("The response of AccessRulesApi->create_access_rule:\n")
         pprint(api_response)
     except ApiException as e:
-        print("Exception when calling AccessRulesApi->get_access_rule: %s\n" % e)
+        print("Exception when calling AccessRulesApi->create_access_rule: %s\n" % e)
 
 ```
 
@@ -141,6 +141,7 @@ All URIs are relative to *https://api.opal.dev/v1*
 
 Class | Method | HTTP request | Description
 ------------ | ------------- | ------------- | -------------
+*AccessRulesApi* | [**create_access_rule**](docs/AccessRulesApi.md#create_access_rule) | **POST** /access-rules | 
 *AccessRulesApi* | [**get_access_rule**](docs/AccessRulesApi.md#get_access_rule) | **GET** /access-rules/{access_rule_id} | 
 *AccessRulesApi* | [**update_access_rule**](docs/AccessRulesApi.md#update_access_rule) | **PUT** /access-rules/{access_rule_id} | 
 *AppsApi* | [**get_app**](docs/AppsApi.md#get_app) | **GET** /apps/{app_id} | 
@@ -261,7 +262,7 @@ Class | Method | HTTP request | Description
 
  - [Access](docs/Access.md)
  - [AccessList](docs/AccessList.md)
- - [AccessRuleCondition](docs/AccessRuleCondition.md)
+ - [AccessRule](docs/AccessRule.md)
  - [AddBundleGroupRequest](docs/AddBundleGroupRequest.md)
  - [AddBundleResourceRequest](docs/AddBundleResourceRequest.md)
  - [AddGroupResourceRequest](docs/AddGroupResourceRequest.md)
@@ -317,6 +318,7 @@ Class | Method | HTTP request | Description
  - [GroupRemoteInfoGoogleGroup](docs/GroupRemoteInfoGoogleGroup.md)
  - [GroupRemoteInfoLdapGroup](docs/GroupRemoteInfoLdapGroup.md)
  - [GroupRemoteInfoOktaGroup](docs/GroupRemoteInfoOktaGroup.md)
+ - [GroupRemoteInfoSnowflakeRole](docs/GroupRemoteInfoSnowflakeRole.md)
  - [GroupResource](docs/GroupResource.md)
  - [GroupResourceList](docs/GroupResourceList.md)
  - [GroupTypeEnum](docs/GroupTypeEnum.md)
@@ -414,6 +416,7 @@ Class | Method | HTTP request | Description
  - [UAR](docs/UAR.md)
  - [UARReviewerAssignmentPolicyEnum](docs/UARReviewerAssignmentPolicyEnum.md)
  - [UARScope](docs/UARScope.md)
+ - [UpdateAccessRuleInfo](docs/UpdateAccessRuleInfo.md)
  - [UpdateConfigurationTemplateInfo](docs/UpdateConfigurationTemplateInfo.md)
  - [UpdateGroupBindingInfo](docs/UpdateGroupBindingInfo.md)
  - [UpdateGroupBindingInfoList](docs/UpdateGroupBindingInfoList.md)

@@ -589,8 +589,8 @@ paths:
               summary: Example with date
               value: 2021-11-01
             withDatetime:
-              summary: Example with date and time
-              value: 2021-11-01 12:00:00
+              summary: Example with date and time in ISO 8601 datetime format.
+              value: 2025-01-01T00:00:00Z
           explode: true
           in: query
           name: start_date_filter
@@ -604,8 +604,8 @@ paths:
               summary: Example with date
               value: 2021-11-12
             withDatetime:
-              summary: Example with date and time
-              value: 2021-11-12 12:00:00
+              summary: Example with date and time in ISO 8601 datetime format.
+              value: 2025-01-01T00:00:00Z
           explode: true
           in: query
           name: end_date_filter
@@ -1988,6 +1988,36 @@ paths:
       description: Returns a list of requests for your organization that is visible by the admin.
       operationId: getRequests
       parameters:
+        - description: A start date filter for the events.
+          examples:
+            withDate:
+              summary: Example with date
+              value: 2021-11-01
+            withDatetime:
+              summary: Example with date and time in ISO 8601 datetime format.
+              value: 2025-01-01T00:00:00Z
+          explode: true
+          in: query
+          name: start_date_filter
+          required: false
+          schema:
+            type: string
+          style: form
+        - description: An end date filter for the events.
+          examples:
+            withDate:
+              summary: Example with date
+              value: 2021-11-12
+            withDatetime:
+              summary: Example with date and time in ISO 8601 datetime format.
+              value: 2025-01-01T00:00:00Z
+          explode: true
+          in: query
+          name: end_date_filter
+          required: false
+          schema:
+            type: string
+          style: form
         - description: The pagination cursor value.
           example: cD0yMDIxLTAxLTA2KzAzJTNBMjQlM0E1My40MzQzMjYlMkIwMCUzQTAw
           explode: true
@@ -2841,6 +2871,7 @@ paths:
         - resources
   /resource-user-access-status/{resource_id}/{user_id}:
     get:
+      deprecated: true
       description: Get user's access status to a resource.
       operationId: resource_user_access_status_retrieve
       parameters:
@@ -3060,6 +3091,27 @@ paths:
         - BearerAuth: []
       tags:
         - users
+  /access-rules:
+    post:
+      description: Creates a new access rule config for the given group_id.
+      operationId: create_access_rule
+      requestBody:
+        required: true
+        content:
+          application/json:
+            schema:
+              $ref: "#/components/schemas/UpdateAccessRuleInfo"
+      responses:
+        "201":
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/AccessRule"
+          description: The created access rule config for the group.
+      security:
+          - BearerAuth: []
+      tags:
+          - access-rules
   /access-rules/{access_rule_id}:
     get:
       description: Returns a list of access rule config given the group_id of the access rule.
@@ -3080,7 +3132,7 @@ paths:
           content:
             application/json:
               schema:
-                $ref: "#/components/schemas/AccessRuleCondition"
+                $ref: "#/components/schemas/AccessRule"
           description: The access rules for the group.
       security:
         - BearerAuth: []
@@ -3105,13 +3157,13 @@ paths:
         content:
           application/json:
             schema:
-              $ref: "#/components/schemas/AccessRuleCondition"
+              $ref: "#/components/schemas/UpdateAccessRuleInfo"
       responses:
         "200":
           content:
             application/json:
               schema:
-                $ref: "#/components/schemas/AccessRuleCondition"
+                $ref: "#/components/schemas/AccessRule"
           description: The updated access rule config for the group.
       security:
         - BearerAuth: []
@@ -5930,6 +5982,16 @@ components:
           type: object
           required:
             - group_id
+        snowflake_role:
+          description: Remote info for Snowflake role.
+          properties:
+            role_id:
+              description: The id of the Snowflake role.
+              example: 01fa7402-01d8-103b-8deb-5f3a0ab7884
+              type: string
+          type: object
+          required:
+            - role_id
       type: object
     ResourceRemoteInfo:
       description: Information that defines the remote resource. This replaces the deprecated remote_id and metadata fields.
@@ -6803,10 +6865,10 @@ components:
         ### Usage Example
         Returned from the `GET Requests` endpoint.
       enum:
-        - pending
-        - approved
-        - denied
-        - canceled
+        - PENDING
+        - APPROVED
+        - DENIED
+        - CANCELED
       type: string
     Request:
       description: |-
@@ -7679,15 +7741,67 @@ components:
         - group_id
         - group_type
       type: object
-    AccessRuleCondition:
+    UpdateAccessRuleInfo:
+      description: |-
+        # UpdateAccessRuleInfo Object
+        ### Description
+        The `UpdateAccessRuleInfo` object is used as an input to the UpdateAccessRule and CreateAccessRule API.
+      properties:
+        name:
+          description: The name of the access rule.
+          example: Platform Engineering
+          type: string
+        description:
+          description: A description of the group.
+          example: This access rule represents all platform engineers in the company.
+          type: string
+        admin_owner_id:
+          description: The ID of the owner of the group.
+          example: 7c86c85d-0651-43e2-a748-d69d658418e8
+          format: uuid
+          type: string
+        status:
+          description: The status of the access rule.
+          type: string
+          enum:
+            - ACTIVE
+            - PAUSED
+          example: ACTIVE
+        ruleClauses:
+          $ref: "#/components/schemas/RuleClauses"
+      required:
+        - status
+        - ruleClauses
+        - name
+        - admin_owner_id
+        - description
+    AccessRule:
       description: |-
-        # Access Rule Config Object
+        # Access Rule Object
         ### Description
-        The `AccessRuleConfig` object is used to represent an access rule configuration.
+        The `AccessRule` object is used to represent an access rule configuration.
 
         ### Usage Example
         Get access rule configurations from the `GET Access Rule Configs` endpoint.
       properties:
+        access_rule_id:
+          description: The ID (group ID) of the access rule.
+          example: 7c86c85d-0651-43e2-a748-d69d658418e8
+          format: uuid
+          type: string
+        name:
+          description: The name of the access rule.
+          example: Platform Engineering
+          type: string
+        description:
+          description: A description of the group.
+          example: This access rule represents all platform engineers in the company.
+          type: string
+        admin_owner_id:
+          description: The ID of the owner of the group.
+          example: 7c86c85d-0651-43e2-a748-d69d658418e8
+          format: uuid
+          type: string
         status:
           description: The status of the access rule.
           type: string
@@ -7700,6 +7814,10 @@ components:
       required:
         - status
         - ruleClauses
+        - name
+        - admin_owner_id
+        - access_rule_id
+        - description
     RuleClauses:
       properties:
         when:
@@ -7721,7 +7839,6 @@ components:
       properties:
         selectors:
           type: array
-          minItems: 1
           items:
             $ref: "#/components/schemas/TagSelector"
       required: