diff --git a/.node-version b/.node-version index 47c0a98a1..f46d5e394 100644 --- a/.node-version +++ b/.node-version @@ -1 +1 @@ -12.13.0 +14.21.3 diff --git a/Pipfile b/Pipfile index 91c7251ed..cde895932 100644 --- a/Pipfile +++ b/Pipfile @@ -7,6 +7,7 @@ verify_ssl = true [packages] black = "*" +tox = "*" [requires] python_version = "3.8" diff --git a/Pipfile.lock b/Pipfile.lock index b602cfaa7..70cb64675 100644 --- a/Pipfile.lock +++ b/Pipfile.lock @@ -1,7 +1,7 @@ { "_meta": { "hash": { - "sha256": "5a1a6fff17f3dfabe7e20f00aa0c7ba5c1cf134b33702a1e28a55bcfea178c47" + "sha256": "069f413a99ad9c29916fca5532adede3ce508a19df2ff2e6866f5f65a9036b30" }, "pipfile-spec": 6, "requires": { @@ -18,78 +18,142 @@ "default": { "black": { "hashes": [ - "sha256:07e5c049442d7ca1a2fc273c79d1aecbbf1bc858f62e8184abe1ad175c4f7cc2", - "sha256:0e21e1f1efa65a50e3960edd068b6ae6d64ad6235bd8bfea116a03b21836af71", - "sha256:1297c63b9e1b96a3d0da2d85d11cd9bf8664251fd69ddac068b98dc4f34f73b6", - "sha256:228b5ae2c8e3d6227e4bde5920d2fc66cc3400fde7bcc74f480cb07ef0b570d5", - "sha256:2d6f331c02f0f40aa51a22e479c8209d37fcd520c77721c034517d44eecf5912", - "sha256:2ff96450d3ad9ea499fc4c60e425a1439c2120cbbc1ab959ff20f7c76ec7e866", - "sha256:3524739d76b6b3ed1132422bf9d82123cd1705086723bc3e235ca39fd21c667d", - "sha256:35944b7100af4a985abfcaa860b06af15590deb1f392f06c8683b4381e8eeaf0", - "sha256:373922fc66676133ddc3e754e4509196a8c392fec3f5ca4486673e685a421321", - "sha256:5fa1db02410b1924b6749c245ab38d30621564e658297484952f3d8a39fce7e8", - "sha256:6f2f01381f91c1efb1451998bd65a129b3ed6f64f79663a55fe0e9b74a5f81fd", - "sha256:742ce9af3086e5bd07e58c8feb09dbb2b047b7f566eb5f5bc63fd455814979f3", - "sha256:7835fee5238fc0a0baf6c9268fb816b5f5cd9b8793423a75e8cd663c48d073ba", - "sha256:8871fcb4b447206904932b54b567923e5be802b9b19b744fdff092bd2f3118d0", - "sha256:a7c0192d35635f6fc1174be575cb7915e92e5dd629ee79fdaf0dcfa41a80afb5", - "sha256:b1a5ed73ab4c482208d20434f700d514f66ffe2840f63a6252ecc43a9bc77e8a", - "sha256:c8226f50b8c34a14608b848dc23a46e5d08397d009446353dad45e04af0c8e28", - "sha256:ccad888050f5393f0d6029deea2a33e5ae371fd182a697313bdbd835d3edaf9c", - "sha256:dae63f2dbf82882fa3b2a3c49c32bffe144970a573cd68d247af6560fc493ae1", - "sha256:e2f69158a7d120fd641d1fa9a921d898e20d52e44a74a6fbbcc570a62a6bc8ab", - "sha256:efbadd9b52c060a8fc3b9658744091cb33c31f830b3f074422ed27bad2b18e8f", - "sha256:f5660feab44c2e3cb24b2419b998846cbb01c23c7fe645fee45087efa3da2d61", - "sha256:fdb8754b453fb15fad3f72cd9cad3e16776f0964d67cf30ebcbf10327a3777a3" + "sha256:01ede61aac8c154b55f35301fac3e730baf0c9cf8120f65a9cd61a81cfb4a0c3", + "sha256:022a582720b0d9480ed82576c920a8c1dde97cc38ff11d8d8859b3bd6ca9eedb", + "sha256:25cc308838fe71f7065df53aedd20327969d05671bac95b38fdf37ebe70ac087", + "sha256:27eb7a0c71604d5de083757fbdb245b1a4fae60e9596514c6ec497eb63f95320", + "sha256:327a8c2550ddc573b51e2c352adb88143464bb9d92c10416feb86b0f5aee5ff6", + "sha256:47e56d83aad53ca140da0af87678fb38e44fd6bc0af71eebab2d1f59b1acf1d3", + "sha256:501387a9edcb75d7ae8a4412bb8749900386eaef258f1aefab18adddea1936bc", + "sha256:552513d5cd5694590d7ef6f46e1767a4df9af168d449ff767b13b084c020e63f", + "sha256:5c4bc552ab52f6c1c506ccae05681fab58c3f72d59ae6e6639e8885e94fe2587", + "sha256:642496b675095d423f9b8448243336f8ec71c9d4d57ec17bf795b67f08132a91", + "sha256:6d1c6022b86f83b632d06f2b02774134def5d4d4f1dac8bef16d90cda18ba28a", + "sha256:7f3bf2dec7d541b4619b8ce526bda74a6b0bffc480a163fed32eb8b3c9aed8ad", + "sha256:831d8f54c3a8c8cf55f64d0422ee875eecac26f5f649fb6c1df65316b67c8926", + "sha256:8417dbd2f57b5701492cd46edcecc4f9208dc75529bcf76c514864e48da867d9", + "sha256:86cee259349b4448adb4ef9b204bb4467aae74a386bce85d56ba4f5dc0da27be", + "sha256:893695a76b140881531062d48476ebe4a48f5d1e9388177e175d76234ca247cd", + "sha256:9fd59d418c60c0348505f2ddf9609c1e1de8e7493eab96198fc89d9f865e7a96", + "sha256:ad0014efc7acf0bd745792bd0d8857413652979200ab924fbf239062adc12491", + "sha256:b5b0ee6d96b345a8b420100b7d71ebfdd19fab5e8301aff48ec270042cd40ac2", + "sha256:c333286dc3ddca6fdff74670b911cccedacb4ef0a60b34e491b8a67c833b343a", + "sha256:f9062af71c59c004cd519e2fb8f5d25d39e46d3af011b41ab43b9c74e27e236f", + "sha256:fb074d8b213749fa1d077d630db0d5f8cc3b2ae63587ad4116e8a436e9bbe995" ], "index": "pypi", - "version": "==22.1.0" + "version": "==23.7.0" + }, + "cachetools": { + "hashes": [ + "sha256:95ef631eeaea14ba2e36f06437f36463aac3a096799e876ee55e5cdccb102590", + "sha256:dce83f2d9b4e1f732a8cd44af8e8fab2dbe46201467fc98b3ef8f269092bf62b" + ], + "markers": "python_version >= '3.7'", + "version": "==5.3.1" + }, + "chardet": { + "hashes": [ + "sha256:1b3b6ff479a8c414bc3fa2c0852995695c4a026dcd6d0633b2dd092ca39c1cf7", + "sha256:e1cf59446890a00105fe7b7912492ea04b6e6f06d4b742b2c788469e34c82970" + ], + "markers": "python_version >= '3.7'", + "version": "==5.2.0" }, "click": { "hashes": [ - "sha256:6a7a62563bbfabfda3a38f3023a1db4a35978c0abd76f6c9605ecd6554d6d9b1", - "sha256:8458d7b1287c5fb128c90e23381cf99dcde74beaf6c7ff6384ce84d6fe090adb" + "sha256:48ee849951919527a045bfe3bf7baa8a959c423134e1a5b98c05c20ba75a1cbd", + "sha256:fa244bb30b3b5ee2cae3da8f55c9e5e0c0e86093306301fb418eb9dc40fbded5" ], - "markers": "python_version >= '3.6'", - "version": "==8.0.4" + "markers": "python_version >= '3.7'", + "version": "==8.1.6" + }, + "colorama": { + "hashes": [ + "sha256:08695f5cb7ed6e0531a20572697297273c47b8cae5a63ffc6d6ed5c201be6e44", + "sha256:4f1d9991f5acc0ca119f9d443620b77f9d6b33703e51011c16baf57afb285fc6" + ], + "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4, 3.5, 3.6'", + "version": "==0.4.6" + }, + "distlib": { + "hashes": [ + "sha256:2e24928bc811348f0feb63014e97aaae3037f2cf48712d51ae61df7fd6075057", + "sha256:9dafe54b34a028eafd95039d5e5d4851a13734540f1331060d31c9916e7147a8" + ], + "version": "==0.3.7" + }, + "filelock": { + "hashes": [ + "sha256:002740518d8aa59a26b0c76e10fb8c6e15eae825d34b6fdf670333fd7b938d81", + "sha256:cbb791cdea2a72f23da6ac5b5269ab0a0d161e9ef0100e653b69049a7706d1ec" + ], + "markers": "python_version >= '3.7'", + "version": "==3.12.2" }, "mypy-extensions": { "hashes": [ - "sha256:090fedd75945a69ae91ce1303b5824f428daf5a028d2f6ab8a299250a846f15d", - "sha256:2d82818f5bb3e369420cb3c4060a7970edba416647068eb4c5343488a6c604a8" + "sha256:4392f6c0eb8a5668a69e23d168ffa70f0be9ccfd32b5cc2d26a34ae5b844552d", + "sha256:75dbf8955dc00442a438fc4d0666508a9a97b6bd41aa2f0ffe9d2f2725af0782" + ], + "markers": "python_version >= '3.5'", + "version": "==1.0.0" + }, + "packaging": { + "hashes": [ + "sha256:994793af429502c4ea2ebf6bf664629d07c1a9fe974af92966e4b8d2df7edc61", + "sha256:a392980d2b6cffa644431898be54b0045151319d1e7ec34f0cfed48767dd334f" ], - "version": "==0.4.3" + "markers": "python_version >= '3.7'", + "version": "==23.1" }, "pathspec": { "hashes": [ - "sha256:7d15c4ddb0b5c802d161efc417ec1a2558ea2653c2e8ad9c19098201dc1c993a", - "sha256:e564499435a2673d586f6b2130bb5b95f04a3ba06f81b8f895b651a3c76aabb1" + "sha256:1d6ed233af05e679efb96b1851550ea95bbb64b7c490b0f5aa52996c11e92a20", + "sha256:e0d8d0ac2f12da61956eb2306b69f9469b42f4deb0f3cb6ed47b9cce9996ced3" ], - "version": "==0.9.0" + "markers": "python_version >= '3.7'", + "version": "==0.11.2" }, "platformdirs": { "hashes": [ - "sha256:7535e70dfa32e84d4b34996ea99c5e432fa29a708d0f4e394bbcb2a8faa4f16d", - "sha256:bcae7cab893c2d310a711b70b24efb93334febe65f8de776ee320b517471e227" + "sha256:b45696dab2d7cc691a3226759c0d3b00c47c8b6e293d96f6436f733303f77f6d", + "sha256:d7c24979f292f916dc9cbf8648319032f551ea8c49a4c9bf2fb556a02070ec1d" + ], + "markers": "python_version >= '3.7'", + "version": "==3.10.0" + }, + "pluggy": { + "hashes": [ + "sha256:c2fd55a7d7a3863cba1a013e4e2414658b1d07b6bc57b3919e0c63c9abb99849", + "sha256:d12f0c4b579b15f5e054301bb226ee85eeeba08ffec228092f8defbaa3a4c4b3" ], "markers": "python_version >= '3.7'", - "version": "==2.5.1" + "version": "==1.2.0" }, - "tomli": { + "pyproject-api": { "hashes": [ - "sha256:939de3e7a6161af0c887ef91b7d41a53e7c5a1ca976325f429cb46ea9bc30ecc", - "sha256:de526c12914f0c550d15924c62d72abc48d6fe7364aa87328337a31007fe8a4f" + "sha256:14cf09828670c7b08842249c1f28c8ee6581b872e893f81b62d5465bec41502f", + "sha256:ffb5b2d7cad43f5b2688ab490de7c4d3f6f15e0b819cb588c4b771567c9729eb" ], "markers": "python_version >= '3.7'", - "version": "==2.0.1" + "version": "==1.5.3" + }, + "tox": { + "hashes": [ + "sha256:79399a3d4641d1fd15eb6bd62c2f35923988038bf0ecf37a688b5e7a767de7d7", + "sha256:89120e1568c763924301cfde61ba7d4b5c4615eeb1086d5370deb03e9cf63c41" + ], + "index": "pypi", + "version": "==4.7.0" }, - "typing-extensions": { + "virtualenv": { "hashes": [ - "sha256:1a9462dcc3347a79b1f1c0271fbe79e844580bb598bafa1ed208b94da3cdcd42", - "sha256:21c85e0fe4b9a155d0799430b0ad741cdce7e359660ccbd8b530613e8df88ce2" + "sha256:95a6e9398b4967fbcb5fef2acec5efaf9aa4972049d9ae41f95e0972a683fd02", + "sha256:e5c3b4ce817b0b328af041506a2a299418c98747c4b1e68cb7527e74ced23efc" ], - "markers": "python_version < '3.10'", - "version": "==4.1.1" + "markers": "python_version >= '3.7'", + "version": "==20.24.3" } }, "develop": {} diff --git a/bin/sdk_gen b/bin/sdk_gen index b0d6dcb54..5fdbbac57 100755 --- a/bin/sdk_gen +++ b/bin/sdk_gen @@ -23,7 +23,7 @@ async function sleep(ms) { /** wait for the Looker CI image to be responsive */ const waitForLooker = async () => { - const max_tries = 30 + const max_tries = 90 const delay = 5 let alive = false let tries = 1 diff --git a/csharp/rtl/Constants.cs b/csharp/rtl/Constants.cs index ac2269dfa..292bb969c 100644 --- a/csharp/rtl/Constants.cs +++ b/csharp/rtl/Constants.cs @@ -61,7 +61,7 @@ public struct Constants public const string DefaultApiVersion = "4.0"; public const string AgentPrefix = "CS-SDK"; - public const string LookerVersion = "23.12"; + public const string LookerVersion = "23.14"; public const string Bearer = "Bearer"; public const string LookerAppiId = "x-looker-appid"; diff --git a/csharp/sdk/3.1/methods.cs b/csharp/sdk/3.1/methods.cs index 47d60f9db..f79996918 100644 --- a/csharp/sdk/3.1/methods.cs +++ b/csharp/sdk/3.1/methods.cs @@ -136,35 +136,39 @@ public async Task> logout( #region Auth: Manage User Authentication Configuration - /// ### Create SSO Embed URL + /// ### Create Signed Embed URL /// - /// Creates an SSO embed URL and cryptographically signs it with an embed secret. + /// Creates a signed embed URL and cryptographically signs it with an embed secret. /// This signed URL can then be used to instantiate a Looker embed session in a PBL web application. - /// Do not make any modifications to this URL - any change may invalidate the signature and + /// Do not make any modifications to the returned URL - any change may invalidate the signature and /// cause the URL to fail to load a Looker embed session. /// - /// A signed SSO embed URL can only be used once. After it has been used to request a page from the - /// Looker server, the URL is invalid. Future requests using the same URL will fail. This is to prevent + /// A signed embed URL can only be **used once**. After the URL has been used to request a page from the + /// Looker server, it is invalid. Future requests using the same URL will fail. This is to prevent /// 'replay attacks'. /// /// The `target_url` property must be a complete URL of a Looker UI page - scheme, hostname, path and query params. /// To load a dashboard with id 56 and with a filter of `Date=1 years`, the looker URL would look like `https:/myname.looker.com/dashboards/56?Date=1%20years`. - /// The best way to obtain this target_url is to navigate to the desired Looker page in your web browser, - /// copy the URL shown in the browser address bar and paste it into the `target_url` property as a quoted string value in this API request. + /// The best way to obtain this `target_url` is to navigate to the desired Looker page in your web browser and use the "Get embed URL" menu option + /// to copy it to your clipboard and paste it into the `target_url` property as a quoted string value in this API request. /// - /// Permissions for the embed user are defined by the groups in which the embed user is a member (group_ids property) + /// Permissions for the embed user are defined by the groups in which the embed user is a member (`group_ids` property) /// and the lists of models and permissions assigned to the embed user. - /// At a minimum, you must provide values for either the group_ids property, or both the models and permissions properties. + /// At a minimum, you must provide values for either the `group_ids` property, or **both** the models and permissions properties. /// These properties are additive; an embed user can be a member of certain groups AND be granted access to models and permissions. /// - /// The embed user's access is the union of permissions granted by the group_ids, models, and permissions properties. + /// The embed user's access is the union of permissions granted by the `group_ids`, `models`, and `permissions` properties. /// /// This function does not strictly require all group_ids, user attribute names, or model names to exist at the moment the - /// SSO embed url is created. Unknown group_id, user attribute names or model names will be passed through to the output URL. + /// embed url is created. Unknown group_id, user attribute names or model names will be passed through to the output URL. + /// /// To diagnose potential problems with an SSO embed URL, you can copy the signed URL into the Embed URI Validator text box in `/admin/embed`. /// /// The `secret_id` parameter is optional. If specified, its value must be the id of an active secret defined in the Looker instance. - /// if not specified, the URL will be signed using the newest active secret defined in the Looker instance. + /// if not specified, the URL will be signed using the most recent active signing secret. If there is no active secret for signing embed urls, + /// a default secret will be created. This default secret is encrypted using HMAC/SHA-256. + /// + /// The `embed_domain` parameter is optional. If specified and valid, the domain will be added to the embed domain allowlist if it is missing. /// /// #### Security Note /// Protect this signed URL as you would an access token or password credentials - do not write @@ -176,7 +180,7 @@ public async Task> logout( /// /// POST /embed/sso_url -> EmbedUrlResponse /// - /// EmbedUrlResponse Signed SSO URL (application/json) + /// EmbedUrlResponse Signed Embed URL (application/json) /// public async Task> create_sso_embed_url( EmbedSsoParams body, @@ -194,7 +198,7 @@ public async Task> create_sso_embed_url /// /// Configuring LDAP impacts authentication for all users. This configuration should be done carefully. /// - /// Looker maintains a single LDAP configuration. It can be read and updated. Updates only succeed if the new state will be valid (in the sense that all required fields are populated); it is up to you to ensure that the configuration is appropriate and correct). + /// Looker maintains a single LDAP configuration. It can be read and updated. Updates only succeed if the new state will be valid (in the sense that all required fields are populated); it is up to you to ensure that the configuration is appropriate and correct). /// /// LDAP is enabled or disabled for Looker using the **enabled** field. /// @@ -273,9 +277,9 @@ public async Task> test_ldap_config /// ### Test the connection authentication settings for an LDAP configuration. /// - /// This tests that the connection is possible and that a 'server' account to be used by Looker can authenticate to the LDAP server given connection and authentication information. + /// This tests that the connection is possible and that a 'server' account to be used by Looker can authenticate to the LDAP server given connection and authentication information. /// - /// **connection_host**, **connection_port**, and **auth_username**, are required. **connection_tls** and **auth_password** are optional. + /// **connection_host**, **connection_port**, and **auth_username**, are required. **connection_tls** and **auth_password** are optional. /// /// Example: /// ```json @@ -288,7 +292,7 @@ public async Task> test_ldap_config /// } /// ``` /// - /// Looker will never return an **auth_password**. If this request omits the **auth_password** field, then the **auth_password** value from the active config (if present) will be used for the test. + /// Looker will never return an **auth_password**. If this request omits the **auth_password** field, then the **auth_password** value from the active config (if present) will be used for the test. /// /// The active LDAP settings are not modified. /// @@ -307,9 +311,9 @@ public async Task> test_ldap_config /// ### Test the user authentication settings for an LDAP configuration without authenticating the user. /// - /// This test will let you easily test the mapping for user properties and roles for any user without needing to authenticate as that user. + /// This test will let you easily test the mapping for user properties and roles for any user withoutneeding to authenticate as that user. /// - /// This test accepts a full LDAP configuration along with a username and attempts to find the full info for the user from the LDAP server without actually authenticating the user. So, user password is not required.The configuration is validated before attempting to contact the server. + /// This test accepts a full LDAP configuration along with a username and attempts to find the full infofor the user from the LDAP server without actually authenticating the user. So, user password is notrequired.The configuration is validated before attempting to contact the server. /// /// **test_ldap_user** is required. /// @@ -330,9 +334,9 @@ public async Task> test_ldap_config /// ### Test the user authentication settings for an LDAP configuration. /// - /// This test accepts a full LDAP configuration along with a username/password pair and attempts to authenticate the user with the LDAP server. The configuration is validated before attempting the authentication. + /// This test accepts a full LDAP configuration along with a username/password pair and attempts to authenticate the user with the LDAP server. The configuration is validated before attempting the authentication. /// - /// Looker will never return an **auth_password**. If this request omits the **auth_password** field, then the **auth_password** value from the active config (if present) will be used for the test. + /// Looker will never return an **auth_password**. If this request omits the **auth_password** field, then the **auth_password** value from the active config (if present) will be used for the test. /// /// **test_ldap_user** and **test_ldap_password** are required. /// @@ -360,7 +364,7 @@ public async Task> test_ldap_config /// /// Configuring OIDC impacts authentication for all users. This configuration should be done carefully. /// - /// Looker maintains a single OIDC configuation. It can be read and updated. Updates only succeed if the new state will be valid (in the sense that all required fields are populated); it is up to you to ensure that the configuration is appropriate and correct). + /// Looker maintains a single OIDC configuation. It can be read and updated. Updates only succeed if the new state will be valid (in the sense that all required fields are populated); it is up to you to ensure that the configuration is appropriate and correct). /// /// OIDC is enabled or disabled for Looker using the **enabled** field. /// @@ -500,7 +504,7 @@ public async Task> force_password_reset_at_next_l /// /// Configuring SAML impacts authentication for all users. This configuration should be done carefully. /// - /// Looker maintains a single SAML configuation. It can be read and updated. Updates only succeed if the new state will be valid (in the sense that all required fields are populated); it is up to you to ensure that the configuration is appropriate and correct). + /// Looker maintains a single SAML configuation. It can be read and updated. Updates only succeed if the new state will be valid (in the sense that all required fields are populated); it is up to you to ensure that the configuration is appropriate and correct). /// /// SAML is enabled or disabled for Looker using the **enabled** field. /// diff --git a/csharp/sdk/3.1/models.cs b/csharp/sdk/3.1/models.cs index 7d7d0020d..966b042e7 100644 --- a/csharp/sdk/3.1/models.cs +++ b/csharp/sdk/3.1/models.cs @@ -1427,11 +1427,11 @@ public class EmbedSsoParams : SdkModel { /// The complete URL of the Looker UI page to display in the embed context. For example, to display the dashboard with id 34, `target_url` would look like: `https://mycompany.looker.com:9999/dashboards/34`. `target_uri` MUST contain a scheme (HTTPS), domain name, and URL path. Port must be included if it is required to reach the Looker server from browser clients. If the Looker instance is behind a load balancer or other proxy, `target_uri` must be the public-facing domain name and port required to reach the Looker instance, not the actual internal network machine name of the Looker instance. public Url target_url { get; set; } = ""; - /// Number of seconds the SSO embed session will be valid after the embed session is started. Defaults to 300 seconds. Maximum session length accepted is 2592000 seconds (30 days). + /// Number of seconds the signed embed session will be valid after the embed session is started. Defaults to 300 seconds. Maximum session length accepted is 2592000 seconds (30 days). public long? session_length { get; set; } = null; /// When true, the embed session will purge any residual Looker login state (such as in browser cookies) before creating a new login state with the given embed user info. Defaults to true. public bool? force_logout_login { get; set; } = null; - /// A value from an external system that uniquely identifies the embed user. Since the user_ids of Looker embed users may change with every embed session, external_user_id provides a way to assign a known, stable user identifier across multiple embed sessions. + /// A value from an external system that uniquely identifies the embed user. Since the user_ids of Looker embed users may change with every embed session, external_user_id provides a way to assign a known, stable user identifier across multiple embed sessions. When the same external user id value is used for a new embed session, any existing session is terminated and existing access grants are replaced with the access grants associated with the new embed session. public string? external_user_id { get; set; } = null; /// First name of the embed user. Defaults to 'Embed' if not specified public string? first_name { get; set; } = null; @@ -1451,6 +1451,8 @@ public class EmbedSsoParams : SdkModel public StringDictionary? user_attributes { get; set; } = null; /// Id of the embed secret to use to sign this SSO url. If specified, the value must be an id of a valid (active) secret defined in the Looker instance. If not specified, the URL will be signed with the newest active embed secret defined in the Looker instance. public long? secret_id { get; set; } = null; + /// Optional. URL of the domain hosting the signed embed URL. If provided and valid, the embed_domain will be added to the embed domain allowlist if it is not currently in the list + public string? embed_domain { get; set; } = null; } public class EmbedUrlResponse : SdkModel diff --git a/csharp/sdk/4.0/methods.cs b/csharp/sdk/4.0/methods.cs index 1a1d1068d..db336c348 100644 --- a/csharp/sdk/4.0/methods.cs +++ b/csharp/sdk/4.0/methods.cs @@ -645,35 +645,39 @@ public async Task> delete_embed_secret( return await AuthRequest(HttpMethod.Delete, $"/embed_config/secrets/{embed_secret_id}", null,null,options); } - /// ### Create SSO Embed URL + /// ### Create Signed Embed URL /// - /// Creates an SSO embed URL and cryptographically signs it with an embed secret. + /// Creates a signed embed URL and cryptographically signs it with an embed secret. /// This signed URL can then be used to instantiate a Looker embed session in a PBL web application. - /// Do not make any modifications to this URL - any change may invalidate the signature and + /// Do not make any modifications to the returned URL - any change may invalidate the signature and /// cause the URL to fail to load a Looker embed session. /// - /// A signed SSO embed URL can only be used once. After it has been used to request a page from the - /// Looker server, the URL is invalid. Future requests using the same URL will fail. This is to prevent + /// A signed embed URL can only be **used once**. After the URL has been used to request a page from the + /// Looker server, it is invalid. Future requests using the same URL will fail. This is to prevent /// 'replay attacks'. /// /// The `target_url` property must be a complete URL of a Looker UI page - scheme, hostname, path and query params. /// To load a dashboard with id 56 and with a filter of `Date=1 years`, the looker URL would look like `https:/myname.looker.com/dashboards/56?Date=1%20years`. - /// The best way to obtain this target_url is to navigate to the desired Looker page in your web browser, - /// copy the URL shown in the browser address bar and paste it into the `target_url` property as a quoted string value in this API request. + /// The best way to obtain this `target_url` is to navigate to the desired Looker page in your web browser and use the "Get embed URL" menu option + /// to copy it to your clipboard and paste it into the `target_url` property as a quoted string value in this API request. /// - /// Permissions for the embed user are defined by the groups in which the embed user is a member (group_ids property) + /// Permissions for the embed user are defined by the groups in which the embed user is a member (`group_ids` property) /// and the lists of models and permissions assigned to the embed user. - /// At a minimum, you must provide values for either the group_ids property, or both the models and permissions properties. + /// At a minimum, you must provide values for either the `group_ids` property, or **both** the models and permissions properties. /// These properties are additive; an embed user can be a member of certain groups AND be granted access to models and permissions. /// - /// The embed user's access is the union of permissions granted by the group_ids, models, and permissions properties. + /// The embed user's access is the union of permissions granted by the `group_ids`, `models`, and `permissions` properties. /// /// This function does not strictly require all group_ids, user attribute names, or model names to exist at the moment the - /// SSO embed url is created. Unknown group_id, user attribute names or model names will be passed through to the output URL. + /// embed url is created. Unknown group_id, user attribute names or model names will be passed through to the output URL. + /// /// To diagnose potential problems with an SSO embed URL, you can copy the signed URL into the Embed URI Validator text box in `/admin/embed`. /// /// The `secret_id` parameter is optional. If specified, its value must be the id of an active secret defined in the Looker instance. - /// if not specified, the URL will be signed using the newest active secret defined in the Looker instance. + /// if not specified, the URL will be signed using the most recent active signing secret. If there is no active secret for signing embed urls, + /// a default secret will be created. This default secret is encrypted using HMAC/SHA-256. + /// + /// The `embed_domain` parameter is optional. If specified and valid, the domain will be added to the embed domain allowlist if it is missing. /// /// #### Security Note /// Protect this signed URL as you would an access token or password credentials - do not write @@ -685,7 +689,7 @@ public async Task> delete_embed_secret( /// /// POST /embed/sso_url -> EmbedUrlResponse /// - /// EmbedUrlResponse Signed SSO URL (application/json) + /// EmbedUrlResponse Signed Embed URL (application/json) /// public async Task> create_sso_embed_url( EmbedSsoParams body, @@ -829,7 +833,7 @@ public async Task> test_ldap_config /// ### Test the connection authentication settings for an LDAP configuration. /// - /// This tests that the connection is possible and that a 'server' account to be used by Looker can authenticate to the LDAP server given connection and authentication information. + /// This tests that the connection is possible and that a 'server' account to be used by Looker can authenticate to the LDAP server given connection and authentication information. /// - /// **connection_host**, **connection_port**, and **auth_username**, are required. **connection_tls** and **auth_password** are optional. + /// **connection_host**, **connection_port**, and **auth_username**, are required. **connection_tls** and **auth_password** are optional. /// /// Example: /// ```json @@ -923,7 +927,7 @@ public async Task> test_ldap_config /// } /// ``` /// - /// Looker will never return an **auth_password**. If this request omits the **auth_password** field, then the **auth_password** value from the active config (if present) will be used for the test. + /// Looker will never return an **auth_password**. If this request omits the **auth_password** field, then the **auth_password** value from the active config (if present) will be used for the test. /// /// The active LDAP settings are not modified. /// @@ -942,9 +946,9 @@ public async Task> test_ldap_config /// ### Test the user authentication settings for an LDAP configuration without authenticating the user. /// - /// This test will let you easily test the mapping for user properties and roles for any user without needing to authenticate as that user. + /// This test will let you easily test the mapping for user properties and roles for any user withoutneeding to authenticate as that user. /// - /// This test accepts a full LDAP configuration along with a username and attempts to find the full info for the user from the LDAP server without actually authenticating the user. So, user password is not required.The configuration is validated before attempting to contact the server. + /// This test accepts a full LDAP configuration along with a username and attempts to find the full infofor the user from the LDAP server without actually authenticating the user. So, user password is notrequired.The configuration is validated before attempting to contact the server. /// /// **test_ldap_user** is required. /// @@ -965,9 +969,9 @@ public async Task> test_ldap_config /// ### Test the user authentication settings for an LDAP configuration. /// - /// This test accepts a full LDAP configuration along with a username/password pair and attempts to authenticate the user with the LDAP server. The configuration is validated before attempting the authentication. + /// This test accepts a full LDAP configuration along with a username/password pair and attempts to authenticate the user with the LDAP server. The configuration is validated before attempting the authentication. /// - /// Looker will never return an **auth_password**. If this request omits the **auth_password** field, then the **auth_password** value from the active config (if present) will be used for the test. + /// Looker will never return an **auth_password**. If this request omits the **auth_password** field, then the **auth_password** value from the active config (if present) will be used for the test. /// /// **test_ldap_user** and **test_ldap_password** are required. /// @@ -1226,7 +1230,7 @@ public async Task> deactivate_app_user( /// /// Configuring OIDC impacts authentication for all users. This configuration should be done carefully. /// - /// Looker maintains a single OIDC configuation. It can be read and updated. Updates only succeed if the new state will be valid (in the sense that all required fields are populated); it is up to you to ensure that the configuration is appropriate and correct). + /// Looker maintains a single OIDC configuation. It can be read and updated. Updates only succeed if the new state will be valid (in the sense that all required fields are populated); it is up to you to ensure that the configuration is appropriate and correct). /// /// OIDC is enabled or disabled for Looker using the **enabled** field. /// @@ -1366,7 +1370,7 @@ public async Task> force_password_reset_at_next_l /// /// Configuring SAML impacts authentication for all users. This configuration should be done carefully. /// - /// Looker maintains a single SAML configuation. It can be read and updated. Updates only succeed if the new state will be valid (in the sense that all required fields are populated); it is up to you to ensure that the configuration is appropriate and correct). + /// Looker maintains a single SAML configuation. It can be read and updated. Updates only succeed if the new state will be valid (in the sense that all required fields are populated); it is up to you to ensure that the configuration is appropriate and correct). /// /// SAML is enabled or disabled for Looker using the **enabled** field. /// @@ -2473,8 +2477,10 @@ public async Task> mobile_settings( /// - extension_framework_enabled /// - extension_load_url_enabled /// - marketplace_auto_install_enabled + /// - marketplace_automation /// - marketplace_terms_accepted /// - marketplace_enabled + /// - marketplace_site /// - onboarding_enabled /// - privatelabel_configuration /// - timezone @@ -2482,6 +2488,7 @@ public async Task> mobile_settings( /// - email_domain_allowlist /// - embed_cookieless_v2 /// - embed_enabled + /// - embed_config /// /// GET /setting -> Setting /// @@ -2505,8 +2512,10 @@ public async Task> get_setting( /// - extension_framework_enabled /// - extension_load_url_enabled /// - marketplace_auto_install_enabled + /// - marketplace_automation /// - marketplace_terms_accepted /// - marketplace_enabled + /// - marketplace_site /// - onboarding_enabled /// - privatelabel_configuration /// - timezone @@ -2514,6 +2523,7 @@ public async Task> get_setting( /// - email_domain_allowlist /// - embed_cookieless_v2 /// - embed_enabled + /// - embed_config /// /// See the `Setting` type for more information on the specific values that can be configured. /// diff --git a/csharp/sdk/4.0/models.cs b/csharp/sdk/4.0/models.cs index 86c85ecad..88ad7525e 100644 --- a/csharp/sdk/4.0/models.cs +++ b/csharp/sdk/4.0/models.cs @@ -21,7 +21,7 @@ /// SOFTWARE. /// -/// 327 API models: 245 Spec, 0 Request, 60 Write, 22 Enum +/// 329 API models: 247 Spec, 0 Request, 60 Write, 22 Enum #nullable enable using System; @@ -1922,13 +1922,39 @@ public class EgressIpAddresses : SdkModel public string[]? egress_ip_addresses { get; set; } = null; } +public class EmbedConfig : SdkModel +{ + /// List of domains to allow for embedding + public string[]? domain_allowlist { get; set; } = null; + /// List of base urls to allow for alert/schedule + public string[]? alert_url_allowlist { get; set; } = null; + /// Owner of who defines the alert/schedule params on the base url + public string? alert_url_param_owner { get; set; } = null; + /// Label for the alert/schedule url + public string? alert_url_label { get; set; } = null; + /// Is SSO embedding enabled for this Looker + public bool? sso_auth_enabled { get; set; } = null; + /// Is Cookieless embedding enabled for this Looker + public bool? embed_cookieless_v2 { get; set; } = null; + /// Is embed content navigation enabled for this looker + public bool? embed_content_navigation { get; set; } = null; + /// Is embed content management enabled for this Looker + public bool? embed_content_management { get; set; } = null; + /// When true, prohibits the use of Looker login pages in non-Looker iframes. When false, Looker login pages may be used in non-Looker hosted iframes. + public bool? strict_sameorigin_for_login { get; set; } = null; + /// When true, filters are enabled on embedded Looks + public bool? look_filters { get; set; } = null; + /// When true, removes navigation to Looks from embedded dashboards and explores. + public bool? hide_look_navigation { get; set; } = null; +} + public class EmbedCookielessSessionAcquire : SdkModel { - /// Number of seconds the SSO embed session will be valid after the embed session is started. Defaults to 300 seconds. Maximum session length accepted is 2592000 seconds (30 days). + /// Number of seconds the signed embed session will be valid after the embed session is started. Defaults to 300 seconds. Maximum session length accepted is 2592000 seconds (30 days). public long? session_length { get; set; } = null; /// When true, the embed session will purge any residual Looker login state (such as in browser cookies) before creating a new login state with the given embed user info. Defaults to true. public bool? force_logout_login { get; set; } = null; - /// A value from an external system that uniquely identifies the embed user. Since the user_ids of Looker embed users may change with every embed session, external_user_id provides a way to assign a known, stable user identifier across multiple embed sessions. + /// A value from an external system that uniquely identifies the embed user. Since the user_ids of Looker embed users may change with every embed session, external_user_id provides a way to assign a known, stable user identifier across multiple embed sessions. When the same external user id value is used for a new embed session, any existing session is terminated and existing access grants are replaced with the access grants associated with the new embed session. public string? external_user_id { get; set; } = null; /// First name of the embed user. Defaults to 'Embed' if not specified public string? first_name { get; set; } = null; @@ -1946,10 +1972,10 @@ public class EmbedCookielessSessionAcquire : SdkModel public string? external_group_id { get; set; } = null; /// A dictionary of name-value pairs associating a Looker user attribute name with a value. public StringDictionary? user_attributes { get; set; } = null; - /// Token referencing the embed session and is used to generate new authentication, navigation and api tokens. - public string? session_reference_token { get; set; } = null; /// The domain of the server embedding the Looker IFRAME. This is an alternative to specifying the domain in the embedded domain allow list in the Looker embed admin page. public string? embed_domain { get; set; } = null; + /// Token referencing the embed session and is used to generate new authentication, navigation and api tokens. + public string? session_reference_token { get; set; } = null; } public class EmbedCookielessSessionAcquireResponse : SdkModel @@ -2002,7 +2028,7 @@ public class EmbedParams : SdkModel { /// The complete URL of the Looker UI page to display in the embed context. For example, to display the dashboard with id 34, `target_url` would look like: `https://mycompany.looker.com:9999/dashboards/34`. `target_uri` MUST contain a scheme (HTTPS), domain name, and URL path. Port must be included if it is required to reach the Looker server from browser clients. If the Looker instance is behind a load balancer or other proxy, `target_uri` must be the public-facing domain name and port required to reach the Looker instance, not the actual internal network machine name of the Looker instance. public string target_url { get; set; } = ""; - /// Number of seconds the SSO embed session will be valid after the embed session is started. Defaults to 300 seconds. Maximum session length accepted is 2592000 seconds (30 days). + /// Number of seconds the signed embed session will be valid after the embed session is started. Defaults to 300 seconds. Maximum session length accepted is 2592000 seconds (30 days). public long? session_length { get; set; } = null; /// When true, the embed session will purge any residual Looker login state (such as in browser cookies) before creating a new login state with the given embed user info. Defaults to true. public bool? force_logout_login { get; set; } = null; @@ -2031,11 +2057,11 @@ public class EmbedSsoParams : SdkModel { /// The complete URL of the Looker UI page to display in the embed context. For example, to display the dashboard with id 34, `target_url` would look like: `https://mycompany.looker.com:9999/dashboards/34`. `target_uri` MUST contain a scheme (HTTPS), domain name, and URL path. Port must be included if it is required to reach the Looker server from browser clients. If the Looker instance is behind a load balancer or other proxy, `target_uri` must be the public-facing domain name and port required to reach the Looker instance, not the actual internal network machine name of the Looker instance. public string target_url { get; set; } = ""; - /// Number of seconds the SSO embed session will be valid after the embed session is started. Defaults to 300 seconds. Maximum session length accepted is 2592000 seconds (30 days). + /// Number of seconds the signed embed session will be valid after the embed session is started. Defaults to 300 seconds. Maximum session length accepted is 2592000 seconds (30 days). public long? session_length { get; set; } = null; /// When true, the embed session will purge any residual Looker login state (such as in browser cookies) before creating a new login state with the given embed user info. Defaults to true. public bool? force_logout_login { get; set; } = null; - /// A value from an external system that uniquely identifies the embed user. Since the user_ids of Looker embed users may change with every embed session, external_user_id provides a way to assign a known, stable user identifier across multiple embed sessions. + /// A value from an external system that uniquely identifies the embed user. Since the user_ids of Looker embed users may change with every embed session, external_user_id provides a way to assign a known, stable user identifier across multiple embed sessions. When the same external user id value is used for a new embed session, any existing session is terminated and existing access grants are replaced with the access grants associated with the new embed session. public string? external_user_id { get; set; } = null; /// First name of the embed user. Defaults to 'Embed' if not specified public string? first_name { get; set; } = null; @@ -2055,6 +2081,8 @@ public class EmbedSsoParams : SdkModel public StringDictionary? user_attributes { get; set; } = null; /// Id of the embed secret to use to sign this SSO url. If specified, the value must be an id of a valid (active) secret defined in the Looker instance. If not specified, the URL will be signed with the newest active embed secret defined in the Looker instance. public string? secret_id { get; set; } = null; + /// Optional. URL of the domain hosting the signed embed URL. If provided and valid, the embed_domain will be added to the embed domain allowlist if it is not currently in the list + public string? embed_domain { get; set; } = null; } public class EmbedUrlResponse : SdkModel @@ -3478,6 +3506,16 @@ public class Manifest : SdkModel public LocalizationSettings? localization_settings { get; set; } } +public class MarketplaceAutomation : SdkModel +{ + /// Whether marketplace auto installation is enabled + public bool? install_enabled { get; set; } = null; + /// Whether marketplace auto update is enabled for looker extensions + public bool? update_looker_enabled { get; set; } = null; + /// Whether marketplace auto update is enabled for third party extensions + public bool? update_third_party_enabled { get; set; } = null; +} + public class MaterializePDT : SdkModel { /// The ID of the enqueued materialization task (read-only) @@ -4735,12 +4773,15 @@ public class Setting : SdkModel { /// Toggle extension framework on or off public bool? extension_framework_enabled { get; set; } = null; - /// (DEPRECATED) Toggle extension extension load url on or off. Do not use. This is temporary setting that will eventually become a noop and subsequently deleted. + /// (DEPRECATED) Toggle extension load url on or off. Do not use. This is temporary setting that will eventually become a noop and subsequently deleted. public bool? extension_load_url_enabled { get; set; } = null; - /// Toggle marketplace auto install on or off. Note that auto install only runs if marketplace is enabled. + /// (DEPRECATED) Toggle marketplace auto install on or off. Deprecated - do not use. Auto install can now be enabled via marketplace automation settings public bool? marketplace_auto_install_enabled { get; set; } = null; + public MarketplaceAutomation? marketplace_automation { get; set; } /// Toggle marketplace on or off public bool? marketplace_enabled { get; set; } = null; + /// Location of Looker marketplace CDN (read-only) + public string? marketplace_site { get; set; } = null; /// Accept marketplace terms by setting this value to true, or get the current status. Marketplace terms CANNOT be declined once accepted. Accepting marketplace terms automatically enables the marketplace. The marketplace can still be disabled after it has been enabled. public bool? marketplace_terms_accepted { get; set; } = null; public PrivatelabelConfiguration? privatelabel_configuration { get; set; } @@ -4759,10 +4800,11 @@ public class Setting : SdkModel public bool? override_warnings { get; set; } = null; /// An array of Email Domain Allowlist of type string for Scheduled Content public string[]? email_domain_allowlist { get; set; } = null; - /// Toggle cookieless embed setting + /// (DEPRECATED) Use embed_config.embed_cookieless_v2 instead. If embed_config.embed_cookieless_v2 is specified, it overrides this value. public bool? embed_cookieless_v2 { get; set; } = null; /// True if embedding is enabled https://cloud.google.com/looker/docs/r/looker-core-feature-embed, false otherwise (read-only) public bool? embed_enabled { get; set; } = null; + public EmbedConfig? embed_config { get; set; } } public class SmtpNodeStatus : SdkModel @@ -6704,15 +6746,16 @@ public class WriteSessionConfig : SdkModel } /// Dynamic writeable type for Setting removes: -/// embed_enabled +/// marketplace_site, embed_enabled public class WriteSetting : SdkModel { /// Toggle extension framework on or off public bool? extension_framework_enabled { get; set; } = null; - /// (DEPRECATED) Toggle extension extension load url on or off. Do not use. This is temporary setting that will eventually become a noop and subsequently deleted. + /// (DEPRECATED) Toggle extension load url on or off. Do not use. This is temporary setting that will eventually become a noop and subsequently deleted. public bool? extension_load_url_enabled { get; set; } = null; - /// Toggle marketplace auto install on or off. Note that auto install only runs if marketplace is enabled. + /// (DEPRECATED) Toggle marketplace auto install on or off. Deprecated - do not use. Auto install can now be enabled via marketplace automation settings public bool? marketplace_auto_install_enabled { get; set; } = null; + public MarketplaceAutomation? marketplace_automation { get; set; } /// Toggle marketplace on or off public bool? marketplace_enabled { get; set; } = null; /// Accept marketplace terms by setting this value to true, or get the current status. Marketplace terms CANNOT be declined once accepted. Accepting marketplace terms automatically enables the marketplace. The marketplace can still be disabled after it has been enabled. @@ -6737,8 +6780,9 @@ public class WriteSetting : SdkModel public bool? override_warnings { get; set; } = null; /// An array of Email Domain Allowlist of type string for Scheduled Content public string[]? email_domain_allowlist { get; set; } = null; - /// Toggle cookieless embed setting + /// (DEPRECATED) Use embed_config.embed_cookieless_v2 instead. If embed_config.embed_cookieless_v2 is specified, it overrides this value. public bool? embed_cookieless_v2 { get; set; } = null; + public EmbedConfig? embed_config { get; set; } } /// Dynamic writeable type for SshServer removes: diff --git a/go/sdk/v4/methods.go b/go/sdk/v4/methods.go index 8321523a3..8c32c7168 100644 --- a/go/sdk/v4/methods.go +++ b/go/sdk/v4/methods.go @@ -518,35 +518,39 @@ func (l *LookerSDK) DeleteEmbedSecret( } -// ### Create SSO Embed URL +// ### Create Signed Embed URL // -// Creates an SSO embed URL and cryptographically signs it with an embed secret. +// Creates a signed embed URL and cryptographically signs it with an embed secret. // This signed URL can then be used to instantiate a Looker embed session in a PBL web application. -// Do not make any modifications to this URL - any change may invalidate the signature and +// Do not make any modifications to the returned URL - any change may invalidate the signature and // cause the URL to fail to load a Looker embed session. // -// A signed SSO embed URL can only be used once. After it has been used to request a page from the -// Looker server, the URL is invalid. Future requests using the same URL will fail. This is to prevent +// A signed embed URL can only be **used once**. After the URL has been used to request a page from the +// Looker server, it is invalid. Future requests using the same URL will fail. This is to prevent // 'replay attacks'. // // The `target_url` property must be a complete URL of a Looker UI page - scheme, hostname, path and query params. // To load a dashboard with id 56 and with a filter of `Date=1 years`, the looker URL would look like `https:/myname.looker.com/dashboards/56?Date=1%20years`. -// The best way to obtain this target_url is to navigate to the desired Looker page in your web browser, -// copy the URL shown in the browser address bar and paste it into the `target_url` property as a quoted string value in this API request. +// The best way to obtain this `target_url` is to navigate to the desired Looker page in your web browser and use the "Get embed URL" menu option +// to copy it to your clipboard and paste it into the `target_url` property as a quoted string value in this API request. // -// Permissions for the embed user are defined by the groups in which the embed user is a member (group_ids property) +// Permissions for the embed user are defined by the groups in which the embed user is a member (`group_ids` property) // and the lists of models and permissions assigned to the embed user. -// At a minimum, you must provide values for either the group_ids property, or both the models and permissions properties. +// At a minimum, you must provide values for either the `group_ids` property, or **both** the models and permissions properties. // These properties are additive; an embed user can be a member of certain groups AND be granted access to models and permissions. // -// The embed user's access is the union of permissions granted by the group_ids, models, and permissions properties. +// The embed user's access is the union of permissions granted by the `group_ids`, `models`, and `permissions` properties. // // This function does not strictly require all group_ids, user attribute names, or model names to exist at the moment the -// SSO embed url is created. Unknown group_id, user attribute names or model names will be passed through to the output URL. +// embed url is created. Unknown group_id, user attribute names or model names will be passed through to the output URL. +// // To diagnose potential problems with an SSO embed URL, you can copy the signed URL into the Embed URI Validator text box in `/admin/embed`. // // The `secret_id` parameter is optional. If specified, its value must be the id of an active secret defined in the Looker instance. -// if not specified, the URL will be signed using the newest active secret defined in the Looker instance. +// if not specified, the URL will be signed using the most recent active signing secret. If there is no active secret for signing embed urls, +// a default secret will be created. This default secret is encrypted using HMAC/SHA-256. +// +// The `embed_domain` parameter is optional. If specified and valid, the domain will be added to the embed domain allowlist if it is missing. // // #### Security Note // Protect this signed URL as you would an access token or password credentials - do not write @@ -694,7 +698,7 @@ func (l *LookerSDK) GenerateTokensForCookielessSession( // // Configuring LDAP impacts authentication for all users. This configuration should be done carefully. // -// Looker maintains a single LDAP configuration. It can be read and updated. Updates only succeed if the new state will be valid (in the sense that all required fields are populated); it is up to you to ensure that the configuration is appropriate and correct). +// Looker maintains a single LDAP configuration. It can be read and updated. Updates only succeed if the new state will be valid (in the sense that all required fields are populated); it is up to you to ensure that the configuration is appropriate and correct). // // LDAP is enabled or disabled for Looker using the **enabled** field. // @@ -772,9 +776,9 @@ func (l *LookerSDK) TestLdapConfigConnection( // ### Test the connection authentication settings for an LDAP configuration. // -// This tests that the connection is possible and that a 'server' account to be used by Looker can authenticate to the LDAP server given connection and authentication information. +// This tests that the connection is possible and that a 'server' account to be used by Looker can authenticate to the LDAP server given connection and authentication information. // -// **connection_host**, **connection_port**, and **auth_username**, are required. **connection_tls** and **auth_password** are optional. +// **connection_host**, **connection_port**, and **auth_username**, are required. **connection_tls** and **auth_password** are optional. // // Example: // ```json @@ -789,7 +793,7 @@ func (l *LookerSDK) TestLdapConfigConnection( // // ``` // -// Looker will never return an **auth_password**. If this request omits the **auth_password** field, then the **auth_password** value from the active config (if present) will be used for the test. +// Looker will never return an **auth_password**. If this request omits the **auth_password** field, then the **auth_password** value from the active config (if present) will be used for the test. // // The active LDAP settings are not modified. // @@ -807,9 +811,9 @@ func (l *LookerSDK) TestLdapConfigAuth( // ### Test the user authentication settings for an LDAP configuration without authenticating the user. // -// This test will let you easily test the mapping for user properties and roles for any user without needing to authenticate as that user. +// This test will let you easily test the mapping for user properties and roles for any user withoutneeding to authenticate as that user. // -// This test accepts a full LDAP configuration along with a username and attempts to find the full info for the user from the LDAP server without actually authenticating the user. So, user password is not required.The configuration is validated before attempting to contact the server. +// This test accepts a full LDAP configuration along with a username and attempts to find the full infofor the user from the LDAP server without actually authenticating the user. So, user password is notrequired.The configuration is validated before attempting to contact the server. // // **test_ldap_user** is required. // @@ -829,9 +833,9 @@ func (l *LookerSDK) TestLdapConfigUserInfo( // ### Test the user authentication settings for an LDAP configuration. // -// This test accepts a full LDAP configuration along with a username/password pair and attempts to authenticate the user with the LDAP server. The configuration is validated before attempting the authentication. +// This test accepts a full LDAP configuration along with a username/password pair and attempts to authenticate the user with the LDAP server. The configuration is validated before attempting the authentication. // -// Looker will never return an **auth_password**. If this request omits the **auth_password** field, then the **auth_password** value from the active config (if present) will be used for the test. +// Looker will never return an **auth_password**. If this request omits the **auth_password** field, then the **auth_password** value from the active config (if present) will be used for the test. // // **test_ldap_user** and **test_ldap_password** are required. // @@ -1051,7 +1055,7 @@ func (l *LookerSDK) DeactivateAppUser( // // Configuring OIDC impacts authentication for all users. This configuration should be done carefully. // -// Looker maintains a single OIDC configuation. It can be read and updated. Updates only succeed if the new state will be valid (in the sense that all required fields are populated); it is up to you to ensure that the configuration is appropriate and correct). +// Looker maintains a single OIDC configuation. It can be read and updated. Updates only succeed if the new state will be valid (in the sense that all required fields are populated); it is up to you to ensure that the configuration is appropriate and correct). // // OIDC is enabled or disabled for Looker using the **enabled** field. // @@ -1181,7 +1185,7 @@ func (l *LookerSDK) ForcePasswordResetAtNextLoginForAllUsers( // // Configuring SAML impacts authentication for all users. This configuration should be done carefully. // -// Looker maintains a single SAML configuation. It can be read and updated. Updates only succeed if the new state will be valid (in the sense that all required fields are populated); it is up to you to ensure that the configuration is appropriate and correct). +// Looker maintains a single SAML configuation. It can be read and updated. Updates only succeed if the new state will be valid (in the sense that all required fields are populated); it is up to you to ensure that the configuration is appropriate and correct). // // SAML is enabled or disabled for Looker using the **enabled** field. // @@ -2085,8 +2089,10 @@ func (l *LookerSDK) MobileSettings( // - extension_framework_enabled // - extension_load_url_enabled // - marketplace_auto_install_enabled +// - marketplace_automation // - marketplace_terms_accepted // - marketplace_enabled +// - marketplace_site // - onboarding_enabled // - privatelabel_configuration // - timezone @@ -2094,6 +2100,7 @@ func (l *LookerSDK) MobileSettings( // - email_domain_allowlist // - embed_cookieless_v2 // - embed_enabled +// - embed_config // // GET /setting -> Setting func (l *LookerSDK) GetSetting( @@ -2114,8 +2121,10 @@ func (l *LookerSDK) GetSetting( // - extension_framework_enabled // - extension_load_url_enabled // - marketplace_auto_install_enabled +// - marketplace_automation // - marketplace_terms_accepted // - marketplace_enabled +// - marketplace_site // - onboarding_enabled // - privatelabel_configuration // - timezone @@ -2123,6 +2132,7 @@ func (l *LookerSDK) GetSetting( // - email_domain_allowlist // - embed_cookieless_v2 // - embed_enabled +// - embed_config // // See the `Setting` type for more information on the specific values that can be configured. // @@ -3842,7 +3852,7 @@ func (l *LookerSDK) SearchGroups(request RequestSearchGroups, // Boolean search params accept only "true" and "false" as values. // // GET /groups/search/with_roles -> []GroupSearch -func (l *LookerSDK) SearchGroupsWithRoles(request RequestSearchGroups, +func (l *LookerSDK) SearchGroupsWithRoles(request RequestSearchGroupsWithRoles, options *rtl.ApiSettings) ([]GroupSearch, error) { var result []GroupSearch err := l.session.Do(&result, "GET", "/4.0", "/groups/search/with_roles", map[string]interface{}{"fields": request.Fields, "limit": request.Limit, "offset": request.Offset, "sorts": request.Sorts, "filter_or": request.FilterOr, "id": request.Id, "name": request.Name, "external_group_id": request.ExternalGroupId, "externally_managed": request.ExternallyManaged, "externally_orphaned": request.ExternallyOrphaned}, nil, options) @@ -3877,7 +3887,7 @@ func (l *LookerSDK) SearchGroupsWithRoles(request RequestSearchGroups, // Boolean search params accept only "true" and "false" as values. // // GET /groups/search/with_hierarchy -> []GroupHierarchy -func (l *LookerSDK) SearchGroupsWithHierarchy(request RequestSearchGroups, +func (l *LookerSDK) SearchGroupsWithHierarchy(request RequestSearchGroupsWithHierarchy, options *rtl.ApiSettings) ([]GroupHierarchy, error) { var result []GroupHierarchy err := l.session.Do(&result, "GET", "/4.0", "/groups/search/with_hierarchy", map[string]interface{}{"fields": request.Fields, "limit": request.Limit, "offset": request.Offset, "sorts": request.Sorts, "filter_or": request.FilterOr, "id": request.Id, "name": request.Name, "external_group_id": request.ExternalGroupId, "externally_managed": request.ExternallyManaged, "externally_orphaned": request.ExternallyOrphaned}, nil, options) @@ -4452,7 +4462,7 @@ func (l *LookerSDK) MoveLook( // ### Get information about all lookml models. // // GET /lookml_models -> []LookmlModel -func (l *LookerSDK) AllLookmlModels(request RequestArtifactNamespaces, +func (l *LookerSDK) AllLookmlModels(request RequestAllLookmlModels, options *rtl.ApiSettings) ([]LookmlModel, error) { var result []LookmlModel err := l.session.Do(&result, "GET", "/4.0", "/lookml_models", map[string]interface{}{"fields": request.Fields, "limit": request.Limit, "offset": request.Offset}, nil, options) @@ -6003,7 +6013,7 @@ func (l *LookerSDK) AllPermissions( // Boolean search params accept only "true" and "false" as values. // // GET /permission_sets/search -> []PermissionSet -func (l *LookerSDK) SearchPermissionSets(request RequestSearchModelSets, +func (l *LookerSDK) SearchPermissionSets(request RequestSearchPermissionSets, options *rtl.ApiSettings) ([]PermissionSet, error) { var result []PermissionSet err := l.session.Do(&result, "GET", "/4.0", "/permission_sets/search", map[string]interface{}{"fields": request.Fields, "limit": request.Limit, "offset": request.Offset, "sorts": request.Sorts, "id": request.Id, "name": request.Name, "all_access": request.AllAccess, "built_in": request.BuiltIn, "filter_or": request.FilterOr}, nil, options) @@ -6160,7 +6170,7 @@ func (l *LookerSDK) SearchRoles(request RequestSearchRoles, // Boolean search params accept only "true" and "false" as values. // // GET /roles/search/with_user_count -> []RoleSearch -func (l *LookerSDK) SearchRolesWithUserCount(request RequestSearchRoles, +func (l *LookerSDK) SearchRolesWithUserCount(request RequestSearchRolesWithUserCount, options *rtl.ApiSettings) ([]RoleSearch, error) { var result []RoleSearch err := l.session.Do(&result, "GET", "/4.0", "/roles/search/with_user_count", map[string]interface{}{"fields": request.Fields, "limit": request.Limit, "offset": request.Offset, "sorts": request.Sorts, "id": request.Id, "name": request.Name, "built_in": request.BuiltIn, "filter_or": request.FilterOr}, nil, options) @@ -7755,7 +7765,7 @@ func (l *LookerSDK) CreateEmbedUser( // ### Get information about all user attributes. // // GET /user_attributes -> []UserAttribute -func (l *LookerSDK) AllUserAttributes(request RequestAllBoardSections, +func (l *LookerSDK) AllUserAttributes(request RequestAllUserAttributes, options *rtl.ApiSettings) ([]UserAttribute, error) { var result []UserAttribute err := l.session.Do(&result, "GET", "/4.0", "/user_attributes", map[string]interface{}{"fields": request.Fields, "sorts": request.Sorts}, nil, options) diff --git a/go/sdk/v4/models.go b/go/sdk/v4/models.go index 0cd290502..751e011c5 100644 --- a/go/sdk/v4/models.go +++ b/go/sdk/v4/models.go @@ -26,7 +26,7 @@ SOFTWARE. /* -387 API models: 245 Spec, 60 Request, 60 Write, 22 Enum +394 API models: 247 Spec, 66 Request, 59 Write, 22 Enum */ // NOTE: Do not edit this file generated by Looker SDK Codegen for API v4 @@ -1091,10 +1091,24 @@ type EgressIpAddresses struct { EgressIpAddresses *[]string `json:"egress_ip_addresses,omitempty"` // Egress IP addresses } +type EmbedConfig struct { + DomainAllowlist *[]string `json:"domain_allowlist,omitempty"` // List of domains to allow for embedding + AlertUrlAllowlist *[]string `json:"alert_url_allowlist,omitempty"` // List of base urls to allow for alert/schedule + AlertUrlParamOwner *string `json:"alert_url_param_owner,omitempty"` // Owner of who defines the alert/schedule params on the base url + AlertUrlLabel *string `json:"alert_url_label,omitempty"` // Label for the alert/schedule url + SsoAuthEnabled *bool `json:"sso_auth_enabled,omitempty"` // Is SSO embedding enabled for this Looker + EmbedCookielessV2 *bool `json:"embed_cookieless_v2,omitempty"` // Is Cookieless embedding enabled for this Looker + EmbedContentNavigation *bool `json:"embed_content_navigation,omitempty"` // Is embed content navigation enabled for this looker + EmbedContentManagement *bool `json:"embed_content_management,omitempty"` // Is embed content management enabled for this Looker + StrictSameoriginForLogin *bool `json:"strict_sameorigin_for_login,omitempty"` // When true, prohibits the use of Looker login pages in non-Looker iframes. When false, Looker login pages may be used in non-Looker hosted iframes. + LookFilters *bool `json:"look_filters,omitempty"` // When true, filters are enabled on embedded Looks + HideLookNavigation *bool `json:"hide_look_navigation,omitempty"` // When true, removes navigation to Looks from embedded dashboards and explores. +} + type EmbedCookielessSessionAcquire struct { - SessionLength *int64 `json:"session_length,omitempty"` // Number of seconds the SSO embed session will be valid after the embed session is started. Defaults to 300 seconds. Maximum session length accepted is 2592000 seconds (30 days). + SessionLength *int64 `json:"session_length,omitempty"` // Number of seconds the signed embed session will be valid after the embed session is started. Defaults to 300 seconds. Maximum session length accepted is 2592000 seconds (30 days). ForceLogoutLogin *bool `json:"force_logout_login,omitempty"` // When true, the embed session will purge any residual Looker login state (such as in browser cookies) before creating a new login state with the given embed user info. Defaults to true. - ExternalUserId *string `json:"external_user_id,omitempty"` // A value from an external system that uniquely identifies the embed user. Since the user_ids of Looker embed users may change with every embed session, external_user_id provides a way to assign a known, stable user identifier across multiple embed sessions. + ExternalUserId *string `json:"external_user_id,omitempty"` // A value from an external system that uniquely identifies the embed user. Since the user_ids of Looker embed users may change with every embed session, external_user_id provides a way to assign a known, stable user identifier across multiple embed sessions. When the same external user id value is used for a new embed session, any existing session is terminated and existing access grants are replaced with the access grants associated with the new embed session. FirstName *string `json:"first_name,omitempty"` // First name of the embed user. Defaults to 'Embed' if not specified LastName *string `json:"last_name,omitempty"` // Last name of the embed user. Defaults to 'User' if not specified UserTimezone *string `json:"user_timezone,omitempty"` // Sets the user timezone for the embed user session, if the User Specific Timezones setting is enabled in the Looker admin settings. A value of `null` forces the embed user to use the Looker Application Default Timezone. You MUST omit this property from the request if the User Specific Timezones setting is disabled. Timezone values are validated against the IANA Timezone standard and can be seen in the Application Time Zone dropdown list on the Looker General Settings admin page. @@ -1103,8 +1117,8 @@ type EmbedCookielessSessionAcquire struct { GroupIds *[]string `json:"group_ids,omitempty"` // List of Looker group ids in which to enroll the embed user ExternalGroupId *string `json:"external_group_id,omitempty"` // A unique value identifying an embed-exclusive group. Multiple embed users using the same `external_group_id` value will be able to share Looker content with each other. Content and embed users associated with the `external_group_id` will not be accessible to normal Looker users or embed users not associated with this `external_group_id`. UserAttributes *map[string]interface{} `json:"user_attributes,omitempty"` // A dictionary of name-value pairs associating a Looker user attribute name with a value. - SessionReferenceToken *string `json:"session_reference_token,omitempty"` // Token referencing the embed session and is used to generate new authentication, navigation and api tokens. EmbedDomain *string `json:"embed_domain,omitempty"` // The domain of the server embedding the Looker IFRAME. This is an alternative to specifying the domain in the embedded domain allow list in the Looker embed admin page. + SessionReferenceToken *string `json:"session_reference_token,omitempty"` // Token referencing the embed session and is used to generate new authentication, navigation and api tokens. } type EmbedCookielessSessionAcquireResponse struct { @@ -1135,7 +1149,7 @@ type EmbedCookielessSessionGenerateTokensResponse struct { type EmbedParams struct { TargetUrl string `json:"target_url"` // The complete URL of the Looker UI page to display in the embed context. For example, to display the dashboard with id 34, `target_url` would look like: `https://mycompany.looker.com:9999/dashboards/34`. `target_uri` MUST contain a scheme (HTTPS), domain name, and URL path. Port must be included if it is required to reach the Looker server from browser clients. If the Looker instance is behind a load balancer or other proxy, `target_uri` must be the public-facing domain name and port required to reach the Looker instance, not the actual internal network machine name of the Looker instance. - SessionLength *int64 `json:"session_length,omitempty"` // Number of seconds the SSO embed session will be valid after the embed session is started. Defaults to 300 seconds. Maximum session length accepted is 2592000 seconds (30 days). + SessionLength *int64 `json:"session_length,omitempty"` // Number of seconds the signed embed session will be valid after the embed session is started. Defaults to 300 seconds. Maximum session length accepted is 2592000 seconds (30 days). ForceLogoutLogin *bool `json:"force_logout_login,omitempty"` // When true, the embed session will purge any residual Looker login state (such as in browser cookies) before creating a new login state with the given embed user info. Defaults to true. } @@ -1151,9 +1165,9 @@ type EmbedSecret struct { type EmbedSsoParams struct { TargetUrl string `json:"target_url"` // The complete URL of the Looker UI page to display in the embed context. For example, to display the dashboard with id 34, `target_url` would look like: `https://mycompany.looker.com:9999/dashboards/34`. `target_uri` MUST contain a scheme (HTTPS), domain name, and URL path. Port must be included if it is required to reach the Looker server from browser clients. If the Looker instance is behind a load balancer or other proxy, `target_uri` must be the public-facing domain name and port required to reach the Looker instance, not the actual internal network machine name of the Looker instance. - SessionLength *int64 `json:"session_length,omitempty"` // Number of seconds the SSO embed session will be valid after the embed session is started. Defaults to 300 seconds. Maximum session length accepted is 2592000 seconds (30 days). + SessionLength *int64 `json:"session_length,omitempty"` // Number of seconds the signed embed session will be valid after the embed session is started. Defaults to 300 seconds. Maximum session length accepted is 2592000 seconds (30 days). ForceLogoutLogin *bool `json:"force_logout_login,omitempty"` // When true, the embed session will purge any residual Looker login state (such as in browser cookies) before creating a new login state with the given embed user info. Defaults to true. - ExternalUserId *string `json:"external_user_id,omitempty"` // A value from an external system that uniquely identifies the embed user. Since the user_ids of Looker embed users may change with every embed session, external_user_id provides a way to assign a known, stable user identifier across multiple embed sessions. + ExternalUserId *string `json:"external_user_id,omitempty"` // A value from an external system that uniquely identifies the embed user. Since the user_ids of Looker embed users may change with every embed session, external_user_id provides a way to assign a known, stable user identifier across multiple embed sessions. When the same external user id value is used for a new embed session, any existing session is terminated and existing access grants are replaced with the access grants associated with the new embed session. FirstName *string `json:"first_name,omitempty"` // First name of the embed user. Defaults to 'Embed' if not specified LastName *string `json:"last_name,omitempty"` // Last name of the embed user. Defaults to 'User' if not specified UserTimezone *string `json:"user_timezone,omitempty"` // Sets the user timezone for the embed user session, if the User Specific Timezones setting is enabled in the Looker admin settings. A value of `null` forces the embed user to use the Looker Application Default Timezone. You MUST omit this property from the request if the User Specific Timezones setting is disabled. Timezone values are validated against the IANA Timezone standard and can be seen in the Application Time Zone dropdown list on the Looker General Settings admin page. @@ -1163,6 +1177,7 @@ type EmbedSsoParams struct { ExternalGroupId *string `json:"external_group_id,omitempty"` // A unique value identifying an embed-exclusive group. Multiple embed users using the same `external_group_id` value will be able to share Looker content with each other. Content and embed users associated with the `external_group_id` will not be accessible to normal Looker users or embed users not associated with this `external_group_id`. UserAttributes *map[string]interface{} `json:"user_attributes,omitempty"` // A dictionary of name-value pairs associating a Looker user attribute name with a value. SecretId *string `json:"secret_id,omitempty"` // Id of the embed secret to use to sign this SSO url. If specified, the value must be an id of a valid (active) secret defined in the Looker instance. If not specified, the URL will be signed with the newest active embed secret defined in the Looker instance. + EmbedDomain *string `json:"embed_domain,omitempty"` // Optional. URL of the domain hosting the signed embed URL. If provided and valid, the embed_domain will be added to the embed domain allowlist if it is not currently in the list } type EmbedUrlResponse struct { @@ -1943,6 +1958,12 @@ type Manifest struct { LocalizationSettings *LocalizationSettings `json:"localization_settings,omitempty"` } +type MarketplaceAutomation struct { + InstallEnabled *bool `json:"install_enabled,omitempty"` // Whether marketplace auto installation is enabled + UpdateLookerEnabled *bool `json:"update_looker_enabled,omitempty"` // Whether marketplace auto update is enabled for looker extensions + UpdateThirdPartyEnabled *bool `json:"update_third_party_enabled,omitempty"` // Whether marketplace auto update is enabled for third party extensions +} + type MaterializePDT struct { MaterializationId *string `json:"materialization_id,omitempty"` // The ID of the enqueued materialization task RespText *string `json:"resp_text,omitempty"` // Detailed response in text format @@ -2403,6 +2424,13 @@ type RequestAllIntegrations struct { IntegrationHubId *string `json:"integration_hub_id,omitempty"` // Filter to a specific provider } +// Dynamically generated request type for all_lookml_models +type RequestAllLookmlModels struct { + Fields *string `json:"fields,omitempty"` // Requested fields. + Limit *int64 `json:"limit,omitempty"` // Number of results to return. (can be used with offset) + Offset *int64 `json:"offset,omitempty"` // Number of results to skip before returning any. (Defaults to 0 if not set when limit is used) +} + // Dynamically generated request type for all_roles type RequestAllRoles struct { Fields *string `json:"fields,omitempty"` // Requested fields. @@ -2416,6 +2444,12 @@ type RequestAllScheduledPlans struct { AllUsers *bool `json:"all_users,omitempty"` // Return scheduled plans belonging to all users (caller needs see_schedules permission) } +// Dynamically generated request type for all_user_attributes +type RequestAllUserAttributes struct { + Fields *string `json:"fields,omitempty"` // Requested fields. + Sorts *string `json:"sorts,omitempty"` // Fields to order the results by. Sortable fields include: name, label +} + // Dynamically generated request type for all_users type RequestAllUsers struct { Fields *string `json:"fields,omitempty"` // Requested fields. @@ -2858,6 +2892,34 @@ type RequestSearchGroups struct { ExternallyOrphaned *bool `json:"externally_orphaned,omitempty"` // Match group externally_orphaned. } +// Dynamically generated request type for search_groups_with_hierarchy +type RequestSearchGroupsWithHierarchy struct { + Fields *string `json:"fields,omitempty"` // Requested fields. + Limit *int64 `json:"limit,omitempty"` // Number of results to return (used with `offset`). + Offset *int64 `json:"offset,omitempty"` // Number of results to skip before returning any (used with `limit`). + Sorts *string `json:"sorts,omitempty"` // Fields to sort by. + FilterOr *bool `json:"filter_or,omitempty"` // Combine given search criteria in a boolean OR expression + Id *string `json:"id,omitempty"` // Match group id. + Name *string `json:"name,omitempty"` // Match group name. + ExternalGroupId *string `json:"external_group_id,omitempty"` // Match group external_group_id. + ExternallyManaged *bool `json:"externally_managed,omitempty"` // Match group externally_managed. + ExternallyOrphaned *bool `json:"externally_orphaned,omitempty"` // Match group externally_orphaned. +} + +// Dynamically generated request type for search_groups_with_roles +type RequestSearchGroupsWithRoles struct { + Fields *string `json:"fields,omitempty"` // Requested fields. + Limit *int64 `json:"limit,omitempty"` // Number of results to return (used with `offset`). + Offset *int64 `json:"offset,omitempty"` // Number of results to skip before returning any (used with `limit`). + Sorts *string `json:"sorts,omitempty"` // Fields to sort by. + FilterOr *bool `json:"filter_or,omitempty"` // Combine given search criteria in a boolean OR expression + Id *string `json:"id,omitempty"` // Match group id. + Name *string `json:"name,omitempty"` // Match group name. + ExternalGroupId *string `json:"external_group_id,omitempty"` // Match group external_group_id. + ExternallyManaged *bool `json:"externally_managed,omitempty"` // Match group externally_managed. + ExternallyOrphaned *bool `json:"externally_orphaned,omitempty"` // Match group externally_orphaned. +} + // Dynamically generated request type for search_looks type RequestSearchLooks struct { Id *string `json:"id,omitempty"` // Match look id. @@ -2893,6 +2955,19 @@ type RequestSearchModelSets struct { FilterOr *bool `json:"filter_or,omitempty"` // Combine given search criteria in a boolean OR expression. } +// Dynamically generated request type for search_permission_sets +type RequestSearchPermissionSets struct { + Fields *string `json:"fields,omitempty"` // Requested fields. + Limit *int64 `json:"limit,omitempty"` // Number of results to return (used with `offset`). + Offset *int64 `json:"offset,omitempty"` // Number of results to skip before returning any (used with `limit`). + Sorts *string `json:"sorts,omitempty"` // Fields to sort by. + Id *string `json:"id,omitempty"` // Match permission set id. + Name *string `json:"name,omitempty"` // Match permission set name. + AllAccess *bool `json:"all_access,omitempty"` // Match permission sets by all_access status. + BuiltIn *bool `json:"built_in,omitempty"` // Match permission sets by built_in status. + FilterOr *bool `json:"filter_or,omitempty"` // Combine given search criteria in a boolean OR expression. +} + // Dynamically generated request type for search_roles type RequestSearchRoles struct { Fields *string `json:"fields,omitempty"` // Requested fields. @@ -2905,6 +2980,18 @@ type RequestSearchRoles struct { FilterOr *bool `json:"filter_or,omitempty"` // Combine given search criteria in a boolean OR expression. } +// Dynamically generated request type for search_roles_with_user_count +type RequestSearchRolesWithUserCount struct { + Fields *string `json:"fields,omitempty"` // Requested fields. + Limit *int64 `json:"limit,omitempty"` // Number of results to return (used with `offset`). + Offset *int64 `json:"offset,omitempty"` // Number of results to skip before returning any (used with `limit`). + Sorts *string `json:"sorts,omitempty"` // Fields to sort by. + Id *string `json:"id,omitempty"` // Match role id. + Name *string `json:"name,omitempty"` // Match role name. + BuiltIn *bool `json:"built_in,omitempty"` // Match roles by built_in status. + FilterOr *bool `json:"filter_or,omitempty"` // Combine given search criteria in a boolean OR expression. +} + // Dynamically generated request type for search_themes type RequestSearchThemes struct { Id *string `json:"id,omitempty"` // Match theme id. @@ -3298,10 +3385,12 @@ type SessionConfig struct { type Setting struct { ExtensionFrameworkEnabled *bool `json:"extension_framework_enabled,omitempty"` // Toggle extension framework on or off - ExtensionLoadUrlEnabled *bool `json:"extension_load_url_enabled,omitempty"` // (DEPRECATED) Toggle extension extension load url on or off. Do not use. This is temporary setting that will eventually become a noop and subsequently deleted. - MarketplaceAutoInstallEnabled *bool `json:"marketplace_auto_install_enabled,omitempty"` // Toggle marketplace auto install on or off. Note that auto install only runs if marketplace is enabled. - MarketplaceEnabled *bool `json:"marketplace_enabled,omitempty"` // Toggle marketplace on or off - MarketplaceTermsAccepted *bool `json:"marketplace_terms_accepted,omitempty"` // Accept marketplace terms by setting this value to true, or get the current status. Marketplace terms CANNOT be declined once accepted. Accepting marketplace terms automatically enables the marketplace. The marketplace can still be disabled after it has been enabled. + ExtensionLoadUrlEnabled *bool `json:"extension_load_url_enabled,omitempty"` // (DEPRECATED) Toggle extension load url on or off. Do not use. This is temporary setting that will eventually become a noop and subsequently deleted. + MarketplaceAutoInstallEnabled *bool `json:"marketplace_auto_install_enabled,omitempty"` // (DEPRECATED) Toggle marketplace auto install on or off. Deprecated - do not use. Auto install can now be enabled via marketplace automation settings + MarketplaceAutomation *MarketplaceAutomation `json:"marketplace_automation,omitempty"` + MarketplaceEnabled *bool `json:"marketplace_enabled,omitempty"` // Toggle marketplace on or off + MarketplaceSite *string `json:"marketplace_site,omitempty"` // Location of Looker marketplace CDN + MarketplaceTermsAccepted *bool `json:"marketplace_terms_accepted,omitempty"` // Accept marketplace terms by setting this value to true, or get the current status. Marketplace terms CANNOT be declined once accepted. Accepting marketplace terms automatically enables the marketplace. The marketplace can still be disabled after it has been enabled. PrivatelabelConfiguration *PrivatelabelConfiguration `json:"privatelabel_configuration,omitempty"` CustomWelcomeEmail *CustomWelcomeEmail `json:"custom_welcome_email,omitempty"` OnboardingEnabled *bool `json:"onboarding_enabled,omitempty"` // Toggle onboarding on or off @@ -3311,8 +3400,9 @@ type Setting struct { HostUrl *string `json:"host_url,omitempty"` // Change the base portion of your Looker instance URL setting OverrideWarnings *bool `json:"override_warnings,omitempty"` // (Write-Only) If warnings are preventing a host URL change, this parameter allows for overriding warnings to force update the setting. Does not directly change any Looker settings. EmailDomainAllowlist *[]string `json:"email_domain_allowlist,omitempty"` // An array of Email Domain Allowlist of type string for Scheduled Content - EmbedCookielessV2 *bool `json:"embed_cookieless_v2,omitempty"` // Toggle cookieless embed setting + EmbedCookielessV2 *bool `json:"embed_cookieless_v2,omitempty"` // (DEPRECATED) Use embed_config.embed_cookieless_v2 instead. If embed_config.embed_cookieless_v2 is specified, it overrides this value. EmbedEnabled *bool `json:"embed_enabled,omitempty"` // True if embedding is enabled https://cloud.google.com/looker/docs/r/looker-core-feature-embed, false otherwise + EmbedConfig *EmbedConfig `json:"embed_config,omitempty"` } type SmtpNodeStatus struct { @@ -4421,14 +4511,15 @@ type WriteSessionConfig struct { } // Dynamic writeable type for Setting removes: -// embed_enabled +// marketplace_site, embed_enabled type WriteSetting struct { ExtensionFrameworkEnabled *bool `json:"extension_framework_enabled,omitempty"` // Toggle extension framework on or off - ExtensionLoadUrlEnabled *bool `json:"extension_load_url_enabled,omitempty"` // (DEPRECATED) Toggle extension extension load url on or off. Do not use. This is temporary setting that will eventually become a noop and subsequently deleted. - MarketplaceAutoInstallEnabled *bool `json:"marketplace_auto_install_enabled,omitempty"` // Toggle marketplace auto install on or off. Note that auto install only runs if marketplace is enabled. - MarketplaceEnabled *bool `json:"marketplace_enabled,omitempty"` // Toggle marketplace on or off - MarketplaceTermsAccepted *bool `json:"marketplace_terms_accepted,omitempty"` // Accept marketplace terms by setting this value to true, or get the current status. Marketplace terms CANNOT be declined once accepted. Accepting marketplace terms automatically enables the marketplace. The marketplace can still be disabled after it has been enabled. - PrivatelabelConfiguration *WritePrivatelabelConfiguration `json:"privatelabel_configuration,omitempty"` // Dynamic writeable type for PrivatelabelConfiguration removes: + ExtensionLoadUrlEnabled *bool `json:"extension_load_url_enabled,omitempty"` // (DEPRECATED) Toggle extension load url on or off. Do not use. This is temporary setting that will eventually become a noop and subsequently deleted. + MarketplaceAutoInstallEnabled *bool `json:"marketplace_auto_install_enabled,omitempty"` // (DEPRECATED) Toggle marketplace auto install on or off. Deprecated - do not use. Auto install can now be enabled via marketplace automation settings + MarketplaceAutomation *MarketplaceAutomation `json:"marketplace_automation,omitempty"` + MarketplaceEnabled *bool `json:"marketplace_enabled,omitempty"` // Toggle marketplace on or off + MarketplaceTermsAccepted *bool `json:"marketplace_terms_accepted,omitempty"` // Accept marketplace terms by setting this value to true, or get the current status. Marketplace terms CANNOT be declined once accepted. Accepting marketplace terms automatically enables the marketplace. The marketplace can still be disabled after it has been enabled. + PrivatelabelConfiguration *WritePrivatelabelConfiguration `json:"privatelabel_configuration,omitempty"` // Dynamic writeable type for PrivatelabelConfiguration removes: // logo_url, favicon_url CustomWelcomeEmail *CustomWelcomeEmail `json:"custom_welcome_email,omitempty"` OnboardingEnabled *bool `json:"onboarding_enabled,omitempty"` // Toggle onboarding on or off @@ -4438,7 +4529,8 @@ type WriteSetting struct { HostUrl *string `json:"host_url,omitempty"` // Change the base portion of your Looker instance URL setting OverrideWarnings *bool `json:"override_warnings,omitempty"` // (Write-Only) If warnings are preventing a host URL change, this parameter allows for overriding warnings to force update the setting. Does not directly change any Looker settings. EmailDomainAllowlist *[]string `json:"email_domain_allowlist,omitempty"` // An array of Email Domain Allowlist of type string for Scheduled Content - EmbedCookielessV2 *bool `json:"embed_cookieless_v2,omitempty"` // Toggle cookieless embed setting + EmbedCookielessV2 *bool `json:"embed_cookieless_v2,omitempty"` // (DEPRECATED) Use embed_config.embed_cookieless_v2 instead. If embed_config.embed_cookieless_v2 is specified, it overrides this value. + EmbedConfig *EmbedConfig `json:"embed_config,omitempty"` } // Dynamic writeable type for SshServer removes: diff --git a/kotlin/src/main/com/looker/sdk/4.0/methods.kt b/kotlin/src/main/com/looker/sdk/4.0/methods.kt index 3757f49e9..6327207c4 100644 --- a/kotlin/src/main/com/looker/sdk/4.0/methods.kt +++ b/kotlin/src/main/com/looker/sdk/4.0/methods.kt @@ -652,35 +652,39 @@ class LookerSDK(authSession: AuthSession) : APIMethods(authSession) { /** - * ### Create SSO Embed URL + * ### Create Signed Embed URL * - * Creates an SSO embed URL and cryptographically signs it with an embed secret. + * Creates a signed embed URL and cryptographically signs it with an embed secret. * This signed URL can then be used to instantiate a Looker embed session in a PBL web application. - * Do not make any modifications to this URL - any change may invalidate the signature and + * Do not make any modifications to the returned URL - any change may invalidate the signature and * cause the URL to fail to load a Looker embed session. * - * A signed SSO embed URL can only be used once. After it has been used to request a page from the - * Looker server, the URL is invalid. Future requests using the same URL will fail. This is to prevent + * A signed embed URL can only be **used once**. After the URL has been used to request a page from the + * Looker server, it is invalid. Future requests using the same URL will fail. This is to prevent * 'replay attacks'. * * The `target_url` property must be a complete URL of a Looker UI page - scheme, hostname, path and query params. * To load a dashboard with id 56 and with a filter of `Date=1 years`, the looker URL would look like `https:/myname.looker.com/dashboards/56?Date=1%20years`. - * The best way to obtain this target_url is to navigate to the desired Looker page in your web browser, - * copy the URL shown in the browser address bar and paste it into the `target_url` property as a quoted string value in this API request. + * The best way to obtain this `target_url` is to navigate to the desired Looker page in your web browser and use the "Get embed URL" menu option + * to copy it to your clipboard and paste it into the `target_url` property as a quoted string value in this API request. * - * Permissions for the embed user are defined by the groups in which the embed user is a member (group_ids property) + * Permissions for the embed user are defined by the groups in which the embed user is a member (`group_ids` property) * and the lists of models and permissions assigned to the embed user. - * At a minimum, you must provide values for either the group_ids property, or both the models and permissions properties. + * At a minimum, you must provide values for either the `group_ids` property, or **both** the models and permissions properties. * These properties are additive; an embed user can be a member of certain groups AND be granted access to models and permissions. * - * The embed user's access is the union of permissions granted by the group_ids, models, and permissions properties. + * The embed user's access is the union of permissions granted by the `group_ids`, `models`, and `permissions` properties. * * This function does not strictly require all group_ids, user attribute names, or model names to exist at the moment the - * SSO embed url is created. Unknown group_id, user attribute names or model names will be passed through to the output URL. + * embed url is created. Unknown group_id, user attribute names or model names will be passed through to the output URL. + * * To diagnose potential problems with an SSO embed URL, you can copy the signed URL into the Embed URI Validator text box in `/admin/embed`. * * The `secret_id` parameter is optional. If specified, its value must be the id of an active secret defined in the Looker instance. - * if not specified, the URL will be signed using the newest active secret defined in the Looker instance. + * if not specified, the URL will be signed using the most recent active signing secret. If there is no active secret for signing embed urls, + * a default secret will be created. This default secret is encrypted using HMAC/SHA-256. + * + * The `embed_domain` parameter is optional. If specified and valid, the domain will be added to the embed domain allowlist if it is missing. * * #### Security Note * Protect this signed URL as you would an access token or password credentials - do not write @@ -840,7 +844,7 @@ class LookerSDK(authSession: AuthSession) : APIMethods(authSession) { * * Configuring LDAP impacts authentication for all users. This configuration should be done carefully. * - * Looker maintains a single LDAP configuration. It can be read and updated. Updates only succeed if the new state will be valid (in the sense that all required fields are populated); it is up to you to ensure that the configuration is appropriate and correct). + * Looker maintains a single LDAP configuration. It can be read and updated. Updates only succeed if the new state will be valid (in the sense that all required fields are populated); it is up to you to ensure that the configuration is appropriate and correct). * * LDAP is enabled or disabled for Looker using the **enabled** field. * @@ -921,9 +925,9 @@ class LookerSDK(authSession: AuthSession) : APIMethods(authSession) { /** * ### Test the connection authentication settings for an LDAP configuration. * - * This tests that the connection is possible and that a 'server' account to be used by Looker can authenticate to the LDAP server given connection and authentication information. + * This tests that the connection is possible and that a 'server' account to be used by Looker can authenticate to the LDAP server given connection and authentication information. * - * **connection_host**, **connection_port**, and **auth_username**, are required. **connection_tls** and **auth_password** are optional. + * **connection_host**, **connection_port**, and **auth_username**, are required. **connection_tls** and **auth_password** are optional. * * Example: * ```json @@ -936,7 +940,7 @@ class LookerSDK(authSession: AuthSession) : APIMethods(authSession) { * } * ``` * - * Looker will never return an **auth_password**. If this request omits the **auth_password** field, then the **auth_password** value from the active config (if present) will be used for the test. + * Looker will never return an **auth_password**. If this request omits the **auth_password** field, then the **auth_password** value from the active config (if present) will be used for the test. * * The active LDAP settings are not modified. * @@ -956,9 +960,9 @@ class LookerSDK(authSession: AuthSession) : APIMethods(authSession) { /** * ### Test the user authentication settings for an LDAP configuration without authenticating the user. * - * This test will let you easily test the mapping for user properties and roles for any user without needing to authenticate as that user. + * This test will let you easily test the mapping for user properties and roles for any user withoutneeding to authenticate as that user. * - * This test accepts a full LDAP configuration along with a username and attempts to find the full info for the user from the LDAP server without actually authenticating the user. So, user password is not required.The configuration is validated before attempting to contact the server. + * This test accepts a full LDAP configuration along with a username and attempts to find the full infofor the user from the LDAP server without actually authenticating the user. So, user password is notrequired.The configuration is validated before attempting to contact the server. * * **test_ldap_user** is required. * @@ -980,9 +984,9 @@ class LookerSDK(authSession: AuthSession) : APIMethods(authSession) { /** * ### Test the user authentication settings for an LDAP configuration. * - * This test accepts a full LDAP configuration along with a username/password pair and attempts to authenticate the user with the LDAP server. The configuration is validated before attempting the authentication. + * This test accepts a full LDAP configuration along with a username/password pair and attempts to authenticate the user with the LDAP server. The configuration is validated before attempting the authentication. * - * Looker will never return an **auth_password**. If this request omits the **auth_password** field, then the **auth_password** value from the active config (if present) will be used for the test. + * Looker will never return an **auth_password**. If this request omits the **auth_password** field, then the **auth_password** value from the active config (if present) will be used for the test. * * **test_ldap_user** and **test_ldap_password** are required. * @@ -1242,7 +1246,7 @@ class LookerSDK(authSession: AuthSession) : APIMethods(authSession) { * * Configuring OIDC impacts authentication for all users. This configuration should be done carefully. * - * Looker maintains a single OIDC configuation. It can be read and updated. Updates only succeed if the new state will be valid (in the sense that all required fields are populated); it is up to you to ensure that the configuration is appropriate and correct). + * Looker maintains a single OIDC configuation. It can be read and updated. Updates only succeed if the new state will be valid (in the sense that all required fields are populated); it is up to you to ensure that the configuration is appropriate and correct). * * OIDC is enabled or disabled for Looker using the **enabled** field. * @@ -1385,7 +1389,7 @@ class LookerSDK(authSession: AuthSession) : APIMethods(authSession) { * * Configuring SAML impacts authentication for all users. This configuration should be done carefully. * - * Looker maintains a single SAML configuation. It can be read and updated. Updates only succeed if the new state will be valid (in the sense that all required fields are populated); it is up to you to ensure that the configuration is appropriate and correct). + * Looker maintains a single SAML configuation. It can be read and updated. Updates only succeed if the new state will be valid (in the sense that all required fields are populated); it is up to you to ensure that the configuration is appropriate and correct). * * SAML is enabled or disabled for Looker using the **enabled** field. * @@ -2514,8 +2518,10 @@ class LookerSDK(authSession: AuthSession) : APIMethods(authSession) { * - extension_framework_enabled * - extension_load_url_enabled * - marketplace_auto_install_enabled + * - marketplace_automation * - marketplace_terms_accepted * - marketplace_enabled + * - marketplace_site * - onboarding_enabled * - privatelabel_configuration * - timezone @@ -2523,6 +2529,7 @@ class LookerSDK(authSession: AuthSession) : APIMethods(authSession) { * - email_domain_allowlist * - embed_cookieless_v2 * - embed_enabled + * - embed_config * * @param {String} fields Requested fields * @@ -2546,8 +2553,10 @@ class LookerSDK(authSession: AuthSession) : APIMethods(authSession) { * - extension_framework_enabled * - extension_load_url_enabled * - marketplace_auto_install_enabled + * - marketplace_automation * - marketplace_terms_accepted * - marketplace_enabled + * - marketplace_site * - onboarding_enabled * - privatelabel_configuration * - timezone @@ -2555,6 +2564,7 @@ class LookerSDK(authSession: AuthSession) : APIMethods(authSession) { * - email_domain_allowlist * - embed_cookieless_v2 * - embed_enabled + * - embed_config * * See the `Setting` type for more information on the specific values that can be configured. * diff --git a/kotlin/src/main/com/looker/sdk/4.0/models.kt b/kotlin/src/main/com/looker/sdk/4.0/models.kt index 4c3026bc6..f919f77de 100644 --- a/kotlin/src/main/com/looker/sdk/4.0/models.kt +++ b/kotlin/src/main/com/looker/sdk/4.0/models.kt @@ -25,7 +25,7 @@ */ /** - * 327 API models: 245 Spec, 0 Request, 60 Write, 22 Enum + * 329 API models: 247 Spec, 0 Request, 60 Write, 22 Enum */ @@ -2031,9 +2031,36 @@ data class EgressIpAddresses ( ) : Serializable /** - * @property session_length Number of seconds the SSO embed session will be valid after the embed session is started. Defaults to 300 seconds. Maximum session length accepted is 2592000 seconds (30 days). + * @property domain_allowlist List of domains to allow for embedding + * @property alert_url_allowlist List of base urls to allow for alert/schedule + * @property alert_url_param_owner Owner of who defines the alert/schedule params on the base url + * @property alert_url_label Label for the alert/schedule url + * @property sso_auth_enabled Is SSO embedding enabled for this Looker + * @property embed_cookieless_v2 Is Cookieless embedding enabled for this Looker + * @property embed_content_navigation Is embed content navigation enabled for this looker + * @property embed_content_management Is embed content management enabled for this Looker + * @property strict_sameorigin_for_login When true, prohibits the use of Looker login pages in non-Looker iframes. When false, Looker login pages may be used in non-Looker hosted iframes. + * @property look_filters When true, filters are enabled on embedded Looks + * @property hide_look_navigation When true, removes navigation to Looks from embedded dashboards and explores. + */ +data class EmbedConfig ( + var domain_allowlist: Array? = null, + var alert_url_allowlist: Array? = null, + var alert_url_param_owner: String? = null, + var alert_url_label: String? = null, + var sso_auth_enabled: Boolean? = null, + var embed_cookieless_v2: Boolean? = null, + var embed_content_navigation: Boolean? = null, + var embed_content_management: Boolean? = null, + var strict_sameorigin_for_login: Boolean? = null, + var look_filters: Boolean? = null, + var hide_look_navigation: Boolean? = null +) : Serializable + +/** + * @property session_length Number of seconds the signed embed session will be valid after the embed session is started. Defaults to 300 seconds. Maximum session length accepted is 2592000 seconds (30 days). * @property force_logout_login When true, the embed session will purge any residual Looker login state (such as in browser cookies) before creating a new login state with the given embed user info. Defaults to true. - * @property external_user_id A value from an external system that uniquely identifies the embed user. Since the user_ids of Looker embed users may change with every embed session, external_user_id provides a way to assign a known, stable user identifier across multiple embed sessions. + * @property external_user_id A value from an external system that uniquely identifies the embed user. Since the user_ids of Looker embed users may change with every embed session, external_user_id provides a way to assign a known, stable user identifier across multiple embed sessions. When the same external user id value is used for a new embed session, any existing session is terminated and existing access grants are replaced with the access grants associated with the new embed session. * @property first_name First name of the embed user. Defaults to 'Embed' if not specified * @property last_name Last name of the embed user. Defaults to 'User' if not specified * @property user_timezone Sets the user timezone for the embed user session, if the User Specific Timezones setting is enabled in the Looker admin settings. A value of `null` forces the embed user to use the Looker Application Default Timezone. You MUST omit this property from the request if the User Specific Timezones setting is disabled. Timezone values are validated against the IANA Timezone standard and can be seen in the Application Time Zone dropdown list on the Looker General Settings admin page. @@ -2042,8 +2069,8 @@ data class EgressIpAddresses ( * @property group_ids List of Looker group ids in which to enroll the embed user * @property external_group_id A unique value identifying an embed-exclusive group. Multiple embed users using the same `external_group_id` value will be able to share Looker content with each other. Content and embed users associated with the `external_group_id` will not be accessible to normal Looker users or embed users not associated with this `external_group_id`. * @property user_attributes A dictionary of name-value pairs associating a Looker user attribute name with a value. - * @property session_reference_token Token referencing the embed session and is used to generate new authentication, navigation and api tokens. * @property embed_domain The domain of the server embedding the Looker IFRAME. This is an alternative to specifying the domain in the embedded domain allow list in the Looker embed admin page. + * @property session_reference_token Token referencing the embed session and is used to generate new authentication, navigation and api tokens. */ data class EmbedCookielessSessionAcquire ( var session_length: Long? = null, @@ -2057,8 +2084,8 @@ data class EmbedCookielessSessionAcquire ( var group_ids: Array? = null, var external_group_id: String? = null, var user_attributes: Map? = null, - var session_reference_token: String? = null, - var embed_domain: String? = null + var embed_domain: String? = null, + var session_reference_token: String? = null ) : Serializable /** @@ -2112,7 +2139,7 @@ data class EmbedCookielessSessionGenerateTokensResponse ( /** * @property target_url The complete URL of the Looker UI page to display in the embed context. For example, to display the dashboard with id 34, `target_url` would look like: `https://mycompany.looker.com:9999/dashboards/34`. `target_uri` MUST contain a scheme (HTTPS), domain name, and URL path. Port must be included if it is required to reach the Looker server from browser clients. If the Looker instance is behind a load balancer or other proxy, `target_uri` must be the public-facing domain name and port required to reach the Looker instance, not the actual internal network machine name of the Looker instance. - * @property session_length Number of seconds the SSO embed session will be valid after the embed session is started. Defaults to 300 seconds. Maximum session length accepted is 2592000 seconds (30 days). + * @property session_length Number of seconds the signed embed session will be valid after the embed session is started. Defaults to 300 seconds. Maximum session length accepted is 2592000 seconds (30 days). * @property force_logout_login When true, the embed session will purge any residual Looker login state (such as in browser cookies) before creating a new login state with the given embed user info. Defaults to true. */ data class EmbedParams ( @@ -2142,9 +2169,9 @@ data class EmbedSecret ( /** * @property target_url The complete URL of the Looker UI page to display in the embed context. For example, to display the dashboard with id 34, `target_url` would look like: `https://mycompany.looker.com:9999/dashboards/34`. `target_uri` MUST contain a scheme (HTTPS), domain name, and URL path. Port must be included if it is required to reach the Looker server from browser clients. If the Looker instance is behind a load balancer or other proxy, `target_uri` must be the public-facing domain name and port required to reach the Looker instance, not the actual internal network machine name of the Looker instance. - * @property session_length Number of seconds the SSO embed session will be valid after the embed session is started. Defaults to 300 seconds. Maximum session length accepted is 2592000 seconds (30 days). + * @property session_length Number of seconds the signed embed session will be valid after the embed session is started. Defaults to 300 seconds. Maximum session length accepted is 2592000 seconds (30 days). * @property force_logout_login When true, the embed session will purge any residual Looker login state (such as in browser cookies) before creating a new login state with the given embed user info. Defaults to true. - * @property external_user_id A value from an external system that uniquely identifies the embed user. Since the user_ids of Looker embed users may change with every embed session, external_user_id provides a way to assign a known, stable user identifier across multiple embed sessions. + * @property external_user_id A value from an external system that uniquely identifies the embed user. Since the user_ids of Looker embed users may change with every embed session, external_user_id provides a way to assign a known, stable user identifier across multiple embed sessions. When the same external user id value is used for a new embed session, any existing session is terminated and existing access grants are replaced with the access grants associated with the new embed session. * @property first_name First name of the embed user. Defaults to 'Embed' if not specified * @property last_name Last name of the embed user. Defaults to 'User' if not specified * @property user_timezone Sets the user timezone for the embed user session, if the User Specific Timezones setting is enabled in the Looker admin settings. A value of `null` forces the embed user to use the Looker Application Default Timezone. You MUST omit this property from the request if the User Specific Timezones setting is disabled. Timezone values are validated against the IANA Timezone standard and can be seen in the Application Time Zone dropdown list on the Looker General Settings admin page. @@ -2154,6 +2181,7 @@ data class EmbedSecret ( * @property external_group_id A unique value identifying an embed-exclusive group. Multiple embed users using the same `external_group_id` value will be able to share Looker content with each other. Content and embed users associated with the `external_group_id` will not be accessible to normal Looker users or embed users not associated with this `external_group_id`. * @property user_attributes A dictionary of name-value pairs associating a Looker user attribute name with a value. * @property secret_id Id of the embed secret to use to sign this SSO url. If specified, the value must be an id of a valid (active) secret defined in the Looker instance. If not specified, the URL will be signed with the newest active embed secret defined in the Looker instance. + * @property embed_domain Optional. URL of the domain hosting the signed embed URL. If provided and valid, the embed_domain will be added to the embed domain allowlist if it is not currently in the list */ data class EmbedSsoParams ( var target_url: String, @@ -2168,7 +2196,8 @@ data class EmbedSsoParams ( var group_ids: Array? = null, var external_group_id: String? = null, var user_attributes: Map? = null, - var secret_id: String? = null + var secret_id: String? = null, + var embed_domain: String? = null ) : Serializable /** @@ -3660,6 +3689,17 @@ data class Manifest ( var localization_settings: LocalizationSettings? = null ) : Serializable +/** + * @property install_enabled Whether marketplace auto installation is enabled + * @property update_looker_enabled Whether marketplace auto update is enabled for looker extensions + * @property update_third_party_enabled Whether marketplace auto update is enabled for third party extensions + */ +data class MarketplaceAutomation ( + var install_enabled: Boolean? = null, + var update_looker_enabled: Boolean? = null, + var update_third_party_enabled: Boolean? = null +) : Serializable + /** * @property materialization_id The ID of the enqueued materialization task (read-only) * @property resp_text Detailed response in text format (read-only) @@ -4956,9 +4996,11 @@ data class SessionConfig ( /** * @property extension_framework_enabled Toggle extension framework on or off - * @property extension_load_url_enabled (DEPRECATED) Toggle extension extension load url on or off. Do not use. This is temporary setting that will eventually become a noop and subsequently deleted. - * @property marketplace_auto_install_enabled Toggle marketplace auto install on or off. Note that auto install only runs if marketplace is enabled. + * @property extension_load_url_enabled (DEPRECATED) Toggle extension load url on or off. Do not use. This is temporary setting that will eventually become a noop and subsequently deleted. + * @property marketplace_auto_install_enabled (DEPRECATED) Toggle marketplace auto install on or off. Deprecated - do not use. Auto install can now be enabled via marketplace automation settings + * @property marketplace_automation * @property marketplace_enabled Toggle marketplace on or off + * @property marketplace_site Location of Looker marketplace CDN (read-only) * @property marketplace_terms_accepted Accept marketplace terms by setting this value to true, or get the current status. Marketplace terms CANNOT be declined once accepted. Accepting marketplace terms automatically enables the marketplace. The marketplace can still be disabled after it has been enabled. * @property privatelabel_configuration * @property custom_welcome_email @@ -4969,14 +5011,17 @@ data class SessionConfig ( * @property host_url Change the base portion of your Looker instance URL setting * @property override_warnings (Write-Only) If warnings are preventing a host URL change, this parameter allows for overriding warnings to force update the setting. Does not directly change any Looker settings. * @property email_domain_allowlist An array of Email Domain Allowlist of type string for Scheduled Content - * @property embed_cookieless_v2 Toggle cookieless embed setting + * @property embed_cookieless_v2 (DEPRECATED) Use embed_config.embed_cookieless_v2 instead. If embed_config.embed_cookieless_v2 is specified, it overrides this value. * @property embed_enabled True if embedding is enabled https://cloud.google.com/looker/docs/r/looker-core-feature-embed, false otherwise (read-only) + * @property embed_config */ data class Setting ( var extension_framework_enabled: Boolean? = null, var extension_load_url_enabled: Boolean? = null, var marketplace_auto_install_enabled: Boolean? = null, + var marketplace_automation: MarketplaceAutomation? = null, var marketplace_enabled: Boolean? = null, + var marketplace_site: String? = null, var marketplace_terms_accepted: Boolean? = null, var privatelabel_configuration: PrivatelabelConfiguration? = null, var custom_welcome_email: CustomWelcomeEmail? = null, @@ -4988,7 +5033,8 @@ data class Setting ( var override_warnings: Boolean? = null, var email_domain_allowlist: Array? = null, var embed_cookieless_v2: Boolean? = null, - var embed_enabled: Boolean? = null + var embed_enabled: Boolean? = null, + var embed_config: EmbedConfig? = null ) : Serializable /** @@ -7014,11 +7060,12 @@ data class WriteSessionConfig ( /** * Dynamic writeable type for Setting removes: - * embed_enabled + * marketplace_site, embed_enabled * * @property extension_framework_enabled Toggle extension framework on or off - * @property extension_load_url_enabled (DEPRECATED) Toggle extension extension load url on or off. Do not use. This is temporary setting that will eventually become a noop and subsequently deleted. - * @property marketplace_auto_install_enabled Toggle marketplace auto install on or off. Note that auto install only runs if marketplace is enabled. + * @property extension_load_url_enabled (DEPRECATED) Toggle extension load url on or off. Do not use. This is temporary setting that will eventually become a noop and subsequently deleted. + * @property marketplace_auto_install_enabled (DEPRECATED) Toggle marketplace auto install on or off. Deprecated - do not use. Auto install can now be enabled via marketplace automation settings + * @property marketplace_automation * @property marketplace_enabled Toggle marketplace on or off * @property marketplace_terms_accepted Accept marketplace terms by setting this value to true, or get the current status. Marketplace terms CANNOT be declined once accepted. Accepting marketplace terms automatically enables the marketplace. The marketplace can still be disabled after it has been enabled. * @property privatelabel_configuration Dynamic writeable type for PrivatelabelConfiguration removes: @@ -7031,12 +7078,14 @@ data class WriteSessionConfig ( * @property host_url Change the base portion of your Looker instance URL setting * @property override_warnings (Write-Only) If warnings are preventing a host URL change, this parameter allows for overriding warnings to force update the setting. Does not directly change any Looker settings. * @property email_domain_allowlist An array of Email Domain Allowlist of type string for Scheduled Content - * @property embed_cookieless_v2 Toggle cookieless embed setting + * @property embed_cookieless_v2 (DEPRECATED) Use embed_config.embed_cookieless_v2 instead. If embed_config.embed_cookieless_v2 is specified, it overrides this value. + * @property embed_config */ data class WriteSetting ( var extension_framework_enabled: Boolean? = null, var extension_load_url_enabled: Boolean? = null, var marketplace_auto_install_enabled: Boolean? = null, + var marketplace_automation: MarketplaceAutomation? = null, var marketplace_enabled: Boolean? = null, var marketplace_terms_accepted: Boolean? = null, var privatelabel_configuration: WritePrivatelabelConfiguration? = null, @@ -7048,7 +7097,8 @@ data class WriteSetting ( var host_url: String? = null, var override_warnings: Boolean? = null, var email_domain_allowlist: Array? = null, - var embed_cookieless_v2: Boolean? = null + var embed_cookieless_v2: Boolean? = null, + var embed_config: EmbedConfig? = null ) : Serializable /** diff --git a/kotlin/src/main/com/looker/sdk/4.0/streams.kt b/kotlin/src/main/com/looker/sdk/4.0/streams.kt index 4b0ff0b81..f8949d669 100644 --- a/kotlin/src/main/com/looker/sdk/4.0/streams.kt +++ b/kotlin/src/main/com/looker/sdk/4.0/streams.kt @@ -651,35 +651,39 @@ class LookerSDKStream(authSession: AuthSession) : APIMethods(authSession) { /** - * ### Create SSO Embed URL + * ### Create Signed Embed URL * - * Creates an SSO embed URL and cryptographically signs it with an embed secret. + * Creates a signed embed URL and cryptographically signs it with an embed secret. * This signed URL can then be used to instantiate a Looker embed session in a PBL web application. - * Do not make any modifications to this URL - any change may invalidate the signature and + * Do not make any modifications to the returned URL - any change may invalidate the signature and * cause the URL to fail to load a Looker embed session. * - * A signed SSO embed URL can only be used once. After it has been used to request a page from the - * Looker server, the URL is invalid. Future requests using the same URL will fail. This is to prevent + * A signed embed URL can only be **used once**. After the URL has been used to request a page from the + * Looker server, it is invalid. Future requests using the same URL will fail. This is to prevent * 'replay attacks'. * * The `target_url` property must be a complete URL of a Looker UI page - scheme, hostname, path and query params. * To load a dashboard with id 56 and with a filter of `Date=1 years`, the looker URL would look like `https:/myname.looker.com/dashboards/56?Date=1%20years`. - * The best way to obtain this target_url is to navigate to the desired Looker page in your web browser, - * copy the URL shown in the browser address bar and paste it into the `target_url` property as a quoted string value in this API request. + * The best way to obtain this `target_url` is to navigate to the desired Looker page in your web browser and use the "Get embed URL" menu option + * to copy it to your clipboard and paste it into the `target_url` property as a quoted string value in this API request. * - * Permissions for the embed user are defined by the groups in which the embed user is a member (group_ids property) + * Permissions for the embed user are defined by the groups in which the embed user is a member (`group_ids` property) * and the lists of models and permissions assigned to the embed user. - * At a minimum, you must provide values for either the group_ids property, or both the models and permissions properties. + * At a minimum, you must provide values for either the `group_ids` property, or **both** the models and permissions properties. * These properties are additive; an embed user can be a member of certain groups AND be granted access to models and permissions. * - * The embed user's access is the union of permissions granted by the group_ids, models, and permissions properties. + * The embed user's access is the union of permissions granted by the `group_ids`, `models`, and `permissions` properties. * * This function does not strictly require all group_ids, user attribute names, or model names to exist at the moment the - * SSO embed url is created. Unknown group_id, user attribute names or model names will be passed through to the output URL. + * embed url is created. Unknown group_id, user attribute names or model names will be passed through to the output URL. + * * To diagnose potential problems with an SSO embed URL, you can copy the signed URL into the Embed URI Validator text box in `/admin/embed`. * * The `secret_id` parameter is optional. If specified, its value must be the id of an active secret defined in the Looker instance. - * if not specified, the URL will be signed using the newest active secret defined in the Looker instance. + * if not specified, the URL will be signed using the most recent active signing secret. If there is no active secret for signing embed urls, + * a default secret will be created. This default secret is encrypted using HMAC/SHA-256. + * + * The `embed_domain` parameter is optional. If specified and valid, the domain will be added to the embed domain allowlist if it is missing. * * #### Security Note * Protect this signed URL as you would an access token or password credentials - do not write @@ -839,7 +843,7 @@ class LookerSDKStream(authSession: AuthSession) : APIMethods(authSession) { * * Configuring LDAP impacts authentication for all users. This configuration should be done carefully. * - * Looker maintains a single LDAP configuration. It can be read and updated. Updates only succeed if the new state will be valid (in the sense that all required fields are populated); it is up to you to ensure that the configuration is appropriate and correct). + * Looker maintains a single LDAP configuration. It can be read and updated. Updates only succeed if the new state will be valid (in the sense that all required fields are populated); it is up to you to ensure that the configuration is appropriate and correct). * * LDAP is enabled or disabled for Looker using the **enabled** field. * @@ -920,9 +924,9 @@ class LookerSDKStream(authSession: AuthSession) : APIMethods(authSession) { /** * ### Test the connection authentication settings for an LDAP configuration. * - * This tests that the connection is possible and that a 'server' account to be used by Looker can authenticate to the LDAP server given connection and authentication information. + * This tests that the connection is possible and that a 'server' account to be used by Looker can authenticate to the LDAP server given connection and authentication information. * - * **connection_host**, **connection_port**, and **auth_username**, are required. **connection_tls** and **auth_password** are optional. + * **connection_host**, **connection_port**, and **auth_username**, are required. **connection_tls** and **auth_password** are optional. * * Example: * ```json @@ -935,7 +939,7 @@ class LookerSDKStream(authSession: AuthSession) : APIMethods(authSession) { * } * ``` * - * Looker will never return an **auth_password**. If this request omits the **auth_password** field, then the **auth_password** value from the active config (if present) will be used for the test. + * Looker will never return an **auth_password**. If this request omits the **auth_password** field, then the **auth_password** value from the active config (if present) will be used for the test. * * The active LDAP settings are not modified. * @@ -955,9 +959,9 @@ class LookerSDKStream(authSession: AuthSession) : APIMethods(authSession) { /** * ### Test the user authentication settings for an LDAP configuration without authenticating the user. * - * This test will let you easily test the mapping for user properties and roles for any user without needing to authenticate as that user. + * This test will let you easily test the mapping for user properties and roles for any user withoutneeding to authenticate as that user. * - * This test accepts a full LDAP configuration along with a username and attempts to find the full info for the user from the LDAP server without actually authenticating the user. So, user password is not required.The configuration is validated before attempting to contact the server. + * This test accepts a full LDAP configuration along with a username and attempts to find the full infofor the user from the LDAP server without actually authenticating the user. So, user password is notrequired.The configuration is validated before attempting to contact the server. * * **test_ldap_user** is required. * @@ -979,9 +983,9 @@ class LookerSDKStream(authSession: AuthSession) : APIMethods(authSession) { /** * ### Test the user authentication settings for an LDAP configuration. * - * This test accepts a full LDAP configuration along with a username/password pair and attempts to authenticate the user with the LDAP server. The configuration is validated before attempting the authentication. + * This test accepts a full LDAP configuration along with a username/password pair and attempts to authenticate the user with the LDAP server. The configuration is validated before attempting the authentication. * - * Looker will never return an **auth_password**. If this request omits the **auth_password** field, then the **auth_password** value from the active config (if present) will be used for the test. + * Looker will never return an **auth_password**. If this request omits the **auth_password** field, then the **auth_password** value from the active config (if present) will be used for the test. * * **test_ldap_user** and **test_ldap_password** are required. * @@ -1241,7 +1245,7 @@ class LookerSDKStream(authSession: AuthSession) : APIMethods(authSession) { * * Configuring OIDC impacts authentication for all users. This configuration should be done carefully. * - * Looker maintains a single OIDC configuation. It can be read and updated. Updates only succeed if the new state will be valid (in the sense that all required fields are populated); it is up to you to ensure that the configuration is appropriate and correct). + * Looker maintains a single OIDC configuation. It can be read and updated. Updates only succeed if the new state will be valid (in the sense that all required fields are populated); it is up to you to ensure that the configuration is appropriate and correct). * * OIDC is enabled or disabled for Looker using the **enabled** field. * @@ -1384,7 +1388,7 @@ class LookerSDKStream(authSession: AuthSession) : APIMethods(authSession) { * * Configuring SAML impacts authentication for all users. This configuration should be done carefully. * - * Looker maintains a single SAML configuation. It can be read and updated. Updates only succeed if the new state will be valid (in the sense that all required fields are populated); it is up to you to ensure that the configuration is appropriate and correct). + * Looker maintains a single SAML configuation. It can be read and updated. Updates only succeed if the new state will be valid (in the sense that all required fields are populated); it is up to you to ensure that the configuration is appropriate and correct). * * SAML is enabled or disabled for Looker using the **enabled** field. * @@ -2513,8 +2517,10 @@ class LookerSDKStream(authSession: AuthSession) : APIMethods(authSession) { * - extension_framework_enabled * - extension_load_url_enabled * - marketplace_auto_install_enabled + * - marketplace_automation * - marketplace_terms_accepted * - marketplace_enabled + * - marketplace_site * - onboarding_enabled * - privatelabel_configuration * - timezone @@ -2522,6 +2528,7 @@ class LookerSDKStream(authSession: AuthSession) : APIMethods(authSession) { * - email_domain_allowlist * - embed_cookieless_v2 * - embed_enabled + * - embed_config * * @param {String} fields Requested fields * @@ -2545,8 +2552,10 @@ class LookerSDKStream(authSession: AuthSession) : APIMethods(authSession) { * - extension_framework_enabled * - extension_load_url_enabled * - marketplace_auto_install_enabled + * - marketplace_automation * - marketplace_terms_accepted * - marketplace_enabled + * - marketplace_site * - onboarding_enabled * - privatelabel_configuration * - timezone @@ -2554,6 +2563,7 @@ class LookerSDKStream(authSession: AuthSession) : APIMethods(authSession) { * - email_domain_allowlist * - embed_cookieless_v2 * - embed_enabled + * - embed_config * * See the `Setting` type for more information on the specific values that can be configured. * diff --git a/kotlin/src/main/com/looker/sdk/Constants.kt b/kotlin/src/main/com/looker/sdk/Constants.kt index 19261afb7..257b160ec 100644 --- a/kotlin/src/main/com/looker/sdk/Constants.kt +++ b/kotlin/src/main/com/looker/sdk/Constants.kt @@ -28,7 +28,7 @@ package com.looker.sdk const val ENVIRONMENT_PREFIX = "LOOKERSDK" const val SDK_TAG = "KT-SDK" -const val LOOKER_VERSION = "23.12" +const val LOOKER_VERSION = "23.14" const val API_VERSION = "4.0" const val AGENT_TAG = "$SDK_TAG $LOOKER_VERSION" const val LOOKER_APPID = "x-looker-appid" diff --git a/packages/sdk/src/3.1/funcs.ts b/packages/sdk/src/3.1/funcs.ts index 0cdce07ae..412f3938e 100644 --- a/packages/sdk/src/3.1/funcs.ts +++ b/packages/sdk/src/3.1/funcs.ts @@ -138,6 +138,7 @@ import type { IRequestAllIntegrations, IRequestAllRoles, IRequestAllScheduledPlans, + IRequestAllUserAttributes, IRequestAllUsers, IRequestContentThumbnail, IRequestCreateDashboardElement, @@ -164,10 +165,12 @@ import type { IRequestSearchContentViews, IRequestSearchDashboardElements, IRequestSearchDashboards, + IRequestSearchFolders, IRequestSearchGroups, IRequestSearchHomepages, IRequestSearchLooks, IRequestSearchModelSets, + IRequestSearchPermissionSets, IRequestSearchRoles, IRequestSearchSpaces, IRequestSearchThemes, @@ -375,35 +378,39 @@ export const logout = async ( //#region Auth: Manage User Authentication Configuration /** - * ### Create SSO Embed URL + * ### Create Signed Embed URL * - * Creates an SSO embed URL and cryptographically signs it with an embed secret. + * Creates a signed embed URL and cryptographically signs it with an embed secret. * This signed URL can then be used to instantiate a Looker embed session in a PBL web application. - * Do not make any modifications to this URL - any change may invalidate the signature and + * Do not make any modifications to the returned URL - any change may invalidate the signature and * cause the URL to fail to load a Looker embed session. * - * A signed SSO embed URL can only be used once. After it has been used to request a page from the - * Looker server, the URL is invalid. Future requests using the same URL will fail. This is to prevent + * A signed embed URL can only be **used once**. After the URL has been used to request a page from the + * Looker server, it is invalid. Future requests using the same URL will fail. This is to prevent * 'replay attacks'. * * The `target_url` property must be a complete URL of a Looker UI page - scheme, hostname, path and query params. * To load a dashboard with id 56 and with a filter of `Date=1 years`, the looker URL would look like `https:/myname.looker.com/dashboards/56?Date=1%20years`. - * The best way to obtain this target_url is to navigate to the desired Looker page in your web browser, - * copy the URL shown in the browser address bar and paste it into the `target_url` property as a quoted string value in this API request. + * The best way to obtain this `target_url` is to navigate to the desired Looker page in your web browser and use the "Get embed URL" menu option + * to copy it to your clipboard and paste it into the `target_url` property as a quoted string value in this API request. * - * Permissions for the embed user are defined by the groups in which the embed user is a member (group_ids property) + * Permissions for the embed user are defined by the groups in which the embed user is a member (`group_ids` property) * and the lists of models and permissions assigned to the embed user. - * At a minimum, you must provide values for either the group_ids property, or both the models and permissions properties. + * At a minimum, you must provide values for either the `group_ids` property, or **both** the models and permissions properties. * These properties are additive; an embed user can be a member of certain groups AND be granted access to models and permissions. * - * The embed user's access is the union of permissions granted by the group_ids, models, and permissions properties. + * The embed user's access is the union of permissions granted by the `group_ids`, `models`, and `permissions` properties. * * This function does not strictly require all group_ids, user attribute names, or model names to exist at the moment the - * SSO embed url is created. Unknown group_id, user attribute names or model names will be passed through to the output URL. + * embed url is created. Unknown group_id, user attribute names or model names will be passed through to the output URL. + * * To diagnose potential problems with an SSO embed URL, you can copy the signed URL into the Embed URI Validator text box in `/admin/embed`. * * The `secret_id` parameter is optional. If specified, its value must be the id of an active secret defined in the Looker instance. - * if not specified, the URL will be signed using the newest active secret defined in the Looker instance. + * if not specified, the URL will be signed using the most recent active signing secret. If there is no active secret for signing embed urls, + * a default secret will be created. This default secret is encrypted using HMAC/SHA-256. + * + * The `embed_domain` parameter is optional. If specified and valid, the domain will be added to the embed domain allowlist if it is missing. * * #### Security Note * Protect this signed URL as you would an access token or password credentials - do not write @@ -443,7 +450,7 @@ export const create_sso_embed_url = async ( * * Configuring LDAP impacts authentication for all users. This configuration should be done carefully. * - * Looker maintains a single LDAP configuration. It can be read and updated. Updates only succeed if the new state will be valid (in the sense that all required fields are populated); it is up to you to ensure that the configuration is appropriate and correct). + * Looker maintains a single LDAP configuration. It can be read and updated. Updates only succeed if the new state will be valid (in the sense that all required fields are populated); it is up to you to ensure that the configuration is appropriate and correct). * * LDAP is enabled or disabled for Looker using the **enabled** field. * @@ -546,9 +553,9 @@ export const test_ldap_config_connection = async ( /** * ### Test the connection authentication settings for an LDAP configuration. * - * This tests that the connection is possible and that a 'server' account to be used by Looker can authenticate to the LDAP server given connection and authentication information. + * This tests that the connection is possible and that a 'server' account to be used by Looker can authenticate to the LDAP server given connection and authentication information. * - * **connection_host**, **connection_port**, and **auth_username**, are required. **connection_tls** and **auth_password** are optional. + * **connection_host**, **connection_port**, and **auth_username**, are required. **connection_tls** and **auth_password** are optional. * * Example: * ```json @@ -561,7 +568,7 @@ export const test_ldap_config_connection = async ( * } * ``` * - * Looker will never return an **auth_password**. If this request omits the **auth_password** field, then the **auth_password** value from the active config (if present) will be used for the test. + * Looker will never return an **auth_password**. If this request omits the **auth_password** field, then the **auth_password** value from the active config (if present) will be used for the test. * * The active LDAP settings are not modified. * @@ -590,9 +597,9 @@ export const test_ldap_config_auth = async ( /** * ### Test the user authentication settings for an LDAP configuration without authenticating the user. * - * This test will let you easily test the mapping for user properties and roles for any user without needing to authenticate as that user. + * This test will let you easily test the mapping for user properties and roles for any user withoutneeding to authenticate as that user. * - * This test accepts a full LDAP configuration along with a username and attempts to find the full info for the user from the LDAP server without actually authenticating the user. So, user password is not required.The configuration is validated before attempting to contact the server. + * This test accepts a full LDAP configuration along with a username and attempts to find the full infofor the user from the LDAP server without actually authenticating the user. So, user password is notrequired.The configuration is validated before attempting to contact the server. * * **test_ldap_user** is required. * @@ -623,9 +630,9 @@ export const test_ldap_config_user_info = async ( /** * ### Test the user authentication settings for an LDAP configuration. * - * This test accepts a full LDAP configuration along with a username/password pair and attempts to authenticate the user with the LDAP server. The configuration is validated before attempting the authentication. + * This test accepts a full LDAP configuration along with a username/password pair and attempts to authenticate the user with the LDAP server. The configuration is validated before attempting the authentication. * - * Looker will never return an **auth_password**. If this request omits the **auth_password** field, then the **auth_password** value from the active config (if present) will be used for the test. + * Looker will never return an **auth_password**. If this request omits the **auth_password** field, then the **auth_password** value from the active config (if present) will be used for the test. * * **test_ldap_user** and **test_ldap_password** are required. * @@ -663,7 +670,7 @@ export const test_ldap_config_user_auth = async ( * * Configuring OIDC impacts authentication for all users. This configuration should be done carefully. * - * Looker maintains a single OIDC configuation. It can be read and updated. Updates only succeed if the new state will be valid (in the sense that all required fields are populated); it is up to you to ensure that the configuration is appropriate and correct). + * Looker maintains a single OIDC configuation. It can be read and updated. Updates only succeed if the new state will be valid (in the sense that all required fields are populated); it is up to you to ensure that the configuration is appropriate and correct). * * OIDC is enabled or disabled for Looker using the **enabled** field. * @@ -873,7 +880,7 @@ export const force_password_reset_at_next_login_for_all_users = async ( * * Configuring SAML impacts authentication for all users. This configuration should be done carefully. * - * Looker maintains a single SAML configuation. It can be read and updated. Updates only succeed if the new state will be valid (in the sense that all required fields are populated); it is up to you to ensure that the configuration is appropriate and correct). + * Looker maintains a single SAML configuation. It can be read and updated. Updates only succeed if the new state will be valid (in the sense that all required fields are populated); it is up to you to ensure that the configuration is appropriate and correct). * * SAML is enabled or disabled for Looker using the **enabled** field. * @@ -3811,13 +3818,13 @@ export const stop_pdt_build = async ( * GET /folders/search -> IFolder[] * * @param sdk IAPIMethods implementation - * @param request composed interface "IRequestSearchSpaces" for complex method parameters + * @param request composed interface "IRequestSearchFolders" for complex method parameters * @param options one-time API call overrides * */ export const search_folders = async ( sdk: IAPIMethods, - request: IRequestSearchSpaces, + request: IRequestSearchFolders, options?: Partial ): Promise> => { return sdk.get( @@ -7763,13 +7770,13 @@ export const all_permissions = async ( * GET /permission_sets/search -> IPermissionSet[] * * @param sdk IAPIMethods implementation - * @param request composed interface "IRequestSearchModelSets" for complex method parameters + * @param request composed interface "IRequestSearchPermissionSets" for complex method parameters * @param options one-time API call overrides * */ export const search_permission_sets = async ( sdk: IAPIMethods, - request: IRequestSearchModelSets, + request: IRequestSearchPermissionSets, options?: Partial ): Promise> => { return sdk.get( @@ -10727,13 +10734,13 @@ export const delete_user_attribute_user_value = async ( * GET /user_attributes -> IUserAttribute[] * * @param sdk IAPIMethods implementation - * @param request composed interface "IRequestAllHomepageSections" for complex method parameters + * @param request composed interface "IRequestAllUserAttributes" for complex method parameters * @param options one-time API call overrides * */ export const all_user_attributes = async ( sdk: IAPIMethods, - request: IRequestAllHomepageSections, + request: IRequestAllUserAttributes, options?: Partial ): Promise> => { return sdk.get( diff --git a/packages/sdk/src/3.1/methods.ts b/packages/sdk/src/3.1/methods.ts index 20eefb130..60efac03c 100644 --- a/packages/sdk/src/3.1/methods.ts +++ b/packages/sdk/src/3.1/methods.ts @@ -136,6 +136,7 @@ import type { IRequestAllIntegrations, IRequestAllRoles, IRequestAllScheduledPlans, + IRequestAllUserAttributes, IRequestAllUsers, IRequestContentThumbnail, IRequestCreateDashboardElement, @@ -162,10 +163,12 @@ import type { IRequestSearchContentViews, IRequestSearchDashboardElements, IRequestSearchDashboards, + IRequestSearchFolders, IRequestSearchGroups, IRequestSearchHomepages, IRequestSearchLooks, IRequestSearchModelSets, + IRequestSearchPermissionSets, IRequestSearchRoles, IRequestSearchSpaces, IRequestSearchThemes, @@ -370,35 +373,39 @@ export class Looker31SDK extends APIMethods implements ILooker31SDK { //#region Auth: Manage User Authentication Configuration /** - * ### Create SSO Embed URL + * ### Create Signed Embed URL * - * Creates an SSO embed URL and cryptographically signs it with an embed secret. + * Creates a signed embed URL and cryptographically signs it with an embed secret. * This signed URL can then be used to instantiate a Looker embed session in a PBL web application. - * Do not make any modifications to this URL - any change may invalidate the signature and + * Do not make any modifications to the returned URL - any change may invalidate the signature and * cause the URL to fail to load a Looker embed session. * - * A signed SSO embed URL can only be used once. After it has been used to request a page from the - * Looker server, the URL is invalid. Future requests using the same URL will fail. This is to prevent + * A signed embed URL can only be **used once**. After the URL has been used to request a page from the + * Looker server, it is invalid. Future requests using the same URL will fail. This is to prevent * 'replay attacks'. * * The `target_url` property must be a complete URL of a Looker UI page - scheme, hostname, path and query params. * To load a dashboard with id 56 and with a filter of `Date=1 years`, the looker URL would look like `https:/myname.looker.com/dashboards/56?Date=1%20years`. - * The best way to obtain this target_url is to navigate to the desired Looker page in your web browser, - * copy the URL shown in the browser address bar and paste it into the `target_url` property as a quoted string value in this API request. + * The best way to obtain this `target_url` is to navigate to the desired Looker page in your web browser and use the "Get embed URL" menu option + * to copy it to your clipboard and paste it into the `target_url` property as a quoted string value in this API request. * - * Permissions for the embed user are defined by the groups in which the embed user is a member (group_ids property) + * Permissions for the embed user are defined by the groups in which the embed user is a member (`group_ids` property) * and the lists of models and permissions assigned to the embed user. - * At a minimum, you must provide values for either the group_ids property, or both the models and permissions properties. + * At a minimum, you must provide values for either the `group_ids` property, or **both** the models and permissions properties. * These properties are additive; an embed user can be a member of certain groups AND be granted access to models and permissions. * - * The embed user's access is the union of permissions granted by the group_ids, models, and permissions properties. + * The embed user's access is the union of permissions granted by the `group_ids`, `models`, and `permissions` properties. * * This function does not strictly require all group_ids, user attribute names, or model names to exist at the moment the - * SSO embed url is created. Unknown group_id, user attribute names or model names will be passed through to the output URL. + * embed url is created. Unknown group_id, user attribute names or model names will be passed through to the output URL. + * * To diagnose potential problems with an SSO embed URL, you can copy the signed URL into the Embed URI Validator text box in `/admin/embed`. * * The `secret_id` parameter is optional. If specified, its value must be the id of an active secret defined in the Looker instance. - * if not specified, the URL will be signed using the newest active secret defined in the Looker instance. + * if not specified, the URL will be signed using the most recent active signing secret. If there is no active secret for signing embed urls, + * a default secret will be created. This default secret is encrypted using HMAC/SHA-256. + * + * The `embed_domain` parameter is optional. If specified and valid, the domain will be added to the embed domain allowlist if it is missing. * * #### Security Note * Protect this signed URL as you would an access token or password credentials - do not write @@ -436,7 +443,7 @@ export class Looker31SDK extends APIMethods implements ILooker31SDK { * * Configuring LDAP impacts authentication for all users. This configuration should be done carefully. * - * Looker maintains a single LDAP configuration. It can be read and updated. Updates only succeed if the new state will be valid (in the sense that all required fields are populated); it is up to you to ensure that the configuration is appropriate and correct). + * Looker maintains a single LDAP configuration. It can be read and updated. Updates only succeed if the new state will be valid (in the sense that all required fields are populated); it is up to you to ensure that the configuration is appropriate and correct). * * LDAP is enabled or disabled for Looker using the **enabled** field. * @@ -533,9 +540,9 @@ export class Looker31SDK extends APIMethods implements ILooker31SDK { /** * ### Test the connection authentication settings for an LDAP configuration. * - * This tests that the connection is possible and that a 'server' account to be used by Looker can authenticate to the LDAP server given connection and authentication information. + * This tests that the connection is possible and that a 'server' account to be used by Looker can authenticate to the LDAP server given connection and authentication information. * - * **connection_host**, **connection_port**, and **auth_username**, are required. **connection_tls** and **auth_password** are optional. + * **connection_host**, **connection_port**, and **auth_username**, are required. **connection_tls** and **auth_password** are optional. * * Example: * ```json @@ -548,7 +555,7 @@ export class Looker31SDK extends APIMethods implements ILooker31SDK { * } * ``` * - * Looker will never return an **auth_password**. If this request omits the **auth_password** field, then the **auth_password** value from the active config (if present) will be used for the test. + * Looker will never return an **auth_password**. If this request omits the **auth_password** field, then the **auth_password** value from the active config (if present) will be used for the test. * * The active LDAP settings are not modified. * @@ -575,9 +582,9 @@ export class Looker31SDK extends APIMethods implements ILooker31SDK { /** * ### Test the user authentication settings for an LDAP configuration without authenticating the user. * - * This test will let you easily test the mapping for user properties and roles for any user without needing to authenticate as that user. + * This test will let you easily test the mapping for user properties and roles for any user withoutneeding to authenticate as that user. * - * This test accepts a full LDAP configuration along with a username and attempts to find the full info for the user from the LDAP server without actually authenticating the user. So, user password is not required.The configuration is validated before attempting to contact the server. + * This test accepts a full LDAP configuration along with a username and attempts to find the full infofor the user from the LDAP server without actually authenticating the user. So, user password is notrequired.The configuration is validated before attempting to contact the server. * * **test_ldap_user** is required. * @@ -606,9 +613,9 @@ export class Looker31SDK extends APIMethods implements ILooker31SDK { /** * ### Test the user authentication settings for an LDAP configuration. * - * This test accepts a full LDAP configuration along with a username/password pair and attempts to authenticate the user with the LDAP server. The configuration is validated before attempting the authentication. + * This test accepts a full LDAP configuration along with a username/password pair and attempts to authenticate the user with the LDAP server. The configuration is validated before attempting the authentication. * - * Looker will never return an **auth_password**. If this request omits the **auth_password** field, then the **auth_password** value from the active config (if present) will be used for the test. + * Looker will never return an **auth_password**. If this request omits the **auth_password** field, then the **auth_password** value from the active config (if present) will be used for the test. * * **test_ldap_user** and **test_ldap_password** are required. * @@ -644,7 +651,7 @@ export class Looker31SDK extends APIMethods implements ILooker31SDK { * * Configuring OIDC impacts authentication for all users. This configuration should be done carefully. * - * Looker maintains a single OIDC configuation. It can be read and updated. Updates only succeed if the new state will be valid (in the sense that all required fields are populated); it is up to you to ensure that the configuration is appropriate and correct). + * Looker maintains a single OIDC configuation. It can be read and updated. Updates only succeed if the new state will be valid (in the sense that all required fields are populated); it is up to you to ensure that the configuration is appropriate and correct). * * OIDC is enabled or disabled for Looker using the **enabled** field. * @@ -838,7 +845,7 @@ export class Looker31SDK extends APIMethods implements ILooker31SDK { * * Configuring SAML impacts authentication for all users. This configuration should be done carefully. * - * Looker maintains a single SAML configuation. It can be read and updated. Updates only succeed if the new state will be valid (in the sense that all required fields are populated); it is up to you to ensure that the configuration is appropriate and correct). + * Looker maintains a single SAML configuation. It can be read and updated. Updates only succeed if the new state will be valid (in the sense that all required fields are populated); it is up to you to ensure that the configuration is appropriate and correct). * * SAML is enabled or disabled for Looker using the **enabled** field. * @@ -3564,12 +3571,12 @@ export class Looker31SDK extends APIMethods implements ILooker31SDK { * * GET /folders/search -> IFolder[] * - * @param request composed interface "IRequestSearchSpaces" for complex method parameters + * @param request composed interface "IRequestSearchFolders" for complex method parameters * @param options one-time API call overrides * */ async search_folders( - request: IRequestSearchSpaces, + request: IRequestSearchFolders, options?: Partial ): Promise> { return this.get( @@ -7284,12 +7291,12 @@ export class Looker31SDK extends APIMethods implements ILooker31SDK { * * GET /permission_sets/search -> IPermissionSet[] * - * @param request composed interface "IRequestSearchModelSets" for complex method parameters + * @param request composed interface "IRequestSearchPermissionSets" for complex method parameters * @param options one-time API call overrides * */ async search_permission_sets( - request: IRequestSearchModelSets, + request: IRequestSearchPermissionSets, options?: Partial ): Promise> { return this.get( @@ -10075,12 +10082,12 @@ export class Looker31SDK extends APIMethods implements ILooker31SDK { * * GET /user_attributes -> IUserAttribute[] * - * @param request composed interface "IRequestAllHomepageSections" for complex method parameters + * @param request composed interface "IRequestAllUserAttributes" for complex method parameters * @param options one-time API call overrides * */ async all_user_attributes( - request: IRequestAllHomepageSections, + request: IRequestAllUserAttributes, options?: Partial ): Promise> { return this.get( diff --git a/packages/sdk/src/3.1/methodsInterface.ts b/packages/sdk/src/3.1/methodsInterface.ts index 0d184fa82..e15274be8 100644 --- a/packages/sdk/src/3.1/methodsInterface.ts +++ b/packages/sdk/src/3.1/methodsInterface.ts @@ -133,6 +133,7 @@ import type { IRequestAllIntegrations, IRequestAllRoles, IRequestAllScheduledPlans, + IRequestAllUserAttributes, IRequestAllUsers, IRequestContentThumbnail, IRequestCreateDashboardElement, @@ -159,10 +160,12 @@ import type { IRequestSearchContentViews, IRequestSearchDashboardElements, IRequestSearchDashboards, + IRequestSearchFolders, IRequestSearchGroups, IRequestSearchHomepages, IRequestSearchLooks, IRequestSearchModelSets, + IRequestSearchPermissionSets, IRequestSearchRoles, IRequestSearchSpaces, IRequestSearchThemes, @@ -341,35 +344,39 @@ export interface ILooker31SDK extends IAPIMethods { //#region Auth: Manage User Authentication Configuration /** - * ### Create SSO Embed URL + * ### Create Signed Embed URL * - * Creates an SSO embed URL and cryptographically signs it with an embed secret. + * Creates a signed embed URL and cryptographically signs it with an embed secret. * This signed URL can then be used to instantiate a Looker embed session in a PBL web application. - * Do not make any modifications to this URL - any change may invalidate the signature and + * Do not make any modifications to the returned URL - any change may invalidate the signature and * cause the URL to fail to load a Looker embed session. * - * A signed SSO embed URL can only be used once. After it has been used to request a page from the - * Looker server, the URL is invalid. Future requests using the same URL will fail. This is to prevent + * A signed embed URL can only be **used once**. After the URL has been used to request a page from the + * Looker server, it is invalid. Future requests using the same URL will fail. This is to prevent * 'replay attacks'. * * The `target_url` property must be a complete URL of a Looker UI page - scheme, hostname, path and query params. * To load a dashboard with id 56 and with a filter of `Date=1 years`, the looker URL would look like `https:/myname.looker.com/dashboards/56?Date=1%20years`. - * The best way to obtain this target_url is to navigate to the desired Looker page in your web browser, - * copy the URL shown in the browser address bar and paste it into the `target_url` property as a quoted string value in this API request. + * The best way to obtain this `target_url` is to navigate to the desired Looker page in your web browser and use the "Get embed URL" menu option + * to copy it to your clipboard and paste it into the `target_url` property as a quoted string value in this API request. * - * Permissions for the embed user are defined by the groups in which the embed user is a member (group_ids property) + * Permissions for the embed user are defined by the groups in which the embed user is a member (`group_ids` property) * and the lists of models and permissions assigned to the embed user. - * At a minimum, you must provide values for either the group_ids property, or both the models and permissions properties. + * At a minimum, you must provide values for either the `group_ids` property, or **both** the models and permissions properties. * These properties are additive; an embed user can be a member of certain groups AND be granted access to models and permissions. * - * The embed user's access is the union of permissions granted by the group_ids, models, and permissions properties. + * The embed user's access is the union of permissions granted by the `group_ids`, `models`, and `permissions` properties. * * This function does not strictly require all group_ids, user attribute names, or model names to exist at the moment the - * SSO embed url is created. Unknown group_id, user attribute names or model names will be passed through to the output URL. + * embed url is created. Unknown group_id, user attribute names or model names will be passed through to the output URL. + * * To diagnose potential problems with an SSO embed URL, you can copy the signed URL into the Embed URI Validator text box in `/admin/embed`. * * The `secret_id` parameter is optional. If specified, its value must be the id of an active secret defined in the Looker instance. - * if not specified, the URL will be signed using the newest active secret defined in the Looker instance. + * if not specified, the URL will be signed using the most recent active signing secret. If there is no active secret for signing embed urls, + * a default secret will be created. This default secret is encrypted using HMAC/SHA-256. + * + * The `embed_domain` parameter is optional. If specified and valid, the domain will be added to the embed domain allowlist if it is missing. * * #### Security Note * Protect this signed URL as you would an access token or password credentials - do not write @@ -400,7 +407,7 @@ export interface ILooker31SDK extends IAPIMethods { * * Configuring LDAP impacts authentication for all users. This configuration should be done carefully. * - * Looker maintains a single LDAP configuration. It can be read and updated. Updates only succeed if the new state will be valid (in the sense that all required fields are populated); it is up to you to ensure that the configuration is appropriate and correct). + * Looker maintains a single LDAP configuration. It can be read and updated. Updates only succeed if the new state will be valid (in the sense that all required fields are populated); it is up to you to ensure that the configuration is appropriate and correct). * * LDAP is enabled or disabled for Looker using the **enabled** field. * @@ -481,9 +488,9 @@ export interface ILooker31SDK extends IAPIMethods { /** * ### Test the connection authentication settings for an LDAP configuration. * - * This tests that the connection is possible and that a 'server' account to be used by Looker can authenticate to the LDAP server given connection and authentication information. + * This tests that the connection is possible and that a 'server' account to be used by Looker can authenticate to the LDAP server given connection and authentication information. * - * **connection_host**, **connection_port**, and **auth_username**, are required. **connection_tls** and **auth_password** are optional. + * **connection_host**, **connection_port**, and **auth_username**, are required. **connection_tls** and **auth_password** are optional. * * Example: * ```json @@ -496,7 +503,7 @@ export interface ILooker31SDK extends IAPIMethods { * } * ``` * - * Looker will never return an **auth_password**. If this request omits the **auth_password** field, then the **auth_password** value from the active config (if present) will be used for the test. + * Looker will never return an **auth_password**. If this request omits the **auth_password** field, then the **auth_password** value from the active config (if present) will be used for the test. * * The active LDAP settings are not modified. * @@ -516,9 +523,9 @@ export interface ILooker31SDK extends IAPIMethods { /** * ### Test the user authentication settings for an LDAP configuration without authenticating the user. * - * This test will let you easily test the mapping for user properties and roles for any user without needing to authenticate as that user. + * This test will let you easily test the mapping for user properties and roles for any user withoutneeding to authenticate as that user. * - * This test accepts a full LDAP configuration along with a username and attempts to find the full info for the user from the LDAP server without actually authenticating the user. So, user password is not required.The configuration is validated before attempting to contact the server. + * This test accepts a full LDAP configuration along with a username and attempts to find the full infofor the user from the LDAP server without actually authenticating the user. So, user password is notrequired.The configuration is validated before attempting to contact the server. * * **test_ldap_user** is required. * @@ -540,9 +547,9 @@ export interface ILooker31SDK extends IAPIMethods { /** * ### Test the user authentication settings for an LDAP configuration. * - * This test accepts a full LDAP configuration along with a username/password pair and attempts to authenticate the user with the LDAP server. The configuration is validated before attempting the authentication. + * This test accepts a full LDAP configuration along with a username/password pair and attempts to authenticate the user with the LDAP server. The configuration is validated before attempting the authentication. * - * Looker will never return an **auth_password**. If this request omits the **auth_password** field, then the **auth_password** value from the active config (if present) will be used for the test. + * Looker will never return an **auth_password**. If this request omits the **auth_password** field, then the **auth_password** value from the active config (if present) will be used for the test. * * **test_ldap_user** and **test_ldap_password** are required. * @@ -571,7 +578,7 @@ export interface ILooker31SDK extends IAPIMethods { * * Configuring OIDC impacts authentication for all users. This configuration should be done carefully. * - * Looker maintains a single OIDC configuation. It can be read and updated. Updates only succeed if the new state will be valid (in the sense that all required fields are populated); it is up to you to ensure that the configuration is appropriate and correct). + * Looker maintains a single OIDC configuation. It can be read and updated. Updates only succeed if the new state will be valid (in the sense that all required fields are populated); it is up to you to ensure that the configuration is appropriate and correct). * * OIDC is enabled or disabled for Looker using the **enabled** field. * @@ -712,7 +719,7 @@ export interface ILooker31SDK extends IAPIMethods { * * Configuring SAML impacts authentication for all users. This configuration should be done carefully. * - * Looker maintains a single SAML configuation. It can be read and updated. Updates only succeed if the new state will be valid (in the sense that all required fields are populated); it is up to you to ensure that the configuration is appropriate and correct). + * Looker maintains a single SAML configuation. It can be read and updated. Updates only succeed if the new state will be valid (in the sense that all required fields are populated); it is up to you to ensure that the configuration is appropriate and correct). * * SAML is enabled or disabled for Looker using the **enabled** field. * @@ -2591,12 +2598,12 @@ export interface ILooker31SDK extends IAPIMethods { * * GET /folders/search -> IFolder[] * - * @param request composed interface "IRequestSearchSpaces" for complex method parameters + * @param request composed interface "IRequestSearchFolders" for complex method parameters * @param options one-time API call overrides * */ search_folders( - request: IRequestSearchSpaces, + request: IRequestSearchFolders, options?: Partial ): Promise> @@ -5213,12 +5220,12 @@ export interface ILooker31SDK extends IAPIMethods { * * GET /permission_sets/search -> IPermissionSet[] * - * @param request composed interface "IRequestSearchModelSets" for complex method parameters + * @param request composed interface "IRequestSearchPermissionSets" for complex method parameters * @param options one-time API call overrides * */ search_permission_sets( - request: IRequestSearchModelSets, + request: IRequestSearchPermissionSets, options?: Partial ): Promise> @@ -7263,12 +7270,12 @@ export interface ILooker31SDK extends IAPIMethods { * * GET /user_attributes -> IUserAttribute[] * - * @param request composed interface "IRequestAllHomepageSections" for complex method parameters + * @param request composed interface "IRequestAllUserAttributes" for complex method parameters * @param options one-time API call overrides * */ all_user_attributes( - request: IRequestAllHomepageSections, + request: IRequestAllUserAttributes, options?: Partial ): Promise> diff --git a/packages/sdk/src/3.1/models.ts b/packages/sdk/src/3.1/models.ts index 1c861092d..f916b172e 100644 --- a/packages/sdk/src/3.1/models.ts +++ b/packages/sdk/src/3.1/models.ts @@ -25,7 +25,7 @@ */ /** - * 308 API models: 190 Spec, 50 Request, 51 Write, 17 Enum + * 311 API models: 190 Spec, 53 Request, 51 Write, 17 Enum */ import type { IDictionary, Url, DelimArray } from '@looker/sdk-rtl' @@ -2393,7 +2393,7 @@ export interface IEmbedSsoParams { */ target_url: Url /** - * Number of seconds the SSO embed session will be valid after the embed session is started. Defaults to 300 seconds. Maximum session length accepted is 2592000 seconds (30 days). + * Number of seconds the signed embed session will be valid after the embed session is started. Defaults to 300 seconds. Maximum session length accepted is 2592000 seconds (30 days). */ session_length?: number | null /** @@ -2401,7 +2401,7 @@ export interface IEmbedSsoParams { */ force_logout_login?: boolean /** - * A value from an external system that uniquely identifies the embed user. Since the user_ids of Looker embed users may change with every embed session, external_user_id provides a way to assign a known, stable user identifier across multiple embed sessions. + * A value from an external system that uniquely identifies the embed user. Since the user_ids of Looker embed users may change with every embed session, external_user_id provides a way to assign a known, stable user identifier across multiple embed sessions. When the same external user id value is used for a new embed session, any existing session is terminated and existing access grants are replaced with the access grants associated with the new embed session. */ external_user_id?: string | null /** @@ -2440,6 +2440,10 @@ export interface IEmbedSsoParams { * Id of the embed secret to use to sign this SSO url. If specified, the value must be an id of a valid (active) secret defined in the Looker instance. If not specified, the URL will be signed with the newest active embed secret defined in the Looker instance. */ secret_id?: number | null + /** + * Optional. URL of the domain hosting the signed embed URL. If provided and valid, the embed_domain will be added to the embed domain allowlist if it is not currently in the list + */ + embed_domain?: string | null } export interface IEmbedUrlResponse { @@ -6002,6 +6006,20 @@ export interface IRequestAllScheduledPlans { all_users?: boolean | null } +/** + * Dynamically generated request type for all_user_attributes + */ +export interface IRequestAllUserAttributes { + /** + * Requested fields. + */ + fields?: string | null + /** + * Fields to order the results by. Sortable fields include: name, label + */ + sorts?: string | null +} + /** * Dynamically generated request type for all_users */ @@ -6878,6 +6896,64 @@ export interface IRequestSearchDashboards { filter_or?: boolean | null } +/** + * Dynamically generated request type for search_folders + */ +export interface IRequestSearchFolders { + /** + * Requested fields. + */ + fields?: string | null + /** + * Return only page N of paginated results + */ + page?: number | null + /** + * Return N rows of data per page + */ + per_page?: number | null + /** + * Number of results to return. (used with offset and takes priority over page and per_page) + */ + limit?: number | null + /** + * Number of results to skip before returning any. (used with limit and takes priority over page and per_page) + */ + offset?: number | null + /** + * Fields to sort by. + */ + sorts?: string | null + /** + * Match Space title. + */ + name?: string | null + /** + * Match Space id + */ + id?: number | null + /** + * Filter on a children of a particular folder. + */ + parent_id?: string | null + /** + * Filter on folder created by a particular user. + */ + creator_id?: string | null + /** + * Combine given search criteria in a boolean OR expression + */ + filter_or?: boolean | null + /** + * Match is shared root + */ + is_shared_root?: boolean | null + /** + * Match is users root + */ + is_users_root?: boolean | null +} + /** * Dynamically generated request type for search_groups */ @@ -7090,6 +7166,48 @@ export interface IRequestSearchModelSets { filter_or?: boolean | null } +/** + * Dynamically generated request type for search_permission_sets + */ +export interface IRequestSearchPermissionSets { + /** + * Requested fields. + */ + fields?: string | null + /** + * Number of results to return (used with `offset`). + */ + limit?: number | null + /** + * Number of results to skip before returning any (used with `limit`). + */ + offset?: number | null + /** + * Fields to sort by. + */ + sorts?: string | null + /** + * Match permission set id. + */ + id?: number | null + /** + * Match permission set name. + */ + name?: string | null + /** + * Match permission sets by all_access status. + */ + all_access?: boolean | null + /** + * Match permission sets by built_in status. + */ + built_in?: boolean | null + /** + * Combine given search criteria in a boolean OR expression. + */ + filter_or?: boolean | null +} + /** * Dynamically generated request type for search_roles */ diff --git a/packages/sdk/src/3.1/streams.ts b/packages/sdk/src/3.1/streams.ts index 86a94b129..8f25ba154 100644 --- a/packages/sdk/src/3.1/streams.ts +++ b/packages/sdk/src/3.1/streams.ts @@ -135,6 +135,7 @@ import type { IRequestAllIntegrations, IRequestAllRoles, IRequestAllScheduledPlans, + IRequestAllUserAttributes, IRequestAllUsers, IRequestContentThumbnail, IRequestCreateDashboardElement, @@ -161,10 +162,12 @@ import type { IRequestSearchContentViews, IRequestSearchDashboardElements, IRequestSearchDashboards, + IRequestSearchFolders, IRequestSearchGroups, IRequestSearchHomepages, IRequestSearchLooks, IRequestSearchModelSets, + IRequestSearchPermissionSets, IRequestSearchRoles, IRequestSearchSpaces, IRequestSearchThemes, @@ -386,35 +389,39 @@ export class Looker31SDKStream extends APIMethods { //#region Auth: Manage User Authentication Configuration /** - * ### Create SSO Embed URL + * ### Create Signed Embed URL * - * Creates an SSO embed URL and cryptographically signs it with an embed secret. + * Creates a signed embed URL and cryptographically signs it with an embed secret. * This signed URL can then be used to instantiate a Looker embed session in a PBL web application. - * Do not make any modifications to this URL - any change may invalidate the signature and + * Do not make any modifications to the returned URL - any change may invalidate the signature and * cause the URL to fail to load a Looker embed session. * - * A signed SSO embed URL can only be used once. After it has been used to request a page from the - * Looker server, the URL is invalid. Future requests using the same URL will fail. This is to prevent + * A signed embed URL can only be **used once**. After the URL has been used to request a page from the + * Looker server, it is invalid. Future requests using the same URL will fail. This is to prevent * 'replay attacks'. * * The `target_url` property must be a complete URL of a Looker UI page - scheme, hostname, path and query params. * To load a dashboard with id 56 and with a filter of `Date=1 years`, the looker URL would look like `https:/myname.looker.com/dashboards/56?Date=1%20years`. - * The best way to obtain this target_url is to navigate to the desired Looker page in your web browser, - * copy the URL shown in the browser address bar and paste it into the `target_url` property as a quoted string value in this API request. + * The best way to obtain this `target_url` is to navigate to the desired Looker page in your web browser and use the "Get embed URL" menu option + * to copy it to your clipboard and paste it into the `target_url` property as a quoted string value in this API request. * - * Permissions for the embed user are defined by the groups in which the embed user is a member (group_ids property) + * Permissions for the embed user are defined by the groups in which the embed user is a member (`group_ids` property) * and the lists of models and permissions assigned to the embed user. - * At a minimum, you must provide values for either the group_ids property, or both the models and permissions properties. + * At a minimum, you must provide values for either the `group_ids` property, or **both** the models and permissions properties. * These properties are additive; an embed user can be a member of certain groups AND be granted access to models and permissions. * - * The embed user's access is the union of permissions granted by the group_ids, models, and permissions properties. + * The embed user's access is the union of permissions granted by the `group_ids`, `models`, and `permissions` properties. * * This function does not strictly require all group_ids, user attribute names, or model names to exist at the moment the - * SSO embed url is created. Unknown group_id, user attribute names or model names will be passed through to the output URL. + * embed url is created. Unknown group_id, user attribute names or model names will be passed through to the output URL. + * * To diagnose potential problems with an SSO embed URL, you can copy the signed URL into the Embed URI Validator text box in `/admin/embed`. * * The `secret_id` parameter is optional. If specified, its value must be the id of an active secret defined in the Looker instance. - * if not specified, the URL will be signed using the newest active secret defined in the Looker instance. + * if not specified, the URL will be signed using the most recent active signing secret. If there is no active secret for signing embed urls, + * a default secret will be created. This default secret is encrypted using HMAC/SHA-256. + * + * The `embed_domain` parameter is optional. If specified and valid, the domain will be added to the embed domain allowlist if it is missing. * * #### Security Note * Protect this signed URL as you would an access token or password credentials - do not write @@ -456,7 +463,7 @@ export class Looker31SDKStream extends APIMethods { * * Configuring LDAP impacts authentication for all users. This configuration should be done carefully. * - * Looker maintains a single LDAP configuration. It can be read and updated. Updates only succeed if the new state will be valid (in the sense that all required fields are populated); it is up to you to ensure that the configuration is appropriate and correct). + * Looker maintains a single LDAP configuration. It can be read and updated. Updates only succeed if the new state will be valid (in the sense that all required fields are populated); it is up to you to ensure that the configuration is appropriate and correct). * * LDAP is enabled or disabled for Looker using the **enabled** field. * @@ -570,9 +577,9 @@ export class Looker31SDKStream extends APIMethods { /** * ### Test the connection authentication settings for an LDAP configuration. * - * This tests that the connection is possible and that a 'server' account to be used by Looker can authenticate to the LDAP server given connection and authentication information. + * This tests that the connection is possible and that a 'server' account to be used by Looker can authenticate to the LDAP server given connection and authentication information. * - * **connection_host**, **connection_port**, and **auth_username**, are required. **connection_tls** and **auth_password** are optional. + * **connection_host**, **connection_port**, and **auth_username**, are required. **connection_tls** and **auth_password** are optional. * * Example: * ```json @@ -585,7 +592,7 @@ export class Looker31SDKStream extends APIMethods { * } * ``` * - * Looker will never return an **auth_password**. If this request omits the **auth_password** field, then the **auth_password** value from the active config (if present) will be used for the test. + * Looker will never return an **auth_password**. If this request omits the **auth_password** field, then the **auth_password** value from the active config (if present) will be used for the test. * * The active LDAP settings are not modified. * @@ -616,9 +623,9 @@ export class Looker31SDKStream extends APIMethods { /** * ### Test the user authentication settings for an LDAP configuration without authenticating the user. * - * This test will let you easily test the mapping for user properties and roles for any user without needing to authenticate as that user. + * This test will let you easily test the mapping for user properties and roles for any user withoutneeding to authenticate as that user. * - * This test accepts a full LDAP configuration along with a username and attempts to find the full info for the user from the LDAP server without actually authenticating the user. So, user password is not required.The configuration is validated before attempting to contact the server. + * This test accepts a full LDAP configuration along with a username and attempts to find the full infofor the user from the LDAP server without actually authenticating the user. So, user password is notrequired.The configuration is validated before attempting to contact the server. * * **test_ldap_user** is required. * @@ -651,9 +658,9 @@ export class Looker31SDKStream extends APIMethods { /** * ### Test the user authentication settings for an LDAP configuration. * - * This test accepts a full LDAP configuration along with a username/password pair and attempts to authenticate the user with the LDAP server. The configuration is validated before attempting the authentication. + * This test accepts a full LDAP configuration along with a username/password pair and attempts to authenticate the user with the LDAP server. The configuration is validated before attempting the authentication. * - * Looker will never return an **auth_password**. If this request omits the **auth_password** field, then the **auth_password** value from the active config (if present) will be used for the test. + * Looker will never return an **auth_password**. If this request omits the **auth_password** field, then the **auth_password** value from the active config (if present) will be used for the test. * * **test_ldap_user** and **test_ldap_password** are required. * @@ -693,7 +700,7 @@ export class Looker31SDKStream extends APIMethods { * * Configuring OIDC impacts authentication for all users. This configuration should be done carefully. * - * Looker maintains a single OIDC configuation. It can be read and updated. Updates only succeed if the new state will be valid (in the sense that all required fields are populated); it is up to you to ensure that the configuration is appropriate and correct). + * Looker maintains a single OIDC configuation. It can be read and updated. Updates only succeed if the new state will be valid (in the sense that all required fields are populated); it is up to you to ensure that the configuration is appropriate and correct). * * OIDC is enabled or disabled for Looker using the **enabled** field. * @@ -924,7 +931,7 @@ export class Looker31SDKStream extends APIMethods { * * Configuring SAML impacts authentication for all users. This configuration should be done carefully. * - * Looker maintains a single SAML configuation. It can be read and updated. Updates only succeed if the new state will be valid (in the sense that all required fields are populated); it is up to you to ensure that the configuration is appropriate and correct). + * Looker maintains a single SAML configuation. It can be read and updated. Updates only succeed if the new state will be valid (in the sense that all required fields are populated); it is up to you to ensure that the configuration is appropriate and correct). * * SAML is enabled or disabled for Looker using the **enabled** field. * @@ -4098,13 +4105,13 @@ export class Looker31SDKStream extends APIMethods { * GET /folders/search -> IFolder[] * * @param callback streaming output function - * @param request composed interface "IRequestSearchSpaces" for complex method parameters + * @param request composed interface "IRequestSearchFolders" for complex method parameters * @param options one-time API call overrides * */ async search_folders( callback: (readable: Readable) => Promise, - request: IRequestSearchSpaces, + request: IRequestSearchFolders, options?: Partial ) { return this.authStream( @@ -8351,13 +8358,13 @@ export class Looker31SDKStream extends APIMethods { * GET /permission_sets/search -> IPermissionSet[] * * @param callback streaming output function - * @param request composed interface "IRequestSearchModelSets" for complex method parameters + * @param request composed interface "IRequestSearchPermissionSets" for complex method parameters * @param options one-time API call overrides * */ async search_permission_sets( callback: (readable: Readable) => Promise, - request: IRequestSearchModelSets, + request: IRequestSearchPermissionSets, options?: Partial ) { return this.authStream( @@ -11558,13 +11565,13 @@ export class Looker31SDKStream extends APIMethods { * GET /user_attributes -> IUserAttribute[] * * @param callback streaming output function - * @param request composed interface "IRequestAllHomepageSections" for complex method parameters + * @param request composed interface "IRequestAllUserAttributes" for complex method parameters * @param options one-time API call overrides * */ async all_user_attributes( callback: (readable: Readable) => Promise, - request: IRequestAllHomepageSections, + request: IRequestAllUserAttributes, options?: Partial ) { return this.authStream( diff --git a/packages/sdk/src/4.0/funcs.ts b/packages/sdk/src/4.0/funcs.ts index 9998d0a40..599213e43 100644 --- a/packages/sdk/src/4.0/funcs.ts +++ b/packages/sdk/src/4.0/funcs.ts @@ -170,8 +170,10 @@ import type { IRequestAllGroups, IRequestAllGroupUsers, IRequestAllIntegrations, + IRequestAllLookmlModels, IRequestAllRoles, IRequestAllScheduledPlans, + IRequestAllUserAttributes, IRequestAllUsers, IRequestArtifact, IRequestArtifactNamespaces, @@ -211,9 +213,13 @@ import type { IRequestSearchDashboards, IRequestSearchFolders, IRequestSearchGroups, + IRequestSearchGroupsWithHierarchy, + IRequestSearchGroupsWithRoles, IRequestSearchLooks, IRequestSearchModelSets, + IRequestSearchPermissionSets, IRequestSearchRoles, + IRequestSearchRolesWithUserCount, IRequestSearchThemes, IRequestSearchUserLoginLockouts, IRequestSearchUsers, @@ -1078,35 +1084,39 @@ export const delete_embed_secret = async ( } /** - * ### Create SSO Embed URL + * ### Create Signed Embed URL * - * Creates an SSO embed URL and cryptographically signs it with an embed secret. + * Creates a signed embed URL and cryptographically signs it with an embed secret. * This signed URL can then be used to instantiate a Looker embed session in a PBL web application. - * Do not make any modifications to this URL - any change may invalidate the signature and + * Do not make any modifications to the returned URL - any change may invalidate the signature and * cause the URL to fail to load a Looker embed session. * - * A signed SSO embed URL can only be used once. After it has been used to request a page from the - * Looker server, the URL is invalid. Future requests using the same URL will fail. This is to prevent + * A signed embed URL can only be **used once**. After the URL has been used to request a page from the + * Looker server, it is invalid. Future requests using the same URL will fail. This is to prevent * 'replay attacks'. * * The `target_url` property must be a complete URL of a Looker UI page - scheme, hostname, path and query params. * To load a dashboard with id 56 and with a filter of `Date=1 years`, the looker URL would look like `https:/myname.looker.com/dashboards/56?Date=1%20years`. - * The best way to obtain this target_url is to navigate to the desired Looker page in your web browser, - * copy the URL shown in the browser address bar and paste it into the `target_url` property as a quoted string value in this API request. + * The best way to obtain this `target_url` is to navigate to the desired Looker page in your web browser and use the "Get embed URL" menu option + * to copy it to your clipboard and paste it into the `target_url` property as a quoted string value in this API request. * - * Permissions for the embed user are defined by the groups in which the embed user is a member (group_ids property) + * Permissions for the embed user are defined by the groups in which the embed user is a member (`group_ids` property) * and the lists of models and permissions assigned to the embed user. - * At a minimum, you must provide values for either the group_ids property, or both the models and permissions properties. + * At a minimum, you must provide values for either the `group_ids` property, or **both** the models and permissions properties. * These properties are additive; an embed user can be a member of certain groups AND be granted access to models and permissions. * - * The embed user's access is the union of permissions granted by the group_ids, models, and permissions properties. + * The embed user's access is the union of permissions granted by the `group_ids`, `models`, and `permissions` properties. * * This function does not strictly require all group_ids, user attribute names, or model names to exist at the moment the - * SSO embed url is created. Unknown group_id, user attribute names or model names will be passed through to the output URL. + * embed url is created. Unknown group_id, user attribute names or model names will be passed through to the output URL. + * * To diagnose potential problems with an SSO embed URL, you can copy the signed URL into the Embed URI Validator text box in `/admin/embed`. * * The `secret_id` parameter is optional. If specified, its value must be the id of an active secret defined in the Looker instance. - * if not specified, the URL will be signed using the newest active secret defined in the Looker instance. + * if not specified, the URL will be signed using the most recent active signing secret. If there is no active secret for signing embed urls, + * a default secret will be created. This default secret is encrypted using HMAC/SHA-256. + * + * The `embed_domain` parameter is optional. If specified and valid, the domain will be added to the embed domain allowlist if it is missing. * * #### Security Note * Protect this signed URL as you would an access token or password credentials - do not write @@ -1314,7 +1324,7 @@ export const generate_tokens_for_cookieless_session = async ( * * Configuring LDAP impacts authentication for all users. This configuration should be done carefully. * - * Looker maintains a single LDAP configuration. It can be read and updated. Updates only succeed if the new state will be valid (in the sense that all required fields are populated); it is up to you to ensure that the configuration is appropriate and correct). + * Looker maintains a single LDAP configuration. It can be read and updated. Updates only succeed if the new state will be valid (in the sense that all required fields are populated); it is up to you to ensure that the configuration is appropriate and correct). * * LDAP is enabled or disabled for Looker using the **enabled** field. * @@ -1417,9 +1427,9 @@ export const test_ldap_config_connection = async ( /** * ### Test the connection authentication settings for an LDAP configuration. * - * This tests that the connection is possible and that a 'server' account to be used by Looker can authenticate to the LDAP server given connection and authentication information. + * This tests that the connection is possible and that a 'server' account to be used by Looker can authenticate to the LDAP server given connection and authentication information. * - * **connection_host**, **connection_port**, and **auth_username**, are required. **connection_tls** and **auth_password** are optional. + * **connection_host**, **connection_port**, and **auth_username**, are required. **connection_tls** and **auth_password** are optional. * * Example: * ```json @@ -1432,7 +1442,7 @@ export const test_ldap_config_connection = async ( * } * ``` * - * Looker will never return an **auth_password**. If this request omits the **auth_password** field, then the **auth_password** value from the active config (if present) will be used for the test. + * Looker will never return an **auth_password**. If this request omits the **auth_password** field, then the **auth_password** value from the active config (if present) will be used for the test. * * The active LDAP settings are not modified. * @@ -1461,9 +1471,9 @@ export const test_ldap_config_auth = async ( /** * ### Test the user authentication settings for an LDAP configuration without authenticating the user. * - * This test will let you easily test the mapping for user properties and roles for any user without needing to authenticate as that user. + * This test will let you easily test the mapping for user properties and roles for any user withoutneeding to authenticate as that user. * - * This test accepts a full LDAP configuration along with a username and attempts to find the full info for the user from the LDAP server without actually authenticating the user. So, user password is not required.The configuration is validated before attempting to contact the server. + * This test accepts a full LDAP configuration along with a username and attempts to find the full infofor the user from the LDAP server without actually authenticating the user. So, user password is notrequired.The configuration is validated before attempting to contact the server. * * **test_ldap_user** is required. * @@ -1494,9 +1504,9 @@ export const test_ldap_config_user_info = async ( /** * ### Test the user authentication settings for an LDAP configuration. * - * This test accepts a full LDAP configuration along with a username/password pair and attempts to authenticate the user with the LDAP server. The configuration is validated before attempting the authentication. + * This test accepts a full LDAP configuration along with a username/password pair and attempts to authenticate the user with the LDAP server. The configuration is validated before attempting the authentication. * - * Looker will never return an **auth_password**. If this request omits the **auth_password** field, then the **auth_password** value from the active config (if present) will be used for the test. + * Looker will never return an **auth_password**. If this request omits the **auth_password** field, then the **auth_password** value from the active config (if present) will be used for the test. * * **test_ldap_user** and **test_ldap_password** are required. * @@ -1858,7 +1868,7 @@ export const deactivate_app_user = async ( * * Configuring OIDC impacts authentication for all users. This configuration should be done carefully. * - * Looker maintains a single OIDC configuation. It can be read and updated. Updates only succeed if the new state will be valid (in the sense that all required fields are populated); it is up to you to ensure that the configuration is appropriate and correct). + * Looker maintains a single OIDC configuation. It can be read and updated. Updates only succeed if the new state will be valid (in the sense that all required fields are populated); it is up to you to ensure that the configuration is appropriate and correct). * * OIDC is enabled or disabled for Looker using the **enabled** field. * @@ -2068,7 +2078,7 @@ export const force_password_reset_at_next_login_for_all_users = async ( * * Configuring SAML impacts authentication for all users. This configuration should be done carefully. * - * Looker maintains a single SAML configuation. It can be read and updated. Updates only succeed if the new state will be valid (in the sense that all required fields are populated); it is up to you to ensure that the configuration is appropriate and correct). + * Looker maintains a single SAML configuation. It can be read and updated. Updates only succeed if the new state will be valid (in the sense that all required fields are populated); it is up to you to ensure that the configuration is appropriate and correct). * * SAML is enabled or disabled for Looker using the **enabled** field. * @@ -3658,8 +3668,10 @@ export const mobile_settings = async ( * - extension_framework_enabled * - extension_load_url_enabled * - marketplace_auto_install_enabled + * - marketplace_automation * - marketplace_terms_accepted * - marketplace_enabled + * - marketplace_site * - onboarding_enabled * - privatelabel_configuration * - timezone @@ -3667,6 +3679,7 @@ export const mobile_settings = async ( * - email_domain_allowlist * - embed_cookieless_v2 * - embed_enabled + * - embed_config * * GET /setting -> ISetting * @@ -3698,8 +3711,10 @@ export const get_setting = async ( * - extension_framework_enabled * - extension_load_url_enabled * - marketplace_auto_install_enabled + * - marketplace_automation * - marketplace_terms_accepted * - marketplace_enabled + * - marketplace_site * - onboarding_enabled * - privatelabel_configuration * - timezone @@ -3707,6 +3722,7 @@ export const get_setting = async ( * - email_domain_allowlist * - embed_cookieless_v2 * - embed_enabled + * - embed_config * * See the `Setting` type for more information on the specific values that can be configured. * @@ -6769,13 +6785,13 @@ export const search_groups = async ( * GET /groups/search/with_roles -> IGroupSearch[] * * @param sdk IAPIMethods implementation - * @param request composed interface "IRequestSearchGroups" for complex method parameters + * @param request composed interface "IRequestSearchGroupsWithRoles" for complex method parameters * @param options one-time API call overrides * */ export const search_groups_with_roles = async ( sdk: IAPIMethods, - request: IRequestSearchGroups, + request: IRequestSearchGroupsWithRoles, options?: Partial ): Promise> => { return sdk.get( @@ -6827,13 +6843,13 @@ export const search_groups_with_roles = async ( * GET /groups/search/with_hierarchy -> IGroupHierarchy[] * * @param sdk IAPIMethods implementation - * @param request composed interface "IRequestSearchGroups" for complex method parameters + * @param request composed interface "IRequestSearchGroupsWithHierarchy" for complex method parameters * @param options one-time API call overrides * */ export const search_groups_with_hierarchy = async ( sdk: IAPIMethods, - request: IRequestSearchGroups, + request: IRequestSearchGroupsWithHierarchy, options?: Partial ): Promise> => { return sdk.get( @@ -7848,13 +7864,13 @@ export const move_look = async ( * GET /lookml_models -> ILookmlModel[] * * @param sdk IAPIMethods implementation - * @param request composed interface "IRequestArtifactNamespaces" for complex method parameters + * @param request composed interface "IRequestAllLookmlModels" for complex method parameters * @param options one-time API call overrides * */ export const all_lookml_models = async ( sdk: IAPIMethods, - request: IRequestArtifactNamespaces, + request: IRequestAllLookmlModels, options?: Partial ): Promise> => { return sdk.get( @@ -10354,13 +10370,13 @@ export const all_permissions = async ( * GET /permission_sets/search -> IPermissionSet[] * * @param sdk IAPIMethods implementation - * @param request composed interface "IRequestSearchModelSets" for complex method parameters + * @param request composed interface "IRequestSearchPermissionSets" for complex method parameters * @param options one-time API call overrides * */ export const search_permission_sets = async ( sdk: IAPIMethods, - request: IRequestSearchModelSets, + request: IRequestSearchPermissionSets, options?: Partial ): Promise> => { return sdk.get( @@ -10634,13 +10650,13 @@ export const search_roles = async ( * GET /roles/search/with_user_count -> IRoleSearch[] * * @param sdk IAPIMethods implementation - * @param request composed interface "IRequestSearchRoles" for complex method parameters + * @param request composed interface "IRequestSearchRolesWithUserCount" for complex method parameters * @param options one-time API call overrides * */ export const search_roles_with_user_count = async ( sdk: IAPIMethods, - request: IRequestSearchRoles, + request: IRequestSearchRolesWithUserCount, options?: Partial ): Promise> => { return sdk.get( @@ -13213,13 +13229,13 @@ export const create_embed_user = async ( * GET /user_attributes -> IUserAttribute[] * * @param sdk IAPIMethods implementation - * @param request composed interface "IRequestAllBoardSections" for complex method parameters + * @param request composed interface "IRequestAllUserAttributes" for complex method parameters * @param options one-time API call overrides * */ export const all_user_attributes = async ( sdk: IAPIMethods, - request: IRequestAllBoardSections, + request: IRequestAllUserAttributes, options?: Partial ): Promise> => { return sdk.get( diff --git a/packages/sdk/src/4.0/methods.ts b/packages/sdk/src/4.0/methods.ts index bd560d861..3faf5409f 100644 --- a/packages/sdk/src/4.0/methods.ts +++ b/packages/sdk/src/4.0/methods.ts @@ -168,8 +168,10 @@ import type { IRequestAllGroups, IRequestAllGroupUsers, IRequestAllIntegrations, + IRequestAllLookmlModels, IRequestAllRoles, IRequestAllScheduledPlans, + IRequestAllUserAttributes, IRequestAllUsers, IRequestArtifact, IRequestArtifactNamespaces, @@ -209,9 +211,13 @@ import type { IRequestSearchDashboards, IRequestSearchFolders, IRequestSearchGroups, + IRequestSearchGroupsWithHierarchy, + IRequestSearchGroupsWithRoles, IRequestSearchLooks, IRequestSearchModelSets, + IRequestSearchPermissionSets, IRequestSearchRoles, + IRequestSearchRolesWithUserCount, IRequestSearchThemes, IRequestSearchUserLoginLockouts, IRequestSearchUsers, @@ -1031,35 +1037,39 @@ export class Looker40SDK extends APIMethods implements ILooker40SDK { } /** - * ### Create SSO Embed URL + * ### Create Signed Embed URL * - * Creates an SSO embed URL and cryptographically signs it with an embed secret. + * Creates a signed embed URL and cryptographically signs it with an embed secret. * This signed URL can then be used to instantiate a Looker embed session in a PBL web application. - * Do not make any modifications to this URL - any change may invalidate the signature and + * Do not make any modifications to the returned URL - any change may invalidate the signature and * cause the URL to fail to load a Looker embed session. * - * A signed SSO embed URL can only be used once. After it has been used to request a page from the - * Looker server, the URL is invalid. Future requests using the same URL will fail. This is to prevent + * A signed embed URL can only be **used once**. After the URL has been used to request a page from the + * Looker server, it is invalid. Future requests using the same URL will fail. This is to prevent * 'replay attacks'. * * The `target_url` property must be a complete URL of a Looker UI page - scheme, hostname, path and query params. * To load a dashboard with id 56 and with a filter of `Date=1 years`, the looker URL would look like `https:/myname.looker.com/dashboards/56?Date=1%20years`. - * The best way to obtain this target_url is to navigate to the desired Looker page in your web browser, - * copy the URL shown in the browser address bar and paste it into the `target_url` property as a quoted string value in this API request. + * The best way to obtain this `target_url` is to navigate to the desired Looker page in your web browser and use the "Get embed URL" menu option + * to copy it to your clipboard and paste it into the `target_url` property as a quoted string value in this API request. * - * Permissions for the embed user are defined by the groups in which the embed user is a member (group_ids property) + * Permissions for the embed user are defined by the groups in which the embed user is a member (`group_ids` property) * and the lists of models and permissions assigned to the embed user. - * At a minimum, you must provide values for either the group_ids property, or both the models and permissions properties. + * At a minimum, you must provide values for either the `group_ids` property, or **both** the models and permissions properties. * These properties are additive; an embed user can be a member of certain groups AND be granted access to models and permissions. * - * The embed user's access is the union of permissions granted by the group_ids, models, and permissions properties. + * The embed user's access is the union of permissions granted by the `group_ids`, `models`, and `permissions` properties. * * This function does not strictly require all group_ids, user attribute names, or model names to exist at the moment the - * SSO embed url is created. Unknown group_id, user attribute names or model names will be passed through to the output URL. + * embed url is created. Unknown group_id, user attribute names or model names will be passed through to the output URL. + * * To diagnose potential problems with an SSO embed URL, you can copy the signed URL into the Embed URI Validator text box in `/admin/embed`. * * The `secret_id` parameter is optional. If specified, its value must be the id of an active secret defined in the Looker instance. - * if not specified, the URL will be signed using the newest active secret defined in the Looker instance. + * if not specified, the URL will be signed using the most recent active signing secret. If there is no active secret for signing embed urls, + * a default secret will be created. This default secret is encrypted using HMAC/SHA-256. + * + * The `embed_domain` parameter is optional. If specified and valid, the domain will be added to the embed domain allowlist if it is missing. * * #### Security Note * Protect this signed URL as you would an access token or password credentials - do not write @@ -1260,7 +1270,7 @@ export class Looker40SDK extends APIMethods implements ILooker40SDK { * * Configuring LDAP impacts authentication for all users. This configuration should be done carefully. * - * Looker maintains a single LDAP configuration. It can be read and updated. Updates only succeed if the new state will be valid (in the sense that all required fields are populated); it is up to you to ensure that the configuration is appropriate and correct). + * Looker maintains a single LDAP configuration. It can be read and updated. Updates only succeed if the new state will be valid (in the sense that all required fields are populated); it is up to you to ensure that the configuration is appropriate and correct). * * LDAP is enabled or disabled for Looker using the **enabled** field. * @@ -1357,9 +1367,9 @@ export class Looker40SDK extends APIMethods implements ILooker40SDK { /** * ### Test the connection authentication settings for an LDAP configuration. * - * This tests that the connection is possible and that a 'server' account to be used by Looker can authenticate to the LDAP server given connection and authentication information. + * This tests that the connection is possible and that a 'server' account to be used by Looker can authenticate to the LDAP server given connection and authentication information. * - * **connection_host**, **connection_port**, and **auth_username**, are required. **connection_tls** and **auth_password** are optional. + * **connection_host**, **connection_port**, and **auth_username**, are required. **connection_tls** and **auth_password** are optional. * * Example: * ```json @@ -1372,7 +1382,7 @@ export class Looker40SDK extends APIMethods implements ILooker40SDK { * } * ``` * - * Looker will never return an **auth_password**. If this request omits the **auth_password** field, then the **auth_password** value from the active config (if present) will be used for the test. + * Looker will never return an **auth_password**. If this request omits the **auth_password** field, then the **auth_password** value from the active config (if present) will be used for the test. * * The active LDAP settings are not modified. * @@ -1399,9 +1409,9 @@ export class Looker40SDK extends APIMethods implements ILooker40SDK { /** * ### Test the user authentication settings for an LDAP configuration without authenticating the user. * - * This test will let you easily test the mapping for user properties and roles for any user without needing to authenticate as that user. + * This test will let you easily test the mapping for user properties and roles for any user withoutneeding to authenticate as that user. * - * This test accepts a full LDAP configuration along with a username and attempts to find the full info for the user from the LDAP server without actually authenticating the user. So, user password is not required.The configuration is validated before attempting to contact the server. + * This test accepts a full LDAP configuration along with a username and attempts to find the full infofor the user from the LDAP server without actually authenticating the user. So, user password is notrequired.The configuration is validated before attempting to contact the server. * * **test_ldap_user** is required. * @@ -1430,9 +1440,9 @@ export class Looker40SDK extends APIMethods implements ILooker40SDK { /** * ### Test the user authentication settings for an LDAP configuration. * - * This test accepts a full LDAP configuration along with a username/password pair and attempts to authenticate the user with the LDAP server. The configuration is validated before attempting the authentication. + * This test accepts a full LDAP configuration along with a username/password pair and attempts to authenticate the user with the LDAP server. The configuration is validated before attempting the authentication. * - * Looker will never return an **auth_password**. If this request omits the **auth_password** field, then the **auth_password** value from the active config (if present) will be used for the test. + * Looker will never return an **auth_password**. If this request omits the **auth_password** field, then the **auth_password** value from the active config (if present) will be used for the test. * * **test_ldap_user** and **test_ldap_password** are required. * @@ -1770,7 +1780,7 @@ export class Looker40SDK extends APIMethods implements ILooker40SDK { * * Configuring OIDC impacts authentication for all users. This configuration should be done carefully. * - * Looker maintains a single OIDC configuation. It can be read and updated. Updates only succeed if the new state will be valid (in the sense that all required fields are populated); it is up to you to ensure that the configuration is appropriate and correct). + * Looker maintains a single OIDC configuation. It can be read and updated. Updates only succeed if the new state will be valid (in the sense that all required fields are populated); it is up to you to ensure that the configuration is appropriate and correct). * * OIDC is enabled or disabled for Looker using the **enabled** field. * @@ -1964,7 +1974,7 @@ export class Looker40SDK extends APIMethods implements ILooker40SDK { * * Configuring SAML impacts authentication for all users. This configuration should be done carefully. * - * Looker maintains a single SAML configuation. It can be read and updated. Updates only succeed if the new state will be valid (in the sense that all required fields are populated); it is up to you to ensure that the configuration is appropriate and correct). + * Looker maintains a single SAML configuation. It can be read and updated. Updates only succeed if the new state will be valid (in the sense that all required fields are populated); it is up to you to ensure that the configuration is appropriate and correct). * * SAML is enabled or disabled for Looker using the **enabled** field. * @@ -3442,8 +3452,10 @@ export class Looker40SDK extends APIMethods implements ILooker40SDK { * - extension_framework_enabled * - extension_load_url_enabled * - marketplace_auto_install_enabled + * - marketplace_automation * - marketplace_terms_accepted * - marketplace_enabled + * - marketplace_site * - onboarding_enabled * - privatelabel_configuration * - timezone @@ -3451,6 +3463,7 @@ export class Looker40SDK extends APIMethods implements ILooker40SDK { * - email_domain_allowlist * - embed_cookieless_v2 * - embed_enabled + * - embed_config * * GET /setting -> ISetting * @@ -3480,8 +3493,10 @@ export class Looker40SDK extends APIMethods implements ILooker40SDK { * - extension_framework_enabled * - extension_load_url_enabled * - marketplace_auto_install_enabled + * - marketplace_automation * - marketplace_terms_accepted * - marketplace_enabled + * - marketplace_site * - onboarding_enabled * - privatelabel_configuration * - timezone @@ -3489,6 +3504,7 @@ export class Looker40SDK extends APIMethods implements ILooker40SDK { * - email_domain_allowlist * - embed_cookieless_v2 * - embed_enabled + * - embed_config * * See the `Setting` type for more information on the specific values that can be configured. * @@ -6344,12 +6360,12 @@ export class Looker40SDK extends APIMethods implements ILooker40SDK { * * GET /groups/search/with_roles -> IGroupSearch[] * - * @param request composed interface "IRequestSearchGroups" for complex method parameters + * @param request composed interface "IRequestSearchGroupsWithRoles" for complex method parameters * @param options one-time API call overrides * */ async search_groups_with_roles( - request: IRequestSearchGroups, + request: IRequestSearchGroupsWithRoles, options?: Partial ): Promise> { return this.get( @@ -6400,12 +6416,12 @@ export class Looker40SDK extends APIMethods implements ILooker40SDK { * * GET /groups/search/with_hierarchy -> IGroupHierarchy[] * - * @param request composed interface "IRequestSearchGroups" for complex method parameters + * @param request composed interface "IRequestSearchGroupsWithHierarchy" for complex method parameters * @param options one-time API call overrides * */ async search_groups_with_hierarchy( - request: IRequestSearchGroups, + request: IRequestSearchGroupsWithHierarchy, options?: Partial ): Promise> { return this.get( @@ -7359,12 +7375,12 @@ export class Looker40SDK extends APIMethods implements ILooker40SDK { * * GET /lookml_models -> ILookmlModel[] * - * @param request composed interface "IRequestArtifactNamespaces" for complex method parameters + * @param request composed interface "IRequestAllLookmlModels" for complex method parameters * @param options one-time API call overrides * */ async all_lookml_models( - request: IRequestArtifactNamespaces, + request: IRequestAllLookmlModels, options?: Partial ): Promise> { return this.get( @@ -9729,12 +9745,12 @@ export class Looker40SDK extends APIMethods implements ILooker40SDK { * * GET /permission_sets/search -> IPermissionSet[] * - * @param request composed interface "IRequestSearchModelSets" for complex method parameters + * @param request composed interface "IRequestSearchPermissionSets" for complex method parameters * @param options one-time API call overrides * */ async search_permission_sets( - request: IRequestSearchModelSets, + request: IRequestSearchPermissionSets, options?: Partial ): Promise> { return this.get( @@ -9991,12 +10007,12 @@ export class Looker40SDK extends APIMethods implements ILooker40SDK { * * GET /roles/search/with_user_count -> IRoleSearch[] * - * @param request composed interface "IRequestSearchRoles" for complex method parameters + * @param request composed interface "IRequestSearchRolesWithUserCount" for complex method parameters * @param options one-time API call overrides * */ async search_roles_with_user_count( - request: IRequestSearchRoles, + request: IRequestSearchRolesWithUserCount, options?: Partial ): Promise> { return this.get( @@ -12429,12 +12445,12 @@ export class Looker40SDK extends APIMethods implements ILooker40SDK { * * GET /user_attributes -> IUserAttribute[] * - * @param request composed interface "IRequestAllBoardSections" for complex method parameters + * @param request composed interface "IRequestAllUserAttributes" for complex method parameters * @param options one-time API call overrides * */ async all_user_attributes( - request: IRequestAllBoardSections, + request: IRequestAllUserAttributes, options?: Partial ): Promise> { return this.get( diff --git a/packages/sdk/src/4.0/methodsInterface.ts b/packages/sdk/src/4.0/methodsInterface.ts index 6c1e51a7f..d154ef25f 100644 --- a/packages/sdk/src/4.0/methodsInterface.ts +++ b/packages/sdk/src/4.0/methodsInterface.ts @@ -165,8 +165,10 @@ import type { IRequestAllGroups, IRequestAllGroupUsers, IRequestAllIntegrations, + IRequestAllLookmlModels, IRequestAllRoles, IRequestAllScheduledPlans, + IRequestAllUserAttributes, IRequestAllUsers, IRequestArtifact, IRequestArtifactNamespaces, @@ -206,9 +208,13 @@ import type { IRequestSearchDashboards, IRequestSearchFolders, IRequestSearchGroups, + IRequestSearchGroupsWithHierarchy, + IRequestSearchGroupsWithRoles, IRequestSearchLooks, IRequestSearchModelSets, + IRequestSearchPermissionSets, IRequestSearchRoles, + IRequestSearchRolesWithUserCount, IRequestSearchThemes, IRequestSearchUserLoginLockouts, IRequestSearchUsers, @@ -825,35 +831,39 @@ export interface ILooker40SDK extends IAPIMethods { ): Promise> /** - * ### Create SSO Embed URL + * ### Create Signed Embed URL * - * Creates an SSO embed URL and cryptographically signs it with an embed secret. + * Creates a signed embed URL and cryptographically signs it with an embed secret. * This signed URL can then be used to instantiate a Looker embed session in a PBL web application. - * Do not make any modifications to this URL - any change may invalidate the signature and + * Do not make any modifications to the returned URL - any change may invalidate the signature and * cause the URL to fail to load a Looker embed session. * - * A signed SSO embed URL can only be used once. After it has been used to request a page from the - * Looker server, the URL is invalid. Future requests using the same URL will fail. This is to prevent + * A signed embed URL can only be **used once**. After the URL has been used to request a page from the + * Looker server, it is invalid. Future requests using the same URL will fail. This is to prevent * 'replay attacks'. * * The `target_url` property must be a complete URL of a Looker UI page - scheme, hostname, path and query params. * To load a dashboard with id 56 and with a filter of `Date=1 years`, the looker URL would look like `https:/myname.looker.com/dashboards/56?Date=1%20years`. - * The best way to obtain this target_url is to navigate to the desired Looker page in your web browser, - * copy the URL shown in the browser address bar and paste it into the `target_url` property as a quoted string value in this API request. + * The best way to obtain this `target_url` is to navigate to the desired Looker page in your web browser and use the "Get embed URL" menu option + * to copy it to your clipboard and paste it into the `target_url` property as a quoted string value in this API request. * - * Permissions for the embed user are defined by the groups in which the embed user is a member (group_ids property) + * Permissions for the embed user are defined by the groups in which the embed user is a member (`group_ids` property) * and the lists of models and permissions assigned to the embed user. - * At a minimum, you must provide values for either the group_ids property, or both the models and permissions properties. + * At a minimum, you must provide values for either the `group_ids` property, or **both** the models and permissions properties. * These properties are additive; an embed user can be a member of certain groups AND be granted access to models and permissions. * - * The embed user's access is the union of permissions granted by the group_ids, models, and permissions properties. + * The embed user's access is the union of permissions granted by the `group_ids`, `models`, and `permissions` properties. * * This function does not strictly require all group_ids, user attribute names, or model names to exist at the moment the - * SSO embed url is created. Unknown group_id, user attribute names or model names will be passed through to the output URL. + * embed url is created. Unknown group_id, user attribute names or model names will be passed through to the output URL. + * * To diagnose potential problems with an SSO embed URL, you can copy the signed URL into the Embed URI Validator text box in `/admin/embed`. * * The `secret_id` parameter is optional. If specified, its value must be the id of an active secret defined in the Looker instance. - * if not specified, the URL will be signed using the newest active secret defined in the Looker instance. + * if not specified, the URL will be signed using the most recent active signing secret. If there is no active secret for signing embed urls, + * a default secret will be created. This default secret is encrypted using HMAC/SHA-256. + * + * The `embed_domain` parameter is optional. If specified and valid, the domain will be added to the embed domain allowlist if it is missing. * * #### Security Note * Protect this signed URL as you would an access token or password credentials - do not write @@ -1022,7 +1032,7 @@ export interface ILooker40SDK extends IAPIMethods { * * Configuring LDAP impacts authentication for all users. This configuration should be done carefully. * - * Looker maintains a single LDAP configuration. It can be read and updated. Updates only succeed if the new state will be valid (in the sense that all required fields are populated); it is up to you to ensure that the configuration is appropriate and correct). + * Looker maintains a single LDAP configuration. It can be read and updated. Updates only succeed if the new state will be valid (in the sense that all required fields are populated); it is up to you to ensure that the configuration is appropriate and correct). * * LDAP is enabled or disabled for Looker using the **enabled** field. * @@ -1103,9 +1113,9 @@ export interface ILooker40SDK extends IAPIMethods { /** * ### Test the connection authentication settings for an LDAP configuration. * - * This tests that the connection is possible and that a 'server' account to be used by Looker can authenticate to the LDAP server given connection and authentication information. + * This tests that the connection is possible and that a 'server' account to be used by Looker can authenticate to the LDAP server given connection and authentication information. * - * **connection_host**, **connection_port**, and **auth_username**, are required. **connection_tls** and **auth_password** are optional. + * **connection_host**, **connection_port**, and **auth_username**, are required. **connection_tls** and **auth_password** are optional. * * Example: * ```json @@ -1118,7 +1128,7 @@ export interface ILooker40SDK extends IAPIMethods { * } * ``` * - * Looker will never return an **auth_password**. If this request omits the **auth_password** field, then the **auth_password** value from the active config (if present) will be used for the test. + * Looker will never return an **auth_password**. If this request omits the **auth_password** field, then the **auth_password** value from the active config (if present) will be used for the test. * * The active LDAP settings are not modified. * @@ -1138,9 +1148,9 @@ export interface ILooker40SDK extends IAPIMethods { /** * ### Test the user authentication settings for an LDAP configuration without authenticating the user. * - * This test will let you easily test the mapping for user properties and roles for any user without needing to authenticate as that user. + * This test will let you easily test the mapping for user properties and roles for any user withoutneeding to authenticate as that user. * - * This test accepts a full LDAP configuration along with a username and attempts to find the full info for the user from the LDAP server without actually authenticating the user. So, user password is not required.The configuration is validated before attempting to contact the server. + * This test accepts a full LDAP configuration along with a username and attempts to find the full infofor the user from the LDAP server without actually authenticating the user. So, user password is notrequired.The configuration is validated before attempting to contact the server. * * **test_ldap_user** is required. * @@ -1162,9 +1172,9 @@ export interface ILooker40SDK extends IAPIMethods { /** * ### Test the user authentication settings for an LDAP configuration. * - * This test accepts a full LDAP configuration along with a username/password pair and attempts to authenticate the user with the LDAP server. The configuration is validated before attempting the authentication. + * This test accepts a full LDAP configuration along with a username/password pair and attempts to authenticate the user with the LDAP server. The configuration is validated before attempting the authentication. * - * Looker will never return an **auth_password**. If this request omits the **auth_password** field, then the **auth_password** value from the active config (if present) will be used for the test. + * Looker will never return an **auth_password**. If this request omits the **auth_password** field, then the **auth_password** value from the active config (if present) will be used for the test. * * **test_ldap_user** and **test_ldap_password** are required. * @@ -1407,7 +1417,7 @@ export interface ILooker40SDK extends IAPIMethods { * * Configuring OIDC impacts authentication for all users. This configuration should be done carefully. * - * Looker maintains a single OIDC configuation. It can be read and updated. Updates only succeed if the new state will be valid (in the sense that all required fields are populated); it is up to you to ensure that the configuration is appropriate and correct). + * Looker maintains a single OIDC configuation. It can be read and updated. Updates only succeed if the new state will be valid (in the sense that all required fields are populated); it is up to you to ensure that the configuration is appropriate and correct). * * OIDC is enabled or disabled for Looker using the **enabled** field. * @@ -1548,7 +1558,7 @@ export interface ILooker40SDK extends IAPIMethods { * * Configuring SAML impacts authentication for all users. This configuration should be done carefully. * - * Looker maintains a single SAML configuation. It can be read and updated. Updates only succeed if the new state will be valid (in the sense that all required fields are populated); it is up to you to ensure that the configuration is appropriate and correct). + * Looker maintains a single SAML configuation. It can be read and updated. Updates only succeed if the new state will be valid (in the sense that all required fields are populated); it is up to you to ensure that the configuration is appropriate and correct). * * SAML is enabled or disabled for Looker using the **enabled** field. * @@ -2565,8 +2575,10 @@ export interface ILooker40SDK extends IAPIMethods { * - extension_framework_enabled * - extension_load_url_enabled * - marketplace_auto_install_enabled + * - marketplace_automation * - marketplace_terms_accepted * - marketplace_enabled + * - marketplace_site * - onboarding_enabled * - privatelabel_configuration * - timezone @@ -2574,6 +2586,7 @@ export interface ILooker40SDK extends IAPIMethods { * - email_domain_allowlist * - embed_cookieless_v2 * - embed_enabled + * - embed_config * * GET /setting -> ISetting * @@ -2596,8 +2609,10 @@ export interface ILooker40SDK extends IAPIMethods { * - extension_framework_enabled * - extension_load_url_enabled * - marketplace_auto_install_enabled + * - marketplace_automation * - marketplace_terms_accepted * - marketplace_enabled + * - marketplace_site * - onboarding_enabled * - privatelabel_configuration * - timezone @@ -2605,6 +2620,7 @@ export interface ILooker40SDK extends IAPIMethods { * - email_domain_allowlist * - embed_cookieless_v2 * - embed_enabled + * - embed_config * * See the `Setting` type for more information on the specific values that can be configured. * @@ -4543,12 +4559,12 @@ export interface ILooker40SDK extends IAPIMethods { * * GET /groups/search/with_roles -> IGroupSearch[] * - * @param request composed interface "IRequestSearchGroups" for complex method parameters + * @param request composed interface "IRequestSearchGroupsWithRoles" for complex method parameters * @param options one-time API call overrides * */ search_groups_with_roles( - request: IRequestSearchGroups, + request: IRequestSearchGroupsWithRoles, options?: Partial ): Promise> @@ -4581,12 +4597,12 @@ export interface ILooker40SDK extends IAPIMethods { * * GET /groups/search/with_hierarchy -> IGroupHierarchy[] * - * @param request composed interface "IRequestSearchGroups" for complex method parameters + * @param request composed interface "IRequestSearchGroupsWithHierarchy" for complex method parameters * @param options one-time API call overrides * */ search_groups_with_hierarchy( - request: IRequestSearchGroups, + request: IRequestSearchGroupsWithHierarchy, options?: Partial ): Promise> @@ -5229,12 +5245,12 @@ export interface ILooker40SDK extends IAPIMethods { * * GET /lookml_models -> ILookmlModel[] * - * @param request composed interface "IRequestArtifactNamespaces" for complex method parameters + * @param request composed interface "IRequestAllLookmlModels" for complex method parameters * @param options one-time API call overrides * */ all_lookml_models( - request: IRequestArtifactNamespaces, + request: IRequestAllLookmlModels, options?: Partial ): Promise> @@ -6916,12 +6932,12 @@ export interface ILooker40SDK extends IAPIMethods { * * GET /permission_sets/search -> IPermissionSet[] * - * @param request composed interface "IRequestSearchModelSets" for complex method parameters + * @param request composed interface "IRequestSearchPermissionSets" for complex method parameters * @param options one-time API call overrides * */ search_permission_sets( - request: IRequestSearchModelSets, + request: IRequestSearchPermissionSets, options?: Partial ): Promise> @@ -7093,12 +7109,12 @@ export interface ILooker40SDK extends IAPIMethods { * * GET /roles/search/with_user_count -> IRoleSearch[] * - * @param request composed interface "IRequestSearchRoles" for complex method parameters + * @param request composed interface "IRequestSearchRolesWithUserCount" for complex method parameters * @param options one-time API call overrides * */ search_roles_with_user_count( - request: IRequestSearchRoles, + request: IRequestSearchRolesWithUserCount, options?: Partial ): Promise> @@ -8860,12 +8876,12 @@ export interface ILooker40SDK extends IAPIMethods { * * GET /user_attributes -> IUserAttribute[] * - * @param request composed interface "IRequestAllBoardSections" for complex method parameters + * @param request composed interface "IRequestAllUserAttributes" for complex method parameters * @param options one-time API call overrides * */ all_user_attributes( - request: IRequestAllBoardSections, + request: IRequestAllUserAttributes, options?: Partial ): Promise> diff --git a/packages/sdk/src/4.0/models.ts b/packages/sdk/src/4.0/models.ts index 7f40f5cd9..355e02737 100644 --- a/packages/sdk/src/4.0/models.ts +++ b/packages/sdk/src/4.0/models.ts @@ -25,7 +25,7 @@ */ /** - * 387 API models: 245 Spec, 60 Request, 60 Write, 22 Enum + * 395 API models: 247 Spec, 66 Request, 60 Write, 22 Enum */ import type { IDictionary, DelimArray } from '@looker/sdk-rtl' @@ -3211,9 +3211,56 @@ export interface IEgressIpAddresses { egress_ip_addresses?: string[] | null } +export interface IEmbedConfig { + /** + * List of domains to allow for embedding + */ + domain_allowlist?: string[] | null + /** + * List of base urls to allow for alert/schedule + */ + alert_url_allowlist?: string[] | null + /** + * Owner of who defines the alert/schedule params on the base url + */ + alert_url_param_owner?: string | null + /** + * Label for the alert/schedule url + */ + alert_url_label?: string | null + /** + * Is SSO embedding enabled for this Looker + */ + sso_auth_enabled?: boolean + /** + * Is Cookieless embedding enabled for this Looker + */ + embed_cookieless_v2?: boolean + /** + * Is embed content navigation enabled for this looker + */ + embed_content_navigation?: boolean + /** + * Is embed content management enabled for this Looker + */ + embed_content_management?: boolean + /** + * When true, prohibits the use of Looker login pages in non-Looker iframes. When false, Looker login pages may be used in non-Looker hosted iframes. + */ + strict_sameorigin_for_login?: boolean + /** + * When true, filters are enabled on embedded Looks + */ + look_filters?: boolean + /** + * When true, removes navigation to Looks from embedded dashboards and explores. + */ + hide_look_navigation?: boolean +} + export interface IEmbedCookielessSessionAcquire { /** - * Number of seconds the SSO embed session will be valid after the embed session is started. Defaults to 300 seconds. Maximum session length accepted is 2592000 seconds (30 days). + * Number of seconds the signed embed session will be valid after the embed session is started. Defaults to 300 seconds. Maximum session length accepted is 2592000 seconds (30 days). */ session_length?: number | null /** @@ -3221,7 +3268,7 @@ export interface IEmbedCookielessSessionAcquire { */ force_logout_login?: boolean /** - * A value from an external system that uniquely identifies the embed user. Since the user_ids of Looker embed users may change with every embed session, external_user_id provides a way to assign a known, stable user identifier across multiple embed sessions. + * A value from an external system that uniquely identifies the embed user. Since the user_ids of Looker embed users may change with every embed session, external_user_id provides a way to assign a known, stable user identifier across multiple embed sessions. When the same external user id value is used for a new embed session, any existing session is terminated and existing access grants are replaced with the access grants associated with the new embed session. */ external_user_id?: string | null /** @@ -3256,14 +3303,14 @@ export interface IEmbedCookielessSessionAcquire { * A dictionary of name-value pairs associating a Looker user attribute name with a value. */ user_attributes?: IDictionary | null - /** - * Token referencing the embed session and is used to generate new authentication, navigation and api tokens. - */ - session_reference_token?: string | null /** * The domain of the server embedding the Looker IFRAME. This is an alternative to specifying the domain in the embedded domain allow list in the Looker embed admin page. */ embed_domain?: string | null + /** + * Token referencing the embed session and is used to generate new authentication, navigation and api tokens. + */ + session_reference_token?: string | null } export interface IEmbedCookielessSessionAcquireResponse { @@ -3349,7 +3396,7 @@ export interface IEmbedParams { */ target_url: string /** - * Number of seconds the SSO embed session will be valid after the embed session is started. Defaults to 300 seconds. Maximum session length accepted is 2592000 seconds (30 days). + * Number of seconds the signed embed session will be valid after the embed session is started. Defaults to 300 seconds. Maximum session length accepted is 2592000 seconds (30 days). */ session_length?: number | null /** @@ -3395,7 +3442,7 @@ export interface IEmbedSsoParams { */ target_url: string /** - * Number of seconds the SSO embed session will be valid after the embed session is started. Defaults to 300 seconds. Maximum session length accepted is 2592000 seconds (30 days). + * Number of seconds the signed embed session will be valid after the embed session is started. Defaults to 300 seconds. Maximum session length accepted is 2592000 seconds (30 days). */ session_length?: number | null /** @@ -3403,7 +3450,7 @@ export interface IEmbedSsoParams { */ force_logout_login?: boolean /** - * A value from an external system that uniquely identifies the embed user. Since the user_ids of Looker embed users may change with every embed session, external_user_id provides a way to assign a known, stable user identifier across multiple embed sessions. + * A value from an external system that uniquely identifies the embed user. Since the user_ids of Looker embed users may change with every embed session, external_user_id provides a way to assign a known, stable user identifier across multiple embed sessions. When the same external user id value is used for a new embed session, any existing session is terminated and existing access grants are replaced with the access grants associated with the new embed session. */ external_user_id?: string | null /** @@ -3442,6 +3489,10 @@ export interface IEmbedSsoParams { * Id of the embed secret to use to sign this SSO url. If specified, the value must be an id of a valid (active) secret defined in the Looker instance. If not specified, the URL will be signed with the newest active embed secret defined in the Looker instance. */ secret_id?: string | null + /** + * Optional. URL of the domain hosting the signed embed URL. If provided and valid, the embed_domain will be added to the embed domain allowlist if it is not currently in the list + */ + embed_domain?: string | null } export interface IEmbedUrlResponse { @@ -5927,6 +5978,21 @@ export interface IManifest { localization_settings?: ILocalizationSettings } +export interface IMarketplaceAutomation { + /** + * Whether marketplace auto installation is enabled + */ + install_enabled?: boolean + /** + * Whether marketplace auto update is enabled for looker extensions + */ + update_looker_enabled?: boolean + /** + * Whether marketplace auto update is enabled for third party extensions + */ + update_third_party_enabled?: boolean +} + export interface IMaterializePDT { /** * The ID of the enqueued materialization task (read-only) @@ -7309,6 +7375,24 @@ export interface IRequestAllIntegrations { integration_hub_id?: string | null } +/** + * Dynamically generated request type for all_lookml_models + */ +export interface IRequestAllLookmlModels { + /** + * Requested fields. + */ + fields?: string | null + /** + * Number of results to return. (can be used with offset) + */ + limit?: number | null + /** + * Number of results to skip before returning any. (Defaults to 0 if not set when limit is used) + */ + offset?: number | null +} + /** * Dynamically generated request type for all_roles */ @@ -7341,6 +7425,20 @@ export interface IRequestAllScheduledPlans { all_users?: boolean | null } +/** + * Dynamically generated request type for all_user_attributes + */ +export interface IRequestAllUserAttributes { + /** + * Requested fields. + */ + fields?: string | null + /** + * Fields to order the results by. Sortable fields include: name, label + */ + sorts?: string | null +} + /** * Dynamically generated request type for all_users */ @@ -8719,6 +8817,98 @@ export interface IRequestSearchGroups { externally_orphaned?: boolean | null } +/** + * Dynamically generated request type for search_groups_with_hierarchy + */ +export interface IRequestSearchGroupsWithHierarchy { + /** + * Requested fields. + */ + fields?: string | null + /** + * Number of results to return (used with `offset`). + */ + limit?: number | null + /** + * Number of results to skip before returning any (used with `limit`). + */ + offset?: number | null + /** + * Fields to sort by. + */ + sorts?: string | null + /** + * Combine given search criteria in a boolean OR expression + */ + filter_or?: boolean | null + /** + * Match group id. + */ + id?: string | null + /** + * Match group name. + */ + name?: string | null + /** + * Match group external_group_id. + */ + external_group_id?: string | null + /** + * Match group externally_managed. + */ + externally_managed?: boolean | null + /** + * Match group externally_orphaned. + */ + externally_orphaned?: boolean | null +} + +/** + * Dynamically generated request type for search_groups_with_roles + */ +export interface IRequestSearchGroupsWithRoles { + /** + * Requested fields. + */ + fields?: string | null + /** + * Number of results to return (used with `offset`). + */ + limit?: number | null + /** + * Number of results to skip before returning any (used with `limit`). + */ + offset?: number | null + /** + * Fields to sort by. + */ + sorts?: string | null + /** + * Combine given search criteria in a boolean OR expression + */ + filter_or?: boolean | null + /** + * Match group id. + */ + id?: string | null + /** + * Match group name. + */ + name?: string | null + /** + * Match group external_group_id. + */ + external_group_id?: string | null + /** + * Match group externally_managed. + */ + externally_managed?: boolean | null + /** + * Match group externally_orphaned. + */ + externally_orphaned?: boolean | null +} + /** * Dynamically generated request type for search_looks */ @@ -8839,6 +9029,48 @@ export interface IRequestSearchModelSets { filter_or?: boolean | null } +/** + * Dynamically generated request type for search_permission_sets + */ +export interface IRequestSearchPermissionSets { + /** + * Requested fields. + */ + fields?: string | null + /** + * Number of results to return (used with `offset`). + */ + limit?: number | null + /** + * Number of results to skip before returning any (used with `limit`). + */ + offset?: number | null + /** + * Fields to sort by. + */ + sorts?: string | null + /** + * Match permission set id. + */ + id?: string | null + /** + * Match permission set name. + */ + name?: string | null + /** + * Match permission sets by all_access status. + */ + all_access?: boolean | null + /** + * Match permission sets by built_in status. + */ + built_in?: boolean | null + /** + * Combine given search criteria in a boolean OR expression. + */ + filter_or?: boolean | null +} + /** * Dynamically generated request type for search_roles */ @@ -8877,6 +9109,44 @@ export interface IRequestSearchRoles { filter_or?: boolean | null } +/** + * Dynamically generated request type for search_roles_with_user_count + */ +export interface IRequestSearchRolesWithUserCount { + /** + * Requested fields. + */ + fields?: string | null + /** + * Number of results to return (used with `offset`). + */ + limit?: number | null + /** + * Number of results to skip before returning any (used with `limit`). + */ + offset?: number | null + /** + * Fields to sort by. + */ + sorts?: string | null + /** + * Match role id. + */ + id?: string | null + /** + * Match role name. + */ + name?: string | null + /** + * Match roles by built_in status. + */ + built_in?: boolean | null + /** + * Combine given search criteria in a boolean OR expression. + */ + filter_or?: boolean | null +} + /** * Dynamically generated request type for search_themes */ @@ -10094,17 +10364,22 @@ export interface ISetting { */ extension_framework_enabled?: boolean /** - * (DEPRECATED) Toggle extension extension load url on or off. Do not use. This is temporary setting that will eventually become a noop and subsequently deleted. + * (DEPRECATED) Toggle extension load url on or off. Do not use. This is temporary setting that will eventually become a noop and subsequently deleted. */ extension_load_url_enabled?: boolean /** - * Toggle marketplace auto install on or off. Note that auto install only runs if marketplace is enabled. + * (DEPRECATED) Toggle marketplace auto install on or off. Deprecated - do not use. Auto install can now be enabled via marketplace automation settings */ marketplace_auto_install_enabled?: boolean + marketplace_automation?: IMarketplaceAutomation /** * Toggle marketplace on or off */ marketplace_enabled?: boolean + /** + * Location of Looker marketplace CDN (read-only) + */ + marketplace_site?: string /** * Accept marketplace terms by setting this value to true, or get the current status. Marketplace terms CANNOT be declined once accepted. Accepting marketplace terms automatically enables the marketplace. The marketplace can still be disabled after it has been enabled. */ @@ -10140,13 +10415,14 @@ export interface ISetting { */ email_domain_allowlist?: string[] /** - * Toggle cookieless embed setting + * (DEPRECATED) Use embed_config.embed_cookieless_v2 instead. If embed_config.embed_cookieless_v2 is specified, it overrides this value. */ embed_cookieless_v2?: boolean /** * True if embedding is enabled https://cloud.google.com/looker/docs/r/looker-core-feature-embed, false otherwise (read-only) */ embed_enabled?: boolean + embed_config?: IEmbedConfig } export interface ISmtpNodeStatus { @@ -13366,7 +13642,7 @@ export interface IWriteSessionConfig { /** * Dynamic writeable type for Setting removes: - * embed_enabled + * marketplace_site, embed_enabled */ export interface IWriteSetting { /** @@ -13374,13 +13650,14 @@ export interface IWriteSetting { */ extension_framework_enabled?: boolean /** - * (DEPRECATED) Toggle extension extension load url on or off. Do not use. This is temporary setting that will eventually become a noop and subsequently deleted. + * (DEPRECATED) Toggle extension load url on or off. Do not use. This is temporary setting that will eventually become a noop and subsequently deleted. */ extension_load_url_enabled?: boolean /** - * Toggle marketplace auto install on or off. Note that auto install only runs if marketplace is enabled. + * (DEPRECATED) Toggle marketplace auto install on or off. Deprecated - do not use. Auto install can now be enabled via marketplace automation settings */ marketplace_auto_install_enabled?: boolean + marketplace_automation?: IMarketplaceAutomation | null /** * Toggle marketplace on or off */ @@ -13424,9 +13701,10 @@ export interface IWriteSetting { */ email_domain_allowlist?: string[] | null /** - * Toggle cookieless embed setting + * (DEPRECATED) Use embed_config.embed_cookieless_v2 instead. If embed_config.embed_cookieless_v2 is specified, it overrides this value. */ embed_cookieless_v2?: boolean + embed_config?: IEmbedConfig | null } /** diff --git a/packages/sdk/src/4.0/streams.ts b/packages/sdk/src/4.0/streams.ts index 60fe0e9d7..f848f24c9 100644 --- a/packages/sdk/src/4.0/streams.ts +++ b/packages/sdk/src/4.0/streams.ts @@ -167,8 +167,10 @@ import type { IRequestAllGroups, IRequestAllGroupUsers, IRequestAllIntegrations, + IRequestAllLookmlModels, IRequestAllRoles, IRequestAllScheduledPlans, + IRequestAllUserAttributes, IRequestAllUsers, IRequestArtifact, IRequestArtifactNamespaces, @@ -208,9 +210,13 @@ import type { IRequestSearchDashboards, IRequestSearchFolders, IRequestSearchGroups, + IRequestSearchGroupsWithHierarchy, + IRequestSearchGroupsWithRoles, IRequestSearchLooks, IRequestSearchModelSets, + IRequestSearchPermissionSets, IRequestSearchRoles, + IRequestSearchRolesWithUserCount, IRequestSearchThemes, IRequestSearchUserLoginLockouts, IRequestSearchUsers, @@ -1141,35 +1147,39 @@ export class Looker40SDKStream extends APIMethods { } /** - * ### Create SSO Embed URL + * ### Create Signed Embed URL * - * Creates an SSO embed URL and cryptographically signs it with an embed secret. + * Creates a signed embed URL and cryptographically signs it with an embed secret. * This signed URL can then be used to instantiate a Looker embed session in a PBL web application. - * Do not make any modifications to this URL - any change may invalidate the signature and + * Do not make any modifications to the returned URL - any change may invalidate the signature and * cause the URL to fail to load a Looker embed session. * - * A signed SSO embed URL can only be used once. After it has been used to request a page from the - * Looker server, the URL is invalid. Future requests using the same URL will fail. This is to prevent + * A signed embed URL can only be **used once**. After the URL has been used to request a page from the + * Looker server, it is invalid. Future requests using the same URL will fail. This is to prevent * 'replay attacks'. * * The `target_url` property must be a complete URL of a Looker UI page - scheme, hostname, path and query params. * To load a dashboard with id 56 and with a filter of `Date=1 years`, the looker URL would look like `https:/myname.looker.com/dashboards/56?Date=1%20years`. - * The best way to obtain this target_url is to navigate to the desired Looker page in your web browser, - * copy the URL shown in the browser address bar and paste it into the `target_url` property as a quoted string value in this API request. + * The best way to obtain this `target_url` is to navigate to the desired Looker page in your web browser and use the "Get embed URL" menu option + * to copy it to your clipboard and paste it into the `target_url` property as a quoted string value in this API request. * - * Permissions for the embed user are defined by the groups in which the embed user is a member (group_ids property) + * Permissions for the embed user are defined by the groups in which the embed user is a member (`group_ids` property) * and the lists of models and permissions assigned to the embed user. - * At a minimum, you must provide values for either the group_ids property, or both the models and permissions properties. + * At a minimum, you must provide values for either the `group_ids` property, or **both** the models and permissions properties. * These properties are additive; an embed user can be a member of certain groups AND be granted access to models and permissions. * - * The embed user's access is the union of permissions granted by the group_ids, models, and permissions properties. + * The embed user's access is the union of permissions granted by the `group_ids`, `models`, and `permissions` properties. * * This function does not strictly require all group_ids, user attribute names, or model names to exist at the moment the - * SSO embed url is created. Unknown group_id, user attribute names or model names will be passed through to the output URL. + * embed url is created. Unknown group_id, user attribute names or model names will be passed through to the output URL. + * * To diagnose potential problems with an SSO embed URL, you can copy the signed URL into the Embed URI Validator text box in `/admin/embed`. * * The `secret_id` parameter is optional. If specified, its value must be the id of an active secret defined in the Looker instance. - * if not specified, the URL will be signed using the newest active secret defined in the Looker instance. + * if not specified, the URL will be signed using the most recent active signing secret. If there is no active secret for signing embed urls, + * a default secret will be created. This default secret is encrypted using HMAC/SHA-256. + * + * The `embed_domain` parameter is optional. If specified and valid, the domain will be added to the embed domain allowlist if it is missing. * * #### Security Note * Protect this signed URL as you would an access token or password credentials - do not write @@ -1388,7 +1398,7 @@ export class Looker40SDKStream extends APIMethods { * * Configuring LDAP impacts authentication for all users. This configuration should be done carefully. * - * Looker maintains a single LDAP configuration. It can be read and updated. Updates only succeed if the new state will be valid (in the sense that all required fields are populated); it is up to you to ensure that the configuration is appropriate and correct). + * Looker maintains a single LDAP configuration. It can be read and updated. Updates only succeed if the new state will be valid (in the sense that all required fields are populated); it is up to you to ensure that the configuration is appropriate and correct). * * LDAP is enabled or disabled for Looker using the **enabled** field. * @@ -1502,9 +1512,9 @@ export class Looker40SDKStream extends APIMethods { /** * ### Test the connection authentication settings for an LDAP configuration. * - * This tests that the connection is possible and that a 'server' account to be used by Looker can authenticate to the LDAP server given connection and authentication information. + * This tests that the connection is possible and that a 'server' account to be used by Looker can authenticate to the LDAP server given connection and authentication information. * - * **connection_host**, **connection_port**, and **auth_username**, are required. **connection_tls** and **auth_password** are optional. + * **connection_host**, **connection_port**, and **auth_username**, are required. **connection_tls** and **auth_password** are optional. * * Example: * ```json @@ -1517,7 +1527,7 @@ export class Looker40SDKStream extends APIMethods { * } * ``` * - * Looker will never return an **auth_password**. If this request omits the **auth_password** field, then the **auth_password** value from the active config (if present) will be used for the test. + * Looker will never return an **auth_password**. If this request omits the **auth_password** field, then the **auth_password** value from the active config (if present) will be used for the test. * * The active LDAP settings are not modified. * @@ -1548,9 +1558,9 @@ export class Looker40SDKStream extends APIMethods { /** * ### Test the user authentication settings for an LDAP configuration without authenticating the user. * - * This test will let you easily test the mapping for user properties and roles for any user without needing to authenticate as that user. + * This test will let you easily test the mapping for user properties and roles for any user withoutneeding to authenticate as that user. * - * This test accepts a full LDAP configuration along with a username and attempts to find the full info for the user from the LDAP server without actually authenticating the user. So, user password is not required.The configuration is validated before attempting to contact the server. + * This test accepts a full LDAP configuration along with a username and attempts to find the full infofor the user from the LDAP server without actually authenticating the user. So, user password is notrequired.The configuration is validated before attempting to contact the server. * * **test_ldap_user** is required. * @@ -1583,9 +1593,9 @@ export class Looker40SDKStream extends APIMethods { /** * ### Test the user authentication settings for an LDAP configuration. * - * This test accepts a full LDAP configuration along with a username/password pair and attempts to authenticate the user with the LDAP server. The configuration is validated before attempting the authentication. + * This test accepts a full LDAP configuration along with a username/password pair and attempts to authenticate the user with the LDAP server. The configuration is validated before attempting the authentication. * - * Looker will never return an **auth_password**. If this request omits the **auth_password** field, then the **auth_password** value from the active config (if present) will be used for the test. + * Looker will never return an **auth_password**. If this request omits the **auth_password** field, then the **auth_password** value from the active config (if present) will be used for the test. * * **test_ldap_user** and **test_ldap_password** are required. * @@ -1971,7 +1981,7 @@ export class Looker40SDKStream extends APIMethods { * * Configuring OIDC impacts authentication for all users. This configuration should be done carefully. * - * Looker maintains a single OIDC configuation. It can be read and updated. Updates only succeed if the new state will be valid (in the sense that all required fields are populated); it is up to you to ensure that the configuration is appropriate and correct). + * Looker maintains a single OIDC configuation. It can be read and updated. Updates only succeed if the new state will be valid (in the sense that all required fields are populated); it is up to you to ensure that the configuration is appropriate and correct). * * OIDC is enabled or disabled for Looker using the **enabled** field. * @@ -2202,7 +2212,7 @@ export class Looker40SDKStream extends APIMethods { * * Configuring SAML impacts authentication for all users. This configuration should be done carefully. * - * Looker maintains a single SAML configuation. It can be read and updated. Updates only succeed if the new state will be valid (in the sense that all required fields are populated); it is up to you to ensure that the configuration is appropriate and correct). + * Looker maintains a single SAML configuation. It can be read and updated. Updates only succeed if the new state will be valid (in the sense that all required fields are populated); it is up to you to ensure that the configuration is appropriate and correct). * * SAML is enabled or disabled for Looker using the **enabled** field. * @@ -3935,8 +3945,10 @@ export class Looker40SDKStream extends APIMethods { * - extension_framework_enabled * - extension_load_url_enabled * - marketplace_auto_install_enabled + * - marketplace_automation * - marketplace_terms_accepted * - marketplace_enabled + * - marketplace_site * - onboarding_enabled * - privatelabel_configuration * - timezone @@ -3944,6 +3956,7 @@ export class Looker40SDKStream extends APIMethods { * - email_domain_allowlist * - embed_cookieless_v2 * - embed_enabled + * - embed_config * * GET /setting -> ISetting * @@ -3977,8 +3990,10 @@ export class Looker40SDKStream extends APIMethods { * - extension_framework_enabled * - extension_load_url_enabled * - marketplace_auto_install_enabled + * - marketplace_automation * - marketplace_terms_accepted * - marketplace_enabled + * - marketplace_site * - onboarding_enabled * - privatelabel_configuration * - timezone @@ -3986,6 +4001,7 @@ export class Looker40SDKStream extends APIMethods { * - email_domain_allowlist * - embed_cookieless_v2 * - embed_enabled + * - embed_config * * See the `Setting` type for more information on the specific values that can be configured. * @@ -7283,13 +7299,13 @@ export class Looker40SDKStream extends APIMethods { * GET /groups/search/with_roles -> IGroupSearch[] * * @param callback streaming output function - * @param request composed interface "IRequestSearchGroups" for complex method parameters + * @param request composed interface "IRequestSearchGroupsWithRoles" for complex method parameters * @param options one-time API call overrides * */ async search_groups_with_roles( callback: (readable: Readable) => Promise, - request: IRequestSearchGroups, + request: IRequestSearchGroupsWithRoles, options?: Partial ) { return this.authStream( @@ -7343,13 +7359,13 @@ export class Looker40SDKStream extends APIMethods { * GET /groups/search/with_hierarchy -> IGroupHierarchy[] * * @param callback streaming output function - * @param request composed interface "IRequestSearchGroups" for complex method parameters + * @param request composed interface "IRequestSearchGroupsWithHierarchy" for complex method parameters * @param options one-time API call overrides * */ async search_groups_with_hierarchy( callback: (readable: Readable) => Promise, - request: IRequestSearchGroups, + request: IRequestSearchGroupsWithHierarchy, options?: Partial ) { return this.authStream( @@ -8448,13 +8464,13 @@ export class Looker40SDKStream extends APIMethods { * GET /lookml_models -> ILookmlModel[] * * @param callback streaming output function - * @param request composed interface "IRequestArtifactNamespaces" for complex method parameters + * @param request composed interface "IRequestAllLookmlModels" for complex method parameters * @param options one-time API call overrides * */ async all_lookml_models( callback: (readable: Readable) => Promise, - request: IRequestArtifactNamespaces, + request: IRequestAllLookmlModels, options?: Partial ) { return this.authStream( @@ -11132,13 +11148,13 @@ export class Looker40SDKStream extends APIMethods { * GET /permission_sets/search -> IPermissionSet[] * * @param callback streaming output function - * @param request composed interface "IRequestSearchModelSets" for complex method parameters + * @param request composed interface "IRequestSearchPermissionSets" for complex method parameters * @param options one-time API call overrides * */ async search_permission_sets( callback: (readable: Readable) => Promise, - request: IRequestSearchModelSets, + request: IRequestSearchPermissionSets, options?: Partial ) { return this.authStream( @@ -11430,13 +11446,13 @@ export class Looker40SDKStream extends APIMethods { * GET /roles/search/with_user_count -> IRoleSearch[] * * @param callback streaming output function - * @param request composed interface "IRequestSearchRoles" for complex method parameters + * @param request composed interface "IRequestSearchRolesWithUserCount" for complex method parameters * @param options one-time API call overrides * */ async search_roles_with_user_count( callback: (readable: Readable) => Promise, - request: IRequestSearchRoles, + request: IRequestSearchRolesWithUserCount, options?: Partial ) { return this.authStream( @@ -14215,13 +14231,13 @@ export class Looker40SDKStream extends APIMethods { * GET /user_attributes -> IUserAttribute[] * * @param callback streaming output function - * @param request composed interface "IRequestAllBoardSections" for complex method parameters + * @param request composed interface "IRequestAllUserAttributes" for complex method parameters * @param options one-time API call overrides * */ async all_user_attributes( callback: (readable: Readable) => Promise, - request: IRequestAllBoardSections, + request: IRequestAllUserAttributes, options?: Partial ) { return this.authStream( diff --git a/packages/sdk/src/constants.ts b/packages/sdk/src/constants.ts index 5230e8c50..b84c8de8f 100644 --- a/packages/sdk/src/constants.ts +++ b/packages/sdk/src/constants.ts @@ -24,5 +24,5 @@ */ -export const sdkVersion = '23.12' +export const sdkVersion = '23.14' export const environmentPrefix = 'LOOKERSDK' diff --git a/python/looker_sdk/sdk/api31/methods.py b/python/looker_sdk/sdk/api31/methods.py index cd76f3bc8..09b1aed74 100644 --- a/python/looker_sdk/sdk/api31/methods.py +++ b/python/looker_sdk/sdk/api31/methods.py @@ -150,35 +150,39 @@ def logout( #region Auth: Manage User Authentication Configuration - # ### Create SSO Embed URL + # ### Create Signed Embed URL # - # Creates an SSO embed URL and cryptographically signs it with an embed secret. + # Creates a signed embed URL and cryptographically signs it with an embed secret. # This signed URL can then be used to instantiate a Looker embed session in a PBL web application. - # Do not make any modifications to this URL - any change may invalidate the signature and + # Do not make any modifications to the returned URL - any change may invalidate the signature and # cause the URL to fail to load a Looker embed session. # - # A signed SSO embed URL can only be used once. After it has been used to request a page from the - # Looker server, the URL is invalid. Future requests using the same URL will fail. This is to prevent + # A signed embed URL can only be **used once**. After the URL has been used to request a page from the + # Looker server, it is invalid. Future requests using the same URL will fail. This is to prevent # 'replay attacks'. # # The `target_url` property must be a complete URL of a Looker UI page - scheme, hostname, path and query params. # To load a dashboard with id 56 and with a filter of `Date=1 years`, the looker URL would look like `https:/myname.looker.com/dashboards/56?Date=1%20years`. - # The best way to obtain this target_url is to navigate to the desired Looker page in your web browser, - # copy the URL shown in the browser address bar and paste it into the `target_url` property as a quoted string value in this API request. + # The best way to obtain this `target_url` is to navigate to the desired Looker page in your web browser and use the "Get embed URL" menu option + # to copy it to your clipboard and paste it into the `target_url` property as a quoted string value in this API request. # - # Permissions for the embed user are defined by the groups in which the embed user is a member (group_ids property) + # Permissions for the embed user are defined by the groups in which the embed user is a member (`group_ids` property) # and the lists of models and permissions assigned to the embed user. - # At a minimum, you must provide values for either the group_ids property, or both the models and permissions properties. + # At a minimum, you must provide values for either the `group_ids` property, or **both** the models and permissions properties. # These properties are additive; an embed user can be a member of certain groups AND be granted access to models and permissions. # - # The embed user's access is the union of permissions granted by the group_ids, models, and permissions properties. + # The embed user's access is the union of permissions granted by the `group_ids`, `models`, and `permissions` properties. # # This function does not strictly require all group_ids, user attribute names, or model names to exist at the moment the - # SSO embed url is created. Unknown group_id, user attribute names or model names will be passed through to the output URL. + # embed url is created. Unknown group_id, user attribute names or model names will be passed through to the output URL. + # # To diagnose potential problems with an SSO embed URL, you can copy the signed URL into the Embed URI Validator text box in `/admin/embed`. # # The `secret_id` parameter is optional. If specified, its value must be the id of an active secret defined in the Looker instance. - # if not specified, the URL will be signed using the newest active secret defined in the Looker instance. + # if not specified, the URL will be signed using the most recent active signing secret. If there is no active secret for signing embed urls, + # a default secret will be created. This default secret is encrypted using HMAC/SHA-256. + # + # The `embed_domain` parameter is optional. If specified and valid, the domain will be added to the embed domain allowlist if it is missing. # # #### Security Note # Protect this signed URL as you would an access token or password credentials - do not write @@ -194,7 +198,7 @@ def create_sso_embed_url( body: mdls.EmbedSsoParams, transport_options: Optional[transport.TransportOptions] = None, ) -> mdls.EmbedUrlResponse: - """Create SSO Embed Url""" + """Create Signed Embed Url""" response = cast( mdls.EmbedUrlResponse, self.post( @@ -215,7 +219,7 @@ def create_sso_embed_url( # # Configuring LDAP impacts authentication for all users. This configuration should be done carefully. # - # Looker maintains a single LDAP configuration. It can be read and updated. Updates only succeed if the new state will be valid (in the sense that all required fields are populated); it is up to you to ensure that the configuration is appropriate and correct). + # Looker maintains a single LDAP configuration. It can be read and updated. Updates only succeed if the new state will be valid (in the sense that all required fields are populated); it is up to you to ensure that the configuration is appropriate and correct). # # LDAP is enabled or disabled for Looker using the **enabled** field. # @@ -314,9 +318,9 @@ def test_ldap_config_connection( # ### Test the connection authentication settings for an LDAP configuration. # - # This tests that the connection is possible and that a 'server' account to be used by Looker can authenticate to the LDAP server given connection and authentication information. + # This tests that the connection is possible and that a 'server' account to be used by Looker can authenticate to the LDAP server given connection and authentication information. # - # **connection_host**, **connection_port**, and **auth_username**, are required. **connection_tls** and **auth_password** are optional. + # **connection_host**, **connection_port**, and **auth_username**, are required. **connection_tls** and **auth_password** are optional. # # Example: # ```json @@ -329,7 +333,7 @@ def test_ldap_config_connection( # } # ``` # - # Looker will never return an **auth_password**. If this request omits the **auth_password** field, then the **auth_password** value from the active config (if present) will be used for the test. + # Looker will never return an **auth_password**. If this request omits the **auth_password** field, then the **auth_password** value from the active config (if present) will be used for the test. # # The active LDAP settings are not modified. # @@ -355,9 +359,9 @@ def test_ldap_config_auth( # ### Test the user authentication settings for an LDAP configuration without authenticating the user. # - # This test will let you easily test the mapping for user properties and roles for any user without needing to authenticate as that user. + # This test will let you easily test the mapping for user properties and roles for any user withoutneeding to authenticate as that user. # - # This test accepts a full LDAP configuration along with a username and attempts to find the full info for the user from the LDAP server without actually authenticating the user. So, user password is not required.The configuration is validated before attempting to contact the server. + # This test accepts a full LDAP configuration along with a username and attempts to find the full infofor the user from the LDAP server without actually authenticating the user. So, user password is notrequired.The configuration is validated before attempting to contact the server. # # **test_ldap_user** is required. # @@ -385,9 +389,9 @@ def test_ldap_config_user_info( # ### Test the user authentication settings for an LDAP configuration. # - # This test accepts a full LDAP configuration along with a username/password pair and attempts to authenticate the user with the LDAP server. The configuration is validated before attempting the authentication. + # This test accepts a full LDAP configuration along with a username/password pair and attempts to authenticate the user with the LDAP server. The configuration is validated before attempting the authentication. # - # Looker will never return an **auth_password**. If this request omits the **auth_password** field, then the **auth_password** value from the active config (if present) will be used for the test. + # Looker will never return an **auth_password**. If this request omits the **auth_password** field, then the **auth_password** value from the active config (if present) will be used for the test. # # **test_ldap_user** and **test_ldap_password** are required. # @@ -422,7 +426,7 @@ def test_ldap_config_user_auth( # # Configuring OIDC impacts authentication for all users. This configuration should be done carefully. # - # Looker maintains a single OIDC configuation. It can be read and updated. Updates only succeed if the new state will be valid (in the sense that all required fields are populated); it is up to you to ensure that the configuration is appropriate and correct). + # Looker maintains a single OIDC configuation. It can be read and updated. Updates only succeed if the new state will be valid (in the sense that all required fields are populated); it is up to you to ensure that the configuration is appropriate and correct). # # OIDC is enabled or disabled for Looker using the **enabled** field. # @@ -613,7 +617,7 @@ def force_password_reset_at_next_login_for_all_users( # # Configuring SAML impacts authentication for all users. This configuration should be done carefully. # - # Looker maintains a single SAML configuation. It can be read and updated. Updates only succeed if the new state will be valid (in the sense that all required fields are populated); it is up to you to ensure that the configuration is appropriate and correct). + # Looker maintains a single SAML configuation. It can be read and updated. Updates only succeed if the new state will be valid (in the sense that all required fields are populated); it is up to you to ensure that the configuration is appropriate and correct). # # SAML is enabled or disabled for Looker using the **enabled** field. # diff --git a/python/looker_sdk/sdk/api31/models.py b/python/looker_sdk/sdk/api31/models.py index a17f0e21c..92095fcfb 100644 --- a/python/looker_sdk/sdk/api31/models.py +++ b/python/looker_sdk/sdk/api31/models.py @@ -2929,9 +2929,9 @@ class EmbedSsoParams(model.Model): """ Attributes: target_url: The complete URL of the Looker UI page to display in the embed context. For example, to display the dashboard with id 34, `target_url` would look like: `https://mycompany.looker.com:9999/dashboards/34`. `target_uri` MUST contain a scheme (HTTPS), domain name, and URL path. Port must be included if it is required to reach the Looker server from browser clients. If the Looker instance is behind a load balancer or other proxy, `target_uri` must be the public-facing domain name and port required to reach the Looker instance, not the actual internal network machine name of the Looker instance. - session_length: Number of seconds the SSO embed session will be valid after the embed session is started. Defaults to 300 seconds. Maximum session length accepted is 2592000 seconds (30 days). + session_length: Number of seconds the signed embed session will be valid after the embed session is started. Defaults to 300 seconds. Maximum session length accepted is 2592000 seconds (30 days). force_logout_login: When true, the embed session will purge any residual Looker login state (such as in browser cookies) before creating a new login state with the given embed user info. Defaults to true. - external_user_id: A value from an external system that uniquely identifies the embed user. Since the user_ids of Looker embed users may change with every embed session, external_user_id provides a way to assign a known, stable user identifier across multiple embed sessions. + external_user_id: A value from an external system that uniquely identifies the embed user. Since the user_ids of Looker embed users may change with every embed session, external_user_id provides a way to assign a known, stable user identifier across multiple embed sessions. When the same external user id value is used for a new embed session, any existing session is terminated and existing access grants are replaced with the access grants associated with the new embed session. first_name: First name of the embed user. Defaults to 'Embed' if not specified last_name: Last name of the embed user. Defaults to 'User' if not specified user_timezone: Sets the user timezone for the embed user session, if the User Specific Timezones setting is enabled in the Looker admin settings. A value of `null` forces the embed user to use the Looker Application Default Timezone. You MUST omit this property from the request if the User Specific Timezones setting is disabled. Timezone values are validated against the IANA Timezone standard and can be seen in the Application Time Zone dropdown list on the Looker General Settings admin page. @@ -2941,6 +2941,7 @@ class EmbedSsoParams(model.Model): external_group_id: A unique value identifying an embed-exclusive group. Multiple embed users using the same `external_group_id` value will be able to share Looker content with each other. Content and embed users associated with the `external_group_id` will not be accessible to normal Looker users or embed users not associated with this `external_group_id`. user_attributes: A dictionary of name-value pairs associating a Looker user attribute name with a value. secret_id: Id of the embed secret to use to sign this SSO url. If specified, the value must be an id of a valid (active) secret defined in the Looker instance. If not specified, the URL will be signed with the newest active embed secret defined in the Looker instance. + embed_domain: Optional. URL of the domain hosting the signed embed URL. If provided and valid, the embed_domain will be added to the embed domain allowlist if it is not currently in the list """ target_url: str session_length: Optional[int] = None @@ -2955,6 +2956,7 @@ class EmbedSsoParams(model.Model): external_group_id: Optional[str] = None user_attributes: Optional[MutableMapping[str, Any]] = None secret_id: Optional[int] = None + embed_domain: Optional[str] = None def __init__(self, *, target_url: str, @@ -2969,7 +2971,8 @@ def __init__(self, *, group_ids: Optional[Sequence[int]] = None, external_group_id: Optional[str] = None, user_attributes: Optional[MutableMapping[str, Any]] = None, - secret_id: Optional[int] = None): + secret_id: Optional[int] = None, + embed_domain: Optional[str] = None): self.target_url = target_url self.session_length = session_length self.force_logout_login = force_logout_login @@ -2983,6 +2986,7 @@ def __init__(self, *, self.external_group_id = external_group_id self.user_attributes = user_attributes self.secret_id = secret_id + self.embed_domain = embed_domain @attr.s(auto_attribs=True, init=False) diff --git a/python/looker_sdk/sdk/api40/methods.py b/python/looker_sdk/sdk/api40/methods.py index a2c2e6cd6..65b0f9a01 100644 --- a/python/looker_sdk/sdk/api40/methods.py +++ b/python/looker_sdk/sdk/api40/methods.py @@ -769,35 +769,39 @@ def delete_embed_secret( ) return response - # ### Create SSO Embed URL + # ### Create Signed Embed URL # - # Creates an SSO embed URL and cryptographically signs it with an embed secret. + # Creates a signed embed URL and cryptographically signs it with an embed secret. # This signed URL can then be used to instantiate a Looker embed session in a PBL web application. - # Do not make any modifications to this URL - any change may invalidate the signature and + # Do not make any modifications to the returned URL - any change may invalidate the signature and # cause the URL to fail to load a Looker embed session. # - # A signed SSO embed URL can only be used once. After it has been used to request a page from the - # Looker server, the URL is invalid. Future requests using the same URL will fail. This is to prevent + # A signed embed URL can only be **used once**. After the URL has been used to request a page from the + # Looker server, it is invalid. Future requests using the same URL will fail. This is to prevent # 'replay attacks'. # # The `target_url` property must be a complete URL of a Looker UI page - scheme, hostname, path and query params. # To load a dashboard with id 56 and with a filter of `Date=1 years`, the looker URL would look like `https:/myname.looker.com/dashboards/56?Date=1%20years`. - # The best way to obtain this target_url is to navigate to the desired Looker page in your web browser, - # copy the URL shown in the browser address bar and paste it into the `target_url` property as a quoted string value in this API request. + # The best way to obtain this `target_url` is to navigate to the desired Looker page in your web browser and use the "Get embed URL" menu option + # to copy it to your clipboard and paste it into the `target_url` property as a quoted string value in this API request. # - # Permissions for the embed user are defined by the groups in which the embed user is a member (group_ids property) + # Permissions for the embed user are defined by the groups in which the embed user is a member (`group_ids` property) # and the lists of models and permissions assigned to the embed user. - # At a minimum, you must provide values for either the group_ids property, or both the models and permissions properties. + # At a minimum, you must provide values for either the `group_ids` property, or **both** the models and permissions properties. # These properties are additive; an embed user can be a member of certain groups AND be granted access to models and permissions. # - # The embed user's access is the union of permissions granted by the group_ids, models, and permissions properties. + # The embed user's access is the union of permissions granted by the `group_ids`, `models`, and `permissions` properties. # # This function does not strictly require all group_ids, user attribute names, or model names to exist at the moment the - # SSO embed url is created. Unknown group_id, user attribute names or model names will be passed through to the output URL. + # embed url is created. Unknown group_id, user attribute names or model names will be passed through to the output URL. + # # To diagnose potential problems with an SSO embed URL, you can copy the signed URL into the Embed URI Validator text box in `/admin/embed`. # # The `secret_id` parameter is optional. If specified, its value must be the id of an active secret defined in the Looker instance. - # if not specified, the URL will be signed using the newest active secret defined in the Looker instance. + # if not specified, the URL will be signed using the most recent active signing secret. If there is no active secret for signing embed urls, + # a default secret will be created. This default secret is encrypted using HMAC/SHA-256. + # + # The `embed_domain` parameter is optional. If specified and valid, the domain will be added to the embed domain allowlist if it is missing. # # #### Security Note # Protect this signed URL as you would an access token or password credentials - do not write @@ -813,7 +817,7 @@ def create_sso_embed_url( body: mdls.EmbedSsoParams, transport_options: Optional[transport.TransportOptions] = None, ) -> mdls.EmbedUrlResponse: - """Create SSO Embed Url""" + """Create Signed Embed Url""" response = cast( mdls.EmbedUrlResponse, self.post( @@ -987,7 +991,7 @@ def generate_tokens_for_cookieless_session( # # Configuring LDAP impacts authentication for all users. This configuration should be done carefully. # - # Looker maintains a single LDAP configuration. It can be read and updated. Updates only succeed if the new state will be valid (in the sense that all required fields are populated); it is up to you to ensure that the configuration is appropriate and correct). + # Looker maintains a single LDAP configuration. It can be read and updated. Updates only succeed if the new state will be valid (in the sense that all required fields are populated); it is up to you to ensure that the configuration is appropriate and correct). # # LDAP is enabled or disabled for Looker using the **enabled** field. # @@ -1086,9 +1090,9 @@ def test_ldap_config_connection( # ### Test the connection authentication settings for an LDAP configuration. # - # This tests that the connection is possible and that a 'server' account to be used by Looker can authenticate to the LDAP server given connection and authentication information. + # This tests that the connection is possible and that a 'server' account to be used by Looker can authenticate to the LDAP server given connection and authentication information. # - # **connection_host**, **connection_port**, and **auth_username**, are required. **connection_tls** and **auth_password** are optional. + # **connection_host**, **connection_port**, and **auth_username**, are required. **connection_tls** and **auth_password** are optional. # # Example: # ```json @@ -1101,7 +1105,7 @@ def test_ldap_config_connection( # } # ``` # - # Looker will never return an **auth_password**. If this request omits the **auth_password** field, then the **auth_password** value from the active config (if present) will be used for the test. + # Looker will never return an **auth_password**. If this request omits the **auth_password** field, then the **auth_password** value from the active config (if present) will be used for the test. # # The active LDAP settings are not modified. # @@ -1127,9 +1131,9 @@ def test_ldap_config_auth( # ### Test the user authentication settings for an LDAP configuration without authenticating the user. # - # This test will let you easily test the mapping for user properties and roles for any user without needing to authenticate as that user. + # This test will let you easily test the mapping for user properties and roles for any user withoutneeding to authenticate as that user. # - # This test accepts a full LDAP configuration along with a username and attempts to find the full info for the user from the LDAP server without actually authenticating the user. So, user password is not required.The configuration is validated before attempting to contact the server. + # This test accepts a full LDAP configuration along with a username and attempts to find the full infofor the user from the LDAP server without actually authenticating the user. So, user password is notrequired.The configuration is validated before attempting to contact the server. # # **test_ldap_user** is required. # @@ -1157,9 +1161,9 @@ def test_ldap_config_user_info( # ### Test the user authentication settings for an LDAP configuration. # - # This test accepts a full LDAP configuration along with a username/password pair and attempts to authenticate the user with the LDAP server. The configuration is validated before attempting the authentication. + # This test accepts a full LDAP configuration along with a username/password pair and attempts to authenticate the user with the LDAP server. The configuration is validated before attempting the authentication. # - # Looker will never return an **auth_password**. If this request omits the **auth_password** field, then the **auth_password** value from the active config (if present) will be used for the test. + # Looker will never return an **auth_password**. If this request omits the **auth_password** field, then the **auth_password** value from the active config (if present) will be used for the test. # # **test_ldap_user** and **test_ldap_password** are required. # @@ -1491,7 +1495,7 @@ def deactivate_app_user( # # Configuring OIDC impacts authentication for all users. This configuration should be done carefully. # - # Looker maintains a single OIDC configuation. It can be read and updated. Updates only succeed if the new state will be valid (in the sense that all required fields are populated); it is up to you to ensure that the configuration is appropriate and correct). + # Looker maintains a single OIDC configuation. It can be read and updated. Updates only succeed if the new state will be valid (in the sense that all required fields are populated); it is up to you to ensure that the configuration is appropriate and correct). # # OIDC is enabled or disabled for Looker using the **enabled** field. # @@ -1682,7 +1686,7 @@ def force_password_reset_at_next_login_for_all_users( # # Configuring SAML impacts authentication for all users. This configuration should be done carefully. # - # Looker maintains a single SAML configuation. It can be read and updated. Updates only succeed if the new state will be valid (in the sense that all required fields are populated); it is up to you to ensure that the configuration is appropriate and correct). + # Looker maintains a single SAML configuation. It can be read and updated. Updates only succeed if the new state will be valid (in the sense that all required fields are populated); it is up to you to ensure that the configuration is appropriate and correct). # # SAML is enabled or disabled for Looker using the **enabled** field. # @@ -3149,8 +3153,10 @@ def mobile_settings( # - extension_framework_enabled # - extension_load_url_enabled # - marketplace_auto_install_enabled + # - marketplace_automation # - marketplace_terms_accepted # - marketplace_enabled + # - marketplace_site # - onboarding_enabled # - privatelabel_configuration # - timezone @@ -3158,6 +3164,7 @@ def mobile_settings( # - email_domain_allowlist # - embed_cookieless_v2 # - embed_enabled + # - embed_config # # GET /setting -> mdls.Setting def get_setting( @@ -3187,8 +3194,10 @@ def get_setting( # - extension_framework_enabled # - extension_load_url_enabled # - marketplace_auto_install_enabled + # - marketplace_automation # - marketplace_terms_accepted # - marketplace_enabled + # - marketplace_site # - onboarding_enabled # - privatelabel_configuration # - timezone @@ -3196,6 +3205,7 @@ def get_setting( # - email_domain_allowlist # - embed_cookieless_v2 # - embed_enabled + # - embed_config # # See the `Setting` type for more information on the specific values that can be configured. # diff --git a/python/looker_sdk/sdk/api40/models.py b/python/looker_sdk/sdk/api40/models.py index c0064f392..97f8e7d32 100644 --- a/python/looker_sdk/sdk/api40/models.py +++ b/python/looker_sdk/sdk/api40/models.py @@ -21,7 +21,7 @@ # SOFTWARE. # -# 327 API models: 245 Spec, 0 Request, 60 Write, 22 Enum +# 329 API models: 247 Spec, 0 Request, 60 Write, 22 Enum # NOTE: Do not edit this file generated by Looker SDK Codegen for API 4.0 @@ -3954,13 +3954,66 @@ def __init__(self, *, self.egress_ip_addresses = egress_ip_addresses +@attr.s(auto_attribs=True, init=False) +class EmbedConfig(model.Model): + """ + Attributes: + domain_allowlist: List of domains to allow for embedding + alert_url_allowlist: List of base urls to allow for alert/schedule + alert_url_param_owner: Owner of who defines the alert/schedule params on the base url + alert_url_label: Label for the alert/schedule url + sso_auth_enabled: Is SSO embedding enabled for this Looker + embed_cookieless_v2: Is Cookieless embedding enabled for this Looker + embed_content_navigation: Is embed content navigation enabled for this looker + embed_content_management: Is embed content management enabled for this Looker + strict_sameorigin_for_login: When true, prohibits the use of Looker login pages in non-Looker iframes. When false, Looker login pages may be used in non-Looker hosted iframes. + look_filters: When true, filters are enabled on embedded Looks + hide_look_navigation: When true, removes navigation to Looks from embedded dashboards and explores. + """ + domain_allowlist: Optional[Sequence[str]] = None + alert_url_allowlist: Optional[Sequence[str]] = None + alert_url_param_owner: Optional[str] = None + alert_url_label: Optional[str] = None + sso_auth_enabled: Optional[bool] = None + embed_cookieless_v2: Optional[bool] = None + embed_content_navigation: Optional[bool] = None + embed_content_management: Optional[bool] = None + strict_sameorigin_for_login: Optional[bool] = None + look_filters: Optional[bool] = None + hide_look_navigation: Optional[bool] = None + + def __init__(self, *, + domain_allowlist: Optional[Sequence[str]] = None, + alert_url_allowlist: Optional[Sequence[str]] = None, + alert_url_param_owner: Optional[str] = None, + alert_url_label: Optional[str] = None, + sso_auth_enabled: Optional[bool] = None, + embed_cookieless_v2: Optional[bool] = None, + embed_content_navigation: Optional[bool] = None, + embed_content_management: Optional[bool] = None, + strict_sameorigin_for_login: Optional[bool] = None, + look_filters: Optional[bool] = None, + hide_look_navigation: Optional[bool] = None): + self.domain_allowlist = domain_allowlist + self.alert_url_allowlist = alert_url_allowlist + self.alert_url_param_owner = alert_url_param_owner + self.alert_url_label = alert_url_label + self.sso_auth_enabled = sso_auth_enabled + self.embed_cookieless_v2 = embed_cookieless_v2 + self.embed_content_navigation = embed_content_navigation + self.embed_content_management = embed_content_management + self.strict_sameorigin_for_login = strict_sameorigin_for_login + self.look_filters = look_filters + self.hide_look_navigation = hide_look_navigation + + @attr.s(auto_attribs=True, init=False) class EmbedCookielessSessionAcquire(model.Model): """ Attributes: - session_length: Number of seconds the SSO embed session will be valid after the embed session is started. Defaults to 300 seconds. Maximum session length accepted is 2592000 seconds (30 days). + session_length: Number of seconds the signed embed session will be valid after the embed session is started. Defaults to 300 seconds. Maximum session length accepted is 2592000 seconds (30 days). force_logout_login: When true, the embed session will purge any residual Looker login state (such as in browser cookies) before creating a new login state with the given embed user info. Defaults to true. - external_user_id: A value from an external system that uniquely identifies the embed user. Since the user_ids of Looker embed users may change with every embed session, external_user_id provides a way to assign a known, stable user identifier across multiple embed sessions. + external_user_id: A value from an external system that uniquely identifies the embed user. Since the user_ids of Looker embed users may change with every embed session, external_user_id provides a way to assign a known, stable user identifier across multiple embed sessions. When the same external user id value is used for a new embed session, any existing session is terminated and existing access grants are replaced with the access grants associated with the new embed session. first_name: First name of the embed user. Defaults to 'Embed' if not specified last_name: Last name of the embed user. Defaults to 'User' if not specified user_timezone: Sets the user timezone for the embed user session, if the User Specific Timezones setting is enabled in the Looker admin settings. A value of `null` forces the embed user to use the Looker Application Default Timezone. You MUST omit this property from the request if the User Specific Timezones setting is disabled. Timezone values are validated against the IANA Timezone standard and can be seen in the Application Time Zone dropdown list on the Looker General Settings admin page. @@ -3969,8 +4022,8 @@ class EmbedCookielessSessionAcquire(model.Model): group_ids: List of Looker group ids in which to enroll the embed user external_group_id: A unique value identifying an embed-exclusive group. Multiple embed users using the same `external_group_id` value will be able to share Looker content with each other. Content and embed users associated with the `external_group_id` will not be accessible to normal Looker users or embed users not associated with this `external_group_id`. user_attributes: A dictionary of name-value pairs associating a Looker user attribute name with a value. - session_reference_token: Token referencing the embed session and is used to generate new authentication, navigation and api tokens. embed_domain: The domain of the server embedding the Looker IFRAME. This is an alternative to specifying the domain in the embedded domain allow list in the Looker embed admin page. + session_reference_token: Token referencing the embed session and is used to generate new authentication, navigation and api tokens. """ session_length: Optional[int] = None force_logout_login: Optional[bool] = None @@ -3983,8 +4036,8 @@ class EmbedCookielessSessionAcquire(model.Model): group_ids: Optional[Sequence[str]] = None external_group_id: Optional[str] = None user_attributes: Optional[MutableMapping[str, Any]] = None - session_reference_token: Optional[str] = None embed_domain: Optional[str] = None + session_reference_token: Optional[str] = None def __init__(self, *, session_length: Optional[int] = None, @@ -3998,8 +4051,8 @@ def __init__(self, *, group_ids: Optional[Sequence[str]] = None, external_group_id: Optional[str] = None, user_attributes: Optional[MutableMapping[str, Any]] = None, - session_reference_token: Optional[str] = None, - embed_domain: Optional[str] = None): + embed_domain: Optional[str] = None, + session_reference_token: Optional[str] = None): self.session_length = session_length self.force_logout_login = force_logout_login self.external_user_id = external_user_id @@ -4011,8 +4064,8 @@ def __init__(self, *, self.group_ids = group_ids self.external_group_id = external_group_id self.user_attributes = user_attributes - self.session_reference_token = session_reference_token self.embed_domain = embed_domain + self.session_reference_token = session_reference_token @attr.s(auto_attribs=True, init=False) @@ -4115,7 +4168,7 @@ class EmbedParams(model.Model): """ Attributes: target_url: The complete URL of the Looker UI page to display in the embed context. For example, to display the dashboard with id 34, `target_url` would look like: `https://mycompany.looker.com:9999/dashboards/34`. `target_uri` MUST contain a scheme (HTTPS), domain name, and URL path. Port must be included if it is required to reach the Looker server from browser clients. If the Looker instance is behind a load balancer or other proxy, `target_uri` must be the public-facing domain name and port required to reach the Looker instance, not the actual internal network machine name of the Looker instance. - session_length: Number of seconds the SSO embed session will be valid after the embed session is started. Defaults to 300 seconds. Maximum session length accepted is 2592000 seconds (30 days). + session_length: Number of seconds the signed embed session will be valid after the embed session is started. Defaults to 300 seconds. Maximum session length accepted is 2592000 seconds (30 days). force_logout_login: When true, the embed session will purge any residual Looker login state (such as in browser cookies) before creating a new login state with the given embed user info. Defaults to true. """ target_url: str @@ -4173,9 +4226,9 @@ class EmbedSsoParams(model.Model): """ Attributes: target_url: The complete URL of the Looker UI page to display in the embed context. For example, to display the dashboard with id 34, `target_url` would look like: `https://mycompany.looker.com:9999/dashboards/34`. `target_uri` MUST contain a scheme (HTTPS), domain name, and URL path. Port must be included if it is required to reach the Looker server from browser clients. If the Looker instance is behind a load balancer or other proxy, `target_uri` must be the public-facing domain name and port required to reach the Looker instance, not the actual internal network machine name of the Looker instance. - session_length: Number of seconds the SSO embed session will be valid after the embed session is started. Defaults to 300 seconds. Maximum session length accepted is 2592000 seconds (30 days). + session_length: Number of seconds the signed embed session will be valid after the embed session is started. Defaults to 300 seconds. Maximum session length accepted is 2592000 seconds (30 days). force_logout_login: When true, the embed session will purge any residual Looker login state (such as in browser cookies) before creating a new login state with the given embed user info. Defaults to true. - external_user_id: A value from an external system that uniquely identifies the embed user. Since the user_ids of Looker embed users may change with every embed session, external_user_id provides a way to assign a known, stable user identifier across multiple embed sessions. + external_user_id: A value from an external system that uniquely identifies the embed user. Since the user_ids of Looker embed users may change with every embed session, external_user_id provides a way to assign a known, stable user identifier across multiple embed sessions. When the same external user id value is used for a new embed session, any existing session is terminated and existing access grants are replaced with the access grants associated with the new embed session. first_name: First name of the embed user. Defaults to 'Embed' if not specified last_name: Last name of the embed user. Defaults to 'User' if not specified user_timezone: Sets the user timezone for the embed user session, if the User Specific Timezones setting is enabled in the Looker admin settings. A value of `null` forces the embed user to use the Looker Application Default Timezone. You MUST omit this property from the request if the User Specific Timezones setting is disabled. Timezone values are validated against the IANA Timezone standard and can be seen in the Application Time Zone dropdown list on the Looker General Settings admin page. @@ -4185,6 +4238,7 @@ class EmbedSsoParams(model.Model): external_group_id: A unique value identifying an embed-exclusive group. Multiple embed users using the same `external_group_id` value will be able to share Looker content with each other. Content and embed users associated with the `external_group_id` will not be accessible to normal Looker users or embed users not associated with this `external_group_id`. user_attributes: A dictionary of name-value pairs associating a Looker user attribute name with a value. secret_id: Id of the embed secret to use to sign this SSO url. If specified, the value must be an id of a valid (active) secret defined in the Looker instance. If not specified, the URL will be signed with the newest active embed secret defined in the Looker instance. + embed_domain: Optional. URL of the domain hosting the signed embed URL. If provided and valid, the embed_domain will be added to the embed domain allowlist if it is not currently in the list """ target_url: str session_length: Optional[int] = None @@ -4199,6 +4253,7 @@ class EmbedSsoParams(model.Model): external_group_id: Optional[str] = None user_attributes: Optional[MutableMapping[str, Any]] = None secret_id: Optional[str] = None + embed_domain: Optional[str] = None def __init__(self, *, target_url: str, @@ -4213,7 +4268,8 @@ def __init__(self, *, group_ids: Optional[Sequence[str]] = None, external_group_id: Optional[str] = None, user_attributes: Optional[MutableMapping[str, Any]] = None, - secret_id: Optional[str] = None): + secret_id: Optional[str] = None, + embed_domain: Optional[str] = None): self.target_url = target_url self.session_length = session_length self.force_logout_login = force_logout_login @@ -4227,6 +4283,7 @@ def __init__(self, *, self.external_group_id = external_group_id self.user_attributes = user_attributes self.secret_id = secret_id + self.embed_domain = embed_domain @attr.s(auto_attribs=True, init=False) @@ -7136,6 +7193,27 @@ def __init__(self, *, self.localization_settings = localization_settings +@attr.s(auto_attribs=True, init=False) +class MarketplaceAutomation(model.Model): + """ + Attributes: + install_enabled: Whether marketplace auto installation is enabled + update_looker_enabled: Whether marketplace auto update is enabled for looker extensions + update_third_party_enabled: Whether marketplace auto update is enabled for third party extensions + """ + install_enabled: Optional[bool] = None + update_looker_enabled: Optional[bool] = None + update_third_party_enabled: Optional[bool] = None + + def __init__(self, *, + install_enabled: Optional[bool] = None, + update_looker_enabled: Optional[bool] = None, + update_third_party_enabled: Optional[bool] = None): + self.install_enabled = install_enabled + self.update_looker_enabled = update_looker_enabled + self.update_third_party_enabled = update_third_party_enabled + + @attr.s(auto_attribs=True, init=False) class MaterializePDT(model.Model): """ @@ -9650,9 +9728,11 @@ class Setting(model.Model): """ Attributes: extension_framework_enabled: Toggle extension framework on or off - extension_load_url_enabled: (DEPRECATED) Toggle extension extension load url on or off. Do not use. This is temporary setting that will eventually become a noop and subsequently deleted. - marketplace_auto_install_enabled: Toggle marketplace auto install on or off. Note that auto install only runs if marketplace is enabled. + extension_load_url_enabled: (DEPRECATED) Toggle extension load url on or off. Do not use. This is temporary setting that will eventually become a noop and subsequently deleted. + marketplace_auto_install_enabled: (DEPRECATED) Toggle marketplace auto install on or off. Deprecated - do not use. Auto install can now be enabled via marketplace automation settings + marketplace_automation: marketplace_enabled: Toggle marketplace on or off + marketplace_site: Location of Looker marketplace CDN marketplace_terms_accepted: Accept marketplace terms by setting this value to true, or get the current status. Marketplace terms CANNOT be declined once accepted. Accepting marketplace terms automatically enables the marketplace. The marketplace can still be disabled after it has been enabled. privatelabel_configuration: custom_welcome_email: @@ -9663,13 +9743,16 @@ class Setting(model.Model): host_url: Change the base portion of your Looker instance URL setting override_warnings: (Write-Only) If warnings are preventing a host URL change, this parameter allows for overriding warnings to force update the setting. Does not directly change any Looker settings. email_domain_allowlist: An array of Email Domain Allowlist of type string for Scheduled Content - embed_cookieless_v2: Toggle cookieless embed setting + embed_cookieless_v2: (DEPRECATED) Use embed_config.embed_cookieless_v2 instead. If embed_config.embed_cookieless_v2 is specified, it overrides this value. embed_enabled: True if embedding is enabled https://cloud.google.com/looker/docs/r/looker-core-feature-embed, false otherwise + embed_config: """ extension_framework_enabled: Optional[bool] = None extension_load_url_enabled: Optional[bool] = None marketplace_auto_install_enabled: Optional[bool] = None + marketplace_automation: Optional["MarketplaceAutomation"] = None marketplace_enabled: Optional[bool] = None + marketplace_site: Optional[str] = None marketplace_terms_accepted: Optional[bool] = None privatelabel_configuration: Optional["PrivatelabelConfiguration"] = None custom_welcome_email: Optional["CustomWelcomeEmail"] = None @@ -9682,12 +9765,15 @@ class Setting(model.Model): email_domain_allowlist: Optional[Sequence[str]] = None embed_cookieless_v2: Optional[bool] = None embed_enabled: Optional[bool] = None + embed_config: Optional["EmbedConfig"] = None def __init__(self, *, extension_framework_enabled: Optional[bool] = None, extension_load_url_enabled: Optional[bool] = None, marketplace_auto_install_enabled: Optional[bool] = None, + marketplace_automation: Optional["MarketplaceAutomation"] = None, marketplace_enabled: Optional[bool] = None, + marketplace_site: Optional[str] = None, marketplace_terms_accepted: Optional[bool] = None, privatelabel_configuration: Optional["PrivatelabelConfiguration"] = None, custom_welcome_email: Optional["CustomWelcomeEmail"] = None, @@ -9699,11 +9785,14 @@ def __init__(self, *, override_warnings: Optional[bool] = None, email_domain_allowlist: Optional[Sequence[str]] = None, embed_cookieless_v2: Optional[bool] = None, - embed_enabled: Optional[bool] = None): + embed_enabled: Optional[bool] = None, + embed_config: Optional["EmbedConfig"] = None): self.extension_framework_enabled = extension_framework_enabled self.extension_load_url_enabled = extension_load_url_enabled self.marketplace_auto_install_enabled = marketplace_auto_install_enabled + self.marketplace_automation = marketplace_automation self.marketplace_enabled = marketplace_enabled + self.marketplace_site = marketplace_site self.marketplace_terms_accepted = marketplace_terms_accepted self.privatelabel_configuration = privatelabel_configuration self.custom_welcome_email = custom_welcome_email @@ -9716,6 +9805,7 @@ def __init__(self, *, self.email_domain_allowlist = email_domain_allowlist self.embed_cookieless_v2 = embed_cookieless_v2 self.embed_enabled = embed_enabled + self.embed_config = embed_config @attr.s(auto_attribs=True, init=False) @@ -13505,12 +13595,13 @@ def __init__(self, *, class WriteSetting(model.Model): """ Dynamic writeable type for Setting removes: -embed_enabled +marketplace_site, embed_enabled Attributes: extension_framework_enabled: Toggle extension framework on or off - extension_load_url_enabled: (DEPRECATED) Toggle extension extension load url on or off. Do not use. This is temporary setting that will eventually become a noop and subsequently deleted. - marketplace_auto_install_enabled: Toggle marketplace auto install on or off. Note that auto install only runs if marketplace is enabled. + extension_load_url_enabled: (DEPRECATED) Toggle extension load url on or off. Do not use. This is temporary setting that will eventually become a noop and subsequently deleted. + marketplace_auto_install_enabled: (DEPRECATED) Toggle marketplace auto install on or off. Deprecated - do not use. Auto install can now be enabled via marketplace automation settings + marketplace_automation: marketplace_enabled: Toggle marketplace on or off marketplace_terms_accepted: Accept marketplace terms by setting this value to true, or get the current status. Marketplace terms CANNOT be declined once accepted. Accepting marketplace terms automatically enables the marketplace. The marketplace can still be disabled after it has been enabled. privatelabel_configuration: Dynamic writeable type for PrivatelabelConfiguration removes: @@ -13523,11 +13614,13 @@ class WriteSetting(model.Model): host_url: Change the base portion of your Looker instance URL setting override_warnings: (Write-Only) If warnings are preventing a host URL change, this parameter allows for overriding warnings to force update the setting. Does not directly change any Looker settings. email_domain_allowlist: An array of Email Domain Allowlist of type string for Scheduled Content - embed_cookieless_v2: Toggle cookieless embed setting + embed_cookieless_v2: (DEPRECATED) Use embed_config.embed_cookieless_v2 instead. If embed_config.embed_cookieless_v2 is specified, it overrides this value. + embed_config: """ extension_framework_enabled: Optional[bool] = None extension_load_url_enabled: Optional[bool] = None marketplace_auto_install_enabled: Optional[bool] = None + marketplace_automation: Optional["MarketplaceAutomation"] = None marketplace_enabled: Optional[bool] = None marketplace_terms_accepted: Optional[bool] = None privatelabel_configuration: Optional["WritePrivatelabelConfiguration"] = None @@ -13540,11 +13633,13 @@ class WriteSetting(model.Model): override_warnings: Optional[bool] = None email_domain_allowlist: Optional[Sequence[str]] = None embed_cookieless_v2: Optional[bool] = None + embed_config: Optional["EmbedConfig"] = None def __init__(self, *, extension_framework_enabled: Optional[bool] = None, extension_load_url_enabled: Optional[bool] = None, marketplace_auto_install_enabled: Optional[bool] = None, + marketplace_automation: Optional["MarketplaceAutomation"] = None, marketplace_enabled: Optional[bool] = None, marketplace_terms_accepted: Optional[bool] = None, privatelabel_configuration: Optional["WritePrivatelabelConfiguration"] = None, @@ -13556,10 +13651,12 @@ def __init__(self, *, host_url: Optional[str] = None, override_warnings: Optional[bool] = None, email_domain_allowlist: Optional[Sequence[str]] = None, - embed_cookieless_v2: Optional[bool] = None): + embed_cookieless_v2: Optional[bool] = None, + embed_config: Optional["EmbedConfig"] = None): self.extension_framework_enabled = extension_framework_enabled self.extension_load_url_enabled = extension_load_url_enabled self.marketplace_auto_install_enabled = marketplace_auto_install_enabled + self.marketplace_automation = marketplace_automation self.marketplace_enabled = marketplace_enabled self.marketplace_terms_accepted = marketplace_terms_accepted self.privatelabel_configuration = privatelabel_configuration @@ -13572,6 +13669,7 @@ def __init__(self, *, self.override_warnings = override_warnings self.email_domain_allowlist = email_domain_allowlist self.embed_cookieless_v2 = embed_cookieless_v2 + self.embed_config = embed_config @attr.s(auto_attribs=True, init=False) diff --git a/python/looker_sdk/sdk/constants.py b/python/looker_sdk/sdk/constants.py index 1cfa17383..58095a2f3 100644 --- a/python/looker_sdk/sdk/constants.py +++ b/python/looker_sdk/sdk/constants.py @@ -20,5 +20,5 @@ # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN # THE SOFTWARE. -sdk_version = "23.12" +sdk_version = "23.14" environment_prefix = "LOOKERSDK" diff --git a/spec/Looker.3.1.json b/spec/Looker.3.1.json index 437ea5ea1..a1259a504 100644 --- a/spec/Looker.3.1.json +++ b/spec/Looker.3.1.json @@ -2,7 +2,7 @@ "swagger": "2.0", "info": { "version": "3.1.0", - "x-looker-release-version": "23.12.5", + "x-looker-release-version": "23.14.9", "title": "Looker API 3.1 Reference", "description": "### Authorization\n\nThe classic method of API authorization uses Looker **API** credentials for authorization and access control.\nLooker admins can create API credentials on Looker's **Admin/Users** page.\n\nAPI 4.0 adds additional ways to authenticate API requests, including OAuth and CORS requests.\n\nFor details, see [Looker API Authorization](https://cloud.google.com/looker/docs/r/api/authorization).\n\n\n### API Explorer\n\nThe API Explorer is a Looker-provided utility with many new and unique features for learning and using the Looker API and SDKs.\n\nFor details, see the [API Explorer documentation](https://cloud.google.com/looker/docs/r/api/explorer).\n\n\n### Looker Language SDKs\n\nThe Looker API is a RESTful system that should be usable by any programming language capable of making\nHTTPS requests. SDKs for a variety of programming languages are also provided to streamline using the API. Looker\nhas an OpenSource [sdk-codegen project](https://github.com/looker-open-source/sdk-codegen) that provides several\nlanguage SDKs. Language SDKs generated by `sdk-codegen` have an Authentication manager that can automatically\nauthenticate API requests when needed.\n\nFor details on available Looker SDKs, see [Looker API Client SDKs](https://cloud.google.com/looker/docs/r/api/client_sdks).\n\n\n### API Versioning\n\nFuture releases of Looker expand the latest API version release-by-release to securely expose more and more of the core\npower of the Looker platform to API client applications. API endpoints marked as \"beta\" may receive breaking changes without\nwarning (but we will try to avoid doing that). Stable (non-beta) API endpoints should not receive breaking\nchanges in future releases.\n\nFor details, see [Looker API Versioning](https://cloud.google.com/looker/docs/r/api/versioning).\n\n\n### 3.1 Legacy API\n\nAPI 3.1 is now **deprecated**. API 4.0 should be used instead.\n\nThe text below is retained for reference purposes.\n\nThe following are a few examples of noteworthy items that have changed between API 3.0 and API 3.1.\nFor more comprehensive coverage of API changes, please see the release notes for your Looker release.\n\n### Examples of new things added in API 3.1 (compared to API 3.0):\n\n* [Dashboard construction](#!/3.1/Dashboard/) APIs\n* [Themes](#!/3.1/Theme/) and [custom color collections](#!/3.1/ColorCollection) APIs\n* Create and run [SQL Runner](#!/3.1/Query/run_sql_query) queries\n* Create and run [merged results](#!/3.1/Query/create_merge_query) queries\n* Create and modify [dashboard filters](#!/3.1/Dashboard/create_dashboard_filter)\n* Create and modify [password requirements](#!/3.1/Auth/password_config)\n\n### Deprecated in API 3.0\n\nThe following functions and properties have been deprecated in API 3.0. They continue to exist and work in API 3.0\nfor the next several Looker releases but they have not been carried forward to API 3.1:\n\n* Dashboard Prefetch functions\n* User access_filter functions\n* User API 1.0 credentials functions\n* Space.is_root and Space.is_user_root properties. Use Space.is_shared_root and Space.is_users_root instead.\n\n### Semantic changes in API 3.1:\n\n* [all_looks()](#!/3.1/Look/all_looks) no longer includes soft-deleted looks, matching [all_dashboards()](#!/3.1/Dashboard/all_dashboards) behavior.\nYou can find soft-deleted looks using [search_looks()](#!/3.1/Look/search_looks) with the `deleted` param set to True.\n* [all_spaces()](#!/3.1/Space/all_spaces) no longer includes duplicate items\n* [search_users()](#!/3.1/User/search_users) no longer accepts Y,y,1,0,N,n for Boolean params, only \"true\" and \"false\".\n* For greater client and network compatibility, [render_task_results](#!/3.1/RenderTask/render_task_results) now returns\nHTTP status **202 Accepted** instead of HTTP status **102 Processing**\n* [all_running_queries()](#!/3.1/Query/all_running_queries) and [kill_query](#!/3.1/Query/kill_query) functions have moved into the [Query](#!/3.1/Query/) function group.\n\nThe API Explorer can be used to [interactively compare](https://cloud.google.com/looker/docs/r/api/explorer#comparing_api_versions) the differences between API 3.1 and 4.0.\n\n\n### API and SDK Support Policies\n\nLooker API versions and language SDKs have varying support levels. Please read the API and SDK\n[support policies](https://cloud.google.com/looker/docs/r/api/support-policy) for more information.\n\n\n", "contact": { @@ -5748,13 +5748,13 @@ "Auth" ], "operationId": "create_sso_embed_url", - "summary": "Create SSO Embed Url", - "description": "### Create SSO Embed URL\n\nCreates an SSO embed URL and cryptographically signs it with an embed secret.\nThis signed URL can then be used to instantiate a Looker embed session in a PBL web application.\nDo not make any modifications to this URL - any change may invalidate the signature and\ncause the URL to fail to load a Looker embed session.\n\nA signed SSO embed URL can only be used once. After it has been used to request a page from the\nLooker server, the URL is invalid. Future requests using the same URL will fail. This is to prevent\n'replay attacks'.\n\nThe `target_url` property must be a complete URL of a Looker UI page - scheme, hostname, path and query params.\nTo load a dashboard with id 56 and with a filter of `Date=1 years`, the looker URL would look like `https:/myname.looker.com/dashboards/56?Date=1%20years`.\nThe best way to obtain this target_url is to navigate to the desired Looker page in your web browser,\ncopy the URL shown in the browser address bar and paste it into the `target_url` property as a quoted string value in this API request.\n\nPermissions for the embed user are defined by the groups in which the embed user is a member (group_ids property)\nand the lists of models and permissions assigned to the embed user.\nAt a minimum, you must provide values for either the group_ids property, or both the models and permissions properties.\nThese properties are additive; an embed user can be a member of certain groups AND be granted access to models and permissions.\n\nThe embed user's access is the union of permissions granted by the group_ids, models, and permissions properties.\n\nThis function does not strictly require all group_ids, user attribute names, or model names to exist at the moment the\nSSO embed url is created. Unknown group_id, user attribute names or model names will be passed through to the output URL.\nTo diagnose potential problems with an SSO embed URL, you can copy the signed URL into the Embed URI Validator text box in `/admin/embed`.\n\nThe `secret_id` parameter is optional. If specified, its value must be the id of an active secret defined in the Looker instance.\nif not specified, the URL will be signed using the newest active secret defined in the Looker instance.\n\n#### Security Note\nProtect this signed URL as you would an access token or password credentials - do not write\nit to disk, do not pass it to a third party, and only pass it through a secure HTTPS\nencrypted transport.\n\n\nCalls to this endpoint require [Embedding](https://cloud.google.com/looker/docs/r/looker-core-feature-embed) to be enabled\n", + "summary": "Create Signed Embed Url", + "description": "### Create Signed Embed URL\n\nCreates a signed embed URL and cryptographically signs it with an embed secret.\nThis signed URL can then be used to instantiate a Looker embed session in a PBL web application.\nDo not make any modifications to the returned URL - any change may invalidate the signature and\ncause the URL to fail to load a Looker embed session.\n\nA signed embed URL can only be **used once**. After the URL has been used to request a page from the\nLooker server, it is invalid. Future requests using the same URL will fail. This is to prevent\n'replay attacks'.\n\nThe `target_url` property must be a complete URL of a Looker UI page - scheme, hostname, path and query params.\nTo load a dashboard with id 56 and with a filter of `Date=1 years`, the looker URL would look like `https:/myname.looker.com/dashboards/56?Date=1%20years`.\nThe best way to obtain this `target_url` is to navigate to the desired Looker page in your web browser and use the \"Get embed URL\" menu option\nto copy it to your clipboard and paste it into the `target_url` property as a quoted string value in this API request.\n\nPermissions for the embed user are defined by the groups in which the embed user is a member (`group_ids` property)\nand the lists of models and permissions assigned to the embed user.\nAt a minimum, you must provide values for either the `group_ids` property, or **both** the models and permissions properties.\nThese properties are additive; an embed user can be a member of certain groups AND be granted access to models and permissions.\n\nThe embed user's access is the union of permissions granted by the `group_ids`, `models`, and `permissions` properties.\n\nThis function does not strictly require all group_ids, user attribute names, or model names to exist at the moment the\nembed url is created. Unknown group_id, user attribute names or model names will be passed through to the output URL.\n\nTo diagnose potential problems with an SSO embed URL, you can copy the signed URL into the Embed URI Validator text box in `/admin/embed`.\n\nThe `secret_id` parameter is optional. If specified, its value must be the id of an active secret defined in the Looker instance.\nif not specified, the URL will be signed using the most recent active signing secret. If there is no active secret for signing embed urls,\na default secret will be created. This default secret is encrypted using HMAC/SHA-256.\n\nThe `embed_domain` parameter is optional. If specified and valid, the domain will be added to the embed domain allowlist if it is missing.\n\n#### Security Note\nProtect this signed URL as you would an access token or password credentials - do not write\nit to disk, do not pass it to a third party, and only pass it through a secure HTTPS\nencrypted transport.\n\n\nCalls to this endpoint require [Embedding](https://cloud.google.com/looker/docs/r/looker-core-feature-embed) to be enabled\n", "parameters": [ { "name": "body", "in": "body", - "description": "SSO parameters", + "description": "Signed Embed URL parameters", "required": true, "schema": { "$ref": "#/definitions/EmbedSsoParams" @@ -5763,7 +5763,7 @@ ], "responses": { "200": { - "description": "Signed SSO URL", + "description": "Signed Embed URL", "schema": { "$ref": "#/definitions/EmbedUrlResponse" } @@ -8812,7 +8812,7 @@ ], "operationId": "ldap_config", "summary": "Get LDAP Configuration", - "description": "### Get the LDAP configuration.\n\nLooker can be optionally configured to authenticate users against an Active Directory or other LDAP directory server.\nLDAP setup requires coordination with an administrator of that directory server.\n\nOnly Looker administrators can read and update the LDAP configuration.\n\nConfiguring LDAP impacts authentication for all users. This configuration should be done carefully.\n\nLooker maintains a single LDAP configuration. It can be read and updated. Updates only succeed if the new state will be valid (in the sense that all required fields are populated); it is up to you to ensure that the configuration is appropriate and correct).\n\nLDAP is enabled or disabled for Looker using the **enabled** field.\n\nLooker will never return an **auth_password** field. That value can be set, but never retrieved.\n\nSee the [Looker LDAP docs](https://cloud.google.com/looker/docs/r/api/ldap_setup) for additional information.\n\nCalls to this endpoint may be denied by [Looker (Google Cloud core)](https://cloud.google.com/looker/docs/r/looker-core/overview).\n", + "description": "### Get the LDAP configuration.\n\nLooker can be optionally configured to authenticate users against an Active Directory or other LDAP directory server.\nLDAP setup requires coordination with an administrator of that directory server.\n\nOnly Looker administrators can read and update the LDAP configuration.\n\nConfiguring LDAP impacts authentication for all users. This configuration should be done carefully.\n\nLooker maintains a single LDAP configuration. It can be read and updated. Updates only succeed if the new state will be valid (in the sense that all required fields are populated); it is up to you to ensure that the configuration is appropriate and correct).\n\nLDAP is enabled or disabled for Looker using the **enabled** field.\n\nLooker will never return an **auth_password** field. That value can be set, but never retrieved.\n\nSee the [Looker LDAP docs](https://cloud.google.com/looker/docs/r/api/ldap_setup) for additional information.\n\nCalls to this endpoint may be denied by [Looker (Google Cloud core)](https://cloud.google.com/looker/docs/r/looker-core/overview).\n", "responses": { "200": { "description": "LDAP Configuration.", @@ -8952,7 +8952,7 @@ ], "operationId": "test_ldap_config_auth", "summary": "Test LDAP Auth", - "description": "### Test the connection authentication settings for an LDAP configuration.\n\nThis tests that the connection is possible and that a 'server' account to be used by Looker can authenticate to the LDAP server given connection and authentication information.\n\n**connection_host**, **connection_port**, and **auth_username**, are required. **connection_tls** and **auth_password** are optional.\n\nExample:\n```json\n{\n \"connection_host\": \"ldap.example.com\",\n \"connection_port\": \"636\",\n \"connection_tls\": true,\n \"auth_username\": \"cn=looker,dc=example,dc=com\",\n \"auth_password\": \"secret\"\n}\n```\n\nLooker will never return an **auth_password**. If this request omits the **auth_password** field, then the **auth_password** value from the active config (if present) will be used for the test.\n\nThe active LDAP settings are not modified.\n\nCalls to this endpoint may be denied by [Looker (Google Cloud core)](https://cloud.google.com/looker/docs/r/looker-core/overview).\n", + "description": "### Test the connection authentication settings for an LDAP configuration.\n\nThis tests that the connection is possible and that a 'server' account to be used by Looker can authenticate to the LDAP server given connection and authentication information.\n\n**connection_host**, **connection_port**, and **auth_username**, are required. **connection_tls** and **auth_password** are optional.\n\nExample:\n```json\n{\n \"connection_host\": \"ldap.example.com\",\n \"connection_port\": \"636\",\n \"connection_tls\": true,\n \"auth_username\": \"cn=looker,dc=example,dc=com\",\n \"auth_password\": \"secret\"\n}\n```\n\nLooker will never return an **auth_password**. If this request omits the **auth_password** field, then the **auth_password** value from the active config (if present) will be used for the test.\n\nThe active LDAP settings are not modified.\n\nCalls to this endpoint may be denied by [Looker (Google Cloud core)](https://cloud.google.com/looker/docs/r/looker-core/overview).\n", "parameters": [ { "name": "body", @@ -9007,7 +9007,7 @@ ], "operationId": "test_ldap_config_user_info", "summary": "Test LDAP User Info", - "description": "### Test the user authentication settings for an LDAP configuration without authenticating the user.\n\nThis test will let you easily test the mapping for user properties and roles for any user without needing to authenticate as that user.\n\nThis test accepts a full LDAP configuration along with a username and attempts to find the full info for the user from the LDAP server without actually authenticating the user. So, user password is not required.The configuration is validated before attempting to contact the server.\n\n**test_ldap_user** is required.\n\nThe active LDAP settings are not modified.\n\nCalls to this endpoint may be denied by [Looker (Google Cloud core)](https://cloud.google.com/looker/docs/r/looker-core/overview).\n", + "description": "### Test the user authentication settings for an LDAP configuration without authenticating the user.\n\nThis test will let you easily test the mapping for user properties and roles for any user withoutneeding to authenticate as that user.\n\nThis test accepts a full LDAP configuration along with a username and attempts to find the full infofor the user from the LDAP server without actually authenticating the user. So, user password is notrequired.The configuration is validated before attempting to contact the server.\n\n**test_ldap_user** is required.\n\nThe active LDAP settings are not modified.\n\nCalls to this endpoint may be denied by [Looker (Google Cloud core)](https://cloud.google.com/looker/docs/r/looker-core/overview).\n", "parameters": [ { "name": "body", @@ -9062,7 +9062,7 @@ ], "operationId": "test_ldap_config_user_auth", "summary": "Test LDAP User Auth", - "description": "### Test the user authentication settings for an LDAP configuration.\n\nThis test accepts a full LDAP configuration along with a username/password pair and attempts to authenticate the user with the LDAP server. The configuration is validated before attempting the authentication.\n\nLooker will never return an **auth_password**. If this request omits the **auth_password** field, then the **auth_password** value from the active config (if present) will be used for the test.\n\n**test_ldap_user** and **test_ldap_password** are required.\n\nThe active LDAP settings are not modified.\n\nCalls to this endpoint may be denied by [Looker (Google Cloud core)](https://cloud.google.com/looker/docs/r/looker-core/overview).\n", + "description": "### Test the user authentication settings for an LDAP configuration.\n\nThis test accepts a full LDAP configuration along with a username/password pair and attempts to authenticate the user with the LDAP server. The configuration is validated before attempting the authentication.\n\nLooker will never return an **auth_password**. If this request omits the **auth_password** field, then the **auth_password** value from the active config (if present) will be used for the test.\n\n**test_ldap_user** and **test_ldap_password** are required.\n\nThe active LDAP settings are not modified.\n\nCalls to this endpoint may be denied by [Looker (Google Cloud core)](https://cloud.google.com/looker/docs/r/looker-core/overview).\n", "parameters": [ { "name": "body", @@ -10658,7 +10658,7 @@ ], "operationId": "oidc_config", "summary": "Get OIDC Configuration", - "description": "### Get the OIDC configuration.\n\nLooker can be optionally configured to authenticate users against an OpenID Connect (OIDC)\nauthentication server. OIDC setup requires coordination with an administrator of that server.\n\nOnly Looker administrators can read and update the OIDC configuration.\n\nConfiguring OIDC impacts authentication for all users. This configuration should be done carefully.\n\nLooker maintains a single OIDC configuation. It can be read and updated. Updates only succeed if the new state will be valid (in the sense that all required fields are populated); it is up to you to ensure that the configuration is appropriate and correct).\n\nOIDC is enabled or disabled for Looker using the **enabled** field.\n\nCalls to this endpoint may be denied by [Looker (Google Cloud core)](https://cloud.google.com/looker/docs/r/looker-core/overview).\n", + "description": "### Get the OIDC configuration.\n\nLooker can be optionally configured to authenticate users against an OpenID Connect (OIDC)\nauthentication server. OIDC setup requires coordination with an administrator of that server.\n\nOnly Looker administrators can read and update the OIDC configuration.\n\nConfiguring OIDC impacts authentication for all users. This configuration should be done carefully.\n\nLooker maintains a single OIDC configuation. It can be read and updated. Updates only succeed if the new state will be valid (in the sense that all required fields are populated); it is up to you to ensure that the configuration is appropriate and correct).\n\nOIDC is enabled or disabled for Looker using the **enabled** field.\n\nCalls to this endpoint may be denied by [Looker (Google Cloud core)](https://cloud.google.com/looker/docs/r/looker-core/overview).\n", "responses": { "200": { "description": "OIDC Configuration.", @@ -14046,7 +14046,7 @@ ], "operationId": "saml_config", "summary": "Get SAML Configuration", - "description": "### Get the SAML configuration.\n\nLooker can be optionally configured to authenticate users against a SAML authentication server.\nSAML setup requires coordination with an administrator of that server.\n\nOnly Looker administrators can read and update the SAML configuration.\n\nConfiguring SAML impacts authentication for all users. This configuration should be done carefully.\n\nLooker maintains a single SAML configuation. It can be read and updated. Updates only succeed if the new state will be valid (in the sense that all required fields are populated); it is up to you to ensure that the configuration is appropriate and correct).\n\nSAML is enabled or disabled for Looker using the **enabled** field.\n\nCalls to this endpoint may be denied by [Looker (Google Cloud core)](https://cloud.google.com/looker/docs/r/looker-core/overview).\n", + "description": "### Get the SAML configuration.\n\nLooker can be optionally configured to authenticate users against a SAML authentication server.\nSAML setup requires coordination with an administrator of that server.\n\nOnly Looker administrators can read and update the SAML configuration.\n\nConfiguring SAML impacts authentication for all users. This configuration should be done carefully.\n\nLooker maintains a single SAML configuation. It can be read and updated. Updates only succeed if the new state will be valid (in the sense that all required fields are populated); it is up to you to ensure that the configuration is appropriate and correct).\n\nSAML is enabled or disabled for Looker using the **enabled** field.\n\nCalls to this endpoint may be denied by [Looker (Google Cloud core)](https://cloud.google.com/looker/docs/r/looker-core/overview).\n", "responses": { "200": { "description": "SAML Configuration.", @@ -25382,7 +25382,7 @@ "session_length": { "type": "integer", "format": "int64", - "description": "Number of seconds the SSO embed session will be valid after the embed session is started. Defaults to 300 seconds. Maximum session length accepted is 2592000 seconds (30 days).", + "description": "Number of seconds the signed embed session will be valid after the embed session is started. Defaults to 300 seconds. Maximum session length accepted is 2592000 seconds (30 days).", "x-looker-nullable": true }, "force_logout_login": { @@ -25392,7 +25392,7 @@ }, "external_user_id": { "type": "string", - "description": "A value from an external system that uniquely identifies the embed user. Since the user_ids of Looker embed users may change with every embed session, external_user_id provides a way to assign a known, stable user identifier across multiple embed sessions.", + "description": "A value from an external system that uniquely identifies the embed user. Since the user_ids of Looker embed users may change with every embed session, external_user_id provides a way to assign a known, stable user identifier across multiple embed sessions. When the same external user id value is used for a new embed session, any existing session is terminated and existing access grants are replaced with the access grants associated with the new embed session.", "x-looker-nullable": true }, "first_name": { @@ -25454,6 +25454,11 @@ "format": "int64", "description": "Id of the embed secret to use to sign this SSO url. If specified, the value must be an id of a valid (active) secret defined in the Looker instance. If not specified, the URL will be signed with the newest active embed secret defined in the Looker instance.", "x-looker-nullable": true + }, + "embed_domain": { + "type": "string", + "description": "Optional. URL of the domain hosting the signed embed URL. If provided and valid, the embed_domain will be added to the embed domain allowlist if it is not currently in the list", + "x-looker-nullable": true } }, "x-looker-status": "stable", diff --git a/spec/Looker.3.1.oas.json b/spec/Looker.3.1.oas.json index df017864e..bc1163424 100644 --- a/spec/Looker.3.1.oas.json +++ b/spec/Looker.3.1.oas.json @@ -2,7 +2,7 @@ "openapi": "3.0.0", "info": { "version": "3.1.0", - "x-looker-release-version": "23.12.5", + "x-looker-release-version": "23.14.9", "title": "Looker API 3.1 Reference", "description": "### Authorization\n\nThe classic method of API authorization uses Looker **API** credentials for authorization and access control.\nLooker admins can create API credentials on Looker's **Admin/Users** page.\n\nAPI 4.0 adds additional ways to authenticate API requests, including OAuth and CORS requests.\n\nFor details, see [Looker API Authorization](https://cloud.google.com/looker/docs/r/api/authorization).\n\n\n### API Explorer\n\nThe API Explorer is a Looker-provided utility with many new and unique features for learning and using the Looker API and SDKs.\n\nFor details, see the [API Explorer documentation](https://cloud.google.com/looker/docs/r/api/explorer).\n\n\n### Looker Language SDKs\n\nThe Looker API is a RESTful system that should be usable by any programming language capable of making\nHTTPS requests. SDKs for a variety of programming languages are also provided to streamline using the API. Looker\nhas an OpenSource [sdk-codegen project](https://github.com/looker-open-source/sdk-codegen) that provides several\nlanguage SDKs. Language SDKs generated by `sdk-codegen` have an Authentication manager that can automatically\nauthenticate API requests when needed.\n\nFor details on available Looker SDKs, see [Looker API Client SDKs](https://cloud.google.com/looker/docs/r/api/client_sdks).\n\n\n### API Versioning\n\nFuture releases of Looker expand the latest API version release-by-release to securely expose more and more of the core\npower of the Looker platform to API client applications. API endpoints marked as \"beta\" may receive breaking changes without\nwarning (but we will try to avoid doing that). Stable (non-beta) API endpoints should not receive breaking\nchanges in future releases.\n\nFor details, see [Looker API Versioning](https://cloud.google.com/looker/docs/r/api/versioning).\n\n\n### 3.1 Legacy API\n\nAPI 3.1 is now **deprecated**. API 4.0 should be used instead.\n\nThe text below is retained for reference purposes.\n\nThe following are a few examples of noteworthy items that have changed between API 3.0 and API 3.1.\nFor more comprehensive coverage of API changes, please see the release notes for your Looker release.\n\n### Examples of new things added in API 3.1 (compared to API 3.0):\n\n* [Dashboard construction](#!/3.1/Dashboard/) APIs\n* [Themes](#!/3.1/Theme/) and [custom color collections](#!/3.1/ColorCollection) APIs\n* Create and run [SQL Runner](#!/3.1/Query/run_sql_query) queries\n* Create and run [merged results](#!/3.1/Query/create_merge_query) queries\n* Create and modify [dashboard filters](#!/3.1/Dashboard/create_dashboard_filter)\n* Create and modify [password requirements](#!/3.1/Auth/password_config)\n\n### Deprecated in API 3.0\n\nThe following functions and properties have been deprecated in API 3.0. They continue to exist and work in API 3.0\nfor the next several Looker releases but they have not been carried forward to API 3.1:\n\n* Dashboard Prefetch functions\n* User access_filter functions\n* User API 1.0 credentials functions\n* Space.is_root and Space.is_user_root properties. Use Space.is_shared_root and Space.is_users_root instead.\n\n### Semantic changes in API 3.1:\n\n* [all_looks()](#!/3.1/Look/all_looks) no longer includes soft-deleted looks, matching [all_dashboards()](#!/3.1/Dashboard/all_dashboards) behavior.\nYou can find soft-deleted looks using [search_looks()](#!/3.1/Look/search_looks) with the `deleted` param set to True.\n* [all_spaces()](#!/3.1/Space/all_spaces) no longer includes duplicate items\n* [search_users()](#!/3.1/User/search_users) no longer accepts Y,y,1,0,N,n for Boolean params, only \"true\" and \"false\".\n* For greater client and network compatibility, [render_task_results](#!/3.1/RenderTask/render_task_results) now returns\nHTTP status **202 Accepted** instead of HTTP status **102 Processing**\n* [all_running_queries()](#!/3.1/Query/all_running_queries) and [kill_query](#!/3.1/Query/kill_query) functions have moved into the [Query](#!/3.1/Query/) function group.\n\nThe API Explorer can be used to [interactively compare](https://cloud.google.com/looker/docs/r/api/explorer#comparing_api_versions) the differences between API 3.1 and 4.0.\n\n\n### API and SDK Support Policies\n\nLooker API versions and language SDKs have varying support levels. Please read the API and SDK\n[support policies](https://cloud.google.com/looker/docs/r/api/support-policy) for more information.\n\n\n", "contact": { @@ -7962,11 +7962,11 @@ "Auth" ], "operationId": "create_sso_embed_url", - "summary": "Create SSO Embed Url", - "description": "### Create SSO Embed URL\n\nCreates an SSO embed URL and cryptographically signs it with an embed secret.\nThis signed URL can then be used to instantiate a Looker embed session in a PBL web application.\nDo not make any modifications to this URL - any change may invalidate the signature and\ncause the URL to fail to load a Looker embed session.\n\nA signed SSO embed URL can only be used once. After it has been used to request a page from the\nLooker server, the URL is invalid. Future requests using the same URL will fail. This is to prevent\n'replay attacks'.\n\nThe `target_url` property must be a complete URL of a Looker UI page - scheme, hostname, path and query params.\nTo load a dashboard with id 56 and with a filter of `Date=1 years`, the looker URL would look like `https:/myname.looker.com/dashboards/56?Date=1%20years`.\nThe best way to obtain this target_url is to navigate to the desired Looker page in your web browser,\ncopy the URL shown in the browser address bar and paste it into the `target_url` property as a quoted string value in this API request.\n\nPermissions for the embed user are defined by the groups in which the embed user is a member (group_ids property)\nand the lists of models and permissions assigned to the embed user.\nAt a minimum, you must provide values for either the group_ids property, or both the models and permissions properties.\nThese properties are additive; an embed user can be a member of certain groups AND be granted access to models and permissions.\n\nThe embed user's access is the union of permissions granted by the group_ids, models, and permissions properties.\n\nThis function does not strictly require all group_ids, user attribute names, or model names to exist at the moment the\nSSO embed url is created. Unknown group_id, user attribute names or model names will be passed through to the output URL.\nTo diagnose potential problems with an SSO embed URL, you can copy the signed URL into the Embed URI Validator text box in `/admin/embed`.\n\nThe `secret_id` parameter is optional. If specified, its value must be the id of an active secret defined in the Looker instance.\nif not specified, the URL will be signed using the newest active secret defined in the Looker instance.\n\n#### Security Note\nProtect this signed URL as you would an access token or password credentials - do not write\nit to disk, do not pass it to a third party, and only pass it through a secure HTTPS\nencrypted transport.\n\n\nCalls to this endpoint require [Embedding](https://cloud.google.com/looker/docs/r/looker-core-feature-embed) to be enabled\n", + "summary": "Create Signed Embed Url", + "description": "### Create Signed Embed URL\n\nCreates a signed embed URL and cryptographically signs it with an embed secret.\nThis signed URL can then be used to instantiate a Looker embed session in a PBL web application.\nDo not make any modifications to the returned URL - any change may invalidate the signature and\ncause the URL to fail to load a Looker embed session.\n\nA signed embed URL can only be **used once**. After the URL has been used to request a page from the\nLooker server, it is invalid. Future requests using the same URL will fail. This is to prevent\n'replay attacks'.\n\nThe `target_url` property must be a complete URL of a Looker UI page - scheme, hostname, path and query params.\nTo load a dashboard with id 56 and with a filter of `Date=1 years`, the looker URL would look like `https:/myname.looker.com/dashboards/56?Date=1%20years`.\nThe best way to obtain this `target_url` is to navigate to the desired Looker page in your web browser and use the \"Get embed URL\" menu option\nto copy it to your clipboard and paste it into the `target_url` property as a quoted string value in this API request.\n\nPermissions for the embed user are defined by the groups in which the embed user is a member (`group_ids` property)\nand the lists of models and permissions assigned to the embed user.\nAt a minimum, you must provide values for either the `group_ids` property, or **both** the models and permissions properties.\nThese properties are additive; an embed user can be a member of certain groups AND be granted access to models and permissions.\n\nThe embed user's access is the union of permissions granted by the `group_ids`, `models`, and `permissions` properties.\n\nThis function does not strictly require all group_ids, user attribute names, or model names to exist at the moment the\nembed url is created. Unknown group_id, user attribute names or model names will be passed through to the output URL.\n\nTo diagnose potential problems with an SSO embed URL, you can copy the signed URL into the Embed URI Validator text box in `/admin/embed`.\n\nThe `secret_id` parameter is optional. If specified, its value must be the id of an active secret defined in the Looker instance.\nif not specified, the URL will be signed using the most recent active signing secret. If there is no active secret for signing embed urls,\na default secret will be created. This default secret is encrypted using HMAC/SHA-256.\n\nThe `embed_domain` parameter is optional. If specified and valid, the domain will be added to the embed domain allowlist if it is missing.\n\n#### Security Note\nProtect this signed URL as you would an access token or password credentials - do not write\nit to disk, do not pass it to a third party, and only pass it through a secure HTTPS\nencrypted transport.\n\n\nCalls to this endpoint require [Embedding](https://cloud.google.com/looker/docs/r/looker-core-feature-embed) to be enabled\n", "responses": { "200": { - "description": "Signed SSO URL", + "description": "Signed Embed URL", "content": { "application/json": { "schema": { @@ -8036,7 +8036,7 @@ } } }, - "description": "SSO parameters", + "description": "Signed Embed URL parameters", "required": true } } @@ -12105,7 +12105,7 @@ ], "operationId": "ldap_config", "summary": "Get LDAP Configuration", - "description": "### Get the LDAP configuration.\n\nLooker can be optionally configured to authenticate users against an Active Directory or other LDAP directory server.\nLDAP setup requires coordination with an administrator of that directory server.\n\nOnly Looker administrators can read and update the LDAP configuration.\n\nConfiguring LDAP impacts authentication for all users. This configuration should be done carefully.\n\nLooker maintains a single LDAP configuration. It can be read and updated. Updates only succeed if the new state will be valid (in the sense that all required fields are populated); it is up to you to ensure that the configuration is appropriate and correct).\n\nLDAP is enabled or disabled for Looker using the **enabled** field.\n\nLooker will never return an **auth_password** field. That value can be set, but never retrieved.\n\nSee the [Looker LDAP docs](https://cloud.google.com/looker/docs/r/api/ldap_setup) for additional information.\n\nCalls to this endpoint may be denied by [Looker (Google Cloud core)](https://cloud.google.com/looker/docs/r/looker-core/overview).\n", + "description": "### Get the LDAP configuration.\n\nLooker can be optionally configured to authenticate users against an Active Directory or other LDAP directory server.\nLDAP setup requires coordination with an administrator of that directory server.\n\nOnly Looker administrators can read and update the LDAP configuration.\n\nConfiguring LDAP impacts authentication for all users. This configuration should be done carefully.\n\nLooker maintains a single LDAP configuration. It can be read and updated. Updates only succeed if the new state will be valid (in the sense that all required fields are populated); it is up to you to ensure that the configuration is appropriate and correct).\n\nLDAP is enabled or disabled for Looker using the **enabled** field.\n\nLooker will never return an **auth_password** field. That value can be set, but never retrieved.\n\nSee the [Looker LDAP docs](https://cloud.google.com/looker/docs/r/api/ldap_setup) for additional information.\n\nCalls to this endpoint may be denied by [Looker (Google Cloud core)](https://cloud.google.com/looker/docs/r/looker-core/overview).\n", "responses": { "200": { "description": "LDAP Configuration.", @@ -12297,7 +12297,7 @@ ], "operationId": "test_ldap_config_auth", "summary": "Test LDAP Auth", - "description": "### Test the connection authentication settings for an LDAP configuration.\n\nThis tests that the connection is possible and that a 'server' account to be used by Looker can authenticate to the LDAP server given connection and authentication information.\n\n**connection_host**, **connection_port**, and **auth_username**, are required. **connection_tls** and **auth_password** are optional.\n\nExample:\n```json\n{\n \"connection_host\": \"ldap.example.com\",\n \"connection_port\": \"636\",\n \"connection_tls\": true,\n \"auth_username\": \"cn=looker,dc=example,dc=com\",\n \"auth_password\": \"secret\"\n}\n```\n\nLooker will never return an **auth_password**. If this request omits the **auth_password** field, then the **auth_password** value from the active config (if present) will be used for the test.\n\nThe active LDAP settings are not modified.\n\nCalls to this endpoint may be denied by [Looker (Google Cloud core)](https://cloud.google.com/looker/docs/r/looker-core/overview).\n", + "description": "### Test the connection authentication settings for an LDAP configuration.\n\nThis tests that the connection is possible and that a 'server' account to be used by Looker can authenticate to the LDAP server given connection and authentication information.\n\n**connection_host**, **connection_port**, and **auth_username**, are required. **connection_tls** and **auth_password** are optional.\n\nExample:\n```json\n{\n \"connection_host\": \"ldap.example.com\",\n \"connection_port\": \"636\",\n \"connection_tls\": true,\n \"auth_username\": \"cn=looker,dc=example,dc=com\",\n \"auth_password\": \"secret\"\n}\n```\n\nLooker will never return an **auth_password**. If this request omits the **auth_password** field, then the **auth_password** value from the active config (if present) will be used for the test.\n\nThe active LDAP settings are not modified.\n\nCalls to this endpoint may be denied by [Looker (Google Cloud core)](https://cloud.google.com/looker/docs/r/looker-core/overview).\n", "responses": { "200": { "description": "Result info.", @@ -12372,7 +12372,7 @@ ], "operationId": "test_ldap_config_user_info", "summary": "Test LDAP User Info", - "description": "### Test the user authentication settings for an LDAP configuration without authenticating the user.\n\nThis test will let you easily test the mapping for user properties and roles for any user without needing to authenticate as that user.\n\nThis test accepts a full LDAP configuration along with a username and attempts to find the full info for the user from the LDAP server without actually authenticating the user. So, user password is not required.The configuration is validated before attempting to contact the server.\n\n**test_ldap_user** is required.\n\nThe active LDAP settings are not modified.\n\nCalls to this endpoint may be denied by [Looker (Google Cloud core)](https://cloud.google.com/looker/docs/r/looker-core/overview).\n", + "description": "### Test the user authentication settings for an LDAP configuration without authenticating the user.\n\nThis test will let you easily test the mapping for user properties and roles for any user withoutneeding to authenticate as that user.\n\nThis test accepts a full LDAP configuration along with a username and attempts to find the full infofor the user from the LDAP server without actually authenticating the user. So, user password is notrequired.The configuration is validated before attempting to contact the server.\n\n**test_ldap_user** is required.\n\nThe active LDAP settings are not modified.\n\nCalls to this endpoint may be denied by [Looker (Google Cloud core)](https://cloud.google.com/looker/docs/r/looker-core/overview).\n", "responses": { "200": { "description": "Result info.", @@ -12447,7 +12447,7 @@ ], "operationId": "test_ldap_config_user_auth", "summary": "Test LDAP User Auth", - "description": "### Test the user authentication settings for an LDAP configuration.\n\nThis test accepts a full LDAP configuration along with a username/password pair and attempts to authenticate the user with the LDAP server. The configuration is validated before attempting the authentication.\n\nLooker will never return an **auth_password**. If this request omits the **auth_password** field, then the **auth_password** value from the active config (if present) will be used for the test.\n\n**test_ldap_user** and **test_ldap_password** are required.\n\nThe active LDAP settings are not modified.\n\nCalls to this endpoint may be denied by [Looker (Google Cloud core)](https://cloud.google.com/looker/docs/r/looker-core/overview).\n", + "description": "### Test the user authentication settings for an LDAP configuration.\n\nThis test accepts a full LDAP configuration along with a username/password pair and attempts to authenticate the user with the LDAP server. The configuration is validated before attempting the authentication.\n\nLooker will never return an **auth_password**. If this request omits the **auth_password** field, then the **auth_password** value from the active config (if present) will be used for the test.\n\n**test_ldap_user** and **test_ldap_password** are required.\n\nThe active LDAP settings are not modified.\n\nCalls to this endpoint may be denied by [Looker (Google Cloud core)](https://cloud.google.com/looker/docs/r/looker-core/overview).\n", "responses": { "200": { "description": "Result info.", @@ -14674,7 +14674,7 @@ ], "operationId": "oidc_config", "summary": "Get OIDC Configuration", - "description": "### Get the OIDC configuration.\n\nLooker can be optionally configured to authenticate users against an OpenID Connect (OIDC)\nauthentication server. OIDC setup requires coordination with an administrator of that server.\n\nOnly Looker administrators can read and update the OIDC configuration.\n\nConfiguring OIDC impacts authentication for all users. This configuration should be done carefully.\n\nLooker maintains a single OIDC configuation. It can be read and updated. Updates only succeed if the new state will be valid (in the sense that all required fields are populated); it is up to you to ensure that the configuration is appropriate and correct).\n\nOIDC is enabled or disabled for Looker using the **enabled** field.\n\nCalls to this endpoint may be denied by [Looker (Google Cloud core)](https://cloud.google.com/looker/docs/r/looker-core/overview).\n", + "description": "### Get the OIDC configuration.\n\nLooker can be optionally configured to authenticate users against an OpenID Connect (OIDC)\nauthentication server. OIDC setup requires coordination with an administrator of that server.\n\nOnly Looker administrators can read and update the OIDC configuration.\n\nConfiguring OIDC impacts authentication for all users. This configuration should be done carefully.\n\nLooker maintains a single OIDC configuation. It can be read and updated. Updates only succeed if the new state will be valid (in the sense that all required fields are populated); it is up to you to ensure that the configuration is appropriate and correct).\n\nOIDC is enabled or disabled for Looker using the **enabled** field.\n\nCalls to this endpoint may be denied by [Looker (Google Cloud core)](https://cloud.google.com/looker/docs/r/looker-core/overview).\n", "responses": { "200": { "description": "OIDC Configuration.", @@ -19316,7 +19316,7 @@ ], "operationId": "saml_config", "summary": "Get SAML Configuration", - "description": "### Get the SAML configuration.\n\nLooker can be optionally configured to authenticate users against a SAML authentication server.\nSAML setup requires coordination with an administrator of that server.\n\nOnly Looker administrators can read and update the SAML configuration.\n\nConfiguring SAML impacts authentication for all users. This configuration should be done carefully.\n\nLooker maintains a single SAML configuation. It can be read and updated. Updates only succeed if the new state will be valid (in the sense that all required fields are populated); it is up to you to ensure that the configuration is appropriate and correct).\n\nSAML is enabled or disabled for Looker using the **enabled** field.\n\nCalls to this endpoint may be denied by [Looker (Google Cloud core)](https://cloud.google.com/looker/docs/r/looker-core/overview).\n", + "description": "### Get the SAML configuration.\n\nLooker can be optionally configured to authenticate users against a SAML authentication server.\nSAML setup requires coordination with an administrator of that server.\n\nOnly Looker administrators can read and update the SAML configuration.\n\nConfiguring SAML impacts authentication for all users. This configuration should be done carefully.\n\nLooker maintains a single SAML configuation. It can be read and updated. Updates only succeed if the new state will be valid (in the sense that all required fields are populated); it is up to you to ensure that the configuration is appropriate and correct).\n\nSAML is enabled or disabled for Looker using the **enabled** field.\n\nCalls to this endpoint may be denied by [Looker (Google Cloud core)](https://cloud.google.com/looker/docs/r/looker-core/overview).\n", "responses": { "200": { "description": "SAML Configuration.", @@ -33115,7 +33115,7 @@ "session_length": { "type": "integer", "format": "int64", - "description": "Number of seconds the SSO embed session will be valid after the embed session is started. Defaults to 300 seconds. Maximum session length accepted is 2592000 seconds (30 days).", + "description": "Number of seconds the signed embed session will be valid after the embed session is started. Defaults to 300 seconds. Maximum session length accepted is 2592000 seconds (30 days).", "nullable": true }, "force_logout_login": { @@ -33125,7 +33125,7 @@ }, "external_user_id": { "type": "string", - "description": "A value from an external system that uniquely identifies the embed user. Since the user_ids of Looker embed users may change with every embed session, external_user_id provides a way to assign a known, stable user identifier across multiple embed sessions.", + "description": "A value from an external system that uniquely identifies the embed user. Since the user_ids of Looker embed users may change with every embed session, external_user_id provides a way to assign a known, stable user identifier across multiple embed sessions. When the same external user id value is used for a new embed session, any existing session is terminated and existing access grants are replaced with the access grants associated with the new embed session.", "nullable": true }, "first_name": { @@ -33187,6 +33187,11 @@ "format": "int64", "description": "Id of the embed secret to use to sign this SSO url. If specified, the value must be an id of a valid (active) secret defined in the Looker instance. If not specified, the URL will be signed with the newest active embed secret defined in the Looker instance.", "nullable": true + }, + "embed_domain": { + "type": "string", + "description": "Optional. URL of the domain hosting the signed embed URL. If provided and valid, the embed_domain will be added to the embed domain allowlist if it is not currently in the list", + "nullable": true } }, "x-looker-status": "stable", diff --git a/spec/Looker.4.0.json b/spec/Looker.4.0.json index bdf976e74..bce241737 100644 --- a/spec/Looker.4.0.json +++ b/spec/Looker.4.0.json @@ -1,8 +1,8 @@ { "swagger": "2.0", "info": { - "version": "4.0.23.12", - "x-looker-release-version": "23.12.5", + "version": "4.0.23.14", + "x-looker-release-version": "23.14.9", "title": "Looker API 4.0 Reference", "description": "\nAPI 4.0 is the current release of the Looker API. API 3.1 is deprecated.\n\n### Authorization\n\nThe classic method of API authorization uses Looker **API** credentials for authorization and access control.\nLooker admins can create API credentials on Looker's **Admin/Users** page.\n\nAPI 4.0 adds additional ways to authenticate API requests, including OAuth and CORS requests.\n\nFor details, see [Looker API Authorization](https://cloud.google.com/looker/docs/r/api/authorization).\n\n\n### API Explorer\n\nThe API Explorer is a Looker-provided utility with many new and unique features for learning and using the Looker API and SDKs.\n\nFor details, see the [API Explorer documentation](https://cloud.google.com/looker/docs/r/api/explorer).\n\n\n### Looker Language SDKs\n\nThe Looker API is a RESTful system that should be usable by any programming language capable of making\nHTTPS requests. SDKs for a variety of programming languages are also provided to streamline using the API. Looker\nhas an OpenSource [sdk-codegen project](https://github.com/looker-open-source/sdk-codegen) that provides several\nlanguage SDKs. Language SDKs generated by `sdk-codegen` have an Authentication manager that can automatically\nauthenticate API requests when needed.\n\nFor details on available Looker SDKs, see [Looker API Client SDKs](https://cloud.google.com/looker/docs/r/api/client_sdks).\n\n\n### API Versioning\n\nFuture releases of Looker expand the latest API version release-by-release to securely expose more and more of the core\npower of the Looker platform to API client applications. API endpoints marked as \"beta\" may receive breaking changes without\nwarning (but we will try to avoid doing that). Stable (non-beta) API endpoints should not receive breaking\nchanges in future releases.\n\nFor details, see [Looker API Versioning](https://cloud.google.com/looker/docs/r/api/versioning).\n\n\n### In This Release\n\nAPI 4.0 version was introduced to make adjustments to API functions, parameters, and response types to\nfix bugs and inconsistencies. These changes fall outside the bounds of non-breaking additive changes we can\nmake to the previous API 3.1.\n\nOne benefit of these type adjustments in API 4.0 is dramatically better support for strongly\ntyped languages like TypeScript, Kotlin, Swift, Go, C#, and more.\n\nSee the [API 4.0 GA announcement](https://developers.looker.com/api/advanced-usage/version-4-ga) for more information\nabout API 4.0.\n\nThe API Explorer can be used to [interactively compare](https://cloud.google.com/looker/docs/r/api/explorer#comparing_api_versions) the differences between API 3.1 and 4.0.\n\n\n### API and SDK Support Policies\n\nLooker API versions and language SDKs have varying support levels. Please read the API and SDK\n[support policies](https://cloud.google.com/looker/docs/r/api/support-policy) for more information.\n\n\n", "contact": { @@ -7556,13 +7556,13 @@ "Auth" ], "operationId": "create_sso_embed_url", - "summary": "Create SSO Embed Url", - "description": "### Create SSO Embed URL\n\nCreates an SSO embed URL and cryptographically signs it with an embed secret.\nThis signed URL can then be used to instantiate a Looker embed session in a PBL web application.\nDo not make any modifications to this URL - any change may invalidate the signature and\ncause the URL to fail to load a Looker embed session.\n\nA signed SSO embed URL can only be used once. After it has been used to request a page from the\nLooker server, the URL is invalid. Future requests using the same URL will fail. This is to prevent\n'replay attacks'.\n\nThe `target_url` property must be a complete URL of a Looker UI page - scheme, hostname, path and query params.\nTo load a dashboard with id 56 and with a filter of `Date=1 years`, the looker URL would look like `https:/myname.looker.com/dashboards/56?Date=1%20years`.\nThe best way to obtain this target_url is to navigate to the desired Looker page in your web browser,\ncopy the URL shown in the browser address bar and paste it into the `target_url` property as a quoted string value in this API request.\n\nPermissions for the embed user are defined by the groups in which the embed user is a member (group_ids property)\nand the lists of models and permissions assigned to the embed user.\nAt a minimum, you must provide values for either the group_ids property, or both the models and permissions properties.\nThese properties are additive; an embed user can be a member of certain groups AND be granted access to models and permissions.\n\nThe embed user's access is the union of permissions granted by the group_ids, models, and permissions properties.\n\nThis function does not strictly require all group_ids, user attribute names, or model names to exist at the moment the\nSSO embed url is created. Unknown group_id, user attribute names or model names will be passed through to the output URL.\nTo diagnose potential problems with an SSO embed URL, you can copy the signed URL into the Embed URI Validator text box in `/admin/embed`.\n\nThe `secret_id` parameter is optional. If specified, its value must be the id of an active secret defined in the Looker instance.\nif not specified, the URL will be signed using the newest active secret defined in the Looker instance.\n\n#### Security Note\nProtect this signed URL as you would an access token or password credentials - do not write\nit to disk, do not pass it to a third party, and only pass it through a secure HTTPS\nencrypted transport.\n\n\nCalls to this endpoint require [Embedding](https://cloud.google.com/looker/docs/r/looker-core-feature-embed) to be enabled\n", + "summary": "Create Signed Embed Url", + "description": "### Create Signed Embed URL\n\nCreates a signed embed URL and cryptographically signs it with an embed secret.\nThis signed URL can then be used to instantiate a Looker embed session in a PBL web application.\nDo not make any modifications to the returned URL - any change may invalidate the signature and\ncause the URL to fail to load a Looker embed session.\n\nA signed embed URL can only be **used once**. After the URL has been used to request a page from the\nLooker server, it is invalid. Future requests using the same URL will fail. This is to prevent\n'replay attacks'.\n\nThe `target_url` property must be a complete URL of a Looker UI page - scheme, hostname, path and query params.\nTo load a dashboard with id 56 and with a filter of `Date=1 years`, the looker URL would look like `https:/myname.looker.com/dashboards/56?Date=1%20years`.\nThe best way to obtain this `target_url` is to navigate to the desired Looker page in your web browser and use the \"Get embed URL\" menu option\nto copy it to your clipboard and paste it into the `target_url` property as a quoted string value in this API request.\n\nPermissions for the embed user are defined by the groups in which the embed user is a member (`group_ids` property)\nand the lists of models and permissions assigned to the embed user.\nAt a minimum, you must provide values for either the `group_ids` property, or **both** the models and permissions properties.\nThese properties are additive; an embed user can be a member of certain groups AND be granted access to models and permissions.\n\nThe embed user's access is the union of permissions granted by the `group_ids`, `models`, and `permissions` properties.\n\nThis function does not strictly require all group_ids, user attribute names, or model names to exist at the moment the\nembed url is created. Unknown group_id, user attribute names or model names will be passed through to the output URL.\n\nTo diagnose potential problems with an SSO embed URL, you can copy the signed URL into the Embed URI Validator text box in `/admin/embed`.\n\nThe `secret_id` parameter is optional. If specified, its value must be the id of an active secret defined in the Looker instance.\nif not specified, the URL will be signed using the most recent active signing secret. If there is no active secret for signing embed urls,\na default secret will be created. This default secret is encrypted using HMAC/SHA-256.\n\nThe `embed_domain` parameter is optional. If specified and valid, the domain will be added to the embed domain allowlist if it is missing.\n\n#### Security Note\nProtect this signed URL as you would an access token or password credentials - do not write\nit to disk, do not pass it to a third party, and only pass it through a secure HTTPS\nencrypted transport.\n\n\nCalls to this endpoint require [Embedding](https://cloud.google.com/looker/docs/r/looker-core-feature-embed) to be enabled\n", "parameters": [ { "name": "body", "in": "body", - "description": "SSO parameters", + "description": "Signed Embed URL parameters", "required": true, "schema": { "$ref": "#/definitions/EmbedSsoParams" @@ -7571,7 +7571,7 @@ ], "responses": { "200": { - "description": "Signed SSO URL", + "description": "Signed Embed URL", "schema": { "$ref": "#/definitions/EmbedUrlResponse" } @@ -11276,7 +11276,7 @@ ], "operationId": "ldap_config", "summary": "Get LDAP Configuration", - "description": "### Get the LDAP configuration.\n\nLooker can be optionally configured to authenticate users against an Active Directory or other LDAP directory server.\nLDAP setup requires coordination with an administrator of that directory server.\n\nOnly Looker administrators can read and update the LDAP configuration.\n\nConfiguring LDAP impacts authentication for all users. This configuration should be done carefully.\n\nLooker maintains a single LDAP configuration. It can be read and updated. Updates only succeed if the new state will be valid (in the sense that all required fields are populated); it is up to you to ensure that the configuration is appropriate and correct).\n\nLDAP is enabled or disabled for Looker using the **enabled** field.\n\nLooker will never return an **auth_password** field. That value can be set, but never retrieved.\n\nSee the [Looker LDAP docs](https://cloud.google.com/looker/docs/r/api/ldap_setup) for additional information.\n\nCalls to this endpoint may be denied by [Looker (Google Cloud core)](https://cloud.google.com/looker/docs/r/looker-core/overview).\n", + "description": "### Get the LDAP configuration.\n\nLooker can be optionally configured to authenticate users against an Active Directory or other LDAP directory server.\nLDAP setup requires coordination with an administrator of that directory server.\n\nOnly Looker administrators can read and update the LDAP configuration.\n\nConfiguring LDAP impacts authentication for all users. This configuration should be done carefully.\n\nLooker maintains a single LDAP configuration. It can be read and updated. Updates only succeed if the new state will be valid (in the sense that all required fields are populated); it is up to you to ensure that the configuration is appropriate and correct).\n\nLDAP is enabled or disabled for Looker using the **enabled** field.\n\nLooker will never return an **auth_password** field. That value can be set, but never retrieved.\n\nSee the [Looker LDAP docs](https://cloud.google.com/looker/docs/r/api/ldap_setup) for additional information.\n\nCalls to this endpoint may be denied by [Looker (Google Cloud core)](https://cloud.google.com/looker/docs/r/looker-core/overview).\n", "responses": { "200": { "description": "LDAP Configuration.", @@ -11416,7 +11416,7 @@ ], "operationId": "test_ldap_config_auth", "summary": "Test LDAP Auth", - "description": "### Test the connection authentication settings for an LDAP configuration.\n\nThis tests that the connection is possible and that a 'server' account to be used by Looker can authenticate to the LDAP server given connection and authentication information.\n\n**connection_host**, **connection_port**, and **auth_username**, are required. **connection_tls** and **auth_password** are optional.\n\nExample:\n```json\n{\n \"connection_host\": \"ldap.example.com\",\n \"connection_port\": \"636\",\n \"connection_tls\": true,\n \"auth_username\": \"cn=looker,dc=example,dc=com\",\n \"auth_password\": \"secret\"\n}\n```\n\nLooker will never return an **auth_password**. If this request omits the **auth_password** field, then the **auth_password** value from the active config (if present) will be used for the test.\n\nThe active LDAP settings are not modified.\n\nCalls to this endpoint may be denied by [Looker (Google Cloud core)](https://cloud.google.com/looker/docs/r/looker-core/overview).\n", + "description": "### Test the connection authentication settings for an LDAP configuration.\n\nThis tests that the connection is possible and that a 'server' account to be used by Looker can authenticate to the LDAP server given connection and authentication information.\n\n**connection_host**, **connection_port**, and **auth_username**, are required. **connection_tls** and **auth_password** are optional.\n\nExample:\n```json\n{\n \"connection_host\": \"ldap.example.com\",\n \"connection_port\": \"636\",\n \"connection_tls\": true,\n \"auth_username\": \"cn=looker,dc=example,dc=com\",\n \"auth_password\": \"secret\"\n}\n```\n\nLooker will never return an **auth_password**. If this request omits the **auth_password** field, then the **auth_password** value from the active config (if present) will be used for the test.\n\nThe active LDAP settings are not modified.\n\nCalls to this endpoint may be denied by [Looker (Google Cloud core)](https://cloud.google.com/looker/docs/r/looker-core/overview).\n", "parameters": [ { "name": "body", @@ -11471,7 +11471,7 @@ ], "operationId": "test_ldap_config_user_info", "summary": "Test LDAP User Info", - "description": "### Test the user authentication settings for an LDAP configuration without authenticating the user.\n\nThis test will let you easily test the mapping for user properties and roles for any user without needing to authenticate as that user.\n\nThis test accepts a full LDAP configuration along with a username and attempts to find the full info for the user from the LDAP server without actually authenticating the user. So, user password is not required.The configuration is validated before attempting to contact the server.\n\n**test_ldap_user** is required.\n\nThe active LDAP settings are not modified.\n\nCalls to this endpoint may be denied by [Looker (Google Cloud core)](https://cloud.google.com/looker/docs/r/looker-core/overview).\n", + "description": "### Test the user authentication settings for an LDAP configuration without authenticating the user.\n\nThis test will let you easily test the mapping for user properties and roles for any user withoutneeding to authenticate as that user.\n\nThis test accepts a full LDAP configuration along with a username and attempts to find the full infofor the user from the LDAP server without actually authenticating the user. So, user password is notrequired.The configuration is validated before attempting to contact the server.\n\n**test_ldap_user** is required.\n\nThe active LDAP settings are not modified.\n\nCalls to this endpoint may be denied by [Looker (Google Cloud core)](https://cloud.google.com/looker/docs/r/looker-core/overview).\n", "parameters": [ { "name": "body", @@ -11526,7 +11526,7 @@ ], "operationId": "test_ldap_config_user_auth", "summary": "Test LDAP User Auth", - "description": "### Test the user authentication settings for an LDAP configuration.\n\nThis test accepts a full LDAP configuration along with a username/password pair and attempts to authenticate the user with the LDAP server. The configuration is validated before attempting the authentication.\n\nLooker will never return an **auth_password**. If this request omits the **auth_password** field, then the **auth_password** value from the active config (if present) will be used for the test.\n\n**test_ldap_user** and **test_ldap_password** are required.\n\nThe active LDAP settings are not modified.\n\nCalls to this endpoint may be denied by [Looker (Google Cloud core)](https://cloud.google.com/looker/docs/r/looker-core/overview).\n", + "description": "### Test the user authentication settings for an LDAP configuration.\n\nThis test accepts a full LDAP configuration along with a username/password pair and attempts to authenticate the user with the LDAP server. The configuration is validated before attempting the authentication.\n\nLooker will never return an **auth_password**. If this request omits the **auth_password** field, then the **auth_password** value from the active config (if present) will be used for the test.\n\n**test_ldap_user** and **test_ldap_password** are required.\n\nThe active LDAP settings are not modified.\n\nCalls to this endpoint may be denied by [Looker (Google Cloud core)](https://cloud.google.com/looker/docs/r/looker-core/overview).\n", "parameters": [ { "name": "body", @@ -14570,7 +14570,7 @@ ], "operationId": "oidc_config", "summary": "Get OIDC Configuration", - "description": "### Get the OIDC configuration.\n\nLooker can be optionally configured to authenticate users against an OpenID Connect (OIDC)\nauthentication server. OIDC setup requires coordination with an administrator of that server.\n\nOnly Looker administrators can read and update the OIDC configuration.\n\nConfiguring OIDC impacts authentication for all users. This configuration should be done carefully.\n\nLooker maintains a single OIDC configuation. It can be read and updated. Updates only succeed if the new state will be valid (in the sense that all required fields are populated); it is up to you to ensure that the configuration is appropriate and correct).\n\nOIDC is enabled or disabled for Looker using the **enabled** field.\n\nCalls to this endpoint may be denied by [Looker (Google Cloud core)](https://cloud.google.com/looker/docs/r/looker-core/overview).\n", + "description": "### Get the OIDC configuration.\n\nLooker can be optionally configured to authenticate users against an OpenID Connect (OIDC)\nauthentication server. OIDC setup requires coordination with an administrator of that server.\n\nOnly Looker administrators can read and update the OIDC configuration.\n\nConfiguring OIDC impacts authentication for all users. This configuration should be done carefully.\n\nLooker maintains a single OIDC configuation. It can be read and updated. Updates only succeed if the new state will be valid (in the sense that all required fields are populated); it is up to you to ensure that the configuration is appropriate and correct).\n\nOIDC is enabled or disabled for Looker using the **enabled** field.\n\nCalls to this endpoint may be denied by [Looker (Google Cloud core)](https://cloud.google.com/looker/docs/r/looker-core/overview).\n", "responses": { "200": { "description": "OIDC Configuration.", @@ -18020,7 +18020,7 @@ ], "operationId": "saml_config", "summary": "Get SAML Configuration", - "description": "### Get the SAML configuration.\n\nLooker can be optionally configured to authenticate users against a SAML authentication server.\nSAML setup requires coordination with an administrator of that server.\n\nOnly Looker administrators can read and update the SAML configuration.\n\nConfiguring SAML impacts authentication for all users. This configuration should be done carefully.\n\nLooker maintains a single SAML configuation. It can be read and updated. Updates only succeed if the new state will be valid (in the sense that all required fields are populated); it is up to you to ensure that the configuration is appropriate and correct).\n\nSAML is enabled or disabled for Looker using the **enabled** field.\n\nCalls to this endpoint may be denied by [Looker (Google Cloud core)](https://cloud.google.com/looker/docs/r/looker-core/overview).\n", + "description": "### Get the SAML configuration.\n\nLooker can be optionally configured to authenticate users against a SAML authentication server.\nSAML setup requires coordination with an administrator of that server.\n\nOnly Looker administrators can read and update the SAML configuration.\n\nConfiguring SAML impacts authentication for all users. This configuration should be done carefully.\n\nLooker maintains a single SAML configuation. It can be read and updated. Updates only succeed if the new state will be valid (in the sense that all required fields are populated); it is up to you to ensure that the configuration is appropriate and correct).\n\nSAML is enabled or disabled for Looker using the **enabled** field.\n\nCalls to this endpoint may be denied by [Looker (Google Cloud core)](https://cloud.google.com/looker/docs/r/looker-core/overview).\n", "responses": { "200": { "description": "SAML Configuration.", @@ -19173,7 +19173,7 @@ ], "operationId": "set_setting", "summary": "Set Setting", - "description": "### Configure Looker Settings\n\nAvailable settings are:\n - allow_user_timezones\n - custom_welcome_email\n - data_connector_default_enabled\n - extension_framework_enabled\n - extension_load_url_enabled\n - marketplace_auto_install_enabled\n - marketplace_terms_accepted\n - marketplace_enabled\n - onboarding_enabled\n - privatelabel_configuration\n - timezone\n - host_url\n - email_domain_allowlist\n - embed_cookieless_v2\n - embed_enabled\n\nSee the `Setting` type for more information on the specific values that can be configured.\n\nIf a setting update is rejected, the API error payload should provide information on the cause of the rejection.\n", + "description": "### Configure Looker Settings\n\nAvailable settings are:\n - allow_user_timezones\n - custom_welcome_email\n - data_connector_default_enabled\n - extension_framework_enabled\n - extension_load_url_enabled\n - marketplace_auto_install_enabled\n - marketplace_automation\n - marketplace_terms_accepted\n - marketplace_enabled\n - marketplace_site\n - onboarding_enabled\n - privatelabel_configuration\n - timezone\n - host_url\n - email_domain_allowlist\n - embed_cookieless_v2\n - embed_enabled\n - embed_config\n\nSee the `Setting` type for more information on the specific values that can be configured.\n\nIf a setting update is rejected, the API error payload should provide information on the cause of the rejection.\n", "parameters": [ { "name": "body", @@ -19245,7 +19245,7 @@ ], "operationId": "get_setting", "summary": "Get Setting", - "description": "### Get Looker Settings\n\nAvailable settings are:\n - allow_user_timezones\n - custom_welcome_email\n - data_connector_default_enabled\n - extension_framework_enabled\n - extension_load_url_enabled\n - marketplace_auto_install_enabled\n - marketplace_terms_accepted\n - marketplace_enabled\n - onboarding_enabled\n - privatelabel_configuration\n - timezone\n - host_url\n - email_domain_allowlist\n - embed_cookieless_v2\n - embed_enabled\n\n", + "description": "### Get Looker Settings\n\nAvailable settings are:\n - allow_user_timezones\n - custom_welcome_email\n - data_connector_default_enabled\n - extension_framework_enabled\n - extension_load_url_enabled\n - marketplace_auto_install_enabled\n - marketplace_automation\n - marketplace_terms_accepted\n - marketplace_enabled\n - marketplace_site\n - onboarding_enabled\n - privatelabel_configuration\n - timezone\n - host_url\n - email_domain_allowlist\n - embed_cookieless_v2\n - embed_enabled\n - embed_config\n\n", "parameters": [ { "name": "fields", @@ -30721,6 +30721,72 @@ }, "x-looker-status": "stable" }, + "EmbedConfig": { + "properties": { + "domain_allowlist": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of domains to allow for embedding", + "x-looker-nullable": true + }, + "alert_url_allowlist": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of base urls to allow for alert/schedule", + "x-looker-nullable": true + }, + "alert_url_param_owner": { + "type": "string", + "description": "Owner of who defines the alert/schedule params on the base url", + "x-looker-nullable": true + }, + "alert_url_label": { + "type": "string", + "description": "Label for the alert/schedule url", + "x-looker-nullable": true + }, + "sso_auth_enabled": { + "type": "boolean", + "description": "Is SSO embedding enabled for this Looker", + "x-looker-nullable": false + }, + "embed_cookieless_v2": { + "type": "boolean", + "description": "Is Cookieless embedding enabled for this Looker", + "x-looker-nullable": false + }, + "embed_content_navigation": { + "type": "boolean", + "description": "Is embed content navigation enabled for this looker", + "x-looker-nullable": false + }, + "embed_content_management": { + "type": "boolean", + "description": "Is embed content management enabled for this Looker", + "x-looker-nullable": false + }, + "strict_sameorigin_for_login": { + "type": "boolean", + "description": "When true, prohibits the use of Looker login pages in non-Looker iframes. When false, Looker login pages may be used in non-Looker hosted iframes.", + "x-looker-nullable": false + }, + "look_filters": { + "type": "boolean", + "description": "When true, filters are enabled on embedded Looks", + "x-looker-nullable": false + }, + "hide_look_navigation": { + "type": "boolean", + "description": "When true, removes navigation to Looks from embedded dashboards and explores.", + "x-looker-nullable": false + } + }, + "x-looker-status": "stable" + }, "EmbedParams": { "properties": { "target_url": { @@ -30732,7 +30798,7 @@ "session_length": { "type": "integer", "format": "int64", - "description": "Number of seconds the SSO embed session will be valid after the embed session is started. Defaults to 300 seconds. Maximum session length accepted is 2592000 seconds (30 days).", + "description": "Number of seconds the signed embed session will be valid after the embed session is started. Defaults to 300 seconds. Maximum session length accepted is 2592000 seconds (30 days).", "x-looker-nullable": true }, "force_logout_login": { @@ -30757,7 +30823,7 @@ "session_length": { "type": "integer", "format": "int64", - "description": "Number of seconds the SSO embed session will be valid after the embed session is started. Defaults to 300 seconds. Maximum session length accepted is 2592000 seconds (30 days).", + "description": "Number of seconds the signed embed session will be valid after the embed session is started. Defaults to 300 seconds. Maximum session length accepted is 2592000 seconds (30 days).", "x-looker-nullable": true }, "force_logout_login": { @@ -30767,7 +30833,7 @@ }, "external_user_id": { "type": "string", - "description": "A value from an external system that uniquely identifies the embed user. Since the user_ids of Looker embed users may change with every embed session, external_user_id provides a way to assign a known, stable user identifier across multiple embed sessions.", + "description": "A value from an external system that uniquely identifies the embed user. Since the user_ids of Looker embed users may change with every embed session, external_user_id provides a way to assign a known, stable user identifier across multiple embed sessions. When the same external user id value is used for a new embed session, any existing session is terminated and existing access grants are replaced with the access grants associated with the new embed session.", "x-looker-nullable": true }, "first_name": { @@ -30827,6 +30893,11 @@ "type": "string", "description": "Id of the embed secret to use to sign this SSO url. If specified, the value must be an id of a valid (active) secret defined in the Looker instance. If not specified, the URL will be signed with the newest active embed secret defined in the Looker instance.", "x-looker-nullable": true + }, + "embed_domain": { + "type": "string", + "description": "Optional. URL of the domain hosting the signed embed URL. If provided and valid, the embed_domain will be added to the embed domain allowlist if it is not currently in the list", + "x-looker-nullable": true } }, "x-looker-status": "stable", @@ -30839,7 +30910,7 @@ "session_length": { "type": "integer", "format": "int64", - "description": "Number of seconds the SSO embed session will be valid after the embed session is started. Defaults to 300 seconds. Maximum session length accepted is 2592000 seconds (30 days).", + "description": "Number of seconds the signed embed session will be valid after the embed session is started. Defaults to 300 seconds. Maximum session length accepted is 2592000 seconds (30 days).", "x-looker-nullable": true }, "force_logout_login": { @@ -30849,7 +30920,7 @@ }, "external_user_id": { "type": "string", - "description": "A value from an external system that uniquely identifies the embed user. Since the user_ids of Looker embed users may change with every embed session, external_user_id provides a way to assign a known, stable user identifier across multiple embed sessions.", + "description": "A value from an external system that uniquely identifies the embed user. Since the user_ids of Looker embed users may change with every embed session, external_user_id provides a way to assign a known, stable user identifier across multiple embed sessions. When the same external user id value is used for a new embed session, any existing session is terminated and existing access grants are replaced with the access grants associated with the new embed session.", "x-looker-nullable": true }, "first_name": { @@ -30905,14 +30976,14 @@ "description": "A dictionary of name-value pairs associating a Looker user attribute name with a value.", "x-looker-nullable": true }, - "session_reference_token": { + "embed_domain": { "type": "string", - "description": "Token referencing the embed session and is used to generate new authentication, navigation and api tokens.", + "description": "The domain of the server embedding the Looker IFRAME. This is an alternative to specifying the domain in the embedded domain allow list in the Looker embed admin page.", "x-looker-nullable": true }, - "embed_domain": { + "session_reference_token": { "type": "string", - "description": "The domain of the server embedding the Looker IFRAME. This is an alternative to specifying the domain in the embedded domain allow list in the Looker embed admin page.", + "description": "Token referencing the embed session and is used to generate new authentication, navigation and api tokens.", "x-looker-nullable": true } }, @@ -34991,6 +35062,26 @@ }, "x-looker-status": "stable" }, + "MarketplaceAutomation": { + "properties": { + "install_enabled": { + "type": "boolean", + "description": "Whether marketplace auto installation is enabled", + "x-looker-nullable": false + }, + "update_looker_enabled": { + "type": "boolean", + "description": "Whether marketplace auto update is enabled for looker extensions", + "x-looker-nullable": false + }, + "update_third_party_enabled": { + "type": "boolean", + "description": "Whether marketplace auto update is enabled for third party extensions", + "x-looker-nullable": false + } + }, + "x-looker-status": "stable" + }, "MaterializePDT": { "properties": { "materialization_id": { @@ -38553,12 +38644,19 @@ "extension_load_url_enabled": { "type": "boolean", "x-looker-deprecated": true, - "description": "(DEPRECATED) Toggle extension extension load url on or off. Do not use. This is temporary setting that will eventually become a noop and subsequently deleted.", + "description": "(DEPRECATED) Toggle extension load url on or off. Do not use. This is temporary setting that will eventually become a noop and subsequently deleted.", "x-looker-nullable": false }, "marketplace_auto_install_enabled": { "type": "boolean", - "description": "Toggle marketplace auto install on or off. Note that auto install only runs if marketplace is enabled.", + "x-looker-deprecated": true, + "description": "(DEPRECATED) Toggle marketplace auto install on or off. Deprecated - do not use. Auto install can now be enabled via marketplace automation settings", + "x-looker-nullable": false + }, + "marketplace_automation": { + "$ref": "#/definitions/MarketplaceAutomation", + "readOnly": true, + "description": "Marketplace automation settings.", "x-looker-nullable": false }, "marketplace_enabled": { @@ -38566,6 +38664,12 @@ "description": "Toggle marketplace on or off", "x-looker-nullable": false }, + "marketplace_site": { + "type": "string", + "readOnly": true, + "description": "Location of Looker marketplace CDN", + "x-looker-nullable": false + }, "marketplace_terms_accepted": { "type": "boolean", "description": "Accept marketplace terms by setting this value to true, or get the current status. Marketplace terms CANNOT be declined once accepted. Accepting marketplace terms automatically enables the marketplace. The marketplace can still be disabled after it has been enabled.", @@ -38624,7 +38728,8 @@ }, "embed_cookieless_v2": { "type": "boolean", - "description": "Toggle cookieless embed setting", + "x-looker-deprecated": true, + "description": "(DEPRECATED) Use embed_config.embed_cookieless_v2 instead. If embed_config.embed_cookieless_v2 is specified, it overrides this value.", "x-looker-nullable": false }, "embed_enabled": { @@ -38632,6 +38737,12 @@ "readOnly": true, "description": "True if embedding is enabled https://cloud.google.com/looker/docs/r/looker-core-feature-embed, false otherwise", "x-looker-nullable": false + }, + "embed_config": { + "$ref": "#/definitions/EmbedConfig", + "readOnly": true, + "description": "Embed configuration. Requires embedding to be enabled https://cloud.google.com/looker/docs/r/looker-core-feature-embed", + "x-looker-nullable": false } }, "x-looker-status": "stable" diff --git a/spec/Looker.4.0.oas.json b/spec/Looker.4.0.oas.json index a976e8449..8a19e8ed1 100644 --- a/spec/Looker.4.0.oas.json +++ b/spec/Looker.4.0.oas.json @@ -1,8 +1,8 @@ { "openapi": "3.0.0", "info": { - "version": "4.0.23.12", - "x-looker-release-version": "23.12.5", + "version": "4.0.23.14", + "x-looker-release-version": "23.14.9", "title": "Looker API 4.0 Reference", "description": "\nAPI 4.0 is the current release of the Looker API. API 3.1 is deprecated.\n\n### Authorization\n\nThe classic method of API authorization uses Looker **API** credentials for authorization and access control.\nLooker admins can create API credentials on Looker's **Admin/Users** page.\n\nAPI 4.0 adds additional ways to authenticate API requests, including OAuth and CORS requests.\n\nFor details, see [Looker API Authorization](https://cloud.google.com/looker/docs/r/api/authorization).\n\n\n### API Explorer\n\nThe API Explorer is a Looker-provided utility with many new and unique features for learning and using the Looker API and SDKs.\n\nFor details, see the [API Explorer documentation](https://cloud.google.com/looker/docs/r/api/explorer).\n\n\n### Looker Language SDKs\n\nThe Looker API is a RESTful system that should be usable by any programming language capable of making\nHTTPS requests. SDKs for a variety of programming languages are also provided to streamline using the API. Looker\nhas an OpenSource [sdk-codegen project](https://github.com/looker-open-source/sdk-codegen) that provides several\nlanguage SDKs. Language SDKs generated by `sdk-codegen` have an Authentication manager that can automatically\nauthenticate API requests when needed.\n\nFor details on available Looker SDKs, see [Looker API Client SDKs](https://cloud.google.com/looker/docs/r/api/client_sdks).\n\n\n### API Versioning\n\nFuture releases of Looker expand the latest API version release-by-release to securely expose more and more of the core\npower of the Looker platform to API client applications. API endpoints marked as \"beta\" may receive breaking changes without\nwarning (but we will try to avoid doing that). Stable (non-beta) API endpoints should not receive breaking\nchanges in future releases.\n\nFor details, see [Looker API Versioning](https://cloud.google.com/looker/docs/r/api/versioning).\n\n\n### In This Release\n\nAPI 4.0 version was introduced to make adjustments to API functions, parameters, and response types to\nfix bugs and inconsistencies. These changes fall outside the bounds of non-breaking additive changes we can\nmake to the previous API 3.1.\n\nOne benefit of these type adjustments in API 4.0 is dramatically better support for strongly\ntyped languages like TypeScript, Kotlin, Swift, Go, C#, and more.\n\nSee the [API 4.0 GA announcement](https://developers.looker.com/api/advanced-usage/version-4-ga) for more information\nabout API 4.0.\n\nThe API Explorer can be used to [interactively compare](https://cloud.google.com/looker/docs/r/api/explorer#comparing_api_versions) the differences between API 3.1 and 4.0.\n\n\n### API and SDK Support Policies\n\nLooker API versions and language SDKs have varying support levels. Please read the API and SDK\n[support policies](https://cloud.google.com/looker/docs/r/api/support-policy) for more information.\n\n\n", "contact": { @@ -10424,11 +10424,11 @@ "Auth" ], "operationId": "create_sso_embed_url", - "summary": "Create SSO Embed Url", - "description": "### Create SSO Embed URL\n\nCreates an SSO embed URL and cryptographically signs it with an embed secret.\nThis signed URL can then be used to instantiate a Looker embed session in a PBL web application.\nDo not make any modifications to this URL - any change may invalidate the signature and\ncause the URL to fail to load a Looker embed session.\n\nA signed SSO embed URL can only be used once. After it has been used to request a page from the\nLooker server, the URL is invalid. Future requests using the same URL will fail. This is to prevent\n'replay attacks'.\n\nThe `target_url` property must be a complete URL of a Looker UI page - scheme, hostname, path and query params.\nTo load a dashboard with id 56 and with a filter of `Date=1 years`, the looker URL would look like `https:/myname.looker.com/dashboards/56?Date=1%20years`.\nThe best way to obtain this target_url is to navigate to the desired Looker page in your web browser,\ncopy the URL shown in the browser address bar and paste it into the `target_url` property as a quoted string value in this API request.\n\nPermissions for the embed user are defined by the groups in which the embed user is a member (group_ids property)\nand the lists of models and permissions assigned to the embed user.\nAt a minimum, you must provide values for either the group_ids property, or both the models and permissions properties.\nThese properties are additive; an embed user can be a member of certain groups AND be granted access to models and permissions.\n\nThe embed user's access is the union of permissions granted by the group_ids, models, and permissions properties.\n\nThis function does not strictly require all group_ids, user attribute names, or model names to exist at the moment the\nSSO embed url is created. Unknown group_id, user attribute names or model names will be passed through to the output URL.\nTo diagnose potential problems with an SSO embed URL, you can copy the signed URL into the Embed URI Validator text box in `/admin/embed`.\n\nThe `secret_id` parameter is optional. If specified, its value must be the id of an active secret defined in the Looker instance.\nif not specified, the URL will be signed using the newest active secret defined in the Looker instance.\n\n#### Security Note\nProtect this signed URL as you would an access token or password credentials - do not write\nit to disk, do not pass it to a third party, and only pass it through a secure HTTPS\nencrypted transport.\n\n\nCalls to this endpoint require [Embedding](https://cloud.google.com/looker/docs/r/looker-core-feature-embed) to be enabled\n", + "summary": "Create Signed Embed Url", + "description": "### Create Signed Embed URL\n\nCreates a signed embed URL and cryptographically signs it with an embed secret.\nThis signed URL can then be used to instantiate a Looker embed session in a PBL web application.\nDo not make any modifications to the returned URL - any change may invalidate the signature and\ncause the URL to fail to load a Looker embed session.\n\nA signed embed URL can only be **used once**. After the URL has been used to request a page from the\nLooker server, it is invalid. Future requests using the same URL will fail. This is to prevent\n'replay attacks'.\n\nThe `target_url` property must be a complete URL of a Looker UI page - scheme, hostname, path and query params.\nTo load a dashboard with id 56 and with a filter of `Date=1 years`, the looker URL would look like `https:/myname.looker.com/dashboards/56?Date=1%20years`.\nThe best way to obtain this `target_url` is to navigate to the desired Looker page in your web browser and use the \"Get embed URL\" menu option\nto copy it to your clipboard and paste it into the `target_url` property as a quoted string value in this API request.\n\nPermissions for the embed user are defined by the groups in which the embed user is a member (`group_ids` property)\nand the lists of models and permissions assigned to the embed user.\nAt a minimum, you must provide values for either the `group_ids` property, or **both** the models and permissions properties.\nThese properties are additive; an embed user can be a member of certain groups AND be granted access to models and permissions.\n\nThe embed user's access is the union of permissions granted by the `group_ids`, `models`, and `permissions` properties.\n\nThis function does not strictly require all group_ids, user attribute names, or model names to exist at the moment the\nembed url is created. Unknown group_id, user attribute names or model names will be passed through to the output URL.\n\nTo diagnose potential problems with an SSO embed URL, you can copy the signed URL into the Embed URI Validator text box in `/admin/embed`.\n\nThe `secret_id` parameter is optional. If specified, its value must be the id of an active secret defined in the Looker instance.\nif not specified, the URL will be signed using the most recent active signing secret. If there is no active secret for signing embed urls,\na default secret will be created. This default secret is encrypted using HMAC/SHA-256.\n\nThe `embed_domain` parameter is optional. If specified and valid, the domain will be added to the embed domain allowlist if it is missing.\n\n#### Security Note\nProtect this signed URL as you would an access token or password credentials - do not write\nit to disk, do not pass it to a third party, and only pass it through a secure HTTPS\nencrypted transport.\n\n\nCalls to this endpoint require [Embedding](https://cloud.google.com/looker/docs/r/looker-core-feature-embed) to be enabled\n", "responses": { "200": { - "description": "Signed SSO URL", + "description": "Signed Embed URL", "content": { "application/json": { "schema": { @@ -10498,7 +10498,7 @@ } } }, - "description": "SSO parameters", + "description": "Signed Embed URL parameters", "required": true } } @@ -15465,7 +15465,7 @@ ], "operationId": "ldap_config", "summary": "Get LDAP Configuration", - "description": "### Get the LDAP configuration.\n\nLooker can be optionally configured to authenticate users against an Active Directory or other LDAP directory server.\nLDAP setup requires coordination with an administrator of that directory server.\n\nOnly Looker administrators can read and update the LDAP configuration.\n\nConfiguring LDAP impacts authentication for all users. This configuration should be done carefully.\n\nLooker maintains a single LDAP configuration. It can be read and updated. Updates only succeed if the new state will be valid (in the sense that all required fields are populated); it is up to you to ensure that the configuration is appropriate and correct).\n\nLDAP is enabled or disabled for Looker using the **enabled** field.\n\nLooker will never return an **auth_password** field. That value can be set, but never retrieved.\n\nSee the [Looker LDAP docs](https://cloud.google.com/looker/docs/r/api/ldap_setup) for additional information.\n\nCalls to this endpoint may be denied by [Looker (Google Cloud core)](https://cloud.google.com/looker/docs/r/looker-core/overview).\n", + "description": "### Get the LDAP configuration.\n\nLooker can be optionally configured to authenticate users against an Active Directory or other LDAP directory server.\nLDAP setup requires coordination with an administrator of that directory server.\n\nOnly Looker administrators can read and update the LDAP configuration.\n\nConfiguring LDAP impacts authentication for all users. This configuration should be done carefully.\n\nLooker maintains a single LDAP configuration. It can be read and updated. Updates only succeed if the new state will be valid (in the sense that all required fields are populated); it is up to you to ensure that the configuration is appropriate and correct).\n\nLDAP is enabled or disabled for Looker using the **enabled** field.\n\nLooker will never return an **auth_password** field. That value can be set, but never retrieved.\n\nSee the [Looker LDAP docs](https://cloud.google.com/looker/docs/r/api/ldap_setup) for additional information.\n\nCalls to this endpoint may be denied by [Looker (Google Cloud core)](https://cloud.google.com/looker/docs/r/looker-core/overview).\n", "responses": { "200": { "description": "LDAP Configuration.", @@ -15657,7 +15657,7 @@ ], "operationId": "test_ldap_config_auth", "summary": "Test LDAP Auth", - "description": "### Test the connection authentication settings for an LDAP configuration.\n\nThis tests that the connection is possible and that a 'server' account to be used by Looker can authenticate to the LDAP server given connection and authentication information.\n\n**connection_host**, **connection_port**, and **auth_username**, are required. **connection_tls** and **auth_password** are optional.\n\nExample:\n```json\n{\n \"connection_host\": \"ldap.example.com\",\n \"connection_port\": \"636\",\n \"connection_tls\": true,\n \"auth_username\": \"cn=looker,dc=example,dc=com\",\n \"auth_password\": \"secret\"\n}\n```\n\nLooker will never return an **auth_password**. If this request omits the **auth_password** field, then the **auth_password** value from the active config (if present) will be used for the test.\n\nThe active LDAP settings are not modified.\n\nCalls to this endpoint may be denied by [Looker (Google Cloud core)](https://cloud.google.com/looker/docs/r/looker-core/overview).\n", + "description": "### Test the connection authentication settings for an LDAP configuration.\n\nThis tests that the connection is possible and that a 'server' account to be used by Looker can authenticate to the LDAP server given connection and authentication information.\n\n**connection_host**, **connection_port**, and **auth_username**, are required. **connection_tls** and **auth_password** are optional.\n\nExample:\n```json\n{\n \"connection_host\": \"ldap.example.com\",\n \"connection_port\": \"636\",\n \"connection_tls\": true,\n \"auth_username\": \"cn=looker,dc=example,dc=com\",\n \"auth_password\": \"secret\"\n}\n```\n\nLooker will never return an **auth_password**. If this request omits the **auth_password** field, then the **auth_password** value from the active config (if present) will be used for the test.\n\nThe active LDAP settings are not modified.\n\nCalls to this endpoint may be denied by [Looker (Google Cloud core)](https://cloud.google.com/looker/docs/r/looker-core/overview).\n", "responses": { "200": { "description": "Result info.", @@ -15732,7 +15732,7 @@ ], "operationId": "test_ldap_config_user_info", "summary": "Test LDAP User Info", - "description": "### Test the user authentication settings for an LDAP configuration without authenticating the user.\n\nThis test will let you easily test the mapping for user properties and roles for any user without needing to authenticate as that user.\n\nThis test accepts a full LDAP configuration along with a username and attempts to find the full info for the user from the LDAP server without actually authenticating the user. So, user password is not required.The configuration is validated before attempting to contact the server.\n\n**test_ldap_user** is required.\n\nThe active LDAP settings are not modified.\n\nCalls to this endpoint may be denied by [Looker (Google Cloud core)](https://cloud.google.com/looker/docs/r/looker-core/overview).\n", + "description": "### Test the user authentication settings for an LDAP configuration without authenticating the user.\n\nThis test will let you easily test the mapping for user properties and roles for any user withoutneeding to authenticate as that user.\n\nThis test accepts a full LDAP configuration along with a username and attempts to find the full infofor the user from the LDAP server without actually authenticating the user. So, user password is notrequired.The configuration is validated before attempting to contact the server.\n\n**test_ldap_user** is required.\n\nThe active LDAP settings are not modified.\n\nCalls to this endpoint may be denied by [Looker (Google Cloud core)](https://cloud.google.com/looker/docs/r/looker-core/overview).\n", "responses": { "200": { "description": "Result info.", @@ -15807,7 +15807,7 @@ ], "operationId": "test_ldap_config_user_auth", "summary": "Test LDAP User Auth", - "description": "### Test the user authentication settings for an LDAP configuration.\n\nThis test accepts a full LDAP configuration along with a username/password pair and attempts to authenticate the user with the LDAP server. The configuration is validated before attempting the authentication.\n\nLooker will never return an **auth_password**. If this request omits the **auth_password** field, then the **auth_password** value from the active config (if present) will be used for the test.\n\n**test_ldap_user** and **test_ldap_password** are required.\n\nThe active LDAP settings are not modified.\n\nCalls to this endpoint may be denied by [Looker (Google Cloud core)](https://cloud.google.com/looker/docs/r/looker-core/overview).\n", + "description": "### Test the user authentication settings for an LDAP configuration.\n\nThis test accepts a full LDAP configuration along with a username/password pair and attempts to authenticate the user with the LDAP server. The configuration is validated before attempting the authentication.\n\nLooker will never return an **auth_password**. If this request omits the **auth_password** field, then the **auth_password** value from the active config (if present) will be used for the test.\n\n**test_ldap_user** and **test_ldap_password** are required.\n\nThe active LDAP settings are not modified.\n\nCalls to this endpoint may be denied by [Looker (Google Cloud core)](https://cloud.google.com/looker/docs/r/looker-core/overview).\n", "responses": { "200": { "description": "Result info.", @@ -20020,7 +20020,7 @@ ], "operationId": "oidc_config", "summary": "Get OIDC Configuration", - "description": "### Get the OIDC configuration.\n\nLooker can be optionally configured to authenticate users against an OpenID Connect (OIDC)\nauthentication server. OIDC setup requires coordination with an administrator of that server.\n\nOnly Looker administrators can read and update the OIDC configuration.\n\nConfiguring OIDC impacts authentication for all users. This configuration should be done carefully.\n\nLooker maintains a single OIDC configuation. It can be read and updated. Updates only succeed if the new state will be valid (in the sense that all required fields are populated); it is up to you to ensure that the configuration is appropriate and correct).\n\nOIDC is enabled or disabled for Looker using the **enabled** field.\n\nCalls to this endpoint may be denied by [Looker (Google Cloud core)](https://cloud.google.com/looker/docs/r/looker-core/overview).\n", + "description": "### Get the OIDC configuration.\n\nLooker can be optionally configured to authenticate users against an OpenID Connect (OIDC)\nauthentication server. OIDC setup requires coordination with an administrator of that server.\n\nOnly Looker administrators can read and update the OIDC configuration.\n\nConfiguring OIDC impacts authentication for all users. This configuration should be done carefully.\n\nLooker maintains a single OIDC configuation. It can be read and updated. Updates only succeed if the new state will be valid (in the sense that all required fields are populated); it is up to you to ensure that the configuration is appropriate and correct).\n\nOIDC is enabled or disabled for Looker using the **enabled** field.\n\nCalls to this endpoint may be denied by [Looker (Google Cloud core)](https://cloud.google.com/looker/docs/r/looker-core/overview).\n", "responses": { "200": { "description": "OIDC Configuration.", @@ -24748,7 +24748,7 @@ ], "operationId": "saml_config", "summary": "Get SAML Configuration", - "description": "### Get the SAML configuration.\n\nLooker can be optionally configured to authenticate users against a SAML authentication server.\nSAML setup requires coordination with an administrator of that server.\n\nOnly Looker administrators can read and update the SAML configuration.\n\nConfiguring SAML impacts authentication for all users. This configuration should be done carefully.\n\nLooker maintains a single SAML configuation. It can be read and updated. Updates only succeed if the new state will be valid (in the sense that all required fields are populated); it is up to you to ensure that the configuration is appropriate and correct).\n\nSAML is enabled or disabled for Looker using the **enabled** field.\n\nCalls to this endpoint may be denied by [Looker (Google Cloud core)](https://cloud.google.com/looker/docs/r/looker-core/overview).\n", + "description": "### Get the SAML configuration.\n\nLooker can be optionally configured to authenticate users against a SAML authentication server.\nSAML setup requires coordination with an administrator of that server.\n\nOnly Looker administrators can read and update the SAML configuration.\n\nConfiguring SAML impacts authentication for all users. This configuration should be done carefully.\n\nLooker maintains a single SAML configuation. It can be read and updated. Updates only succeed if the new state will be valid (in the sense that all required fields are populated); it is up to you to ensure that the configuration is appropriate and correct).\n\nSAML is enabled or disabled for Looker using the **enabled** field.\n\nCalls to this endpoint may be denied by [Looker (Google Cloud core)](https://cloud.google.com/looker/docs/r/looker-core/overview).\n", "responses": { "200": { "description": "SAML Configuration.", @@ -26307,7 +26307,7 @@ ], "operationId": "set_setting", "summary": "Set Setting", - "description": "### Configure Looker Settings\n\nAvailable settings are:\n - allow_user_timezones\n - custom_welcome_email\n - data_connector_default_enabled\n - extension_framework_enabled\n - extension_load_url_enabled\n - marketplace_auto_install_enabled\n - marketplace_terms_accepted\n - marketplace_enabled\n - onboarding_enabled\n - privatelabel_configuration\n - timezone\n - host_url\n - email_domain_allowlist\n - embed_cookieless_v2\n - embed_enabled\n\nSee the `Setting` type for more information on the specific values that can be configured.\n\nIf a setting update is rejected, the API error payload should provide information on the cause of the rejection.\n", + "description": "### Configure Looker Settings\n\nAvailable settings are:\n - allow_user_timezones\n - custom_welcome_email\n - data_connector_default_enabled\n - extension_framework_enabled\n - extension_load_url_enabled\n - marketplace_auto_install_enabled\n - marketplace_automation\n - marketplace_terms_accepted\n - marketplace_enabled\n - marketplace_site\n - onboarding_enabled\n - privatelabel_configuration\n - timezone\n - host_url\n - email_domain_allowlist\n - embed_cookieless_v2\n - embed_enabled\n - embed_config\n\nSee the `Setting` type for more information on the specific values that can be configured.\n\nIf a setting update is rejected, the API error payload should provide information on the cause of the rejection.\n", "parameters": [ { "name": "fields", @@ -26411,7 +26411,7 @@ ], "operationId": "get_setting", "summary": "Get Setting", - "description": "### Get Looker Settings\n\nAvailable settings are:\n - allow_user_timezones\n - custom_welcome_email\n - data_connector_default_enabled\n - extension_framework_enabled\n - extension_load_url_enabled\n - marketplace_auto_install_enabled\n - marketplace_terms_accepted\n - marketplace_enabled\n - onboarding_enabled\n - privatelabel_configuration\n - timezone\n - host_url\n - email_domain_allowlist\n - embed_cookieless_v2\n - embed_enabled\n\n", + "description": "### Get Looker Settings\n\nAvailable settings are:\n - allow_user_timezones\n - custom_welcome_email\n - data_connector_default_enabled\n - extension_framework_enabled\n - extension_load_url_enabled\n - marketplace_auto_install_enabled\n - marketplace_automation\n - marketplace_terms_accepted\n - marketplace_enabled\n - marketplace_site\n - onboarding_enabled\n - privatelabel_configuration\n - timezone\n - host_url\n - email_domain_allowlist\n - embed_cookieless_v2\n - embed_enabled\n - embed_config\n\n", "parameters": [ { "name": "fields", @@ -40195,6 +40195,72 @@ }, "x-looker-status": "stable" }, + "EmbedConfig": { + "properties": { + "domain_allowlist": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of domains to allow for embedding", + "nullable": true + }, + "alert_url_allowlist": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of base urls to allow for alert/schedule", + "nullable": true + }, + "alert_url_param_owner": { + "type": "string", + "description": "Owner of who defines the alert/schedule params on the base url", + "nullable": true + }, + "alert_url_label": { + "type": "string", + "description": "Label for the alert/schedule url", + "nullable": true + }, + "sso_auth_enabled": { + "type": "boolean", + "description": "Is SSO embedding enabled for this Looker", + "nullable": false + }, + "embed_cookieless_v2": { + "type": "boolean", + "description": "Is Cookieless embedding enabled for this Looker", + "nullable": false + }, + "embed_content_navigation": { + "type": "boolean", + "description": "Is embed content navigation enabled for this looker", + "nullable": false + }, + "embed_content_management": { + "type": "boolean", + "description": "Is embed content management enabled for this Looker", + "nullable": false + }, + "strict_sameorigin_for_login": { + "type": "boolean", + "description": "When true, prohibits the use of Looker login pages in non-Looker iframes. When false, Looker login pages may be used in non-Looker hosted iframes.", + "nullable": false + }, + "look_filters": { + "type": "boolean", + "description": "When true, filters are enabled on embedded Looks", + "nullable": false + }, + "hide_look_navigation": { + "type": "boolean", + "description": "When true, removes navigation to Looks from embedded dashboards and explores.", + "nullable": false + } + }, + "x-looker-status": "stable" + }, "EmbedParams": { "properties": { "target_url": { @@ -40206,7 +40272,7 @@ "session_length": { "type": "integer", "format": "int64", - "description": "Number of seconds the SSO embed session will be valid after the embed session is started. Defaults to 300 seconds. Maximum session length accepted is 2592000 seconds (30 days).", + "description": "Number of seconds the signed embed session will be valid after the embed session is started. Defaults to 300 seconds. Maximum session length accepted is 2592000 seconds (30 days).", "nullable": true }, "force_logout_login": { @@ -40231,7 +40297,7 @@ "session_length": { "type": "integer", "format": "int64", - "description": "Number of seconds the SSO embed session will be valid after the embed session is started. Defaults to 300 seconds. Maximum session length accepted is 2592000 seconds (30 days).", + "description": "Number of seconds the signed embed session will be valid after the embed session is started. Defaults to 300 seconds. Maximum session length accepted is 2592000 seconds (30 days).", "nullable": true }, "force_logout_login": { @@ -40241,7 +40307,7 @@ }, "external_user_id": { "type": "string", - "description": "A value from an external system that uniquely identifies the embed user. Since the user_ids of Looker embed users may change with every embed session, external_user_id provides a way to assign a known, stable user identifier across multiple embed sessions.", + "description": "A value from an external system that uniquely identifies the embed user. Since the user_ids of Looker embed users may change with every embed session, external_user_id provides a way to assign a known, stable user identifier across multiple embed sessions. When the same external user id value is used for a new embed session, any existing session is terminated and existing access grants are replaced with the access grants associated with the new embed session.", "nullable": true }, "first_name": { @@ -40301,6 +40367,11 @@ "type": "string", "description": "Id of the embed secret to use to sign this SSO url. If specified, the value must be an id of a valid (active) secret defined in the Looker instance. If not specified, the URL will be signed with the newest active embed secret defined in the Looker instance.", "nullable": true + }, + "embed_domain": { + "type": "string", + "description": "Optional. URL of the domain hosting the signed embed URL. If provided and valid, the embed_domain will be added to the embed domain allowlist if it is not currently in the list", + "nullable": true } }, "x-looker-status": "stable", @@ -40313,7 +40384,7 @@ "session_length": { "type": "integer", "format": "int64", - "description": "Number of seconds the SSO embed session will be valid after the embed session is started. Defaults to 300 seconds. Maximum session length accepted is 2592000 seconds (30 days).", + "description": "Number of seconds the signed embed session will be valid after the embed session is started. Defaults to 300 seconds. Maximum session length accepted is 2592000 seconds (30 days).", "nullable": true }, "force_logout_login": { @@ -40323,7 +40394,7 @@ }, "external_user_id": { "type": "string", - "description": "A value from an external system that uniquely identifies the embed user. Since the user_ids of Looker embed users may change with every embed session, external_user_id provides a way to assign a known, stable user identifier across multiple embed sessions.", + "description": "A value from an external system that uniquely identifies the embed user. Since the user_ids of Looker embed users may change with every embed session, external_user_id provides a way to assign a known, stable user identifier across multiple embed sessions. When the same external user id value is used for a new embed session, any existing session is terminated and existing access grants are replaced with the access grants associated with the new embed session.", "nullable": true }, "first_name": { @@ -40379,14 +40450,14 @@ "description": "A dictionary of name-value pairs associating a Looker user attribute name with a value.", "nullable": true }, - "session_reference_token": { + "embed_domain": { "type": "string", - "description": "Token referencing the embed session and is used to generate new authentication, navigation and api tokens.", + "description": "The domain of the server embedding the Looker IFRAME. This is an alternative to specifying the domain in the embedded domain allow list in the Looker embed admin page.", "nullable": true }, - "embed_domain": { + "session_reference_token": { "type": "string", - "description": "The domain of the server embedding the Looker IFRAME. This is an alternative to specifying the domain in the embedded domain allow list in the Looker embed admin page.", + "description": "Token referencing the embed session and is used to generate new authentication, navigation and api tokens.", "nullable": true } }, @@ -44429,6 +44500,26 @@ }, "x-looker-status": "stable" }, + "MarketplaceAutomation": { + "properties": { + "install_enabled": { + "type": "boolean", + "description": "Whether marketplace auto installation is enabled", + "nullable": false + }, + "update_looker_enabled": { + "type": "boolean", + "description": "Whether marketplace auto update is enabled for looker extensions", + "nullable": false + }, + "update_third_party_enabled": { + "type": "boolean", + "description": "Whether marketplace auto update is enabled for third party extensions", + "nullable": false + } + }, + "x-looker-status": "stable" + }, "MaterializePDT": { "properties": { "materialization_id": { @@ -47952,19 +48043,29 @@ "extension_load_url_enabled": { "type": "boolean", "deprecated": true, - "description": "(DEPRECATED) Toggle extension extension load url on or off. Do not use. This is temporary setting that will eventually become a noop and subsequently deleted.", + "description": "(DEPRECATED) Toggle extension load url on or off. Do not use. This is temporary setting that will eventually become a noop and subsequently deleted.", "nullable": false }, "marketplace_auto_install_enabled": { "type": "boolean", - "description": "Toggle marketplace auto install on or off. Note that auto install only runs if marketplace is enabled.", + "deprecated": true, + "description": "(DEPRECATED) Toggle marketplace auto install on or off. Deprecated - do not use. Auto install can now be enabled via marketplace automation settings", "nullable": false }, + "marketplace_automation": { + "$ref": "#/components/schemas/MarketplaceAutomation" + }, "marketplace_enabled": { "type": "boolean", "description": "Toggle marketplace on or off", "nullable": false }, + "marketplace_site": { + "type": "string", + "readOnly": true, + "description": "Location of Looker marketplace CDN", + "nullable": false + }, "marketplace_terms_accepted": { "type": "boolean", "description": "Accept marketplace terms by setting this value to true, or get the current status. Marketplace terms CANNOT be declined once accepted. Accepting marketplace terms automatically enables the marketplace. The marketplace can still be disabled after it has been enabled.", @@ -48017,7 +48118,8 @@ }, "embed_cookieless_v2": { "type": "boolean", - "description": "Toggle cookieless embed setting", + "deprecated": true, + "description": "(DEPRECATED) Use embed_config.embed_cookieless_v2 instead. If embed_config.embed_cookieless_v2 is specified, it overrides this value.", "nullable": false }, "embed_enabled": { @@ -48025,6 +48127,9 @@ "readOnly": true, "description": "True if embedding is enabled https://cloud.google.com/looker/docs/r/looker-core-feature-embed, false otherwise", "nullable": false + }, + "embed_config": { + "$ref": "#/components/schemas/EmbedConfig" } }, "x-looker-status": "stable" diff --git a/swift/looker/rtl/constants.swift b/swift/looker/rtl/constants.swift index 87ce48c58..824ea57b0 100644 --- a/swift/looker/rtl/constants.swift +++ b/swift/looker/rtl/constants.swift @@ -51,7 +51,7 @@ extension String { } public struct Constants { - public static let lookerVersion = "23.12" + public static let lookerVersion = "23.14" public static let apiVersion = "4.0" public static let defaultApiVersion = "4.0" // Swift requires API 4.0 public static let sdkVersion = #"\#(apiVersion).\#(lookerVersion)"# diff --git a/swift/looker/sdk/methods.swift b/swift/looker/sdk/methods.swift index e7838bdce..3428977d4 100644 --- a/swift/looker/sdk/methods.swift +++ b/swift/looker/sdk/methods.swift @@ -738,35 +738,39 @@ open class LookerSDK: APIMethods { } /** - * ### Create SSO Embed URL + * ### Create Signed Embed URL * - * Creates an SSO embed URL and cryptographically signs it with an embed secret. + * Creates a signed embed URL and cryptographically signs it with an embed secret. * This signed URL can then be used to instantiate a Looker embed session in a PBL web application. - * Do not make any modifications to this URL - any change may invalidate the signature and + * Do not make any modifications to the returned URL - any change may invalidate the signature and * cause the URL to fail to load a Looker embed session. * - * A signed SSO embed URL can only be used once. After it has been used to request a page from the - * Looker server, the URL is invalid. Future requests using the same URL will fail. This is to prevent + * A signed embed URL can only be **used once**. After the URL has been used to request a page from the + * Looker server, it is invalid. Future requests using the same URL will fail. This is to prevent * 'replay attacks'. * * The `target_url` property must be a complete URL of a Looker UI page - scheme, hostname, path and query params. * To load a dashboard with id 56 and with a filter of `Date=1 years`, the looker URL would look like `https:/myname.looker.com/dashboards/56?Date=1%20years`. - * The best way to obtain this target_url is to navigate to the desired Looker page in your web browser, - * copy the URL shown in the browser address bar and paste it into the `target_url` property as a quoted string value in this API request. + * The best way to obtain this `target_url` is to navigate to the desired Looker page in your web browser and use the "Get embed URL" menu option + * to copy it to your clipboard and paste it into the `target_url` property as a quoted string value in this API request. * - * Permissions for the embed user are defined by the groups in which the embed user is a member (group_ids property) + * Permissions for the embed user are defined by the groups in which the embed user is a member (`group_ids` property) * and the lists of models and permissions assigned to the embed user. - * At a minimum, you must provide values for either the group_ids property, or both the models and permissions properties. + * At a minimum, you must provide values for either the `group_ids` property, or **both** the models and permissions properties. * These properties are additive; an embed user can be a member of certain groups AND be granted access to models and permissions. * - * The embed user's access is the union of permissions granted by the group_ids, models, and permissions properties. + * The embed user's access is the union of permissions granted by the `group_ids`, `models`, and `permissions` properties. * * This function does not strictly require all group_ids, user attribute names, or model names to exist at the moment the - * SSO embed url is created. Unknown group_id, user attribute names or model names will be passed through to the output URL. + * embed url is created. Unknown group_id, user attribute names or model names will be passed through to the output URL. + * * To diagnose potential problems with an SSO embed URL, you can copy the signed URL into the Embed URI Validator text box in `/admin/embed`. * * The `secret_id` parameter is optional. If specified, its value must be the id of an active secret defined in the Looker instance. - * if not specified, the URL will be signed using the newest active secret defined in the Looker instance. + * if not specified, the URL will be signed using the most recent active signing secret. If there is no active secret for signing embed urls, + * a default secret will be created. This default secret is encrypted using HMAC/SHA-256. + * + * The `embed_domain` parameter is optional. If specified and valid, the domain will be added to the embed domain allowlist if it is missing. * * #### Security Note * Protect this signed URL as you would an access token or password credentials - do not write @@ -936,7 +940,7 @@ open class LookerSDK: APIMethods { * * Configuring LDAP impacts authentication for all users. This configuration should be done carefully. * - * Looker maintains a single LDAP configuration. It can be read and updated. Updates only succeed if the new state will be valid (in the sense that all required fields are populated); it is up to you to ensure that the configuration is appropriate and correct). + * Looker maintains a single LDAP configuration. It can be read and updated. Updates only succeed if the new state will be valid (in the sense that all required fields are populated); it is up to you to ensure that the configuration is appropriate and correct). * * LDAP is enabled or disabled for Looker using the **enabled** field. * @@ -1021,9 +1025,9 @@ open class LookerSDK: APIMethods { /** * ### Test the connection authentication settings for an LDAP configuration. * - * This tests that the connection is possible and that a 'server' account to be used by Looker can authenticate to the LDAP server given connection and authentication information. + * This tests that the connection is possible and that a 'server' account to be used by Looker can authenticate to the LDAP server given connection and authentication information. * - * **connection_host**, **connection_port**, and **auth_username**, are required. **connection_tls** and **auth_password** are optional. + * **connection_host**, **connection_port**, and **auth_username**, are required. **connection_tls** and **auth_password** are optional. * * Example: * ```json @@ -1036,7 +1040,7 @@ open class LookerSDK: APIMethods { * } * ``` * - * Looker will never return an **auth_password**. If this request omits the **auth_password** field, then the **auth_password** value from the active config (if present) will be used for the test. + * Looker will never return an **auth_password**. If this request omits the **auth_password** field, then the **auth_password** value from the active config (if present) will be used for the test. * * The active LDAP settings are not modified. * @@ -1058,9 +1062,9 @@ open class LookerSDK: APIMethods { /** * ### Test the user authentication settings for an LDAP configuration without authenticating the user. * - * This test will let you easily test the mapping for user properties and roles for any user without needing to authenticate as that user. + * This test will let you easily test the mapping for user properties and roles for any user withoutneeding to authenticate as that user. * - * This test accepts a full LDAP configuration along with a username and attempts to find the full info for the user from the LDAP server without actually authenticating the user. So, user password is not required.The configuration is validated before attempting to contact the server. + * This test accepts a full LDAP configuration along with a username and attempts to find the full infofor the user from the LDAP server without actually authenticating the user. So, user password is notrequired.The configuration is validated before attempting to contact the server. * * **test_ldap_user** is required. * @@ -1084,9 +1088,9 @@ open class LookerSDK: APIMethods { /** * ### Test the user authentication settings for an LDAP configuration. * - * This test accepts a full LDAP configuration along with a username/password pair and attempts to authenticate the user with the LDAP server. The configuration is validated before attempting the authentication. + * This test accepts a full LDAP configuration along with a username/password pair and attempts to authenticate the user with the LDAP server. The configuration is validated before attempting the authentication. * - * Looker will never return an **auth_password**. If this request omits the **auth_password** field, then the **auth_password** value from the active config (if present) will be used for the test. + * Looker will never return an **auth_password**. If this request omits the **auth_password** field, then the **auth_password** value from the active config (if present) will be used for the test. * * **test_ldap_user** and **test_ldap_password** are required. * @@ -1388,7 +1392,7 @@ open class LookerSDK: APIMethods { * * Configuring OIDC impacts authentication for all users. This configuration should be done carefully. * - * Looker maintains a single OIDC configuation. It can be read and updated. Updates only succeed if the new state will be valid (in the sense that all required fields are populated); it is up to you to ensure that the configuration is appropriate and correct). + * Looker maintains a single OIDC configuation. It can be read and updated. Updates only succeed if the new state will be valid (in the sense that all required fields are populated); it is up to you to ensure that the configuration is appropriate and correct). * * OIDC is enabled or disabled for Looker using the **enabled** field. * @@ -1541,7 +1545,7 @@ open class LookerSDK: APIMethods { * * Configuring SAML impacts authentication for all users. This configuration should be done carefully. * - * Looker maintains a single SAML configuation. It can be read and updated. Updates only succeed if the new state will be valid (in the sense that all required fields are populated); it is up to you to ensure that the configuration is appropriate and correct). + * Looker maintains a single SAML configuation. It can be read and updated. Updates only succeed if the new state will be valid (in the sense that all required fields are populated); it is up to you to ensure that the configuration is appropriate and correct). * * SAML is enabled or disabled for Looker using the **enabled** field. * @@ -2820,8 +2824,10 @@ open class LookerSDK: APIMethods { * - extension_framework_enabled * - extension_load_url_enabled * - marketplace_auto_install_enabled + * - marketplace_automation * - marketplace_terms_accepted * - marketplace_enabled + * - marketplace_site * - onboarding_enabled * - privatelabel_configuration * - timezone @@ -2829,6 +2835,7 @@ open class LookerSDK: APIMethods { * - email_domain_allowlist * - embed_cookieless_v2 * - embed_enabled + * - embed_config * * GET /setting -> Setting */ @@ -2854,8 +2861,10 @@ open class LookerSDK: APIMethods { * - extension_framework_enabled * - extension_load_url_enabled * - marketplace_auto_install_enabled + * - marketplace_automation * - marketplace_terms_accepted * - marketplace_enabled + * - marketplace_site * - onboarding_enabled * - privatelabel_configuration * - timezone @@ -2863,6 +2872,7 @@ open class LookerSDK: APIMethods { * - email_domain_allowlist * - embed_cookieless_v2 * - embed_enabled + * - embed_config * * See the `Setting` type for more information on the specific values that can be configured. * diff --git a/swift/looker/sdk/models.swift b/swift/looker/sdk/models.swift index 8ef229916..ac2d43cb0 100644 --- a/swift/looker/sdk/models.swift +++ b/swift/looker/sdk/models.swift @@ -25,7 +25,7 @@ */ /** - * 327 API models: 245 Spec, 0 Request, 60 Write, 22 Enum + * 329 API models: 247 Spec, 0 Request, 60 Write, 22 Enum */ @@ -7981,6 +7981,108 @@ public struct EgressIpAddresses: SDKModel { } +public struct EmbedConfig: SDKModel { + + private enum CodingKeys : String, CodingKey { + case _domain_allowlist = "domain_allowlist" + case _alert_url_allowlist = "alert_url_allowlist" + case _alert_url_param_owner = "alert_url_param_owner" + case _alert_url_label = "alert_url_label" + case sso_auth_enabled + case embed_cookieless_v2 + case embed_content_navigation + case embed_content_management + case strict_sameorigin_for_login + case look_filters + case hide_look_navigation + } + private var _domain_allowlist: [AnyString]? + /** + * List of domains to allow for embedding + */ + public var domain_allowlist: [String]? { + get { if let v = _domain_allowlist { return v.map { $0.value } } else { return nil } } + set { if let v = newValue { _domain_allowlist = v.map { AnyString.init($0) } } else { _domain_allowlist = nil } } + } + + private var _alert_url_allowlist: [AnyString]? + /** + * List of base urls to allow for alert/schedule + */ + public var alert_url_allowlist: [String]? { + get { if let v = _alert_url_allowlist { return v.map { $0.value } } else { return nil } } + set { if let v = newValue { _alert_url_allowlist = v.map { AnyString.init($0) } } else { _alert_url_allowlist = nil } } + } + + private var _alert_url_param_owner: AnyString? + /** + * Owner of who defines the alert/schedule params on the base url + */ + public var alert_url_param_owner: String? { + get { _alert_url_param_owner?.value } + set { _alert_url_param_owner = newValue.map(AnyString.init) } + } + + private var _alert_url_label: AnyString? + /** + * Label for the alert/schedule url + */ + public var alert_url_label: String? { + get { _alert_url_label?.value } + set { _alert_url_label = newValue.map(AnyString.init) } + } + + /** + * Is SSO embedding enabled for this Looker + */ + public var sso_auth_enabled: Bool? + + /** + * Is Cookieless embedding enabled for this Looker + */ + public var embed_cookieless_v2: Bool? + + /** + * Is embed content navigation enabled for this looker + */ + public var embed_content_navigation: Bool? + + /** + * Is embed content management enabled for this Looker + */ + public var embed_content_management: Bool? + + /** + * When true, prohibits the use of Looker login pages in non-Looker iframes. When false, Looker login pages may be used in non-Looker hosted iframes. + */ + public var strict_sameorigin_for_login: Bool? + + /** + * When true, filters are enabled on embedded Looks + */ + public var look_filters: Bool? + + /** + * When true, removes navigation to Looks from embedded dashboards and explores. + */ + public var hide_look_navigation: Bool? + + public init(domain_allowlist: [String]? = nil, alert_url_allowlist: [String]? = nil, alert_url_param_owner: String? = nil, alert_url_label: String? = nil, sso_auth_enabled: Bool? = nil, embed_cookieless_v2: Bool? = nil, embed_content_navigation: Bool? = nil, embed_content_management: Bool? = nil, strict_sameorigin_for_login: Bool? = nil, look_filters: Bool? = nil, hide_look_navigation: Bool? = nil) { + if let v = domain_allowlist { _domain_allowlist = v.map { AnyString.init($0) } } else { _domain_allowlist = nil } + if let v = alert_url_allowlist { _alert_url_allowlist = v.map { AnyString.init($0) } } else { _alert_url_allowlist = nil } + self._alert_url_param_owner = alert_url_param_owner.map(AnyString.init) + self._alert_url_label = alert_url_label.map(AnyString.init) + self.sso_auth_enabled = sso_auth_enabled + self.embed_cookieless_v2 = embed_cookieless_v2 + self.embed_content_navigation = embed_content_navigation + self.embed_content_management = embed_content_management + self.strict_sameorigin_for_login = strict_sameorigin_for_login + self.look_filters = look_filters + self.hide_look_navigation = hide_look_navigation + } + +} + public struct EmbedCookielessSessionAcquire: SDKModel { private enum CodingKeys : String, CodingKey { @@ -7995,12 +8097,12 @@ public struct EmbedCookielessSessionAcquire: SDKModel { case _group_ids = "group_ids" case _external_group_id = "external_group_id" case user_attributes - case _session_reference_token = "session_reference_token" case _embed_domain = "embed_domain" + case _session_reference_token = "session_reference_token" } private var _session_length: AnyInt? /** - * Number of seconds the SSO embed session will be valid after the embed session is started. Defaults to 300 seconds. Maximum session length accepted is 2592000 seconds (30 days). + * Number of seconds the signed embed session will be valid after the embed session is started. Defaults to 300 seconds. Maximum session length accepted is 2592000 seconds (30 days). */ public var session_length: Int64? { get { _session_length?.value } @@ -8014,7 +8116,7 @@ public struct EmbedCookielessSessionAcquire: SDKModel { private var _external_user_id: AnyString? /** - * A value from an external system that uniquely identifies the embed user. Since the user_ids of Looker embed users may change with every embed session, external_user_id provides a way to assign a known, stable user identifier across multiple embed sessions. + * A value from an external system that uniquely identifies the embed user. Since the user_ids of Looker embed users may change with every embed session, external_user_id provides a way to assign a known, stable user identifier across multiple embed sessions. When the same external user id value is used for a new embed session, any existing session is terminated and existing access grants are replaced with the access grants associated with the new embed session. */ public var external_user_id: String? { get { _external_user_id?.value } @@ -8089,15 +8191,6 @@ public struct EmbedCookielessSessionAcquire: SDKModel { */ public var user_attributes: StringDictionary? - private var _session_reference_token: AnyString? - /** - * Token referencing the embed session and is used to generate new authentication, navigation and api tokens. - */ - public var session_reference_token: String? { - get { _session_reference_token?.value } - set { _session_reference_token = newValue.map(AnyString.init) } - } - private var _embed_domain: AnyString? /** * The domain of the server embedding the Looker IFRAME. This is an alternative to specifying the domain in the embedded domain allow list in the Looker embed admin page. @@ -8107,7 +8200,16 @@ public struct EmbedCookielessSessionAcquire: SDKModel { set { _embed_domain = newValue.map(AnyString.init) } } - public init(session_length: Int64? = nil, force_logout_login: Bool? = nil, external_user_id: String? = nil, first_name: String? = nil, last_name: String? = nil, user_timezone: String? = nil, permissions: [String]? = nil, models: [String]? = nil, group_ids: [String]? = nil, external_group_id: String? = nil, user_attributes: StringDictionary? = nil, session_reference_token: String? = nil, embed_domain: String? = nil) { + private var _session_reference_token: AnyString? + /** + * Token referencing the embed session and is used to generate new authentication, navigation and api tokens. + */ + public var session_reference_token: String? { + get { _session_reference_token?.value } + set { _session_reference_token = newValue.map(AnyString.init) } + } + + public init(session_length: Int64? = nil, force_logout_login: Bool? = nil, external_user_id: String? = nil, first_name: String? = nil, last_name: String? = nil, user_timezone: String? = nil, permissions: [String]? = nil, models: [String]? = nil, group_ids: [String]? = nil, external_group_id: String? = nil, user_attributes: StringDictionary? = nil, embed_domain: String? = nil, session_reference_token: String? = nil) { self._session_length = session_length.map(AnyInt.init) self.force_logout_login = force_logout_login self._external_user_id = external_user_id.map(AnyString.init) @@ -8119,8 +8221,8 @@ public struct EmbedCookielessSessionAcquire: SDKModel { if let v = group_ids { _group_ids = v.map { AnyString.init($0) } } else { _group_ids = nil } self._external_group_id = external_group_id.map(AnyString.init) self.user_attributes = user_attributes - self._session_reference_token = session_reference_token.map(AnyString.init) self._embed_domain = embed_domain.map(AnyString.init) + self._session_reference_token = session_reference_token.map(AnyString.init) } } @@ -8365,7 +8467,7 @@ public struct EmbedParams: SDKModel { private var _session_length: AnyInt? /** - * Number of seconds the SSO embed session will be valid after the embed session is started. Defaults to 300 seconds. Maximum session length accepted is 2592000 seconds (30 days). + * Number of seconds the signed embed session will be valid after the embed session is started. Defaults to 300 seconds. Maximum session length accepted is 2592000 seconds (30 days). */ public var session_length: Int64? { get { _session_length?.value } @@ -8483,6 +8585,7 @@ public struct EmbedSsoParams: SDKModel { case _external_group_id = "external_group_id" case user_attributes case _secret_id = "secret_id" + case _embed_domain = "embed_domain" } private var _target_url: AnyString /** @@ -8495,7 +8598,7 @@ public struct EmbedSsoParams: SDKModel { private var _session_length: AnyInt? /** - * Number of seconds the SSO embed session will be valid after the embed session is started. Defaults to 300 seconds. Maximum session length accepted is 2592000 seconds (30 days). + * Number of seconds the signed embed session will be valid after the embed session is started. Defaults to 300 seconds. Maximum session length accepted is 2592000 seconds (30 days). */ public var session_length: Int64? { get { _session_length?.value } @@ -8509,7 +8612,7 @@ public struct EmbedSsoParams: SDKModel { private var _external_user_id: AnyString? /** - * A value from an external system that uniquely identifies the embed user. Since the user_ids of Looker embed users may change with every embed session, external_user_id provides a way to assign a known, stable user identifier across multiple embed sessions. + * A value from an external system that uniquely identifies the embed user. Since the user_ids of Looker embed users may change with every embed session, external_user_id provides a way to assign a known, stable user identifier across multiple embed sessions. When the same external user id value is used for a new embed session, any existing session is terminated and existing access grants are replaced with the access grants associated with the new embed session. */ public var external_user_id: String? { get { _external_user_id?.value } @@ -8593,7 +8696,16 @@ public struct EmbedSsoParams: SDKModel { set { _secret_id = newValue.map(AnyString.init) } } - public init(target_url: String, session_length: Int64? = nil, force_logout_login: Bool? = nil, external_user_id: String? = nil, first_name: String? = nil, last_name: String? = nil, user_timezone: String? = nil, permissions: [String]? = nil, models: [String]? = nil, group_ids: [String]? = nil, external_group_id: String? = nil, user_attributes: StringDictionary? = nil, secret_id: String? = nil) { + private var _embed_domain: AnyString? + /** + * Optional. URL of the domain hosting the signed embed URL. If provided and valid, the embed_domain will be added to the embed domain allowlist if it is not currently in the list + */ + public var embed_domain: String? { + get { _embed_domain?.value } + set { _embed_domain = newValue.map(AnyString.init) } + } + + public init(target_url: String, session_length: Int64? = nil, force_logout_login: Bool? = nil, external_user_id: String? = nil, first_name: String? = nil, last_name: String? = nil, user_timezone: String? = nil, permissions: [String]? = nil, models: [String]? = nil, group_ids: [String]? = nil, external_group_id: String? = nil, user_attributes: StringDictionary? = nil, secret_id: String? = nil, embed_domain: String? = nil) { self._target_url = AnyString.init(target_url) self._session_length = session_length.map(AnyInt.init) self.force_logout_login = force_logout_login @@ -8607,10 +8719,11 @@ public struct EmbedSsoParams: SDKModel { self._external_group_id = external_group_id.map(AnyString.init) self.user_attributes = user_attributes self._secret_id = secret_id.map(AnyString.init) + self._embed_domain = embed_domain.map(AnyString.init) } - public init(_ target_url: String, session_length: Int64? = nil, force_logout_login: Bool? = nil, external_user_id: String? = nil, first_name: String? = nil, last_name: String? = nil, user_timezone: String? = nil, permissions: [String]? = nil, models: [String]? = nil, group_ids: [String]? = nil, external_group_id: String? = nil, user_attributes: StringDictionary? = nil, secret_id: String? = nil) { - self.init(target_url: target_url, session_length: session_length, force_logout_login: force_logout_login, external_user_id: external_user_id, first_name: first_name, last_name: last_name, user_timezone: user_timezone, permissions: permissions, models: models, group_ids: group_ids, external_group_id: external_group_id, user_attributes: user_attributes, secret_id: secret_id) + public init(_ target_url: String, session_length: Int64? = nil, force_logout_login: Bool? = nil, external_user_id: String? = nil, first_name: String? = nil, last_name: String? = nil, user_timezone: String? = nil, permissions: [String]? = nil, models: [String]? = nil, group_ids: [String]? = nil, external_group_id: String? = nil, user_attributes: StringDictionary? = nil, secret_id: String? = nil, embed_domain: String? = nil) { + self.init(target_url: target_url, session_length: session_length, force_logout_login: force_logout_login, external_user_id: external_user_id, first_name: first_name, last_name: last_name, user_timezone: user_timezone, permissions: permissions, models: models, group_ids: group_ids, external_group_id: external_group_id, user_attributes: user_attributes, secret_id: secret_id, embed_domain: embed_domain) } } @@ -14610,6 +14723,30 @@ public struct Manifest: SDKModel { } +public struct MarketplaceAutomation: SDKModel { + /** + * Whether marketplace auto installation is enabled + */ + public var install_enabled: Bool? + + /** + * Whether marketplace auto update is enabled for looker extensions + */ + public var update_looker_enabled: Bool? + + /** + * Whether marketplace auto update is enabled for third party extensions + */ + public var update_third_party_enabled: Bool? + + public init(install_enabled: Bool? = nil, update_looker_enabled: Bool? = nil, update_third_party_enabled: Bool? = nil) { + self.install_enabled = install_enabled + self.update_looker_enabled = update_looker_enabled + self.update_third_party_enabled = update_third_party_enabled + } + +} + public struct MaterializePDT: SDKModel { private enum CodingKeys : String, CodingKey { @@ -19725,7 +19862,9 @@ public struct Setting: SDKModel { case extension_framework_enabled case extension_load_url_enabled case marketplace_auto_install_enabled + case marketplace_automation case marketplace_enabled + case _marketplace_site = "marketplace_site" case marketplace_terms_accepted case privatelabel_configuration case custom_welcome_email @@ -19738,6 +19877,7 @@ public struct Setting: SDKModel { case _email_domain_allowlist = "email_domain_allowlist" case embed_cookieless_v2 case embed_enabled + case embed_config } /** * Toggle extension framework on or off @@ -19745,20 +19885,31 @@ public struct Setting: SDKModel { public var extension_framework_enabled: Bool? /** - * (DEPRECATED) Toggle extension extension load url on or off. Do not use. This is temporary setting that will eventually become a noop and subsequently deleted. + * (DEPRECATED) Toggle extension load url on or off. Do not use. This is temporary setting that will eventually become a noop and subsequently deleted. */ public var extension_load_url_enabled: Bool? /** - * Toggle marketplace auto install on or off. Note that auto install only runs if marketplace is enabled. + * (DEPRECATED) Toggle marketplace auto install on or off. Deprecated - do not use. Auto install can now be enabled via marketplace automation settings */ public var marketplace_auto_install_enabled: Bool? + public var marketplace_automation: MarketplaceAutomation? + /** * Toggle marketplace on or off */ public var marketplace_enabled: Bool? + private var _marketplace_site: AnyString? + /** + * Location of Looker marketplace CDN (read-only) + */ + public var marketplace_site: String? { + get { _marketplace_site?.value } + set { _marketplace_site = newValue.map(AnyString.init) } + } + /** * Accept marketplace terms by setting this value to true, or get the current status. Marketplace terms CANNOT be declined once accepted. Accepting marketplace terms automatically enables the marketplace. The marketplace can still be disabled after it has been enabled. */ @@ -19816,7 +19967,7 @@ public struct Setting: SDKModel { } /** - * Toggle cookieless embed setting + * (DEPRECATED) Use embed_config.embed_cookieless_v2 instead. If embed_config.embed_cookieless_v2 is specified, it overrides this value. */ public var embed_cookieless_v2: Bool? @@ -19825,11 +19976,15 @@ public struct Setting: SDKModel { */ public var embed_enabled: Bool? - public init(extension_framework_enabled: Bool? = nil, extension_load_url_enabled: Bool? = nil, marketplace_auto_install_enabled: Bool? = nil, marketplace_enabled: Bool? = nil, marketplace_terms_accepted: Bool? = nil, privatelabel_configuration: PrivatelabelConfiguration? = nil, custom_welcome_email: CustomWelcomeEmail? = nil, onboarding_enabled: Bool? = nil, timezone: String? = nil, allow_user_timezones: Bool? = nil, data_connector_default_enabled: Bool? = nil, host_url: String? = nil, override_warnings: Bool? = nil, email_domain_allowlist: [String]? = nil, embed_cookieless_v2: Bool? = nil, embed_enabled: Bool? = nil) { + public var embed_config: EmbedConfig? + + public init(extension_framework_enabled: Bool? = nil, extension_load_url_enabled: Bool? = nil, marketplace_auto_install_enabled: Bool? = nil, marketplace_automation: MarketplaceAutomation? = nil, marketplace_enabled: Bool? = nil, marketplace_site: String? = nil, marketplace_terms_accepted: Bool? = nil, privatelabel_configuration: PrivatelabelConfiguration? = nil, custom_welcome_email: CustomWelcomeEmail? = nil, onboarding_enabled: Bool? = nil, timezone: String? = nil, allow_user_timezones: Bool? = nil, data_connector_default_enabled: Bool? = nil, host_url: String? = nil, override_warnings: Bool? = nil, email_domain_allowlist: [String]? = nil, embed_cookieless_v2: Bool? = nil, embed_enabled: Bool? = nil, embed_config: EmbedConfig? = nil) { self.extension_framework_enabled = extension_framework_enabled self.extension_load_url_enabled = extension_load_url_enabled self.marketplace_auto_install_enabled = marketplace_auto_install_enabled + self.marketplace_automation = marketplace_automation self.marketplace_enabled = marketplace_enabled + self._marketplace_site = marketplace_site.map(AnyString.init) self.marketplace_terms_accepted = marketplace_terms_accepted self.privatelabel_configuration = privatelabel_configuration self.custom_welcome_email = custom_welcome_email @@ -19842,6 +19997,7 @@ public struct Setting: SDKModel { if let v = email_domain_allowlist { _email_domain_allowlist = v.map { AnyString.init($0) } } else { _email_domain_allowlist = nil } self.embed_cookieless_v2 = embed_cookieless_v2 self.embed_enabled = embed_enabled + self.embed_config = embed_config } } @@ -27339,7 +27495,7 @@ public struct WriteSessionConfig: SDKModel { /** * Dynamic writeable type for Setting removes: - * embed_enabled + * marketplace_site, embed_enabled */ public struct WriteSetting: SDKModel { @@ -27347,6 +27503,7 @@ public struct WriteSetting: SDKModel { case extension_framework_enabled case extension_load_url_enabled case marketplace_auto_install_enabled + case marketplace_automation case marketplace_enabled case marketplace_terms_accepted case privatelabel_configuration @@ -27359,6 +27516,7 @@ public struct WriteSetting: SDKModel { case override_warnings case _email_domain_allowlist = "email_domain_allowlist" case embed_cookieless_v2 + case embed_config } /** * Toggle extension framework on or off @@ -27366,15 +27524,17 @@ public struct WriteSetting: SDKModel { public var extension_framework_enabled: Bool? /** - * (DEPRECATED) Toggle extension extension load url on or off. Do not use. This is temporary setting that will eventually become a noop and subsequently deleted. + * (DEPRECATED) Toggle extension load url on or off. Do not use. This is temporary setting that will eventually become a noop and subsequently deleted. */ public var extension_load_url_enabled: Bool? /** - * Toggle marketplace auto install on or off. Note that auto install only runs if marketplace is enabled. + * (DEPRECATED) Toggle marketplace auto install on or off. Deprecated - do not use. Auto install can now be enabled via marketplace automation settings */ public var marketplace_auto_install_enabled: Bool? + public var marketplace_automation: MarketplaceAutomation? + /** * Toggle marketplace on or off */ @@ -27441,14 +27601,17 @@ public struct WriteSetting: SDKModel { } /** - * Toggle cookieless embed setting + * (DEPRECATED) Use embed_config.embed_cookieless_v2 instead. If embed_config.embed_cookieless_v2 is specified, it overrides this value. */ public var embed_cookieless_v2: Bool? - public init(extension_framework_enabled: Bool? = nil, extension_load_url_enabled: Bool? = nil, marketplace_auto_install_enabled: Bool? = nil, marketplace_enabled: Bool? = nil, marketplace_terms_accepted: Bool? = nil, privatelabel_configuration: WritePrivatelabelConfiguration? = nil, custom_welcome_email: CustomWelcomeEmail? = nil, onboarding_enabled: Bool? = nil, timezone: String? = nil, allow_user_timezones: Bool? = nil, data_connector_default_enabled: Bool? = nil, host_url: String? = nil, override_warnings: Bool? = nil, email_domain_allowlist: [String]? = nil, embed_cookieless_v2: Bool? = nil) { + public var embed_config: EmbedConfig? + + public init(extension_framework_enabled: Bool? = nil, extension_load_url_enabled: Bool? = nil, marketplace_auto_install_enabled: Bool? = nil, marketplace_automation: MarketplaceAutomation? = nil, marketplace_enabled: Bool? = nil, marketplace_terms_accepted: Bool? = nil, privatelabel_configuration: WritePrivatelabelConfiguration? = nil, custom_welcome_email: CustomWelcomeEmail? = nil, onboarding_enabled: Bool? = nil, timezone: String? = nil, allow_user_timezones: Bool? = nil, data_connector_default_enabled: Bool? = nil, host_url: String? = nil, override_warnings: Bool? = nil, email_domain_allowlist: [String]? = nil, embed_cookieless_v2: Bool? = nil, embed_config: EmbedConfig? = nil) { self.extension_framework_enabled = extension_framework_enabled self.extension_load_url_enabled = extension_load_url_enabled self.marketplace_auto_install_enabled = marketplace_auto_install_enabled + self.marketplace_automation = marketplace_automation self.marketplace_enabled = marketplace_enabled self.marketplace_terms_accepted = marketplace_terms_accepted self.privatelabel_configuration = privatelabel_configuration @@ -27461,6 +27624,7 @@ public struct WriteSetting: SDKModel { self.override_warnings = override_warnings if let v = email_domain_allowlist { _email_domain_allowlist = v.map { AnyString.init($0) } } else { _email_domain_allowlist = nil } self.embed_cookieless_v2 = embed_cookieless_v2 + self.embed_config = embed_config } } diff --git a/swift/looker/sdk/streams.swift b/swift/looker/sdk/streams.swift index 289849a8a..1feeba2c2 100644 --- a/swift/looker/sdk/streams.swift +++ b/swift/looker/sdk/streams.swift @@ -736,35 +736,39 @@ open class LookerSDKStream: APIMethods { } /** - * ### Create SSO Embed URL + * ### Create Signed Embed URL * - * Creates an SSO embed URL and cryptographically signs it with an embed secret. + * Creates a signed embed URL and cryptographically signs it with an embed secret. * This signed URL can then be used to instantiate a Looker embed session in a PBL web application. - * Do not make any modifications to this URL - any change may invalidate the signature and + * Do not make any modifications to the returned URL - any change may invalidate the signature and * cause the URL to fail to load a Looker embed session. * - * A signed SSO embed URL can only be used once. After it has been used to request a page from the - * Looker server, the URL is invalid. Future requests using the same URL will fail. This is to prevent + * A signed embed URL can only be **used once**. After the URL has been used to request a page from the + * Looker server, it is invalid. Future requests using the same URL will fail. This is to prevent * 'replay attacks'. * * The `target_url` property must be a complete URL of a Looker UI page - scheme, hostname, path and query params. * To load a dashboard with id 56 and with a filter of `Date=1 years`, the looker URL would look like `https:/myname.looker.com/dashboards/56?Date=1%20years`. - * The best way to obtain this target_url is to navigate to the desired Looker page in your web browser, - * copy the URL shown in the browser address bar and paste it into the `target_url` property as a quoted string value in this API request. + * The best way to obtain this `target_url` is to navigate to the desired Looker page in your web browser and use the "Get embed URL" menu option + * to copy it to your clipboard and paste it into the `target_url` property as a quoted string value in this API request. * - * Permissions for the embed user are defined by the groups in which the embed user is a member (group_ids property) + * Permissions for the embed user are defined by the groups in which the embed user is a member (`group_ids` property) * and the lists of models and permissions assigned to the embed user. - * At a minimum, you must provide values for either the group_ids property, or both the models and permissions properties. + * At a minimum, you must provide values for either the `group_ids` property, or **both** the models and permissions properties. * These properties are additive; an embed user can be a member of certain groups AND be granted access to models and permissions. * - * The embed user's access is the union of permissions granted by the group_ids, models, and permissions properties. + * The embed user's access is the union of permissions granted by the `group_ids`, `models`, and `permissions` properties. * * This function does not strictly require all group_ids, user attribute names, or model names to exist at the moment the - * SSO embed url is created. Unknown group_id, user attribute names or model names will be passed through to the output URL. + * embed url is created. Unknown group_id, user attribute names or model names will be passed through to the output URL. + * * To diagnose potential problems with an SSO embed URL, you can copy the signed URL into the Embed URI Validator text box in `/admin/embed`. * * The `secret_id` parameter is optional. If specified, its value must be the id of an active secret defined in the Looker instance. - * if not specified, the URL will be signed using the newest active secret defined in the Looker instance. + * if not specified, the URL will be signed using the most recent active signing secret. If there is no active secret for signing embed urls, + * a default secret will be created. This default secret is encrypted using HMAC/SHA-256. + * + * The `embed_domain` parameter is optional. If specified and valid, the domain will be added to the embed domain allowlist if it is missing. * * #### Security Note * Protect this signed URL as you would an access token or password credentials - do not write @@ -934,7 +938,7 @@ open class LookerSDKStream: APIMethods { * * Configuring LDAP impacts authentication for all users. This configuration should be done carefully. * - * Looker maintains a single LDAP configuration. It can be read and updated. Updates only succeed if the new state will be valid (in the sense that all required fields are populated); it is up to you to ensure that the configuration is appropriate and correct). + * Looker maintains a single LDAP configuration. It can be read and updated. Updates only succeed if the new state will be valid (in the sense that all required fields are populated); it is up to you to ensure that the configuration is appropriate and correct). * * LDAP is enabled or disabled for Looker using the **enabled** field. * @@ -1019,9 +1023,9 @@ open class LookerSDKStream: APIMethods { /** * ### Test the connection authentication settings for an LDAP configuration. * - * This tests that the connection is possible and that a 'server' account to be used by Looker can authenticate to the LDAP server given connection and authentication information. + * This tests that the connection is possible and that a 'server' account to be used by Looker can authenticate to the LDAP server given connection and authentication information. * - * **connection_host**, **connection_port**, and **auth_username**, are required. **connection_tls** and **auth_password** are optional. + * **connection_host**, **connection_port**, and **auth_username**, are required. **connection_tls** and **auth_password** are optional. * * Example: * ```json @@ -1034,7 +1038,7 @@ open class LookerSDKStream: APIMethods { * } * ``` * - * Looker will never return an **auth_password**. If this request omits the **auth_password** field, then the **auth_password** value from the active config (if present) will be used for the test. + * Looker will never return an **auth_password**. If this request omits the **auth_password** field, then the **auth_password** value from the active config (if present) will be used for the test. * * The active LDAP settings are not modified. * @@ -1056,9 +1060,9 @@ open class LookerSDKStream: APIMethods { /** * ### Test the user authentication settings for an LDAP configuration without authenticating the user. * - * This test will let you easily test the mapping for user properties and roles for any user without needing to authenticate as that user. + * This test will let you easily test the mapping for user properties and roles for any user withoutneeding to authenticate as that user. * - * This test accepts a full LDAP configuration along with a username and attempts to find the full info for the user from the LDAP server without actually authenticating the user. So, user password is not required.The configuration is validated before attempting to contact the server. + * This test accepts a full LDAP configuration along with a username and attempts to find the full infofor the user from the LDAP server without actually authenticating the user. So, user password is notrequired.The configuration is validated before attempting to contact the server. * * **test_ldap_user** is required. * @@ -1082,9 +1086,9 @@ open class LookerSDKStream: APIMethods { /** * ### Test the user authentication settings for an LDAP configuration. * - * This test accepts a full LDAP configuration along with a username/password pair and attempts to authenticate the user with the LDAP server. The configuration is validated before attempting the authentication. + * This test accepts a full LDAP configuration along with a username/password pair and attempts to authenticate the user with the LDAP server. The configuration is validated before attempting the authentication. * - * Looker will never return an **auth_password**. If this request omits the **auth_password** field, then the **auth_password** value from the active config (if present) will be used for the test. + * Looker will never return an **auth_password**. If this request omits the **auth_password** field, then the **auth_password** value from the active config (if present) will be used for the test. * * **test_ldap_user** and **test_ldap_password** are required. * @@ -1386,7 +1390,7 @@ open class LookerSDKStream: APIMethods { * * Configuring OIDC impacts authentication for all users. This configuration should be done carefully. * - * Looker maintains a single OIDC configuation. It can be read and updated. Updates only succeed if the new state will be valid (in the sense that all required fields are populated); it is up to you to ensure that the configuration is appropriate and correct). + * Looker maintains a single OIDC configuation. It can be read and updated. Updates only succeed if the new state will be valid (in the sense that all required fields are populated); it is up to you to ensure that the configuration is appropriate and correct). * * OIDC is enabled or disabled for Looker using the **enabled** field. * @@ -1539,7 +1543,7 @@ open class LookerSDKStream: APIMethods { * * Configuring SAML impacts authentication for all users. This configuration should be done carefully. * - * Looker maintains a single SAML configuation. It can be read and updated. Updates only succeed if the new state will be valid (in the sense that all required fields are populated); it is up to you to ensure that the configuration is appropriate and correct). + * Looker maintains a single SAML configuation. It can be read and updated. Updates only succeed if the new state will be valid (in the sense that all required fields are populated); it is up to you to ensure that the configuration is appropriate and correct). * * SAML is enabled or disabled for Looker using the **enabled** field. * @@ -2818,8 +2822,10 @@ open class LookerSDKStream: APIMethods { * - extension_framework_enabled * - extension_load_url_enabled * - marketplace_auto_install_enabled + * - marketplace_automation * - marketplace_terms_accepted * - marketplace_enabled + * - marketplace_site * - onboarding_enabled * - privatelabel_configuration * - timezone @@ -2827,6 +2833,7 @@ open class LookerSDKStream: APIMethods { * - email_domain_allowlist * - embed_cookieless_v2 * - embed_enabled + * - embed_config * * GET /setting -> Setting */ @@ -2852,8 +2859,10 @@ open class LookerSDKStream: APIMethods { * - extension_framework_enabled * - extension_load_url_enabled * - marketplace_auto_install_enabled + * - marketplace_automation * - marketplace_terms_accepted * - marketplace_enabled + * - marketplace_site * - onboarding_enabled * - privatelabel_configuration * - timezone @@ -2861,6 +2870,7 @@ open class LookerSDKStream: APIMethods { * - email_domain_allowlist * - embed_cookieless_v2 * - embed_enabled + * - embed_config * * See the `Setting` type for more information on the specific values that can be configured. *