diragentapi

type DirAgentAccount struct {
	// ImmutableID A unique identifier for the account that will not change over time. In many directory services this is an UUID or similar opaque identifier.
	ImmutableID string `json:"immutable_id"`

	// IDs A list of account identifiers, such as email addresses or usernames. These identifiers are used to select accounts for various operations. Many  directory services have multiple identifiers for an account, such as  alternate email addresses and aliases. Each identifier that might be  reasonably used to identify an account should be placed here.
	IDs []string `json:"ids"`

	// Name The name of the person that holds the account. This is the value that  Nametag uses to match against the person's verified government ID. This is the name that will be displayed to administrators and end-users  in the user interface.
	Name string `json:"name"`

	// Groups A list of groups that this account belongs to.
	Groups *[]DirAgentGroup `json:"groups,omitempty"`

	// BirthDate If the directory service has a birth date for the account, it should be included here. This is used to match against the person's verified government ID. The birth date can take various forms, including a RFC 3339 date string (YYYY-MM-DD), or a specially constructed hash.
	BirthDate *string `json:"birth_date,omitempty"`

	// UpdatedAt The time when this account, or its group membership, was last modified.  This field is required if *can_update_accounts_list* is set to `true` in the agent's *traits*. The server will track the greatest *updated_after*  returned by an iteration and provide that value back to subsequent  iterations. The agent should return only accounts that have been updated since that time.
	UpdatedAt *time.Time `json:"updated_at,omitempty"`
}

type DirAgentAccountRef struct {
	// ImmutableID The immutable identifier of the account to fetch information about.
	ImmutableID *string `json:"immutable_id,omitempty"`

	// ID One of the identifiers of the account to fetch information about. This is typically an email address or username.
	ID *string `json:"id,omitempty"`
}

type DirAgentConfigureRequest = map[string]interface{}

type DirAgentConfigureResponse struct {
	// ImmutableID Uniquely identifies the agent.
	ImmutableID string         `json:"immutable_id"`
	Traits      DirAgentTraits `json:"traits"`
}

type DirAgentErrorCode string

type DirAgentErrorResponse struct {
	Code DirAgentErrorCode `json:"code"`

	// Message A human-readable message that describes the error in more detail.
	Message string `json:"message"`
}

type DirAgentGetAccountRequest struct {
	Ref DirAgentAccountRef `json:"ref"`
}

type DirAgentGetAccountResponse struct {
	// Accounts Information about the accounts that match the specified reference. If you specified an *immutable_id* in the request, the response will contain at most one account. If you specified an *id* in the request, because the same *id* can be present on multiple accounts, the response may contain multiple accounts. Unlike the *list_accounts* method, the accounts in this list should contain *groups* information, even if it requires the agent to perform additional work to determine group membership. If no accounts match, this list should be empty.
	Accounts []DirAgentAccount `json:"accounts"`
}

type DirAgentGroup struct {
	// ImmutableID An identifier for the group that will not change over time. In many directory services this is an UUID or similar opaque identifier. If the directory service doesn't distinguish between group identifiers and names, use the same value here as for name.
	ImmutableID string `json:"immutable_id"`

	// Name The group's display name.
	Name string `json:"name"`

	// Kind Some directory services have different kinds ways of grouping users,  each of which can be considered a group for Nametag's purposes. For example, you might have "security groups", "roles", "administrative  units", etc. This field should be set to the kind of group that this is. The semantics of this field are up to the agent. Nametag treats it as opaque.
	Kind string `json:"kind"`
}

type DirAgentListAccountsRequest struct {
	// UpdatedAfter Only return accounts that have been updated after this time.
	UpdatedAfter *time.Time `json:"updated_after,omitempty"`

	// Cursor If present, the server is requesting a continuation of a previous list of accounts. The value will be the one most recently returned in the *next_cursor* field. The format of this value is determined by the agent. The server treats this value as opaque and passes it back to the agent in the next request. To start at the beginning of the list, the server will omit this field.
	Cursor *string `json:"cursor,omitempty"`
}

type DirAgentListAccountsResponse struct {
	// Accounts The accounts that the agent has discovered.
	Accounts []DirAgentAccount `json:"accounts"`

	// NextCursor If there are more results to return, the agent should set this field to the value that should be passed back to the server in the next request. If there are no more results, the agent should omit this field.
	NextCursor *string `json:"next_cursor,omitempty"`
}

type DirAgentListGroupsRequest struct {
	// NamePrefix The agent should return only groups whose name starts with this prefix.
	NamePrefix *string `json:"name_prefix,omitempty"`

	// MaxCount The maximum number of groups to return. If the agent has more groups than this, it should return the first *max_count* groups in lexicographic order by name. Note: this is not the maximum number of groups per page, this is simply a signal that the server will discard any groups beyond this number.
	MaxCount *int64 `json:"max_count,omitempty"`

	// Cursor If present, the server is requesting a continuation of a previous list of groups. The value will be the one most recently returned in the *next_cursor* field. The format of this value is determined by the agent. The server treats this value as opaque and passes it back to the agent in the next request. To start at the beginning of the list, the server will omit this field.
	Cursor *string `json:"cursor,omitempty"`
}

type DirAgentListGroupsResponse struct {
	// Groups The groups that the agent has discovered.
	Groups []DirAgentGroup `json:"groups"`

	// NextCursor If there are more results to return, the agent should set this field to the value that should be passed back to the server in the next request. If there are no more results, the agent should omit this field.
	NextCursor *string `json:"next_cursor,omitempty"`
}

type DirAgentOperation string

type DirAgentPerformOperationRequest struct {
	Operation DirAgentOperation `json:"operation"`

	// AccountImmutableID The immutable identifier of the account to perform the operation on.
	AccountImmutableID string `json:"account_immutable_id"`

	// DryRun If set to `true`, the agent should not actually perform the operation, but should test if the operation is likely to succeed, to the best of  its capability. If the operation is not possible, the agent should set *error* in the response with an appropriate error code.
	DryRun *bool `json:"dry_run,omitempty"`
}

type DirAgentPerformOperationResponse struct {
	// TemporaryPassword If the operation was *get_temporary_password*, this field should contain the temporary password that the user can use to log in and set a new  password.
	TemporaryPassword *string `json:"temporary_password,omitempty"`

	// PasswordLink If the operation was *get_password_link*, this field should contain a pre-authenticated link that the user can use to set a new password.
	PasswordLink *string `json:"password_link,omitempty"`

	// MfaBypassCode If the operation was *get_mfa_bypass_code*, this field should contain the bypass code that the user can use to sign in in place of their MFA device.
	MfaBypassCode *string `json:"mfa_bypass_code,omitempty"`
}

type DirAgentRequest struct {
	Configure        *DirAgentConfigureRequest        `json:"configure,omitempty"`
	ListAccounts     *DirAgentListAccountsRequest     `json:"list_accounts,omitempty"`
	GetAccount       *DirAgentGetAccountRequest       `json:"get_account,omitempty"`
	ListGroups       *DirAgentListGroupsRequest       `json:"list_groups,omitempty"`
	PerformOperation *DirAgentPerformOperationRequest `json:"perform_operation,omitempty"`

	// Ping The server will periodically send a request with this field set to `true` in order to test the connection to the directory agent. The agent  should respond with an empty `DirAgentResponse`.
	Ping *bool `json:"ping,omitempty"`
}

type DirAgentResponse struct {
	Configure        *DirAgentConfigureResponse        `json:"configure,omitempty"`
	ListAccounts     *DirAgentListAccountsResponse     `json:"list_accounts,omitempty"`
	GetAccount       *DirAgentGetAccountResponse       `json:"get_account,omitempty"`
	ListGroups       *DirAgentListGroupsResponse       `json:"list_groups,omitempty"`
	PerformOperation *DirAgentPerformOperationResponse `json:"perform_operation,omitempty"`
	Error            *DirAgentErrorResponse            `json:"error,omitempty"`
}

type DirAgentTraits struct {
	// Name The display name of the directory agent. This is the name that will be displayed to administrators and end-users in the user interface, for example "Okta" or "ExampleCorp".
	Name string `json:"name"`

	// CanGetTemporaryPassword Indicates whether the agent can create a temporary password for an  account, allowing the user to log in for a limited time.
	CanGetTemporaryPassword *bool `json:"can_get_temporary_password,omitempty"`

	// CanGetPasswordLink Indicates whether the agent can generate a pre-authenticated link that  leads the user to a site (typically provided by the directory service)  that the user can use enter a new password.
	CanGetPasswordLink *bool `json:"can_get_password_link,omitempty"`

	// CanRemoveAllMFA Indicates whether the agent can remove all MFA factors from an account so the user can re-enroll their MFA device.
	CanRemoveAllMFA *bool `json:"can_remove_all_mfa,omitempty"`

	// CanGetMFABypassCode Indicates whether the agent can generate a bypass code that the user can use to sign in in place of their MFA device. Typically after using a bypass code the user will be able to enroll a replacement MFA device.
	CanGetMFABypassCode *bool `json:"can_get_mfa_bypass_code,omitempty"`

	// CanUnlock Indicates whether the agent can unlock an account that has been locked due to too many failed login attempts.
	CanUnlock *bool `json:"can_unlock,omitempty"`

	// CanGetTemporaryAccessPass Indicates whether the agent can generate a temporary code that the user will use to log in temporarily without revoking their existing password or resetting any MFA devices.
	CanGetTemporaryAccessPass *bool `json:"can_get_temporary_access_pass,omitempty"`

	// CanUpdateAccountsList Indicates whether the directory service supports tracking the last modification time of the account list. If supported, the server may set *updated_after* in *list_accounts* to indicate the agent should report only accounts that have been updated since that time.
	CanUpdateAccountsList *bool `json:"can_update_accounts_list,omitempty"`

	// Authenticate Indicates whether the agent supports authenticating an account.
	Authenticate *bool `json:"can_authenticate,omitempty"`
}