Class: EmassClient::POAMApi

Inherits:

Object

Object
EmassClient::POAMApi

show all

Defined in:: lib/emass_client/api/poam_api.rb

Instance Attribute Summary collapse

#api_client ⇒ Object

Returns the value of attribute api_client.

Instance Method Summary collapse

#add_poam_by_system_id(system_id, poam_required_fields, opts = {}) ⇒ PoamResponsePostPutDelete

Add one or many POA&M items in a system Add a POA&M for given systemId **Request Body Required Fields** <table> <thead> <tr><th>Field</th><th>Require/Condition</th></tr> </thead> <tbody> <tr><td>status</td><td>Always (every POST)</td></tr> <tr><td>vulnerabilityDescription</td><td>Always (every POST)</td></tr> <tr><td>sourceIdentifyingVulnerability</td><td>Always (every POST)</td></tr> <tr><td>pocOrganization</td><td>Always (every POST)</td></tr> <tr><td>resources</td><td>Always (every POST)</td></tr> <tr><td>identifiedInCFOAuditOrOtherReview</td><td>Required for VA.
#add_poam_by_system_id_with_http_info(system_id, poam_required_fields, opts = {}) ⇒ Array<(PoamResponsePostPutDelete, Integer, Hash)>

Add one or many POA&M items in a system Add a POA&M for given `systemId` **Request Body Required Fields** <table> <thead> <tr><th><b>Field</b></th><th><b>Require/Condition</b></th></tr> </thead> <tbody> <tr><td><code>status</code></td><td>Always (every POST)</td></tr> <tr><td><code>vulnerabilityDescription</code></td><td>Always (every POST)</td></tr> <tr><td><code>sourceIdentifyingVulnerability</code></td><td>Always (every POST)</td></tr> <tr><td><code>pocOrganization</code></td><td>Always (every POST)</td></tr> <tr><td><code>resources</code></td><td>Always (every POST)</td></tr> <tr><td><code>identifiedInCFOAuditOrOtherReview</code></td><td>Required for VA.
#delete_poam(system_id, poam_request_delete_body_inner, opts = {}) ⇒ PoamResponsePostPutDelete

Remove one or many POA&M items in a system Remove the POA&M matching systemId path parameter and poamId Request Body
.
#delete_poam_with_http_info(system_id, poam_request_delete_body_inner, opts = {}) ⇒ Array<(PoamResponsePostPutDelete, Integer, Hash)>

Remove one or many POA&M items in a system Remove the POA&M matching `systemId` path parameter and `poamId` Request Body<br>.
#get_system_poams(system_id, opts = {}) ⇒ PoamResponseGetSystems

Get one or many POA&M items in a system Returns system(s) containing POA&M items for matching parameters.
#get_system_poams_by_poam_id(system_id, poam_id, opts = {}) ⇒ PoamResponseGetPoams

Get POA&M item by ID in a system Returns system(s) containing POA&M items for matching parameters.
#get_system_poams_by_poam_id_with_http_info(system_id, poam_id, opts = {}) ⇒ Array<(PoamResponseGetPoams, Integer, Hash)>

Get POA&M item by ID in a system Returns system(s) containing POA&M items for matching parameters.
#get_system_poams_with_http_info(system_id, opts = {}) ⇒ Array<(PoamResponseGetSystems, Integer, Hash)>

Get one or many POA&M items in a system Returns system(s) containing POA&M items for matching parameters.
#initialize(api_client = ApiClient.default) ⇒ POAMApi constructor

A new instance of POAMApi.
#update_poam_by_system_id(system_id, poam_ids, opts = {}) ⇒ PoamResponsePostPutDelete

Update one or many POA&M items in a system Update a POA&M for given systemId
**Request Body Required Fields** <table> <thead> <tr><th>Field</th><th>Require/Condition</th></tr> </thead> <tbody> <tr><td>poamId</td><td>Always (every PUT)</td></tr> <tr><td>displayPoamId</td><td>Always (every PUT)</td></tr> <tr><td>status</td><td>Always (every PUT)</td></tr> <tr><td>vulnerabilityDescription</td><td>Always (every PUT)</td></tr> <tr><td>sourceIdentifyingVulnerability</td><td>Always (every PUT)</td></tr> <tr><td>pocOrganization</td><td>Always (every PUT)</td></tr> <tr><td>resources</td><td>Always (every PUT)</td></tr> <tr><td>identifiedInCFOAuditOrOtherReview</td><td>Required for VA.
#update_poam_by_system_id_with_http_info(system_id, poam_ids, opts = {}) ⇒ Array<(PoamResponsePostPutDelete, Integer, Hash)>

Update one or many POA&M items in a system Update a POA&M for given `systemId`<br> **Request Body Required Fields** <table> <thead> <tr><th><b>Field</b></th><th><b>Require/Condition</b></th></tr> </thead> <tbody> <tr><td><code>poamId</code></td><td>Always (every PUT)</td></tr> <tr><td><code>displayPoamId</code></td><td>Always (every PUT)</td></tr> <tr><td><code>status</code></td><td>Always (every PUT)</td></tr> <tr><td><code>vulnerabilityDescription</code></td><td>Always (every PUT)</td></tr> <tr><td><code>sourceIdentifyingVulnerability</code></td><td>Always (every PUT)</td></tr> <tr><td><code>pocOrganization</code></td><td>Always (every PUT)</td></tr> <tr><td><code>resources</code></td><td>Always (every PUT)</td></tr> <tr><td><code>identifiedInCFOAuditOrOtherReview</code></td><td>Required for VA.

Constructor Details

#initialize(api_client = ApiClient.default) ⇒ `POAMApi`

Returns a new instance of POAMApi.



19
20
21

# File 'lib/emass_client/api/poam_api.rb', line 19

def initialize(api_client = ApiClient.default)
  @api_client = api_client
end

Instance Attribute Details

#api_client ⇒ `Object`

Returns the value of attribute api_client.



17
18
19

# File 'lib/emass_client/api/poam_api.rb', line 17

def api_client
  @api_client
end

Instance Method Details

#add_poam_by_system_id(system_id, poam_required_fields, opts = {}) ⇒ `PoamResponsePostPutDelete`

Add one or many POA&M items in a system Add a POA&M for given systemId **Request Body Required Fields** <table> <thead> <tr><th>Field</th><th>Require/Condition</th></tr> </thead> <tbody> <tr><td>status</td><td>Always (every POST)</td></tr> <tr><td>vulnerabilityDescription</td><td>Always (every POST)</td></tr> <tr><td>sourceIdentifyingVulnerability</td><td>Always (every POST)</td></tr> <tr><td>pocOrganization</td><td>Always (every POST)</td></tr> <tr><td>resources</td><td>Always (every POST)</td></tr> <tr><td>identifiedInCFOAuditOrOtherReview</td><td>Required for VA. Optional for Army and USCG.</td></tr> <tr><td>scheduledCompletionDate</td><td>Required for ongoing and completed POA&M items</td></tr> <tr><td>pocFirstName</td><td>Only if Last Name, Email, or Phone Number have data</td></tr> <tr><td>pocLastName</td><td>Only if First Name, Email, or Phone Number have data</td></tr> <tr><td>pocEmail</td><td>Only if First Name, Last Name, or Phone Number have data</td></tr> <tr><td>pocPhoneNumber</td><td>Only if First Name, Last Name, or Email have data</td></tr> <tr><td>completionDate</td><td>For completed POA&M Item only</td></tr> <tr><td>comments</td><td>For completed or Risk Accepted POA&M Items only</td></tr> </tbody> </table> NOTE: Certain eMASS instances also require the Risk Analysis fields to be populated: - severity - relevanceOfThreat - likelihood - impact - residualRiskLevel - mitigations </br> **Business Rules** The following rules apply to the Review Status status field value: <table> <thead><tr><th>Value</th><th>Rule</th></tr></thead> <tbody> <tr><td>Not Approved</td><td>POA&M cannot be saved if Milestone Scheduled Completion Date exceeds POA&M Item Scheduled Completion Date</td></tr> <tr><td>Approved</td><td>POA&M can only be saved if Milestone Scheduled Completion Date exceeds POA&M Item Scheduled Completion Date</td></tr> <tr><td></td><td>Are required to have a Severity Value assigned</td></tr> <tr><td>Completed or Ongoing</td><td>Cannot be saved without Milestones</td></tr> <tr><td>Risk Accepted</td><td>POA&M Item cannot be saved with a Scheduled Completion Date scheduledCompletionDate or have Milestones</td></tr> <tr><td>Approved or Completed or Ongoing</td><td>Cannot update Scheduled Completion Date</td></tr> </tbody> </table> **Additional Rules** - POA&M Item cannot be saved if associated Security Control or AP is inherited. - Completed POA&M Item cannot be saved if Completion Date (completionDate) is in the future. - POA&M Items cannot be updated if they are included in an active package. - Archived POA&M Items cannot be updated. - POA&M Items with a status of "Not Applicable" will be updated through test result creation. - If the Security Control or Assessment Procedure does not exist in the system, the POA&M Item maybe imported at the System Level. **Fields Characters Limitation** - POA&M Item cannot be saved if the Point of Contact (POC) fields exceed 100 characters: - pocOrganization pocFirstName, pocLastName, pocEmail, pocPhoneNumber - POA&M Item cannot be saved if Resources (resource) field exceeds 250 characters - POA&M Item cannot be saved if the following fields exceeds 2,000 characters: - mitigations, sourceIdentifyingVulnerability, comments - Milestones Field: description - POA&M Items cannot be saved if Milestone Description (description) exceeds 2,000 characters.

Parameters:

system_id (Integer) —

**System Id**: The unique system record identifier.
poam_required_fields (Array<PoamRequiredFields>) —

Example request body to add POA&M(s) to a system (systemId)
opts (Hash) (defaults to: {}) —

the optional parameters

Returns:

(PoamResponsePostPutDelete)

# File 'lib/emass_client/api/poam_api.rb', line 28

def add_poam_by_system_id(system_id, poam_required_fields, opts = {})
  data, _status_code, _headers = add_poam_by_system_id_with_http_info(system_id, poam_required_fields, opts)
  data
end

#add_poam_by_system_id_with_http_info(system_id, poam_required_fields, opts = {}) ⇒ `Array<(PoamResponsePostPutDelete, Integer, Hash)>`

Add one or many POA&M items in a system Add a POA&M for given `systemId` **Request Body Required Fields** <table> <thead> <tr><th><b>Field</b></th><th><b>Require/Condition</b></th></tr> </thead> <tbody> <tr><td><code>status</code></td><td>Always (every POST)</td></tr> <tr><td><code>vulnerabilityDescription</code></td><td>Always (every POST)</td></tr> <tr><td><code>sourceIdentifyingVulnerability</code></td><td>Always (every POST)</td></tr> <tr><td><code>pocOrganization</code></td><td>Always (every POST)</td></tr> <tr><td><code>resources</code></td><td>Always (every POST)</td></tr> <tr><td><code>identifiedInCFOAuditOrOtherReview</code></td><td>Required for VA. Optional for Army and USCG.</td></tr> <tr><td><code>scheduledCompletionDate</code></td><td>Required for ongoing and completed POA&M items</td></tr> <tr><td><code>pocFirstName</code></td><td>Only if Last Name, Email, or Phone Number have data</td></tr> <tr><td><code>pocLastName</code></td><td>Only if First Name, Email, or Phone Number have data</td></tr> <tr><td><code>pocEmail</code></td><td>Only if First Name, Last Name, or Phone Number have data</td></tr> <tr><td><code>pocPhoneNumber</code></td><td>Only if First Name, Last Name, or Email have data</td></tr> <tr><td><code>completionDate</code></td><td>For completed POA&M Item only</td></tr> <tr><td><code>comments</code></td><td>For completed or Risk Accepted POA&M Items only</td></tr> </tbody> </table> NOTE: Certain eMASS instances also require the Risk Analysis fields to be populated: - `severity` - `relevanceOfThreat` - `likelihood` - `impact` - `residualRiskLevel` - `mitigations` </br> **Business Rules** The following rules apply to the Review Status `status` field value: <table> <thead><tr><th><b>Value</b></th><th><b>Rule</b></th></tr></thead> <tbody> <tr><td><b>Not Approved</b></td><td>POA&M cannot be saved if Milestone Scheduled Completion Date exceeds POA&M Item Scheduled Completion Date</td></tr> <tr><td><b>Approved</b></td><td>POA&M can only be saved if Milestone Scheduled Completion Date exceeds POA&M Item Scheduled Completion Date</td></tr> <tr><td></td><td>Are required to have a Severity Value assigned</td></tr> <tr><td><b>Completed</b> or <b>Ongoing</b></td><td>Cannot be saved without Milestones</td></tr> <tr><td><b>Risk Accepted</b></td><td>POA&M Item cannot be saved with a Scheduled Completion Date <code>scheduledCompletionDate</code> or have Milestones</td></tr> <tr><td><b>Approved</b> or <b>Completed</b> or <b>Ongoing</b></td><td>Cannot update Scheduled Completion Date</td></tr> </tbody> </table> **Additional Rules** - POA&M Item cannot be saved if associated Security Control or AP is inherited. - Completed POA&M Item cannot be saved if Completion Date (`completionDate`) is in the future. - POA&M Items cannot be updated if they are included in an active package. - Archived POA&M Items cannot be updated. - POA&M Items with a status of "Not Applicable" will be updated through test result creation. - If the Security Control or Assessment Procedure does not exist in the system, the POA&M Item maybe imported at the System Level. **Fields Characters Limitation** - POA&M Item cannot be saved if the Point of Contact (POC) fields exceed 100 characters: - `pocOrganization` `pocFirstName`, `pocLastName`, `pocEmail`, `pocPhoneNumber` - POA&M Item cannot be saved if Resources (`resource`) field exceeds 250 characters - POA&M Item cannot be saved if the following fields exceeds 2,000 characters: - `mitigations`, `sourceIdentifyingVulnerability`, `comments` - Milestones Field: `description` - POA&M Items cannot be saved if Milestone Description (`description`) exceeds 2,000 characters.

Parameters:

system_id (Integer) —

**System Id**: The unique system record identifier.
poam_required_fields (Array<PoamRequiredFields>) —

Example request body to add POA&M(s) to a system (systemId)
opts (Hash) (defaults to: {}) —

the optional parameters

Returns:

(Array<(PoamResponsePostPutDelete, Integer, Hash)>) —

PoamResponsePostPutDelete data, response status code and response headers

# File 'lib/emass_client/api/poam_api.rb', line 39

def add_poam_by_system_id_with_http_info(system_id, poam_required_fields, opts = {})
  if @api_client.config.debugging
    @api_client.config.logger.debug 'Calling API: POAMApi.add_poam_by_system_id ...'
  end
  # verify the required parameter 'system_id' is set
  if @api_client.config.client_side_validation && system_id.nil?
    fail ArgumentError, "Missing the required parameter 'system_id' when calling POAMApi.add_poam_by_system_id"
  end
  # verify the required parameter 'poam_required_fields' is set
  if @api_client.config.client_side_validation && poam_required_fields.nil?
    fail ArgumentError, "Missing the required parameter 'poam_required_fields' when calling POAMApi.add_poam_by_system_id"
  end
  # resource path
  local_var_path = '/api/systems/{systemId}/poams'.sub('{' + 'systemId' + '}', CGI.escape(system_id.to_s))

  # query parameters
  query_params = opts[:query_params] || {}

  # header parameters
  header_params = opts[:header_params] || {}
  # HTTP header 'Accept' (if needed)
  header_params['Accept'] = @api_client.select_header_accept(['application/json']) unless header_params['Accept']
  # HTTP header 'Content-Type'
  content_type = @api_client.select_header_content_type(['application/json'])
  if !content_type.nil?
      header_params['Content-Type'] = content_type
  end

  # form parameters
  form_params = opts[:form_params] || {}

  # http body (model)
  post_body = opts[:debug_body] || @api_client.object_to_http_body(poam_required_fields)

  # return_type
  return_type = opts[:debug_return_type] || 'PoamResponsePostPutDelete'

  # auth_names
  auth_names = opts[:debug_auth_names] || ['apiKey', 'mockType', 'userId']

  new_options = opts.merge(
    :operation => :"POAMApi.add_poam_by_system_id",
    :header_params => header_params,
    :query_params => query_params,
    :form_params => form_params,
    :body => post_body,
    :auth_names => auth_names,
    :return_type => return_type
  )

  data, status_code, headers = @api_client.call_api(:POST, local_var_path, new_options)
  if @api_client.config.debugging
    @api_client.config.logger.debug "API called: POAMApi#add_poam_by_system_id\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
  end
  return data, status_code, headers
end

#delete_poam(system_id, poam_request_delete_body_inner, opts = {}) ⇒ `PoamResponsePostPutDelete`

Remove one or many POA&M items in a system Remove the POA&M matching systemId path parameter and poamId Request Body

Parameters:

system_id (Integer) —

**System Id**: The unique system record identifier.
poam_request_delete_body_inner (Array<PoamRequestDeleteBodyInner>) —

Delete the given POA&M Id
opts (Hash) (defaults to: {}) —

the optional parameters

Returns:

(PoamResponsePostPutDelete)

# File 'lib/emass_client/api/poam_api.rb', line 102

def delete_poam(system_id, poam_request_delete_body_inner, opts = {})
  data, _status_code, _headers = delete_poam_with_http_info(system_id, poam_request_delete_body_inner, opts)
  data
end

#delete_poam_with_http_info(system_id, poam_request_delete_body_inner, opts = {}) ⇒ `Array<(PoamResponsePostPutDelete, Integer, Hash)>`

Remove one or many POA&M items in a system Remove the POA&M matching `systemId` path parameter and `poamId` Request Body<br>

Parameters:

system_id (Integer) —

**System Id**: The unique system record identifier.
poam_request_delete_body_inner (Array<PoamRequestDeleteBodyInner>) —

Delete the given POA&M Id
opts (Hash) (defaults to: {}) —

the optional parameters

Returns:

(Array<(PoamResponsePostPutDelete, Integer, Hash)>) —

PoamResponsePostPutDelete data, response status code and response headers

# File 'lib/emass_client/api/poam_api.rb', line 113

def delete_poam_with_http_info(system_id, poam_request_delete_body_inner, opts = {})
  if @api_client.config.debugging
    @api_client.config.logger.debug 'Calling API: POAMApi.delete_poam ...'
  end
  # verify the required parameter 'system_id' is set
  if @api_client.config.client_side_validation && system_id.nil?
    fail ArgumentError, "Missing the required parameter 'system_id' when calling POAMApi.delete_poam"
  end
  # verify the required parameter 'poam_request_delete_body_inner' is set
  if @api_client.config.client_side_validation && poam_request_delete_body_inner.nil?
    fail ArgumentError, "Missing the required parameter 'poam_request_delete_body_inner' when calling POAMApi.delete_poam"
  end
  # resource path
  local_var_path = '/api/systems/{systemId}/poams'.sub('{' + 'systemId' + '}', CGI.escape(system_id.to_s))

  # query parameters
  query_params = opts[:query_params] || {}

  # header parameters
  header_params = opts[:header_params] || {}
  # HTTP header 'Accept' (if needed)
  header_params['Accept'] = @api_client.select_header_accept(['application/json']) unless header_params['Accept']
  # HTTP header 'Content-Type'
  content_type = @api_client.select_header_content_type(['application/json'])
  if !content_type.nil?
      header_params['Content-Type'] = content_type
  end

  # form parameters
  form_params = opts[:form_params] || {}

  # http body (model)
  post_body = opts[:debug_body] || @api_client.object_to_http_body(poam_request_delete_body_inner)

  # return_type
  return_type = opts[:debug_return_type] || 'PoamResponsePostPutDelete'

  # auth_names
  auth_names = opts[:debug_auth_names] || ['apiKey', 'mockType', 'userId']

  new_options = opts.merge(
    :operation => :"POAMApi.delete_poam",
    :header_params => header_params,
    :query_params => query_params,
    :form_params => form_params,
    :body => post_body,
    :auth_names => auth_names,
    :return_type => return_type
  )

  data, status_code, headers = @api_client.call_api(:DELETE, local_var_path, new_options)
  if @api_client.config.debugging
    @api_client.config.logger.debug "API called: POAMApi#delete_poam\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
  end
  return data, status_code, headers
end

#get_system_poams(system_id, opts = {}) ⇒ `PoamResponseGetSystems`

Get one or many POA&M items in a system Returns system(s) containing POA&M items for matching parameters.

Parameters:

system_id (Integer) —

**System Id**: The unique system record identifier.
opts (Hash) (defaults to: {}) —

the optional parameters

Options Hash (opts):

:scheduled_completion_date_start (String) —

**Date Started**: Filter query by the scheduled completion start date (Unix date format).
:scheduled_completion_date_end (String) —

**Date Ended**: Filter query by the scheduled completion start date (Unix date format).
:control_acronyms (String) —

**Control Acronym**: Filter query by given system acronym (single value or comma separated).
:assessment_procedures (String) —

**Assessment Procedure**: Filter query by given Security Control Assessment Procedure (single value or comma separated).
:ccis (String) —

**CCI System**: Filter query by Control Correlation Identifiers (CCIs) (single value or comma separated).
:system_only (Boolean) —

**Systems Only**: Indicates that only system(s) information is retrieved. (default to true)

Returns:

(PoamResponseGetSystems)

# File 'lib/emass_client/api/poam_api.rb', line 181

def get_system_poams(system_id, opts = {})
  data, _status_code, _headers = get_system_poams_with_http_info(system_id, opts)
  data
end

#get_system_poams_by_poam_id(system_id, poam_id, opts = {}) ⇒ `PoamResponseGetPoams`

Get POA&M item by ID in a system Returns system(s) containing POA&M items for matching parameters.

Parameters:

system_id (Integer) —

**System Id**: The unique system record identifier.
poam_id (Integer) —

**POA&M Id**: The unique POA&M record identifier.
opts (Hash) (defaults to: {}) —

the optional parameters

Returns:

(PoamResponseGetPoams)

# File 'lib/emass_client/api/poam_api.rb', line 257

def get_system_poams_by_poam_id(system_id, poam_id, opts = {})
  data, _status_code, _headers = get_system_poams_by_poam_id_with_http_info(system_id, poam_id, opts)
  data
end

#get_system_poams_by_poam_id_with_http_info(system_id, poam_id, opts = {}) ⇒ `Array<(PoamResponseGetPoams, Integer, Hash)>`

Get POA&M item by ID in a system Returns system(s) containing POA&M items for matching parameters.

Parameters:

system_id (Integer) —

**System Id**: The unique system record identifier.
poam_id (Integer) —

**POA&M Id**: The unique POA&M record identifier.
opts (Hash) (defaults to: {}) —

the optional parameters

Returns:

(Array<(PoamResponseGetPoams, Integer, Hash)>) —

PoamResponseGetPoams data, response status code and response headers

# File 'lib/emass_client/api/poam_api.rb', line 268

def get_system_poams_by_poam_id_with_http_info(system_id, poam_id, opts = {})
  if @api_client.config.debugging
    @api_client.config.logger.debug 'Calling API: POAMApi.get_system_poams_by_poam_id ...'
  end
  # verify the required parameter 'system_id' is set
  if @api_client.config.client_side_validation && system_id.nil?
    fail ArgumentError, "Missing the required parameter 'system_id' when calling POAMApi.get_system_poams_by_poam_id"
  end
  # verify the required parameter 'poam_id' is set
  if @api_client.config.client_side_validation && poam_id.nil?
    fail ArgumentError, "Missing the required parameter 'poam_id' when calling POAMApi.get_system_poams_by_poam_id"
  end
  # resource path
  local_var_path = '/api/systems/{systemId}/poams/{poamId}'.sub('{' + 'systemId' + '}', CGI.escape(system_id.to_s)).sub('{' + 'poamId' + '}', CGI.escape(poam_id.to_s))

  # query parameters
  query_params = opts[:query_params] || {}

  # header parameters
  header_params = opts[:header_params] || {}
  # HTTP header 'Accept' (if needed)
  header_params['Accept'] = @api_client.select_header_accept(['application/json']) unless header_params['Accept']

  # form parameters
  form_params = opts[:form_params] || {}

  # http body (model)
  post_body = opts[:debug_body]

  # return_type
  return_type = opts[:debug_return_type] || 'PoamResponseGetPoams'

  # auth_names
  auth_names = opts[:debug_auth_names] || ['apiKey', 'mockType', 'userId']

  new_options = opts.merge(
    :operation => :"POAMApi.get_system_poams_by_poam_id",
    :header_params => header_params,
    :query_params => query_params,
    :form_params => form_params,
    :body => post_body,
    :auth_names => auth_names,
    :return_type => return_type
  )

  data, status_code, headers = @api_client.call_api(:GET, local_var_path, new_options)
  if @api_client.config.debugging
    @api_client.config.logger.debug "API called: POAMApi#get_system_poams_by_poam_id\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
  end
  return data, status_code, headers
end

#get_system_poams_with_http_info(system_id, opts = {}) ⇒ `Array<(PoamResponseGetSystems, Integer, Hash)>`

Get one or many POA&M items in a system Returns system(s) containing POA&M items for matching parameters.

Parameters:

system_id (Integer) —

**System Id**: The unique system record identifier.
opts (Hash) (defaults to: {}) —

the optional parameters

Options Hash (opts):

:scheduled_completion_date_start (String) —

**Date Started**: Filter query by the scheduled completion start date (Unix date format).
:scheduled_completion_date_end (String) —

**Date Ended**: Filter query by the scheduled completion start date (Unix date format).
:control_acronyms (String) —

**Control Acronym**: Filter query by given system acronym (single value or comma separated).
:assessment_procedures (String) —

**Assessment Procedure**: Filter query by given Security Control Assessment Procedure (single value or comma separated).
:ccis (String) —

**CCI System**: Filter query by Control Correlation Identifiers (CCIs) (single value or comma separated).
:system_only (Boolean) —

**Systems Only**: Indicates that only system(s) information is retrieved. (default to true)

Returns:

(Array<(PoamResponseGetSystems, Integer, Hash)>) —

PoamResponseGetSystems data, response status code and response headers

# File 'lib/emass_client/api/poam_api.rb', line 197

def get_system_poams_with_http_info(system_id, opts = {})
  if @api_client.config.debugging
    @api_client.config.logger.debug 'Calling API: POAMApi.get_system_poams ...'
  end
  # verify the required parameter 'system_id' is set
  if @api_client.config.client_side_validation && system_id.nil?
    fail ArgumentError, "Missing the required parameter 'system_id' when calling POAMApi.get_system_poams"
  end
  # resource path
  local_var_path = '/api/systems/{systemId}/poams'.sub('{' + 'systemId' + '}', CGI.escape(system_id.to_s))

  # query parameters
  query_params = opts[:query_params] || {}
  query_params[:'scheduledCompletionDateStart'] = opts[:'scheduled_completion_date_start'] if !opts[:'scheduled_completion_date_start'].nil?
  query_params[:'scheduledCompletionDateEnd'] = opts[:'scheduled_completion_date_end'] if !opts[:'scheduled_completion_date_end'].nil?
  query_params[:'controlAcronyms'] = opts[:'control_acronyms'] if !opts[:'control_acronyms'].nil?
  query_params[:'assessmentProcedures'] = opts[:'assessment_procedures'] if !opts[:'assessment_procedures'].nil?
  query_params[:'ccis'] = opts[:'ccis'] if !opts[:'ccis'].nil?
  query_params[:'systemOnly'] = opts[:'system_only'] if !opts[:'system_only'].nil?

  # header parameters
  header_params = opts[:header_params] || {}
  # HTTP header 'Accept' (if needed)
  header_params['Accept'] = @api_client.select_header_accept(['application/json']) unless header_params['Accept']

  # form parameters
  form_params = opts[:form_params] || {}

  # http body (model)
  post_body = opts[:debug_body]

  # return_type
  return_type = opts[:debug_return_type] || 'PoamResponseGetSystems'

  # auth_names
  auth_names = opts[:debug_auth_names] || ['apiKey', 'mockType', 'userId']

  new_options = opts.merge(
    :operation => :"POAMApi.get_system_poams",
    :header_params => header_params,
    :query_params => query_params,
    :form_params => form_params,
    :body => post_body,
    :auth_names => auth_names,
    :return_type => return_type
  )

  data, status_code, headers = @api_client.call_api(:GET, local_var_path, new_options)
  if @api_client.config.debugging
    @api_client.config.logger.debug "API called: POAMApi#get_system_poams\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
  end
  return data, status_code, headers
end

#update_poam_by_system_id(system_id, poam_ids, opts = {}) ⇒ `PoamResponsePostPutDelete`

Update one or many POA&M items in a system Update a POA&M for given systemId
**Request Body Required Fields** <table> <thead> <tr><th>Field</th><th>Require/Condition</th></tr> </thead> <tbody> <tr><td>poamId</td><td>Always (every PUT)</td></tr> <tr><td>displayPoamId</td><td>Always (every PUT)</td></tr> <tr><td>status</td><td>Always (every PUT)</td></tr> <tr><td>vulnerabilityDescription</td><td>Always (every PUT)</td></tr> <tr><td>sourceIdentifyingVulnerability</td><td>Always (every PUT)</td></tr> <tr><td>pocOrganization</td><td>Always (every PUT)</td></tr> <tr><td>resources</td><td>Always (every PUT)</td></tr> <tr><td>identifiedInCFOAuditOrOtherReview</td><td>Required for VA. Optional for Army and USCG.</td></tr> <tr><td>scheduledCompletionDate</td><td>Required for ongoing and completed POA&M items</td></tr> <tr><td>pocFirstName</td><td>Only if Last Name, Email, or Phone Number have data</td></tr> <tr><td>pocLastName</td><td>Only if First Name, Email, or Phone Number have data</td></tr> <tr><td>pocEmail</td><td>Only if First Name, Last Name, or Phone Number have data</td></tr> <tr><td>pocPhoneNumber</td><td>Only if First Name, Last Name, or Email have data</td></tr> <tr><td>completionDate</td><td>For completed POA&M Item only</td></tr> <tr><td>comments</td><td>For completed or Risk Accepted POA&M Items only</td></tr> </tbody> </table> NOTES: - Certain eMASS instances also require the Risk Analysis fields to be populated: - severity - relevanceOfThreat - likelihood - impact - residualRiskLevel - mitigations - To prevent uploading duplicate/undesired milestones through the POA&M PUT include an isActive field for the milestone and set it to equal to false ‘(isActive=false)`. </br> **Business Rules:** See business rules for the POST endpoint

Parameters:

system_id (Integer) —

**System Id**: The unique system record identifier.
poam_ids (Array<PoamIds>) —

Example request body for updating a POA&M for a system (systemId)
opts (Hash) (defaults to: {}) —

the optional parameters

Returns:

(PoamResponsePostPutDelete)

# File 'lib/emass_client/api/poam_api.rb', line 326

def update_poam_by_system_id(system_id, poam_ids, opts = {})
  data, _status_code, _headers = update_poam_by_system_id_with_http_info(system_id, poam_ids, opts)
  data
end

#update_poam_by_system_id_with_http_info(system_id, poam_ids, opts = {}) ⇒ `Array<(PoamResponsePostPutDelete, Integer, Hash)>`

Update one or many POA&M items in a system Update a POA&M for given `systemId`<br> **Request Body Required Fields** <table> <thead> <tr><th><b>Field</b></th><th><b>Require/Condition</b></th></tr> </thead> <tbody> <tr><td><code>poamId</code></td><td>Always (every PUT)</td></tr> <tr><td><code>displayPoamId</code></td><td>Always (every PUT)</td></tr> <tr><td><code>status</code></td><td>Always (every PUT)</td></tr> <tr><td><code>vulnerabilityDescription</code></td><td>Always (every PUT)</td></tr> <tr><td><code>sourceIdentifyingVulnerability</code></td><td>Always (every PUT)</td></tr> <tr><td><code>pocOrganization</code></td><td>Always (every PUT)</td></tr> <tr><td><code>resources</code></td><td>Always (every PUT)</td></tr> <tr><td><code>identifiedInCFOAuditOrOtherReview</code></td><td>Required for VA. Optional for Army and USCG.</td></tr> <tr><td><code>scheduledCompletionDate</code></td><td>Required for ongoing and completed POA&M items</td></tr> <tr><td><code>pocFirstName</code></td><td>Only if Last Name, Email, or Phone Number have data</td></tr> <tr><td><code>pocLastName</code></td><td>Only if First Name, Email, or Phone Number have data</td></tr> <tr><td><code>pocEmail</code></td><td>Only if First Name, Last Name, or Phone Number have data</td></tr> <tr><td><code>pocPhoneNumber</code></td><td>Only if First Name, Last Name, or Email have data</td></tr> <tr><td><code>completionDate</code></td><td>For completed POA&M Item only</td></tr> <tr><td><code>comments</code></td><td>For completed or Risk Accepted POA&M Items only</td></tr> </tbody> </table> NOTES: - Certain eMASS instances also require the Risk Analysis fields to be populated: - `severity` - `relevanceOfThreat` - `likelihood` - `impact` - `residualRiskLevel` - `mitigations` - To prevent uploading duplicate/undesired milestones through the POA&M PUT include an `isActive` field for the milestone and set it to equal to false `(isActive=false)`. </br> **Business Rules:** See business rules for the POST endpoint

Parameters:

system_id (Integer) —

**System Id**: The unique system record identifier.
poam_ids (Array<PoamIds>) —

Example request body for updating a POA&M for a system (systemId)
opts (Hash) (defaults to: {}) —

the optional parameters

Returns:

(Array<(PoamResponsePostPutDelete, Integer, Hash)>) —

PoamResponsePostPutDelete data, response status code and response headers

# File 'lib/emass_client/api/poam_api.rb', line 337

def update_poam_by_system_id_with_http_info(system_id, poam_ids, opts = {})
  if @api_client.config.debugging
    @api_client.config.logger.debug 'Calling API: POAMApi.update_poam_by_system_id ...'
  end
  # verify the required parameter 'system_id' is set
  if @api_client.config.client_side_validation && system_id.nil?
    fail ArgumentError, "Missing the required parameter 'system_id' when calling POAMApi.update_poam_by_system_id"
  end
  # verify the required parameter 'poam_ids' is set
  if @api_client.config.client_side_validation && poam_ids.nil?
    fail ArgumentError, "Missing the required parameter 'poam_ids' when calling POAMApi.update_poam_by_system_id"
  end
  # resource path
  local_var_path = '/api/systems/{systemId}/poams'.sub('{' + 'systemId' + '}', CGI.escape(system_id.to_s))

  # query parameters
  query_params = opts[:query_params] || {}

  # header parameters
  header_params = opts[:header_params] || {}
  # HTTP header 'Accept' (if needed)
  header_params['Accept'] = @api_client.select_header_accept(['application/json']) unless header_params['Accept']
  # HTTP header 'Content-Type'
  content_type = @api_client.select_header_content_type(['application/json'])
  if !content_type.nil?
      header_params['Content-Type'] = content_type
  end

  # form parameters
  form_params = opts[:form_params] || {}

  # http body (model)
  post_body = opts[:debug_body] || @api_client.object_to_http_body(poam_ids)

  # return_type
  return_type = opts[:debug_return_type] || 'PoamResponsePostPutDelete'

  # auth_names
  auth_names = opts[:debug_auth_names] || ['apiKey', 'mockType', 'userId']

  new_options = opts.merge(
    :operation => :"POAMApi.update_poam_by_system_id",
    :header_params => header_params,
    :query_params => query_params,
    :form_params => form_params,
    :body => post_body,
    :auth_names => auth_names,
    :return_type => return_type
  )

  data, status_code, headers = @api_client.call_api(:PUT, local_var_path, new_options)
  if @api_client.config.debugging
    @api_client.config.logger.debug "API called: POAMApi#update_poam_by_system_id\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
  end
  return data, status_code, headers
end

Class: EmassClient::POAMApi

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(api_client = ApiClient.default) ⇒ POAMApi

Instance Attribute Details

#api_client ⇒ Object

Instance Method Details

#add_poam_by_system_id(system_id, poam_required_fields, opts = {}) ⇒ PoamResponsePostPutDelete

#add_poam_by_system_id_with_http_info(system_id, poam_required_fields, opts = {}) ⇒ Array<(PoamResponsePostPutDelete, Integer, Hash)>

#delete_poam(system_id, poam_request_delete_body_inner, opts = {}) ⇒ PoamResponsePostPutDelete

#delete_poam_with_http_info(system_id, poam_request_delete_body_inner, opts = {}) ⇒ Array<(PoamResponsePostPutDelete, Integer, Hash)>

#get_system_poams(system_id, opts = {}) ⇒ PoamResponseGetSystems

#get_system_poams_by_poam_id(system_id, poam_id, opts = {}) ⇒ PoamResponseGetPoams

#get_system_poams_by_poam_id_with_http_info(system_id, poam_id, opts = {}) ⇒ Array<(PoamResponseGetPoams, Integer, Hash)>

#get_system_poams_with_http_info(system_id, opts = {}) ⇒ Array<(PoamResponseGetSystems, Integer, Hash)>

#update_poam_by_system_id(system_id, poam_ids, opts = {}) ⇒ PoamResponsePostPutDelete

#update_poam_by_system_id_with_http_info(system_id, poam_ids, opts = {}) ⇒ Array<(PoamResponsePostPutDelete, Integer, Hash)>

#initialize(api_client = ApiClient.default) ⇒ `POAMApi`

#api_client ⇒ `Object`

#add_poam_by_system_id(system_id, poam_required_fields, opts = {}) ⇒ `PoamResponsePostPutDelete`

#add_poam_by_system_id_with_http_info(system_id, poam_required_fields, opts = {}) ⇒ `Array<(PoamResponsePostPutDelete, Integer, Hash)>`

#delete_poam(system_id, poam_request_delete_body_inner, opts = {}) ⇒ `PoamResponsePostPutDelete`

#delete_poam_with_http_info(system_id, poam_request_delete_body_inner, opts = {}) ⇒ `Array<(PoamResponsePostPutDelete, Integer, Hash)>`

#get_system_poams(system_id, opts = {}) ⇒ `PoamResponseGetSystems`

#get_system_poams_by_poam_id(system_id, poam_id, opts = {}) ⇒ `PoamResponseGetPoams`

#get_system_poams_by_poam_id_with_http_info(system_id, poam_id, opts = {}) ⇒ `Array<(PoamResponseGetPoams, Integer, Hash)>`

#get_system_poams_with_http_info(system_id, opts = {}) ⇒ `Array<(PoamResponseGetSystems, Integer, Hash)>`

#update_poam_by_system_id(system_id, poam_ids, opts = {}) ⇒ `PoamResponsePostPutDelete`

#update_poam_by_system_id_with_http_info(system_id, poam_ids, opts = {}) ⇒ `Array<(PoamResponsePostPutDelete, Integer, Hash)>`