From 6343e9e33af32caa7a9dc2df00e102d42ca7afad Mon Sep 17 00:00:00 2001
From: Tim Jarrett <TJarrett@veracode.com>
Date: Fri, 27 Sep 2024 14:30:16 -0400
Subject: [PATCH] add jit defaults

---
 docs/docs.md                |  3 ++-
 docs/jitdefaults.md         | 19 +++++++++++++
 veracode_api_py/identity.py | 53 ++++++++++++++++++++++++++++++++++++-
 3 files changed, 73 insertions(+), 2 deletions(-)
 create mode 100644 docs/jitdefaults.md

diff --git a/docs/docs.md b/docs/docs.md
index d6dfb2f..d9d7ab5 100644
--- a/docs/docs.md
+++ b/docs/docs.md
@@ -23,7 +23,8 @@ See the topics below for more information on how to use this library.
 * [Teams](teams.md) - create, update, access, and delete teams.
 * [Business Units](businessunits.md) - create, update, access, and delete business units.
 * [API Credentials](apicreds.md) - create, access, renew, and revoke API credentials.
-* [Roles](roles.md) - access system roles and permissions; create, update, access, and delete custom roles.
+* [Roles and Permissions](roles.md) - access system roles and permissions; create, update, access, and delete custom roles.
+* [JIT Default Settings](jitdefaults.md) - create and update default Just-In-Time Provisioning settings.
 
 ## API Object
 
diff --git a/docs/jitdefaults.md b/docs/jitdefaults.md
new file mode 100644
index 0000000..24087c1
--- /dev/null
+++ b/docs/jitdefaults.md
@@ -0,0 +1,19 @@
+# Just In Time Provisioning Default Settings
+
+The following methods call Veracode REST APIs and return JSON. More information about the JIT settings is available in the [Veracode Docs](https://docs.veracode.com/r/Configure_SAML_Self_Registration).
+
+- `JITDefaultSettings().get()` - retrieve the current Just In Time (JIT) default settings.
+- `JITDefaultSettings().create(ip_restricted(opt),prefer_veracode_data(opt), allowed_ip_addresses(opt), use_csv_for_roles_claim(opt), use_csv_for_teams_claim(opt), use_csv_for_teams_managed_claim(opt), use_csv_for_ip_address_claim(opt),teams(opt),roles(opt))` - create new Just In Time (JIT) default settings. Settings include:
+    - `ip_restricted`: set to `True` to apply IP restrictions (defined in `allowed_ip_addresses`) for a JIT user.
+    - `prefer_veracode_data`: set to `True` to allow an administrator to manage roles, teams, and other settings for users in the Veracode administrative console after user creation. If set to `False`, the SAML assertion sent from the customer's Identity Provider must contain these values.
+    - `allowed_ip_addresses`: an array of IP addresses. See the [Veracode Docs](https://docs.veracode.com/r/admin_ip) for more information.
+    - `use_csv_for_roles_claim`: set to `True` if your IDP will send a comma separated list of roles (instead of an array).
+    - `use_csv_for_teams_claim`: set to `True` if your IDP will send a comma separated list of teams (instead of an array).
+    - `use_csv_for_teams_managed_claim`: set to `True` if your IDP will send a comma separated list of teams managed by a team admin (instead of an array).
+    - `use_csv_for_ip_address_claim`: set to `True` if your IDP will send a comma separated list of IP address restrictions (instead of an array).
+    - `teams`: an array of team IDs (UUIDs) that should be assigned to a JIT user by default.
+    - `roles`: an array of role IDs (UUIDs) that should be assigned to a JIT user by default.
+- `JITDefaultSettings().update(jit_default_id, ip_restricted(opt),prefer_veracode_data(opt), allowed_ip_addresses(opt), use_csv_for_roles_claim(opt), use_csv_for_teams_claim(opt), use_csv_for_teams_managed_claim(opt), use_csv_for_ip_address_claim(opt),teams(opt),roles(opt))` - update existing Just In Time (JIT) default settings identified by `jit_default_id`.
+- `JITDefaultSettings().delete(jit_default_id)` - delete the Just In Time (JIT) default settings identified by `jit_default_id`.
+
+[All docs](docs.md)
diff --git a/veracode_api_py/identity.py b/veracode_api_py/identity.py
index fa387b3..2f9224e 100644
--- a/veracode_api_py/identity.py
+++ b/veracode_api_py/identity.py
@@ -307,4 +307,55 @@ def get_all(self):
       return APIHelper()._rest_paged_request( self.base_uri,"GET","permissions",{'page':0})
    
    def get(self, permission_guid: UUID):
-      return APIHelper()._rest_request("{}/{}".format(self.base_uri,permission_guid),"GET")
\ No newline at end of file
+      return APIHelper()._rest_request("{}/{}".format(self.base_uri,permission_guid),"GET")
+   
+class JITDefaultSettings():
+   base_uri = "api/authn/v2/jit_default_settings"
+
+   def get(self):
+      return APIHelper()._rest_request( self.base_uri, "GET")
+   
+   def create(self, ip_restricted=False,prefer_veracode_data=True, allowed_ip_addresses=[],
+              use_csv_for_roles_claim=False, use_csv_for_teams_claim=False, use_csv_for_teams_managed_claim=False,
+              use_csv_for_ip_address_claim=True,teams=[],roles=[]):
+      return self._create_or_update("CREATE", ip_restricted=ip_restricted, prefer_veracode_data=prefer_veracode_data,
+                                    allowed_ip_addresses=allowed_ip_addresses, use_csv_for_roles_claim=use_csv_for_roles_claim,
+                                    use_csv_for_teams_claim=use_csv_for_teams_claim, 
+                                    use_csv_for_teams_managed_claim=use_csv_for_teams_managed_claim, 
+                                    use_csv_for_ip_address_claim=use_csv_for_ip_address_claim, teams=teams, roles=roles)
+   
+   def update(self, jit_default_id: UUID, ip_restricted=False,prefer_veracode_data=True, allowed_ip_addresses=[],
+              use_csv_for_roles_claim=False, use_csv_for_teams_claim=False, use_csv_for_teams_managed_claim=False,
+              use_csv_for_ip_address_claim=True,teams=[],roles=[]):
+      return self._create_or_update("UPDATE", jit_default_id = jit_default_id, ip_restricted=ip_restricted, 
+                                    prefer_veracode_data=prefer_veracode_data,allowed_ip_addresses=allowed_ip_addresses, 
+                                    use_csv_for_roles_claim=use_csv_for_roles_claim,
+                                    use_csv_for_teams_claim=use_csv_for_teams_claim, 
+                                    use_csv_for_teams_managed_claim=use_csv_for_teams_managed_claim, 
+                                    use_csv_for_ip_address_claim=use_csv_for_ip_address_claim, teams=teams, roles=roles)
+   
+   def _create_or_update(self, method, jit_default_id: UUID=None, ip_restricted=False,prefer_veracode_data=True, allowed_ip_addresses=[],
+              use_csv_for_roles_claim=False, use_csv_for_teams_claim=False, use_csv_for_teams_managed_claim=False,
+              use_csv_for_ip_address_claim=True,teams=[],roles=[]):
+      
+      if method == "CREATE":
+         uri = self.base_uri
+         httpmethod = "POST"
+      elif method == "UPDATE":
+         uri = '{}/{}'.format(self.base_uri, jit_default_id)
+         httpmethod = "PUT"
+      else:
+         return 
+      
+      params = { 'ip_restricted': ip_restricted, 'prefer_veracode_data': prefer_veracode_data, 'allowed_ip_addresses': allowed_ip_addresses,
+                'use_csv_for_roles_claim': use_csv_for_roles_claim, 'use_csv_for_teams_claim': use_csv_for_teams_claim, 
+                'use_csv_for_teams_managed_claim': use_csv_for_teams_managed_claim, 'use_csv_for_ip_address_claim': use_csv_for_ip_address_claim,
+                'teams': teams, 'roles': roles}
+      
+      body = json.dumps(params)
+
+      return APIHelper()._rest_request(url=uri, method=httpmethod, params=body)
+
+   def delete(self, jit_default_id: UUID):
+      uri = '{}/{}'.format(self.base_uri, jit_default_id)
+      return APIHelper()._rest_request( uri, "DELETE")
\ No newline at end of file