BED-5013: Deprecate Create SAML Endpoint (#1033)

* fix: deprecated and moved CreateSAMLProvider to POST sso-providers/saml, updated spec * chore: just prepare-for-codereview * fix: update UI api call to new endpoint * Update cmd/api/src/api/registration/v2.go Co-authored-by: mistahj67 <26472282+mistahj67@users.noreply.github.com> * Update packages/go/openapi/src/paths/auth.sso-providers.saml.yaml Co-authored-by: mistahj67 <26472282+mistahj67@users.noreply.github.com> * chore: remove deprecated api from ui and docs * just gen-spec * chore: just prepare-for-codereview * restore saml doc and mark as deprecated * chore: just ready-for-codereview * minor description fix --------- Co-authored-by: mistahj67 <26472282+mistahj67@users.noreply.github.com>
SpecterOps · Dec 20, 2024 · b4fcdc9 · b4fcdc9
1 parent ae3ddff
commit b4fcdc9
Show file tree

Hide file tree

Showing 10 changed files with 865 additions and 749 deletions.
diff --git a/cmd/api/src/api/registration/v2.go b/cmd/api/src/api/registration/v2.go
@@ -49,6 +49,7 @@ func registerV2Auth(resources v2.Resources, routerInst *router.Router, permissio
 		routerInst.PathPrefix(fmt.Sprintf("/api/{version}/login/saml/{%s}", api.URIPathVariableSSOProviderSlug), http.HandlerFunc(managementResource.SAMLLoginRedirect)),
 
 		// SAML resources
+		// DEPRECATED as of v6.4.0: Please use /api/v2/sso-providers/* endpoints instead of /api/v2/saml/*
 		routerInst.GET("/api/v2/saml", managementResource.ListSAMLProviders).RequirePermissions(permissions.AuthManageProviders),
 		routerInst.GET("/api/v2/saml/sso", managementResource.ListSAMLSignOnEndpoints),
 		routerInst.POST("/api/v2/saml/providers", managementResource.CreateSAMLProviderMultipart).RequirePermissions(permissions.AuthManageProviders),
@@ -57,6 +58,7 @@ func registerV2Auth(resources v2.Resources, routerInst *router.Router, permissio
 
 		// SSO
 		routerInst.GET("/api/v2/sso-providers", managementResource.ListAuthProviders),
+		routerInst.POST("/api/v2/sso-providers/saml", managementResource.CreateSAMLProviderMultipart).RequirePermissions(permissions.AuthManageProviders),
 		routerInst.POST("/api/v2/sso-providers/oidc", managementResource.CreateOIDCProvider).CheckFeatureFlag(resources.DB, appcfg.FeatureOIDCSupport).RequirePermissions(permissions.AuthManageProviders),
 		routerInst.DELETE(fmt.Sprintf("/api/v2/sso-providers/{%s}", api.URIPathVariableSSOProviderID), managementResource.DeleteSSOProvider).RequirePermissions(permissions.AuthManageProviders),
 		routerInst.PATCH(fmt.Sprintf("/api/v2/sso-providers/{%s}", api.URIPathVariableSSOProviderID), managementResource.UpdateSSOProvider).RequirePermissions(permissions.AuthManageProviders),

diff --git a/packages/go/openapi/doc/openapi.json b/packages/go/openapi/doc/openapi.json
@@ -225,7 +225,8 @@
       "get": {
         "operationId": "ListSamlProviders",
         "summary": "List SAML Providers",
-        "description": "List all registered SAML providers.",
+        "description": "**Deprecated**: This endpoint will no longer be supported in a future release. Please use `GET /api/v2/sso-providers` instead.\n",
+        "deprecated": true,
         "tags": [
           "Auth",
           "Community",
@@ -279,7 +280,8 @@
       "get": {
         "operationId": "GetSamlSignSignOnEndpoints",
         "summary": "Get all SAML sign on endpoints",
-        "description": "Get all SAML sign on endpoints",
+        "description": "**Deprecated**: This endpoint will no longer be supported in a future release. Please use `GET /api/v2/sso-providers` instead to list available SSO endpoints.\n",
+        "deprecated": true,
         "tags": [
           "Auth",
           "Community",
@@ -323,7 +325,8 @@
       "post": {
         "operationId": "CreateSamlProvider",
         "summary": "Create a New SAML Provider from Metadata",
-        "description": "Creates a new SAML provider with the given name and metadata XML.",
+        "description": "**Deprecated**: This endpoint will no longer be supported in a future release. Please use `POST /api/v2/sso-providers/saml` instead.\n",
+        "deprecated": true,
         "tags": [
           "Auth",
           "Community",
@@ -402,7 +405,8 @@
       "get": {
         "operationId": "GetSamlProvider",
         "summary": "Get SAML Provider",
-        "description": "Get the service and identity provider configuration details for a SAML authentication provider.",
+        "description": "**Deprecated**: This endpoint will no longer be supported in a future release. Please use `GET /api/v2/sso-providers` to list all SAML providers instead.\n",
+        "deprecated": true,
         "tags": [
           "Auth",
           "Community",
@@ -444,7 +448,8 @@
       "delete": {
         "operationId": "DeleteSamlProvider",
         "summary": "Delete a SAML Provider",
-        "description": "Deletes an existing BloodHound SAML provider.",
+        "description": "**Deprecated**: This endpoint will no longer be supported in a future release. Please use `DELETE /api/v2/sso-providers/{sso_provider_id}` instead.\n",
+        "deprecated": true,
         "tags": [
           "Auth",
           "Community",
@@ -630,6 +635,70 @@
         }
       }
     },
+    "/api/v2/sso-providers/saml": {
+      "post": {
+        "operationId": "CreateSSOSAMLProvider",
+        "summary": "Create a New SAML Provider from Metadata",
+        "description": "Creates a new SAML provider with the given name and metadata XML.",
+        "tags": [
+          "Auth",
+          "Community",
+          "Enterprise"
+        ],
+        "requestBody": {
+          "required": true,
+          "content": {
+            "multipart/form-data": {
+              "schema": {
+                "properties": {
+                  "name": {
+                    "type": "string",
+                    "description": "Name of the new SAML provider."
+                  },
+                  "metadata": {
+                    "type": "string",
+                    "format": "binary",
+                    "description": "Metadata XML file."
+                  }
+                }
+              }
+            }
+          }
+        },
+        "responses": {
+          "200": {
+            "description": "OK",
+            "content": {
+              "application/json": {
+                "schema": {
+                  "type": "object",
+                  "properties": {
+                    "data": {
+                      "$ref": "#/components/schemas/model.saml-provider"
+                    }
+                  }
+                }
+              }
+            }
+          },
+          "400": {
+            "$ref": "#/components/responses/bad-request"
+          },
+          "401": {
+            "$ref": "#/components/responses/unauthorized"
+          },
+          "403": {
+            "$ref": "#/components/responses/forbidden"
+          },
+          "429": {
+            "$ref": "#/components/responses/too-many-requests"
+          },
+          "500": {
+            "$ref": "#/components/responses/internal-server-error"
+          }
+        }
+      }
+    },
     "/api/v2/sso-providers/{sso_provider_id}": {
       "parameters": [
         {