ibm_cloud_iam 1.0.1 → 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (493) hide show
  1. checksums.yaml +4 -4
  2. data/LICENSE.txt +202 -0
  3. data/README.md +548 -36
  4. data/docs/APIKeysApi.md +714 -0
  5. data/docs/AccessGroupCount.md +20 -0
  6. data/docs/AccountBasedMfaEnrollment.md +24 -0
  7. data/docs/AccountIdpSettings.md +32 -0
  8. data/docs/AccountLimitsApi.md +173 -0
  9. data/docs/AccountLoginSettings.md +18 -0
  10. data/docs/AccountSettingsApi.md +224 -0
  11. data/docs/AccountSettingsAssignedTemplatesSection.md +46 -0
  12. data/docs/AccountSettingsEffectiveSection.md +38 -0
  13. data/docs/AccountSettingsForIdPApi.md +489 -0
  14. data/docs/AccountSettingsMeta.md +24 -0
  15. data/docs/AccountSettingsRequest.md +40 -0
  16. data/docs/AccountSettingsResponse.md +48 -0
  17. data/docs/AccountSettingsTemplateApi.md +720 -0
  18. data/docs/AccountSettingsTemplateAssignmentsApi.md +376 -0
  19. data/docs/AccountSettingsTemplateList.md +30 -0
  20. data/docs/AccountSettingsTemplateRequest.md +24 -0
  21. data/docs/AccountSettingsTemplateResponse.md +44 -0
  22. data/docs/AccountSettingsUserDomainRestriction.md +22 -0
  23. data/docs/AccountSettingsUserMFAResponse.md +28 -0
  24. data/docs/ActionControls.md +22 -0
  25. data/docs/ActionControlsIdentities.md +20 -0
  26. data/docs/ActivitiesApi.md +149 -0
  27. data/docs/Activity.md +20 -0
  28. data/docs/AddAccountIdpSettingRequest.md +22 -0
  29. data/docs/ApiKey.md +44 -33
  30. data/docs/ApiKeyInsideCreateServiceIdRequest.md +18 -13
  31. data/docs/ApiKeyList.md +20 -19
  32. data/docs/ApikeyActivity.md +28 -0
  33. data/docs/ApikeyActivityServiceid.md +20 -0
  34. data/docs/ApikeyActivityUser.md +24 -0
  35. data/docs/AssignedTemplatesAccountSettings.md +40 -0
  36. data/docs/CommonAccountSettingsRequest.md +36 -0
  37. data/docs/CommonAccountSettingsResponse.md +34 -0
  38. data/docs/ConsumersResponse.md +20 -0
  39. data/docs/ConsumersResponseConsumersInner.md +20 -0
  40. data/docs/CreateApiKeyRequest.md +24 -17
  41. data/docs/CreateIdpRequest.md +30 -0
  42. data/docs/CreateIdpRequestProperties.md +20 -0
  43. data/docs/CreateIdpRequestPropertiesIdp.md +26 -0
  44. data/docs/CreateIdpRequestPropertiesSp.md +32 -0
  45. data/docs/CreateIdpRequestPropertiesSpAuthnContext.md +20 -0
  46. data/docs/CreateIdpRequestSecrets.md +20 -0
  47. data/docs/CreateIdpRequestSecretsIdp.md +22 -0
  48. data/docs/CreateIdpRequestSecretsIdpSigningInner.md +20 -0
  49. data/docs/CreateIdpRequestSecretsSp.md +18 -0
  50. data/docs/CreateIdpRequestSecretsSpSigningInner.md +24 -0
  51. data/docs/CreateProfileLinkRequest.md +24 -0
  52. data/docs/CreateProfileLinkRequestLink.md +26 -0
  53. data/docs/CreateServiceIdGroupRequest.md +22 -0
  54. data/docs/CreateServiceIdRequest.md +18 -15
  55. data/docs/CreateTemplateAssignmentRequest.md +24 -0
  56. data/docs/CreateTrustedProfileRequest.md +24 -0
  57. data/docs/EffectiveAccountSettingsResponse.md +26 -0
  58. data/docs/EnityHistoryRecord.md +18 -17
  59. data/docs/EntityActivity.md +22 -0
  60. data/docs/Error.md +14 -13
  61. data/docs/ExceptionResponse.md +14 -13
  62. data/docs/ExceptionResponseContext.md +30 -29
  63. data/docs/IDPManagementApi.md +692 -0
  64. data/docs/IdBasedMfaEnrollment.md +26 -0
  65. data/docs/IdentityCount.md +20 -0
  66. data/docs/IdentityLimitsUsageRequest.md +42 -0
  67. data/docs/IdentityLimitsUsageResponse.md +44 -0
  68. data/docs/IdentityLimitsUsageResponseApikeysPerIdentity.md +20 -0
  69. data/docs/IdentityLimitsUsageResponseClaimRulesPerGroup.md +20 -0
  70. data/docs/IdentityLimitsUsageResponseClaimRulesPerProfile.md +20 -0
  71. data/docs/IdentityLimitsUsageResponseServiceidsPerGroup.md +20 -0
  72. data/docs/IdentityLimitsUsageResponseTemplateVersionsPerTemplate.md +20 -0
  73. data/docs/IdentityPreferenceResponse.md +28 -0
  74. data/docs/IdentityPreferencesApi.md +304 -0
  75. data/docs/IdentityPreferencesResponse.md +18 -0
  76. data/docs/Idp.md +38 -0
  77. data/docs/LimitCount.md +20 -0
  78. data/docs/ListIdPSettings200Response.md +18 -0
  79. data/docs/ListIdps200Response.md +18 -0
  80. data/docs/MFAEnrollmentStatusApi.md +216 -0
  81. data/docs/MFARequirementsResponse.md +12 -11
  82. data/docs/MfaEnrollmentTypeStatus.md +20 -0
  83. data/docs/MfaOptions.md +15 -0
  84. data/docs/OidcExceptionResponse.md +16 -15
  85. data/docs/PolicyTemplateReference.md +20 -0
  86. data/docs/ProfileClaimRule.md +36 -0
  87. data/docs/ProfileClaimRuleConditions.md +22 -0
  88. data/docs/ProfileClaimRuleList.md +20 -0
  89. data/docs/ProfileClaimRuleRequest.md +30 -0
  90. data/docs/ProfileCount.md +20 -0
  91. data/docs/ProfileIdentitiesResponse.md +20 -0
  92. data/docs/ProfileIdentitiesUpdateRequest.md +18 -0
  93. data/docs/ProfileIdentityRequest.md +24 -0
  94. data/docs/ProfileIdentityResponse.md +26 -0
  95. data/docs/ProfileLink.md +32 -0
  96. data/docs/ProfileLinkLink.md +26 -0
  97. data/docs/ProfileLinkList.md +18 -0
  98. data/docs/Report.md +34 -0
  99. data/docs/ReportMfaEnrollmentStatus.md +28 -0
  100. data/docs/ReportReference.md +18 -0
  101. data/docs/ResponseContext.md +28 -27
  102. data/docs/RetrictActions.md +15 -0
  103. data/docs/SamlMetadataImportResponse.md +42 -0
  104. data/docs/ServiceIDGroupsApi.md +347 -0
  105. data/docs/ServiceIDsApi.md +515 -0
  106. data/docs/ServiceId.md +38 -33
  107. data/docs/ServiceIdGroup.md +34 -0
  108. data/docs/ServiceIdGroupCount.md +20 -0
  109. data/docs/ServiceIdGroupList.md +18 -0
  110. data/docs/ServiceIdList.md +20 -19
  111. data/docs/ShareScope.md +20 -0
  112. data/docs/TemplateAccountSettings.md +40 -0
  113. data/docs/TemplateAccountSettingsAllOfRestrictUserDomains.md +20 -0
  114. data/docs/TemplateAssignmentListResponse.md +30 -0
  115. data/docs/TemplateAssignmentResource.md +18 -0
  116. data/docs/TemplateAssignmentResourceError.md +24 -0
  117. data/docs/TemplateAssignmentResponse.md +48 -0
  118. data/docs/TemplateAssignmentResponseResource.md +24 -0
  119. data/docs/TemplateAssignmentResponseResourceDetail.md +26 -0
  120. data/docs/TemplateCount.md +20 -0
  121. data/docs/TemplateProfileComponentRequest.md +26 -0
  122. data/docs/TemplateProfileComponentResponse.md +26 -0
  123. data/docs/TestResult.md +28 -0
  124. data/docs/TestResultStepsInner.md +24 -0
  125. data/docs/TestTriggerResponse.md +20 -0
  126. data/docs/TokenResponse.md +18 -17
  127. data/docs/TokenRetrievalApi.md +461 -0
  128. data/docs/TrustedProfile.md +50 -0
  129. data/docs/TrustedProfileTemplateApi.md +720 -0
  130. data/docs/TrustedProfileTemplateAssignmentsApi.md +376 -0
  131. data/docs/TrustedProfileTemplateClaimRule.md +26 -0
  132. data/docs/TrustedProfileTemplateList.md +30 -0
  133. data/docs/TrustedProfileTemplateRequest.md +28 -0
  134. data/docs/TrustedProfileTemplateResponse.md +48 -0
  135. data/docs/TrustedProfilesApi.md +1414 -0
  136. data/docs/TrustedProfilesList.md +30 -0
  137. data/docs/UpdateAccountIdpSettingRequest.md +22 -0
  138. data/docs/UpdateAccountLoginSettings.md +18 -0
  139. data/docs/UpdateApiKeyRequest.md +16 -9
  140. data/docs/UpdateIdPRequest.md +28 -0
  141. data/docs/UpdateIdPRequestProperties.md +20 -0
  142. data/docs/UpdateIdPRequestPropertiesIdp.md +24 -0
  143. data/docs/UpdateIdPRequestSecrets.md +20 -0
  144. data/docs/UpdateIdPRequestSecretsIdp.md +20 -0
  145. data/docs/UpdatePreferenceRequest.md +20 -0
  146. data/docs/UpdateServiceIdGroupRequest.md +20 -0
  147. data/docs/UpdateServiceIdRequest.md +12 -11
  148. data/docs/UpdateTemplateAssignmentRequest.md +18 -0
  149. data/docs/UpdateTrustedProfileRequest.md +22 -0
  150. data/docs/UserActivity.md +26 -0
  151. data/docs/UserMFAResolved.md +24 -0
  152. data/docs/UserMfa.md +20 -0
  153. data/docs/UserMfaEnrollments.md +24 -0
  154. data/docs/UserReportMfaEnrollmentStatus.md +30 -0
  155. data/docs/UserVisbilityRetrictActions.md +15 -0
  156. data/docs/UserVisbilityRetrictActionsForTemplate.md +15 -0
  157. data/git_push.sh +3 -4
  158. data/ibm_cloud_iam.gemspec +6 -5
  159. data/lib/ibm_cloud_iam/api/account_limits_api.rb +208 -0
  160. data/lib/ibm_cloud_iam/api/account_settings_api.rb +262 -0
  161. data/lib/ibm_cloud_iam/api/account_settings_for_id_p_api.rb +571 -0
  162. data/lib/ibm_cloud_iam/api/account_settings_template_api.rb +823 -0
  163. data/lib/ibm_cloud_iam/api/account_settings_template_assignments_api.rb +422 -0
  164. data/lib/ibm_cloud_iam/api/activities_api.rb +174 -0
  165. data/lib/ibm_cloud_iam/api/api_keys_api.rb +786 -0
  166. data/lib/ibm_cloud_iam/api/identity_preferences_api.rb +357 -0
  167. data/lib/ibm_cloud_iam/api/idp_management_api.rb +744 -0
  168. data/lib/ibm_cloud_iam/api/mfa_enrollment_status_api.rb +248 -0
  169. data/lib/ibm_cloud_iam/api/service_id_groups_api.rb +392 -0
  170. data/lib/ibm_cloud_iam/api/service_ids_api.rb +575 -0
  171. data/lib/ibm_cloud_iam/api/token_retrieval_api.rb +557 -0
  172. data/lib/ibm_cloud_iam/api/trusted_profile_template_api.rb +823 -0
  173. data/lib/ibm_cloud_iam/api/trusted_profile_template_assignments_api.rb +422 -0
  174. data/lib/ibm_cloud_iam/api/trusted_profiles_api.rb +1630 -0
  175. data/lib/ibm_cloud_iam/api_client.rb +74 -65
  176. data/lib/ibm_cloud_iam/api_error.rb +4 -3
  177. data/lib/ibm_cloud_iam/api_model_base.rb +88 -0
  178. data/lib/ibm_cloud_iam/configuration.rb +75 -15
  179. data/lib/ibm_cloud_iam/models/access_group_count.rb +159 -0
  180. data/lib/ibm_cloud_iam/models/account_based_mfa_enrollment.rb +243 -0
  181. data/lib/ibm_cloud_iam/models/account_idp_settings.rb +244 -0
  182. data/lib/ibm_cloud_iam/models/account_login_settings.rb +147 -0
  183. data/lib/ibm_cloud_iam/models/account_settings_assigned_templates_section.rb +377 -0
  184. data/lib/ibm_cloud_iam/models/account_settings_effective_section.rb +282 -0
  185. data/lib/ibm_cloud_iam/models/account_settings_meta.rb +179 -0
  186. data/lib/ibm_cloud_iam/models/account_settings_request.rb +301 -0
  187. data/lib/ibm_cloud_iam/models/account_settings_response.rb +567 -0
  188. data/lib/ibm_cloud_iam/models/account_settings_template_list.rb +256 -0
  189. data/lib/ibm_cloud_iam/models/account_settings_template_request.rb +178 -0
  190. data/lib/ibm_cloud_iam/models/account_settings_template_response.rb +416 -0
  191. data/lib/ibm_cloud_iam/models/account_settings_user_domain_restriction.rb +188 -0
  192. data/lib/ibm_cloud_iam/models/account_settings_user_mfa_response.rb +261 -0
  193. data/lib/ibm_cloud_iam/models/action_controls.rb +199 -0
  194. data/lib/ibm_cloud_iam/models/action_controls_identities.rb +190 -0
  195. data/lib/ibm_cloud_iam/models/activity.rb +175 -0
  196. data/lib/ibm_cloud_iam/models/add_account_idp_setting_request.rb +243 -0
  197. data/lib/ibm_cloud_iam/models/api_key.rb +188 -104
  198. data/lib/ibm_cloud_iam/models/api_key_inside_create_service_id_request.rb +70 -99
  199. data/lib/ibm_cloud_iam/models/api_key_list.rb +46 -95
  200. data/lib/ibm_cloud_iam/models/apikey_activity.rb +231 -0
  201. data/lib/ibm_cloud_iam/models/apikey_activity_serviceid.rb +159 -0
  202. data/lib/ibm_cloud_iam/models/apikey_activity_user.rb +179 -0
  203. data/lib/ibm_cloud_iam/models/assigned_templates_account_settings.rb +296 -0
  204. data/lib/ibm_cloud_iam/models/common_account_settings_request.rb +272 -0
  205. data/lib/ibm_cloud_iam/models/common_account_settings_response.rb +260 -0
  206. data/lib/ibm_cloud_iam/models/consumers_response.rb +158 -0
  207. data/lib/ibm_cloud_iam/models/consumers_response_consumers_inner.rb +158 -0
  208. data/lib/ibm_cloud_iam/models/create_api_key_request.rb +92 -99
  209. data/lib/ibm_cloud_iam/models/create_idp_request.rb +283 -0
  210. data/lib/ibm_cloud_iam/models/create_idp_request_properties.rb +157 -0
  211. data/lib/ibm_cloud_iam/models/create_idp_request_properties_idp.rb +189 -0
  212. data/lib/ibm_cloud_iam/models/create_idp_request_properties_sp.rb +222 -0
  213. data/lib/ibm_cloud_iam/models/create_idp_request_properties_sp_authn_context.rb +163 -0
  214. data/lib/ibm_cloud_iam/models/create_idp_request_secrets.rb +157 -0
  215. data/lib/ibm_cloud_iam/models/create_idp_request_secrets_idp.rb +173 -0
  216. data/lib/ibm_cloud_iam/models/create_idp_request_secrets_idp_signing_inner.rb +192 -0
  217. data/lib/ibm_cloud_iam/models/create_idp_request_secrets_sp.rb +151 -0
  218. data/lib/ibm_cloud_iam/models/create_idp_request_secrets_sp_signing_inner.rb +212 -0
  219. data/lib/ibm_cloud_iam/models/create_profile_link_request.rb +211 -0
  220. data/lib/ibm_cloud_iam/models/create_profile_link_request_link.rb +206 -0
  221. data/lib/ibm_cloud_iam/models/create_service_id_group_request.rb +203 -0
  222. data/lib/ibm_cloud_iam/models/create_service_id_request.rb +68 -95
  223. data/lib/ibm_cloud_iam/models/create_template_assignment_request.rb +280 -0
  224. data/lib/ibm_cloud_iam/models/create_trusted_profile_request.rb +213 -0
  225. data/lib/ibm_cloud_iam/models/effective_account_settings_response.rb +239 -0
  226. data/lib/ibm_cloud_iam/models/enity_history_record.rb +112 -101
  227. data/lib/ibm_cloud_iam/models/entity_activity.rb +185 -0
  228. data/lib/ibm_cloud_iam/models/error.rb +69 -94
  229. data/lib/ibm_cloud_iam/models/exception_response.rb +57 -94
  230. data/lib/ibm_cloud_iam/models/exception_response_context.rb +33 -94
  231. data/lib/ibm_cloud_iam/models/id_based_mfa_enrollment.rb +270 -0
  232. data/lib/ibm_cloud_iam/models/identity_count.rb +159 -0
  233. data/lib/ibm_cloud_iam/models/identity_limits_usage_request.rb +283 -0
  234. data/lib/ibm_cloud_iam/models/identity_limits_usage_response.rb +265 -0
  235. data/lib/ibm_cloud_iam/models/identity_limits_usage_response_apikeys_per_identity.rb +178 -0
  236. data/lib/ibm_cloud_iam/models/identity_limits_usage_response_claim_rules_per_group.rb +178 -0
  237. data/lib/ibm_cloud_iam/models/identity_limits_usage_response_claim_rules_per_profile.rb +178 -0
  238. data/lib/ibm_cloud_iam/models/identity_limits_usage_response_serviceids_per_group.rb +178 -0
  239. data/lib/ibm_cloud_iam/models/identity_limits_usage_response_template_versions_per_template.rb +178 -0
  240. data/lib/ibm_cloud_iam/models/identity_preference_response.rb +200 -0
  241. data/lib/ibm_cloud_iam/models/identity_preferences_response.rb +167 -0
  242. data/lib/ibm_cloud_iam/models/idp.rb +239 -0
  243. data/lib/ibm_cloud_iam/models/limit_count.rb +176 -0
  244. data/lib/ibm_cloud_iam/models/list_id_p_settings200_response.rb +149 -0
  245. data/lib/ibm_cloud_iam/models/list_idps200_response.rb +149 -0
  246. data/lib/ibm_cloud_iam/models/mfa_enrollment_type_status.rb +192 -0
  247. data/lib/ibm_cloud_iam/models/mfa_options.rb +45 -0
  248. data/lib/ibm_cloud_iam/models/mfa_requirements_response.rb +69 -94
  249. data/lib/ibm_cloud_iam/models/oidc_exception_response.rb +57 -94
  250. data/lib/ibm_cloud_iam/models/policy_template_reference.rb +193 -0
  251. data/lib/ibm_cloud_iam/models/profile_claim_rule.rb +342 -0
  252. data/lib/ibm_cloud_iam/models/profile_claim_rule_conditions.rb +219 -0
  253. data/lib/ibm_cloud_iam/models/profile_claim_rule_list.rb +176 -0
  254. data/lib/ibm_cloud_iam/models/profile_claim_rule_request.rb +243 -0
  255. data/lib/ibm_cloud_iam/models/profile_count.rb +159 -0
  256. data/lib/ibm_cloud_iam/models/profile_identities_response.rb +160 -0
  257. data/lib/ibm_cloud_iam/models/profile_identities_update_request.rb +150 -0
  258. data/lib/ibm_cloud_iam/models/profile_identity_request.rb +238 -0
  259. data/lib/ibm_cloud_iam/models/profile_identity_response.rb +265 -0
  260. data/lib/ibm_cloud_iam/models/profile_link.rb +320 -0
  261. data/lib/ibm_cloud_iam/models/profile_link_link.rb +188 -0
  262. data/lib/ibm_cloud_iam/models/profile_link_list.rb +167 -0
  263. data/lib/ibm_cloud_iam/models/report.rb +321 -0
  264. data/lib/ibm_cloud_iam/models/report_mfa_enrollment_status.rb +268 -0
  265. data/lib/ibm_cloud_iam/models/report_reference.rb +165 -0
  266. data/lib/ibm_cloud_iam/models/response_context.rb +33 -94
  267. data/lib/ibm_cloud_iam/models/retrict_actions.rb +41 -0
  268. data/lib/ibm_cloud_iam/models/saml_metadata_import_response.rb +494 -0
  269. data/lib/ibm_cloud_iam/models/service_id.rb +184 -108
  270. data/lib/ibm_cloud_iam/models/service_id_group.rb +313 -0
  271. data/lib/ibm_cloud_iam/models/service_id_group_count.rb +159 -0
  272. data/lib/ibm_cloud_iam/models/service_id_group_list.rb +167 -0
  273. data/lib/ibm_cloud_iam/models/service_id_list.rb +47 -96
  274. data/lib/ibm_cloud_iam/models/share_scope.rb +190 -0
  275. data/lib/ibm_cloud_iam/models/template_account_settings.rb +296 -0
  276. data/lib/ibm_cloud_iam/models/template_account_settings_all_of_restrict_user_domains.rb +159 -0
  277. data/lib/ibm_cloud_iam/models/template_assignment_list_response.rb +227 -0
  278. data/lib/ibm_cloud_iam/models/template_assignment_resource.rb +149 -0
  279. data/lib/ibm_cloud_iam/models/template_assignment_resource_error.rb +179 -0
  280. data/lib/ibm_cloud_iam/models/template_assignment_response.rb +506 -0
  281. data/lib/ibm_cloud_iam/models/template_assignment_response_resource.rb +196 -0
  282. data/lib/ibm_cloud_iam/models/template_assignment_response_resource_detail.rb +203 -0
  283. data/lib/ibm_cloud_iam/models/template_count.rb +159 -0
  284. data/lib/ibm_cloud_iam/models/template_profile_component_request.rb +210 -0
  285. data/lib/ibm_cloud_iam/models/template_profile_component_response.rb +210 -0
  286. data/lib/ibm_cloud_iam/models/test_result.rb +194 -0
  287. data/lib/ibm_cloud_iam/models/test_result_steps_inner.rb +174 -0
  288. data/lib/ibm_cloud_iam/models/test_trigger_response.rb +156 -0
  289. data/lib/ibm_cloud_iam/models/token_response.rb +33 -94
  290. data/lib/ibm_cloud_iam/models/trusted_profile.rb +411 -0
  291. data/lib/ibm_cloud_iam/models/trusted_profile_template_claim_rule.rb +248 -0
  292. data/lib/ibm_cloud_iam/models/trusted_profile_template_list.rb +256 -0
  293. data/lib/ibm_cloud_iam/models/trusted_profile_template_request.rb +199 -0
  294. data/lib/ibm_cloud_iam/models/trusted_profile_template_response.rb +369 -0
  295. data/lib/ibm_cloud_iam/models/trusted_profiles_list.rb +227 -0
  296. data/lib/ibm_cloud_iam/models/update_account_idp_setting_request.rb +202 -0
  297. data/lib/ibm_cloud_iam/models/update_account_login_settings.rb +148 -0
  298. data/lib/ibm_cloud_iam/models/update_api_key_request.rb +68 -99
  299. data/lib/ibm_cloud_iam/models/update_id_p_request.rb +198 -0
  300. data/lib/ibm_cloud_iam/models/update_id_p_request_properties.rb +157 -0
  301. data/lib/ibm_cloud_iam/models/update_id_p_request_properties_idp.rb +179 -0
  302. data/lib/ibm_cloud_iam/models/update_id_p_request_secrets.rb +157 -0
  303. data/lib/ibm_cloud_iam/models/update_id_p_request_secrets_idp.rb +163 -0
  304. data/lib/ibm_cloud_iam/models/update_preference_request.rb +161 -0
  305. data/lib/ibm_cloud_iam/models/update_service_id_group_request.rb +176 -0
  306. data/lib/ibm_cloud_iam/models/update_service_id_request.rb +34 -95
  307. data/lib/ibm_cloud_iam/models/update_template_assignment_request.rb +175 -0
  308. data/lib/ibm_cloud_iam/models/update_trusted_profile_request.rb +169 -0
  309. data/lib/ibm_cloud_iam/models/user_activity.rb +222 -0
  310. data/lib/ibm_cloud_iam/models/user_mfa.rb +179 -0
  311. data/lib/ibm_cloud_iam/models/user_mfa_enrollments.rb +193 -0
  312. data/lib/ibm_cloud_iam/models/user_mfa_resolved.rb +178 -0
  313. data/lib/ibm_cloud_iam/models/user_report_mfa_enrollment_status.rb +291 -0
  314. data/lib/ibm_cloud_iam/models/user_visbility_retrict_actions.rb +40 -0
  315. data/lib/ibm_cloud_iam/models/user_visbility_retrict_actions_for_template.rb +41 -0
  316. data/lib/ibm_cloud_iam/version.rb +4 -4
  317. data/lib/ibm_cloud_iam.rb +140 -9
  318. data/spec/api/account_limits_api_spec.rb +75 -0
  319. data/spec/api/account_settings_api_spec.rb +80 -0
  320. data/spec/api/account_settings_for_id_p_api_spec.rb +132 -0
  321. data/spec/api/account_settings_template_api_spec.rb +184 -0
  322. data/spec/api/account_settings_template_assignments_api_spec.rb +112 -0
  323. data/spec/api/activities_api_spec.rb +64 -0
  324. data/spec/api/api_keys_api_spec.rb +182 -0
  325. data/spec/api/identity_preferences_api_spec.rb +98 -0
  326. data/spec/api/idp_management_api_spec.rb +166 -0
  327. data/spec/api/mfa_enrollment_status_api_spec.rb +77 -0
  328. data/spec/api/service_id_groups_api_spec.rb +102 -0
  329. data/spec/api/service_ids_api_spec.rb +143 -0
  330. data/spec/api/token_retrieval_api_spec.rb +134 -0
  331. data/spec/api/trusted_profile_template_api_spec.rb +184 -0
  332. data/spec/api/trusted_profile_template_assignments_api_spec.rb +112 -0
  333. data/spec/api/trusted_profiles_api_spec.rb +328 -0
  334. data/spec/models/access_group_count_spec.rb +42 -0
  335. data/spec/models/account_based_mfa_enrollment_spec.rb +54 -0
  336. data/spec/models/account_idp_settings_spec.rb +82 -0
  337. data/spec/models/account_login_settings_spec.rb +36 -0
  338. data/spec/models/account_settings_assigned_templates_section_spec.rb +120 -0
  339. data/spec/models/account_settings_effective_section_spec.rb +96 -0
  340. data/spec/models/account_settings_meta_spec.rb +54 -0
  341. data/spec/models/account_settings_request_spec.rb +102 -0
  342. data/spec/models/account_settings_response_spec.rb +126 -0
  343. data/spec/models/account_settings_template_list_spec.rb +72 -0
  344. data/spec/models/account_settings_template_request_spec.rb +54 -0
  345. data/spec/models/account_settings_template_response_spec.rb +114 -0
  346. data/spec/models/account_settings_user_domain_restriction_spec.rb +48 -0
  347. data/spec/models/account_settings_user_mfa_response_spec.rb +66 -0
  348. data/spec/models/action_controls_identities_spec.rb +42 -0
  349. data/spec/models/action_controls_spec.rb +48 -0
  350. data/spec/models/activity_spec.rb +42 -0
  351. data/spec/models/add_account_idp_setting_request_spec.rb +52 -0
  352. data/spec/models/api_key_inside_create_service_id_request_spec.rb +24 -17
  353. data/spec/models/api_key_list_spec.rb +15 -20
  354. data/spec/models/api_key_spec.rb +52 -27
  355. data/spec/models/apikey_activity_serviceid_spec.rb +42 -0
  356. data/spec/models/apikey_activity_spec.rb +66 -0
  357. data/spec/models/apikey_activity_user_spec.rb +54 -0
  358. data/spec/models/assigned_templates_account_settings_spec.rb +102 -0
  359. data/spec/models/common_account_settings_request_spec.rb +90 -0
  360. data/spec/models/common_account_settings_response_spec.rb +84 -0
  361. data/spec/models/consumers_response_consumers_inner_spec.rb +42 -0
  362. data/spec/models/consumers_response_spec.rb +42 -0
  363. data/spec/models/create_api_key_request_spec.rb +32 -19
  364. data/spec/models/create_idp_request_properties_idp_spec.rb +60 -0
  365. data/spec/models/create_idp_request_properties_sp_authn_context_spec.rb +42 -0
  366. data/spec/models/create_idp_request_properties_sp_spec.rb +78 -0
  367. data/spec/models/create_idp_request_properties_spec.rb +42 -0
  368. data/spec/models/create_idp_request_secrets_idp_signing_inner_spec.rb +46 -0
  369. data/spec/models/create_idp_request_secrets_idp_spec.rb +48 -0
  370. data/spec/models/create_idp_request_secrets_sp_signing_inner_spec.rb +58 -0
  371. data/spec/models/create_idp_request_secrets_sp_spec.rb +36 -0
  372. data/spec/models/create_idp_request_secrets_spec.rb +42 -0
  373. data/spec/models/create_idp_request_spec.rb +76 -0
  374. data/spec/models/create_profile_link_request_link_spec.rb +60 -0
  375. data/spec/models/create_profile_link_request_spec.rb +54 -0
  376. data/spec/models/create_service_id_group_request_spec.rb +48 -0
  377. data/spec/models/create_service_id_request_spec.rb +19 -18
  378. data/spec/models/create_template_assignment_request_spec.rb +58 -0
  379. data/spec/models/create_trusted_profile_request_spec.rb +54 -0
  380. data/spec/models/effective_account_settings_response_spec.rb +60 -0
  381. data/spec/models/enity_history_record_spec.rb +14 -19
  382. data/spec/models/entity_activity_spec.rb +48 -0
  383. data/spec/models/error_spec.rb +12 -17
  384. data/spec/models/exception_response_context_spec.rb +20 -25
  385. data/spec/models/exception_response_spec.rb +12 -17
  386. data/spec/models/id_based_mfa_enrollment_spec.rb +64 -0
  387. data/spec/models/identity_count_spec.rb +42 -0
  388. data/spec/models/identity_limits_usage_request_spec.rb +108 -0
  389. data/spec/models/identity_limits_usage_response_apikeys_per_identity_spec.rb +42 -0
  390. data/spec/models/identity_limits_usage_response_claim_rules_per_group_spec.rb +42 -0
  391. data/spec/models/identity_limits_usage_response_claim_rules_per_profile_spec.rb +42 -0
  392. data/spec/models/identity_limits_usage_response_serviceids_per_group_spec.rb +42 -0
  393. data/spec/models/identity_limits_usage_response_spec.rb +114 -0
  394. data/spec/models/identity_limits_usage_response_template_versions_per_template_spec.rb +42 -0
  395. data/spec/models/identity_preference_response_spec.rb +66 -0
  396. data/spec/models/identity_preferences_response_spec.rb +36 -0
  397. data/spec/models/idp_spec.rb +96 -0
  398. data/spec/models/limit_count_spec.rb +42 -0
  399. data/spec/models/list_id_p_settings200_response_spec.rb +36 -0
  400. data/spec/models/list_idps200_response_spec.rb +36 -0
  401. data/spec/models/mfa_enrollment_type_status_spec.rb +42 -0
  402. data/spec/models/mfa_options_spec.rb +30 -0
  403. data/spec/models/mfa_requirements_response_spec.rb +11 -16
  404. data/spec/models/oidc_exception_response_spec.rb +13 -18
  405. data/spec/models/policy_template_reference_spec.rb +42 -0
  406. data/spec/models/profile_claim_rule_conditions_spec.rb +48 -0
  407. data/spec/models/profile_claim_rule_list_spec.rb +42 -0
  408. data/spec/models/profile_claim_rule_request_spec.rb +72 -0
  409. data/spec/models/profile_claim_rule_spec.rb +90 -0
  410. data/spec/models/profile_count_spec.rb +42 -0
  411. data/spec/models/profile_identities_response_spec.rb +42 -0
  412. data/spec/models/profile_identities_update_request_spec.rb +36 -0
  413. data/spec/models/profile_identity_request_spec.rb +58 -0
  414. data/spec/models/profile_identity_response_spec.rb +64 -0
  415. data/spec/models/profile_link_link_spec.rb +60 -0
  416. data/spec/models/profile_link_list_spec.rb +36 -0
  417. data/spec/models/profile_link_spec.rb +78 -0
  418. data/spec/models/report_mfa_enrollment_status_spec.rb +66 -0
  419. data/spec/models/report_reference_spec.rb +36 -0
  420. data/spec/models/report_spec.rb +84 -0
  421. data/spec/models/response_context_spec.rb +19 -24
  422. data/spec/models/retrict_actions_spec.rb +30 -0
  423. data/spec/models/saml_metadata_import_response_spec.rb +112 -0
  424. data/spec/models/service_id_group_count_spec.rb +42 -0
  425. data/spec/models/service_id_group_list_spec.rb +36 -0
  426. data/spec/models/service_id_group_spec.rb +84 -0
  427. data/spec/models/service_id_list_spec.rb +15 -20
  428. data/spec/models/service_id_spec.rb +34 -27
  429. data/spec/models/share_scope_spec.rb +46 -0
  430. data/spec/models/template_account_settings_all_of_restrict_user_domains_spec.rb +42 -0
  431. data/spec/models/template_account_settings_spec.rb +102 -0
  432. data/spec/models/template_assignment_list_response_spec.rb +72 -0
  433. data/spec/models/template_assignment_resource_error_spec.rb +54 -0
  434. data/spec/models/template_assignment_resource_spec.rb +36 -0
  435. data/spec/models/template_assignment_response_resource_detail_spec.rb +60 -0
  436. data/spec/models/template_assignment_response_resource_spec.rb +54 -0
  437. data/spec/models/template_assignment_response_spec.rb +126 -0
  438. data/spec/models/template_count_spec.rb +42 -0
  439. data/spec/models/template_profile_component_request_spec.rb +60 -0
  440. data/spec/models/template_profile_component_response_spec.rb +60 -0
  441. data/spec/models/test_result_spec.rb +66 -0
  442. data/spec/models/test_result_steps_inner_spec.rb +54 -0
  443. data/spec/models/test_trigger_response_spec.rb +42 -0
  444. data/spec/models/token_response_spec.rb +14 -19
  445. data/spec/models/trusted_profile_spec.rb +132 -0
  446. data/spec/models/trusted_profile_template_claim_rule_spec.rb +64 -0
  447. data/spec/models/trusted_profile_template_list_spec.rb +72 -0
  448. data/spec/models/trusted_profile_template_request_spec.rb +66 -0
  449. data/spec/models/trusted_profile_template_response_spec.rb +126 -0
  450. data/spec/models/trusted_profiles_list_spec.rb +72 -0
  451. data/spec/models/update_account_idp_setting_request_spec.rb +52 -0
  452. data/spec/models/update_account_login_settings_spec.rb +36 -0
  453. data/spec/models/update_api_key_request_spec.rb +28 -15
  454. data/spec/models/update_id_p_request_properties_idp_spec.rb +54 -0
  455. data/spec/models/update_id_p_request_properties_spec.rb +42 -0
  456. data/spec/models/update_id_p_request_secrets_idp_spec.rb +42 -0
  457. data/spec/models/update_id_p_request_secrets_spec.rb +42 -0
  458. data/spec/models/update_id_p_request_spec.rb +66 -0
  459. data/spec/models/update_preference_request_spec.rb +42 -0
  460. data/spec/models/update_service_id_group_request_spec.rb +42 -0
  461. data/spec/models/update_service_id_request_spec.rb +11 -16
  462. data/spec/models/update_template_assignment_request_spec.rb +36 -0
  463. data/spec/models/update_trusted_profile_request_spec.rb +48 -0
  464. data/spec/models/user_activity_spec.rb +60 -0
  465. data/spec/models/user_mfa_enrollments_spec.rb +54 -0
  466. data/spec/models/user_mfa_resolved_spec.rb +54 -0
  467. data/spec/models/user_mfa_spec.rb +42 -0
  468. data/spec/models/user_report_mfa_enrollment_status_spec.rb +72 -0
  469. data/spec/models/user_visbility_retrict_actions_for_template_spec.rb +30 -0
  470. data/spec/models/user_visbility_retrict_actions_spec.rb +30 -0
  471. data/spec/spec_helper.rb +3 -3
  472. metadata +550 -36
  473. data/docs/IdentityOperationsApi.md +0 -828
  474. data/docs/InlineObject.md +0 -19
  475. data/docs/InlineObject1.md +0 -23
  476. data/docs/InlineObject2.md +0 -21
  477. data/docs/InlineObject3.md +0 -25
  478. data/docs/TokenOperationsApi.md +0 -226
  479. data/ibm_cloud_iam-1.0.0.gem +0 -0
  480. data/lib/ibm_cloud_iam/api/identity_operations_api.rb +0 -1083
  481. data/lib/ibm_cloud_iam/api/token_operations_api.rb +0 -351
  482. data/lib/ibm_cloud_iam/models/inline_object.rb +0 -229
  483. data/lib/ibm_cloud_iam/models/inline_object1.rb +0 -254
  484. data/lib/ibm_cloud_iam/models/inline_object2.rb +0 -244
  485. data/lib/ibm_cloud_iam/models/inline_object3.rb +0 -269
  486. data/spec/api/identity_operations_api_spec.rb +0 -253
  487. data/spec/api/token_operations_api_spec.rb +0 -94
  488. data/spec/api_client_spec.rb +0 -226
  489. data/spec/configuration_spec.rb +0 -42
  490. data/spec/models/inline_object1_spec.rb +0 -59
  491. data/spec/models/inline_object2_spec.rb +0 -53
  492. data/spec/models/inline_object3_spec.rb +0 -65
  493. data/spec/models/inline_object_spec.rb +0 -47
@@ -0,0 +1,557 @@
1
+ =begin
2
+ #IAM Identity Services
3
+
4
+ #  ## Introduction The IAM Identity Service API is used to manage service IDs, API key identities, trusted profiles, account security settings and to create IAM access tokens for a user or service ID. With trusted profile templates and assignments you can centrally manage access for child accounts in your organization from the root enterprise account. Similarly with settings templates and assignments, you can centrally administer account security settings. For more information, see [Working with template versions](https://cloud.ibm.com/docs/secure-enterprise?topic=secure-enterprise-working-with-versions&interface=ui) and [Best practices for assigning access in an enterprise](https://cloud.ibm.com/docs/secure-enterprise?topic=secure-enterprise-access-enterprises). SDKs for Java, Node, Python, and Go are available to make it easier to programmatically access the API from your code. The client libraries that are provided by the SDKs implement best practices for using the API and reduce the amount of code that you need to write. The tab for each language includes code examples that demonstrate how to use the client libraries. For more information about using the SDKs, see the [IBM Cloud SDK Common project](https://github.com/IBM/ibm-cloud-sdk-common) on GitHub. Installing the Java SDK Maven ```xml <dependency> <groupId>com.ibm.cloud</groupId> <artifactId>iam-identity</artifactId> <version>{version}</version> </dependency> ``` Gradle ```bash compile 'com.ibm.cloud:iam-identity:{version}' ``` Replace `{version}` in these examples with the release version. View on GitHub [https://github.com/IBM/platform-services-java-sdk](https://github.com/IBM/platform-services-java-sdk) Installing the Go SDK Go modules (recommended): Add the following import in your code, and then run `go build` or `go mod tidy` ```go import ( \"github.com/IBM/platform-services-go-sdk/iamidentityv1\" ) ``` ```bash go get -u github.com/IBM/platform-services-go-sdk/iamidentityv1 ``` View on GitHub [https://github.com/IBM/platform-services-go-sdk](https://github.com/IBM/platform-services-go-sdk) Installing the Node SDK ```bash npm install @ibm-cloud/platform-services ``` View on GitHub [https://github.com/IBM/platform-services-node-sdk](https://github.com/IBM/platform-services-node-sdk) Installing the Python SDK ```bash pip install --upgrade \"ibm-platform-services\" ``` View on GitHub [https://github.com/IBM/platform-services-python-sdk](https://github.com/IBM/platform-services-python-sdk) The examples that are provided on this page demonstrate how to use IAM Identity Service For more information and detailed examples, check out the [IBM Cloud SDK Common project on GitHub](https://github.com/IBM/ibm-cloud-sdk-common/blob/master/README.md). The examples that are provided on this page demonstrate how to use IAM Identity Service For more information and detailed examples, check out the [IBM Cloud SDK Common project on GitHub](https://github.com/IBM/ibm-cloud-sdk-common/blob/master/README.md). The examples that are provided on this page demonstrate how to use IAM Identity Service For more information and detailed examples, check out the [IBM Cloud SDK Common project on GitHub](https://github.com/IBM/ibm-cloud-sdk-common/blob/master/README.md). The examples that are provided on this page demonstrate how to use IAM Identity Service For more information and detailed examples, check out the [IBM Cloud SDK Common project on GitHub](https://github.com/IBM/ibm-cloud-sdk-common/blob/master/README.md). ## Endpoint URLs The IAM Identity Services API uses the following public global endpoint URL. When you call the API, add the path for each method to form the complete API endpoint for your requests. ```bash https://iam.cloud.ibm.com ``` Virtual private cloud (VPC) based access requires a virtual private endpoint gateway (VPE gateway). For more information , see [Creating an endpoint gateway](https://cloud.ibm.com/docs/vpc?topic=vpc-ordering-endpoint-gateway). * Private endpoint URL for VPC infrastructure: `https://private.iam.cloud.ibm.com`. VPE gateway creation is supported in all datacenters (see https://cloud.ibm.com/docs/overview?topic=overview-locations#regions). If you enabled service endpoints in your account, you can send API requests over the IBM Cloud® private network at the following base endpoint URLs. For more information, see [Enabling VRF and service endpoints](https://cloud.ibm.com/docs/account?topic=account-vrf-service-endpoint). * Private endpoint URLs for classic infrastructure. Supported URLs: * Sydney: `https://private.au-syd.iam.cloud.ibm.com` * Sao Paulo: `https://private.br-sao.iam.cloud.ibm.com` * Montreal: `https://private.ca-mon.iam.cloud.ibm.com` * Toronto: `https://private.ca-tor.iam.cloud.ibm.com` * Frankfurt DC: `https://private.eu-de.iam.cloud.ibm.com` * London: `https://private.eu-gb.iam.cloud.ibm.com` * Madrid: `https://private.eu-es.iam.cloud.ibm.com` * Tokyo: `https://private.jp-tok.iam.cloud.ibm.com` * Osaka: `https://private.jp-osa.iam.cloud.ibm.com` * Washington DC: `https://private.us-east.iam.cloud.ibm.com` * Dallas: `https://private.us-south.iam.cloud.ibm.com` IAM is a global service and deployed to multiple MZRs world wide. IAM can be reached from all locations using the public global endpoint or using one of the private endpoints. Each request is sent to the closest region related to the client that invokes the call to IAM. Example API request ```bash curl -u \"apikey:{apikey}\" -X {request_method} \"https://iam.cloud.ibm.com/{method_endpoint}\" ``` Replace `{apikey}`, `{request_method}`, and `{method_endpoint}` in this example with the values for your particular API call. ## Authentication Authorization to the Identity Services REST API is enforced by using an IBM Cloud Identity and Access Management (IAM) access token. The token is used to determine the actions that a user or service ID has access to when they use the API. You can generate an access token by first [creating an API key](https://cloud.ibm.com/docs/account?topic=account-iamtoken_from_apikey) and then exchanging your API key for an IBM Cloud IAM token. Don't have an API key? Try running `ibmcloud iam oauth-tokens` in the [IBM Cloud Shell](https://cloud.ibm.com/shell) to quickly generate a personal access token. When you use the SDK, configure an IAM authenticator with the IAM API key. The authenticator automatically obtains the IAM access token for the API key and includes it with each request. You can construct an authenticator in either of two ways: - Programmatically by constructing an IAM authenticator instance and supplying your IAM API key - By defining the API key in external configuration properties and then using the SDK authenticator factory to construct an IAM authenticator that uses the configured IAM API key In this example of using external configuration properties, an IAM authenticator instance is created with the configured API key, and then the service client is constructed with this authenticator instance and the configured service URL. For more information, see the Authentication section of the [IBM Cloud SDK Common](https://github.com/IBM/ibm-cloud-sdk-common/blob/main/README.md) documentation. To call each method, you'll need to be assigned a role that includes the required IAM actions. Each method lists the associated action. For more information about IAM actions and how they map to roles, see [IAM Identity service](https://cloud.ibm.com/docs/account?topic=account-account-services#identity-service-account-management). To retrieve your access token: ```bash curl -X POST \\ \"https://iam.cloud.ibm.com/identity/token\" \\ --header 'Content-Type: application/x-www-form-urlencoded' \\ --header 'Accept: application/json' \\ --data-urlencode 'grant_type=urn:ibm:params:oauth:grant-type:apikey' \\ --data-urlencode 'apikey=<API_KEY>' ``` Replace `<API_KEY>` with your IAM API key. Setting client options through external configuration Example environment variables, where `<SERVICE_URL>` is the endpoint URL and `<API_KEY>` is your IAM API key ```sh export IAM_IDENTITY_URL=<SERVICE_URL> export IAM_IDENTITY_AUTHTYPE=iam export IAM_IDENTITY_APIKEY=<API_KEY> ``` Example of constructing the service client ```go import { \"github.com/IBM/platform-services-go-sdk/iamidentityv1\" } ... serviceClientOptions := &iamidentityv1.IamIdentityV1Options{} serviceClient, err := iamidentityv1.NewIamIdentityV1UsingExternalConfig(serviceClientOptions) ``` Setting client options through external configuration Example environment variables, where `<SERVICE_URL>` is the endpoint URL and `<API_KEY>` is your IAM API key ```sh export IAM_IDENTITY_URL=<SERVICE_URL> export IAM_IDENTITY_AUTHTYPE=iam export IAM_IDENTITY_APIKEY=<API_KEY> ``` Example of constructing the service client ```java import com.ibm.cloud.platform_services.iam_identity.v1.IamIdentity; ... IamIdentity serviceClient = IamIdentity.newInstance(); ``` Setting client options through external configuration Example environment variables, where `<SERVICE_URL>` is the endpoint URL and `<API_KEY>` is your IAM API key ```sh export IAM_IDENTITY_URL=<SERVICE_URL> export IAM_IDENTITY_AUTHTYPE=iam export IAM_IDENTITY_APIKEY=<API_KEY> ``` Example of constructing the service client ```javascript const IamIdentityV1 = require('@ibm-cloud/platform-services/iam-identity/v1'); ... const serviceClient = IamIdentityV1.newInstance({}); ``` Setting client options through external configuration Example environment variables, where `<SERVICE_URL>` is the endpoint URL and `<API_KEY>` is your IAM API key ```sh export IAM_IDENTITY_URL=<SERVICE_URL> export IAM_IDENTITY_AUTHTYPE=iam export IAM_IDENTITY_APIKEY=<API_KEY> ``` Example of constructing the service client ```python from ibm_platform_services import IamIdentityV1 ... service_client = IamIdentityV1.new_instance() ``` You authenticate to the API by using Cloud Identity and Access Management (IAM). You can pass either a bearer token in an authorization header or an [API key](https://cloud.ibm.com/docs/account?topic=account-manapikey). The SDK provides initialization methods for each form of authentication. - Use the API key to have the SDK manage the lifecycle of the access token. The SDK requests an access token, ensures that the access token is valid, includes the access token in each outgoing request, and refreshes it when it expires. - Use the access token to manage the lifecycle yourself. Keep in mind that access tokens are valid for 1 hour, so you must refresh them regularly to maintain access. For more information, see [IAM authentication with the SDK](https://github.com/IBM/ibm-cloud-sdk-common/blob/master/README.md#authentication). For more information, see [IAM authentication with the SDK](https://github.com/IBM/ibm-cloud-sdk-common/blob/master/README.md#authentication). For more information, see [IAM authentication with the SDK](https://github.com/IBM/ibm-cloud-sdk-common/blob/master/README.md#authentication). For more information, see [IAM authentication with the SDK](https://github.com/IBM/ibm-cloud-sdk-common/blob/master/README.md#authentication). ## Auditing You can monitor API activity within your account by using the IBM Cloud Logs service. Whenever an API method is called, an event is generated that you can then track and audit from within IBM Cloud Logs. The specific event type is listed for each individual method. If an event is tracked for a method, you can find it listed with the method. For more information about how to track IAM activity, see [Activity tracking events for IAM](https://cloud.ibm.com/docs/account?topic=account-at_events_iam). ## Error handling The IAM Token Service uses standard HTTP response codes to indicate whether a method completed successfully. A `200` response always indicates success. A `400` type response indicates that a parameter validation failed and can occur if required parameters are missing or if any parameter values are invalid. A `401` or `403` response indicates that the incoming request did not contain valid authentication information. A `500` type response indicates an internal server error that is seen in an unexpected error situation. The Identity Services REST APIs return standard HTTP status codes to indicate the success or failure of a request. The format of the response is represented in JSON as follows: ```json { \"trace\": \"9daee671-916a-4678-850b-10b911f0236d\", \"errors\": [ { \"code\": \"invalid_access_token\", \"message\": \"The provided access token provided is invalid.\" } ] \"status_code\": 401 } ``` If an operation cannot be fulfilled, an appropriate 400 or 500 series HTTP response is returned from the server. The operations that are defined in the `Reference` section describe example errors that might be returned from a failed request. All responses from the Identity Services REST API are in JSON format. The following table show the potential error codes the API might return. | HTTP Error Code | Description | Recovery | |-----------------|-------------|----------| | `200` | Success | The request was successful. | | `201` | Created | The resource was successfully created. | | `204` | No Content | The request was successful. No response body is provided. | | `400` | Bad Request | The input parameters in the request body are either incomplete or in the wrong format. Be sure to include all required parameters in your request. | | `401` | Unauthorized | You are not authorized to make this request. The token is either missing or expired. Get a new valid token and try again. | | `403` | Forbidden | The supplied authentication is not authorized to perform the operation. If this error persists, contact the account owner to check your permissions. | | `404` | Not Found | The requested resource can't be found. | | `409` | Conflict | The entity is already in the requested state. | | `429` | Too Many Requests | Too many requests have been made within a time window. Wait before calling the API again. | | `500` | Internal error | Error that is seen in an unexpected error situation. | ## Additional headers Some additional headers might be required to make successful requests to the API. Those additional headers are: An optional transaction ID can be passed to your request, which can be useful for tracking calls through multiple services using one identifier. The header key must be set to `Transaction-Id` and the value is anything that you choose. If there is not a transaction ID that is passed in, then one is generated randomly. ## API Parameters Some API parameter have additional details that need to be considered while using it in a request. Those API parameters are as follow: ### Filtering list results When listing service IDs, trusted profiles or API keys you can filter the result set by providing an optional `filter` parameter. The exact syntax of this parameter is described below. Query syntax will follow the SCIM query syntax with reduced operator support. The value must be URL encoded. Only the following operators are supported. * Supported attribute operators- - `sw` - starts with - `sw_ci` - starts with ingnore case - non SCIM standard - `ew` - ends with - `ew_ci` - ends with ingnore case - non SCIM standard - `co` - contains - `co_ci` - contains ingnore case - non SCIM standard * Supported operators- - `and` - `or` * Grouping operators- - `()` * Data Values -`Text` * Sample - `name co \"Foo\" and description sw \"Bar\"`
5
+
6
+ The version of the OpenAPI document: 1.0.0
7
+
8
+ Generated by: https://openapi-generator.tech
9
+ Generator version: 7.23.0
10
+
11
+ =end
12
+
13
+ require 'cgi'
14
+
15
+ module IbmCloudIam
16
+ class TokenRetrievalApi
17
+ attr_accessor :api_client
18
+
19
+ def initialize(api_client = ApiClient.default)
20
+ @api_client = api_client
21
+ end
22
+ # Create an IAM access token for a user or service ID using an API key
23
+ # Creates a non-opaque access token for an API key.
24
+ # @param grant_type [String] Grant type for this API call. You must set the grant type to &#x60;urn:ibm:params:oauth:grant-type:apikey&#x60;.
25
+ # @param apikey [String] The value of the api key.
26
+ # @param [Hash] opts the optional parameters
27
+ # @option opts [String] :ibm_cloud_tenant A comma separated list of enterprise ids and/or account ids. If present, an IAM token for the API key can only be created if the account id or enterprise id of the API key is contained in this header.
28
+ # @return [TokenResponse]
29
+ def get_token_api_key(grant_type, apikey, opts = {})
30
+ data, _status_code, _headers = get_token_api_key_with_http_info(grant_type, apikey, opts)
31
+ data
32
+ end
33
+
34
+ # Create an IAM access token for a user or service ID using an API key
35
+ # Creates a non-opaque access token for an API key.
36
+ # @param grant_type [String] Grant type for this API call. You must set the grant type to &#x60;urn:ibm:params:oauth:grant-type:apikey&#x60;.
37
+ # @param apikey [String] The value of the api key.
38
+ # @param [Hash] opts the optional parameters
39
+ # @option opts [String] :ibm_cloud_tenant A comma separated list of enterprise ids and/or account ids. If present, an IAM token for the API key can only be created if the account id or enterprise id of the API key is contained in this header.
40
+ # @return [Array<(TokenResponse, Integer, Hash)>] TokenResponse data, response status code and response headers
41
+ def get_token_api_key_with_http_info(grant_type, apikey, opts = {})
42
+ if @api_client.config.debugging
43
+ @api_client.config.logger.debug 'Calling API: TokenRetrievalApi.get_token_api_key ...'
44
+ end
45
+ # verify the required parameter 'grant_type' is set
46
+ if @api_client.config.client_side_validation && grant_type.nil?
47
+ fail ArgumentError, "Missing the required parameter 'grant_type' when calling TokenRetrievalApi.get_token_api_key"
48
+ end
49
+ # verify the required parameter 'apikey' is set
50
+ if @api_client.config.client_side_validation && apikey.nil?
51
+ fail ArgumentError, "Missing the required parameter 'apikey' when calling TokenRetrievalApi.get_token_api_key"
52
+ end
53
+ # resource path
54
+ local_var_path = '/identity/token#apikey'
55
+
56
+ # query parameters
57
+ query_params = opts[:query_params] || {}
58
+
59
+ # header parameters
60
+ header_params = opts[:header_params] || {}
61
+ # HTTP header 'Accept' (if needed)
62
+ header_params['Accept'] = @api_client.select_header_accept(['application/json']) unless header_params['Accept']
63
+ # HTTP header 'Content-Type'
64
+ content_type = @api_client.select_header_content_type(['application/x-www-form-urlencoded'])
65
+ if !content_type.nil?
66
+ header_params['Content-Type'] = content_type
67
+ end
68
+ header_params[:'ibm-cloud-tenant'] = opts[:'ibm_cloud_tenant'] if !opts[:'ibm_cloud_tenant'].nil?
69
+
70
+ # form parameters
71
+ form_params = opts[:form_params] || {}
72
+ form_params['grant_type'] = grant_type
73
+ form_params['apikey'] = apikey
74
+
75
+ # http body (model)
76
+ post_body = opts[:debug_body]
77
+
78
+ # return_type
79
+ return_type = opts[:debug_return_type] || 'TokenResponse'
80
+
81
+ # auth_names
82
+ auth_names = opts[:debug_auth_names] || []
83
+
84
+ new_options = opts.merge(
85
+ :operation => :"TokenRetrievalApi.get_token_api_key",
86
+ :header_params => header_params,
87
+ :query_params => query_params,
88
+ :form_params => form_params,
89
+ :body => post_body,
90
+ :auth_names => auth_names,
91
+ :return_type => return_type
92
+ )
93
+
94
+ data, status_code, headers = @api_client.call_api(:POST, local_var_path, new_options)
95
+ if @api_client.config.debugging
96
+ @api_client.config.logger.debug "API called: TokenRetrievalApi#get_token_api_key\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
97
+ end
98
+ return data, status_code, headers
99
+ end
100
+
101
+ # Create an IAM access token and delegated refresh token for a user or service ID
102
+ # Creates a non-opaque access token and a delegated refresh token for an API key.
103
+ # @param grant_type [String] Grant type for this API call. You must set the grant type to &#x60;urn:ibm:params:oauth:grant-type:apikey&#x60;.
104
+ # @param apikey [String] The value of the API key.
105
+ # @param response_type [String] Either &#39;delegated_refresh_token&#39; to receive a delegated refresh token only, or &#39;cloud_iam delegated_refresh_token&#39; to receive both an IAM access token and a delegated refresh token in one API call.
106
+ # @param receiver_client_ids [String] A comma separated list of one or more client IDs that will be able to consume the delegated refresh token. The service that accepts a delegated refresh token as API parameter must expose its client ID to allow this API call. The receiver of the delegated refresh token will be able to use the refresh token until it expires.
107
+ # @param [Hash] opts the optional parameters
108
+ # @option opts [String] :ibm_cloud_tenant A comma separated list of enterprise ids and/or account ids. If present, an IAM token for the API key can only be created if the account id or enterprise id of the API key is contained in this header.
109
+ # @option opts [Integer] :delegated_refresh_token_expiry Expiration in seconds until the delegated refresh token must be consumed by the receiver client IDs. After the expiration, no client ID can consume the delegated refresh token, even if the life time of the refresh token inside is still not expired. The default, if not specified, is 518,400 seconds which corresponds to 6 days.
110
+ # @return [TokenResponse]
111
+ def get_token_api_key_delegated_refresh_token(grant_type, apikey, response_type, receiver_client_ids, opts = {})
112
+ data, _status_code, _headers = get_token_api_key_delegated_refresh_token_with_http_info(grant_type, apikey, response_type, receiver_client_ids, opts)
113
+ data
114
+ end
115
+
116
+ # Create an IAM access token and delegated refresh token for a user or service ID
117
+ # Creates a non-opaque access token and a delegated refresh token for an API key.
118
+ # @param grant_type [String] Grant type for this API call. You must set the grant type to &#x60;urn:ibm:params:oauth:grant-type:apikey&#x60;.
119
+ # @param apikey [String] The value of the API key.
120
+ # @param response_type [String] Either &#39;delegated_refresh_token&#39; to receive a delegated refresh token only, or &#39;cloud_iam delegated_refresh_token&#39; to receive both an IAM access token and a delegated refresh token in one API call.
121
+ # @param receiver_client_ids [String] A comma separated list of one or more client IDs that will be able to consume the delegated refresh token. The service that accepts a delegated refresh token as API parameter must expose its client ID to allow this API call. The receiver of the delegated refresh token will be able to use the refresh token until it expires.
122
+ # @param [Hash] opts the optional parameters
123
+ # @option opts [String] :ibm_cloud_tenant A comma separated list of enterprise ids and/or account ids. If present, an IAM token for the API key can only be created if the account id or enterprise id of the API key is contained in this header.
124
+ # @option opts [Integer] :delegated_refresh_token_expiry Expiration in seconds until the delegated refresh token must be consumed by the receiver client IDs. After the expiration, no client ID can consume the delegated refresh token, even if the life time of the refresh token inside is still not expired. The default, if not specified, is 518,400 seconds which corresponds to 6 days.
125
+ # @return [Array<(TokenResponse, Integer, Hash)>] TokenResponse data, response status code and response headers
126
+ def get_token_api_key_delegated_refresh_token_with_http_info(grant_type, apikey, response_type, receiver_client_ids, opts = {})
127
+ if @api_client.config.debugging
128
+ @api_client.config.logger.debug 'Calling API: TokenRetrievalApi.get_token_api_key_delegated_refresh_token ...'
129
+ end
130
+ # verify the required parameter 'grant_type' is set
131
+ if @api_client.config.client_side_validation && grant_type.nil?
132
+ fail ArgumentError, "Missing the required parameter 'grant_type' when calling TokenRetrievalApi.get_token_api_key_delegated_refresh_token"
133
+ end
134
+ # verify the required parameter 'apikey' is set
135
+ if @api_client.config.client_side_validation && apikey.nil?
136
+ fail ArgumentError, "Missing the required parameter 'apikey' when calling TokenRetrievalApi.get_token_api_key_delegated_refresh_token"
137
+ end
138
+ # verify the required parameter 'response_type' is set
139
+ if @api_client.config.client_side_validation && response_type.nil?
140
+ fail ArgumentError, "Missing the required parameter 'response_type' when calling TokenRetrievalApi.get_token_api_key_delegated_refresh_token"
141
+ end
142
+ # verify the required parameter 'receiver_client_ids' is set
143
+ if @api_client.config.client_side_validation && receiver_client_ids.nil?
144
+ fail ArgumentError, "Missing the required parameter 'receiver_client_ids' when calling TokenRetrievalApi.get_token_api_key_delegated_refresh_token"
145
+ end
146
+ # resource path
147
+ local_var_path = '/identity/token#apikey-delegated-refresh-token'
148
+
149
+ # query parameters
150
+ query_params = opts[:query_params] || {}
151
+
152
+ # header parameters
153
+ header_params = opts[:header_params] || {}
154
+ # HTTP header 'Accept' (if needed)
155
+ header_params['Accept'] = @api_client.select_header_accept(['application/json']) unless header_params['Accept']
156
+ # HTTP header 'Content-Type'
157
+ content_type = @api_client.select_header_content_type(['application/x-www-form-urlencoded'])
158
+ if !content_type.nil?
159
+ header_params['Content-Type'] = content_type
160
+ end
161
+ header_params[:'ibm-cloud-tenant'] = opts[:'ibm_cloud_tenant'] if !opts[:'ibm_cloud_tenant'].nil?
162
+
163
+ # form parameters
164
+ form_params = opts[:form_params] || {}
165
+ form_params['grant_type'] = grant_type
166
+ form_params['apikey'] = apikey
167
+ form_params['response_type'] = response_type
168
+ form_params['receiver_client_ids'] = receiver_client_ids
169
+ form_params['delegated_refresh_token_expiry'] = opts[:'delegated_refresh_token_expiry'] if !opts[:'delegated_refresh_token_expiry'].nil?
170
+
171
+ # http body (model)
172
+ post_body = opts[:debug_body]
173
+
174
+ # return_type
175
+ return_type = opts[:debug_return_type] || 'TokenResponse'
176
+
177
+ # auth_names
178
+ auth_names = opts[:debug_auth_names] || []
179
+
180
+ new_options = opts.merge(
181
+ :operation => :"TokenRetrievalApi.get_token_api_key_delegated_refresh_token",
182
+ :header_params => header_params,
183
+ :query_params => query_params,
184
+ :form_params => form_params,
185
+ :body => post_body,
186
+ :auth_names => auth_names,
187
+ :return_type => return_type
188
+ )
189
+
190
+ data, status_code, headers = @api_client.call_api(:POST, local_var_path, new_options)
191
+ if @api_client.config.debugging
192
+ @api_client.config.logger.debug "API called: TokenRetrievalApi#get_token_api_key_delegated_refresh_token\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
193
+ end
194
+ return data, status_code, headers
195
+ end
196
+
197
+ # Create an IAM access token for a Trusted Profile based on the provided entity. Provided entity can be a identity based token which can be a user token, service id token or a cookie.
198
+ # Creates a non-opaque access token for a profile.
199
+ # @param grant_type [String] Grant type for this API call. You must set the grant type to &#x60;urn:ibm:params:oauth:grant-type:assume&#x60;.
200
+ # @param [Hash] opts the optional parameters
201
+ # @option opts [String] :access_token Pass one of &#39;access_token&#39;, &#39;refresh_token&#39; or &#39;cookie&#39; to get a token for the profile. Provided access_token/refresh_token/iam_cookie need to be generated for the user or service id that has trust relationship with the profile. If the profile being assumed must satisfy an MFA requirement for the account, the access_token/refresh_token (...etc) used to assume the profile must meet the same requirement, using the same level MFA or higher.
202
+ # @option opts [String] :refresh_token see &#39;access_token&#39;
203
+ # @option opts [String] :cookie see &#39;access_token&#39;
204
+ # @option opts [String] :profile_id Pass one of &#39;profile_id&#39;, &#39;profile_crn&#39; or &#39;profile_name&#39; and &#39;account&#39; to select which profile should be used for this IAM token. If you pass a &#39;profile_id&#39; or &#39;profile_crn&#39;, then the profile must exist in the same account. If you pass a &#39;profile_name&#39; then &#39;account&#39; need to be passed in the request where the profile is looked up based on the account.
205
+ # @option opts [String] :profile_name see &#39;profile_id&#39;
206
+ # @option opts [String] :profile_crn see &#39;profile_id&#39;
207
+ # @option opts [String] :account ID of the account the profile belongs to
208
+ # @return [TokenResponse]
209
+ def get_token_assume(grant_type, opts = {})
210
+ data, _status_code, _headers = get_token_assume_with_http_info(grant_type, opts)
211
+ data
212
+ end
213
+
214
+ # Create an IAM access token for a Trusted Profile based on the provided entity. Provided entity can be a identity based token which can be a user token, service id token or a cookie.
215
+ # Creates a non-opaque access token for a profile.
216
+ # @param grant_type [String] Grant type for this API call. You must set the grant type to &#x60;urn:ibm:params:oauth:grant-type:assume&#x60;.
217
+ # @param [Hash] opts the optional parameters
218
+ # @option opts [String] :access_token Pass one of &#39;access_token&#39;, &#39;refresh_token&#39; or &#39;cookie&#39; to get a token for the profile. Provided access_token/refresh_token/iam_cookie need to be generated for the user or service id that has trust relationship with the profile. If the profile being assumed must satisfy an MFA requirement for the account, the access_token/refresh_token (...etc) used to assume the profile must meet the same requirement, using the same level MFA or higher.
219
+ # @option opts [String] :refresh_token see &#39;access_token&#39;
220
+ # @option opts [String] :cookie see &#39;access_token&#39;
221
+ # @option opts [String] :profile_id Pass one of &#39;profile_id&#39;, &#39;profile_crn&#39; or &#39;profile_name&#39; and &#39;account&#39; to select which profile should be used for this IAM token. If you pass a &#39;profile_id&#39; or &#39;profile_crn&#39;, then the profile must exist in the same account. If you pass a &#39;profile_name&#39; then &#39;account&#39; need to be passed in the request where the profile is looked up based on the account.
222
+ # @option opts [String] :profile_name see &#39;profile_id&#39;
223
+ # @option opts [String] :profile_crn see &#39;profile_id&#39;
224
+ # @option opts [String] :account ID of the account the profile belongs to
225
+ # @return [Array<(TokenResponse, Integer, Hash)>] TokenResponse data, response status code and response headers
226
+ def get_token_assume_with_http_info(grant_type, opts = {})
227
+ if @api_client.config.debugging
228
+ @api_client.config.logger.debug 'Calling API: TokenRetrievalApi.get_token_assume ...'
229
+ end
230
+ # verify the required parameter 'grant_type' is set
231
+ if @api_client.config.client_side_validation && grant_type.nil?
232
+ fail ArgumentError, "Missing the required parameter 'grant_type' when calling TokenRetrievalApi.get_token_assume"
233
+ end
234
+ # resource path
235
+ local_var_path = '/identity/token#assume'
236
+
237
+ # query parameters
238
+ query_params = opts[:query_params] || {}
239
+
240
+ # header parameters
241
+ header_params = opts[:header_params] || {}
242
+ # HTTP header 'Accept' (if needed)
243
+ header_params['Accept'] = @api_client.select_header_accept(['application/json']) unless header_params['Accept']
244
+ # HTTP header 'Content-Type'
245
+ content_type = @api_client.select_header_content_type(['application/x-www-form-urlencoded'])
246
+ if !content_type.nil?
247
+ header_params['Content-Type'] = content_type
248
+ end
249
+
250
+ # form parameters
251
+ form_params = opts[:form_params] || {}
252
+ form_params['grant_type'] = grant_type
253
+ form_params['access_token'] = opts[:'access_token'] if !opts[:'access_token'].nil?
254
+ form_params['refresh_token'] = opts[:'refresh_token'] if !opts[:'refresh_token'].nil?
255
+ form_params['cookie'] = opts[:'cookie'] if !opts[:'cookie'].nil?
256
+ form_params['profile_id'] = opts[:'profile_id'] if !opts[:'profile_id'].nil?
257
+ form_params['profile_name'] = opts[:'profile_name'] if !opts[:'profile_name'].nil?
258
+ form_params['profile_crn'] = opts[:'profile_crn'] if !opts[:'profile_crn'].nil?
259
+ form_params['account'] = opts[:'account'] if !opts[:'account'].nil?
260
+
261
+ # http body (model)
262
+ post_body = opts[:debug_body]
263
+
264
+ # return_type
265
+ return_type = opts[:debug_return_type] || 'TokenResponse'
266
+
267
+ # auth_names
268
+ auth_names = opts[:debug_auth_names] || []
269
+
270
+ new_options = opts.merge(
271
+ :operation => :"TokenRetrievalApi.get_token_assume",
272
+ :header_params => header_params,
273
+ :query_params => query_params,
274
+ :form_params => form_params,
275
+ :body => post_body,
276
+ :auth_names => auth_names,
277
+ :return_type => return_type
278
+ )
279
+
280
+ data, status_code, headers = @api_client.call_api(:POST, local_var_path, new_options)
281
+ if @api_client.config.debugging
282
+ @api_client.config.logger.debug "API called: TokenRetrievalApi#get_token_assume\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
283
+ end
284
+ return data, status_code, headers
285
+ end
286
+
287
+ # Create an IAM access token for a Trusted Profile based on the provided Compute Resource token
288
+ # Creates a non-opaque access token without a refresh token for a Trusted Profile
289
+ # @param grant_type [String] Grant type for this API call. You must set the grant type to &#x60;urn:ibm:params:oauth:grant-type:cr-token&#x60;.
290
+ # @param cr_token [String] The value of the Compute Resource token. As this is a JWT token, the string can get very long.
291
+ # @param [Hash] opts the optional parameters
292
+ # @option opts [String] :authorization IBM Services can pass in a Basic Authorization Header representing a client id with a secret. For customers, omit this header parameter. To build a valid Basic Authorization Header, concatenate the client id with a colon and the secret, i.e. &#x60;client_id:client_secret&#x60;. This sequence must be Base64 encoded, and prefixed with &#x60;Basic&#x60;, so that a valid Basic Authorization Header would be: &#x60;Authorization: Basic Y2xpZW50X2lkOmNsaWVudF9zZWNyZXQ&#x3D;&#x60;
293
+ # @option opts [String] :ibm_cloud_tenant A comma separated list of enterprise ids and/or account ids. If present, an IAM token for the Trusted Profile can only be created if the Trusted Profile is part of one of the account ids or enterprise ids provided in this header.
294
+ # @option opts [String] :profile_id Pass one of &#39;profile_id&#39;, &#39;profile_name&#39; or &#39;profile_crn to select which profile should be used for this IAM token. This call can only succeed if you have also linked the Trusted Profile to the Compute Resource, or you have created a Trust Rule from the Trusted Profile to the Compute Resource. If you pass a &#39;profile_name&#39;, then the profile is looked up based on the account_id of the Compute resource. If you pass a &#39;profile_id&#39; or &#39;profile_crn&#39;, then the profile must exist in the same account like the Compute Resource.
295
+ # @option opts [String] :profile_name see &#39;profile_id&#39;
296
+ # @option opts [String] :profile_crn see &#39;profile_id&#39;
297
+ # @return [TokenResponse]
298
+ def get_token_cr_token(grant_type, cr_token, opts = {})
299
+ data, _status_code, _headers = get_token_cr_token_with_http_info(grant_type, cr_token, opts)
300
+ data
301
+ end
302
+
303
+ # Create an IAM access token for a Trusted Profile based on the provided Compute Resource token
304
+ # Creates a non-opaque access token without a refresh token for a Trusted Profile
305
+ # @param grant_type [String] Grant type for this API call. You must set the grant type to &#x60;urn:ibm:params:oauth:grant-type:cr-token&#x60;.
306
+ # @param cr_token [String] The value of the Compute Resource token. As this is a JWT token, the string can get very long.
307
+ # @param [Hash] opts the optional parameters
308
+ # @option opts [String] :authorization IBM Services can pass in a Basic Authorization Header representing a client id with a secret. For customers, omit this header parameter. To build a valid Basic Authorization Header, concatenate the client id with a colon and the secret, i.e. &#x60;client_id:client_secret&#x60;. This sequence must be Base64 encoded, and prefixed with &#x60;Basic&#x60;, so that a valid Basic Authorization Header would be: &#x60;Authorization: Basic Y2xpZW50X2lkOmNsaWVudF9zZWNyZXQ&#x3D;&#x60;
309
+ # @option opts [String] :ibm_cloud_tenant A comma separated list of enterprise ids and/or account ids. If present, an IAM token for the Trusted Profile can only be created if the Trusted Profile is part of one of the account ids or enterprise ids provided in this header.
310
+ # @option opts [String] :profile_id Pass one of &#39;profile_id&#39;, &#39;profile_name&#39; or &#39;profile_crn to select which profile should be used for this IAM token. This call can only succeed if you have also linked the Trusted Profile to the Compute Resource, or you have created a Trust Rule from the Trusted Profile to the Compute Resource. If you pass a &#39;profile_name&#39;, then the profile is looked up based on the account_id of the Compute resource. If you pass a &#39;profile_id&#39; or &#39;profile_crn&#39;, then the profile must exist in the same account like the Compute Resource.
311
+ # @option opts [String] :profile_name see &#39;profile_id&#39;
312
+ # @option opts [String] :profile_crn see &#39;profile_id&#39;
313
+ # @return [Array<(TokenResponse, Integer, Hash)>] TokenResponse data, response status code and response headers
314
+ def get_token_cr_token_with_http_info(grant_type, cr_token, opts = {})
315
+ if @api_client.config.debugging
316
+ @api_client.config.logger.debug 'Calling API: TokenRetrievalApi.get_token_cr_token ...'
317
+ end
318
+ # verify the required parameter 'grant_type' is set
319
+ if @api_client.config.client_side_validation && grant_type.nil?
320
+ fail ArgumentError, "Missing the required parameter 'grant_type' when calling TokenRetrievalApi.get_token_cr_token"
321
+ end
322
+ # verify the required parameter 'cr_token' is set
323
+ if @api_client.config.client_side_validation && cr_token.nil?
324
+ fail ArgumentError, "Missing the required parameter 'cr_token' when calling TokenRetrievalApi.get_token_cr_token"
325
+ end
326
+ # resource path
327
+ local_var_path = '/identity/token#cr-token'
328
+
329
+ # query parameters
330
+ query_params = opts[:query_params] || {}
331
+
332
+ # header parameters
333
+ header_params = opts[:header_params] || {}
334
+ # HTTP header 'Accept' (if needed)
335
+ header_params['Accept'] = @api_client.select_header_accept(['application/json']) unless header_params['Accept']
336
+ # HTTP header 'Content-Type'
337
+ content_type = @api_client.select_header_content_type(['application/x-www-form-urlencoded'])
338
+ if !content_type.nil?
339
+ header_params['Content-Type'] = content_type
340
+ end
341
+ header_params[:'Authorization'] = opts[:'authorization'] if !opts[:'authorization'].nil?
342
+ header_params[:'ibm-cloud-tenant'] = opts[:'ibm_cloud_tenant'] if !opts[:'ibm_cloud_tenant'].nil?
343
+
344
+ # form parameters
345
+ form_params = opts[:form_params] || {}
346
+ form_params['grant_type'] = grant_type
347
+ form_params['cr_token'] = cr_token
348
+ form_params['profile_id'] = opts[:'profile_id'] if !opts[:'profile_id'].nil?
349
+ form_params['profile_name'] = opts[:'profile_name'] if !opts[:'profile_name'].nil?
350
+ form_params['profile_crn'] = opts[:'profile_crn'] if !opts[:'profile_crn'].nil?
351
+
352
+ # http body (model)
353
+ post_body = opts[:debug_body]
354
+
355
+ # return_type
356
+ return_type = opts[:debug_return_type] || 'TokenResponse'
357
+
358
+ # auth_names
359
+ auth_names = opts[:debug_auth_names] || []
360
+
361
+ new_options = opts.merge(
362
+ :operation => :"TokenRetrievalApi.get_token_cr_token",
363
+ :header_params => header_params,
364
+ :query_params => query_params,
365
+ :form_params => form_params,
366
+ :body => post_body,
367
+ :auth_names => auth_names,
368
+ :return_type => return_type
369
+ )
370
+
371
+ data, status_code, headers = @api_client.call_api(:POST, local_var_path, new_options)
372
+ if @api_client.config.debugging
373
+ @api_client.config.logger.debug "API called: TokenRetrievalApi#get_token_cr_token\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
374
+ end
375
+ return data, status_code, headers
376
+ end
377
+
378
+ # Create an IAM access token based on an authorization policy
379
+ # Creates a non-opaque access token, if an appropriate authorization policy is in place. This kind of IAM access token is typically used for access between services.
380
+ # @param grant_type [String] Grant type for this API call. You must set the grant type to &#x60;urn:ibm:params:oauth:grant-type:iam-authz&#x60;.
381
+ # @param access_token [String] The IAM access token of the identity that has the appropriate authorization to create an IAM access token for a given resource.
382
+ # @param desired_iam_id [String] The IAM ID of the IAM access token identity that should be created. The desired_iam_id identifies a resource identity. The IAM ID consists of the prefix crn- and the CRN of the target identity, e.g. crn-crn:v1:bluemix:public:cloud-object-storage:global:a/59bcbfa6ea2f006b4ed7094c1a08dcdd:1a0ec336-f391-4091-a6fb-5e084a4c56f4::.
383
+ # @param [Hash] opts the optional parameters
384
+ # @return [TokenResponse]
385
+ def get_token_iam_authz(grant_type, access_token, desired_iam_id, opts = {})
386
+ data, _status_code, _headers = get_token_iam_authz_with_http_info(grant_type, access_token, desired_iam_id, opts)
387
+ data
388
+ end
389
+
390
+ # Create an IAM access token based on an authorization policy
391
+ # Creates a non-opaque access token, if an appropriate authorization policy is in place. This kind of IAM access token is typically used for access between services.
392
+ # @param grant_type [String] Grant type for this API call. You must set the grant type to &#x60;urn:ibm:params:oauth:grant-type:iam-authz&#x60;.
393
+ # @param access_token [String] The IAM access token of the identity that has the appropriate authorization to create an IAM access token for a given resource.
394
+ # @param desired_iam_id [String] The IAM ID of the IAM access token identity that should be created. The desired_iam_id identifies a resource identity. The IAM ID consists of the prefix crn- and the CRN of the target identity, e.g. crn-crn:v1:bluemix:public:cloud-object-storage:global:a/59bcbfa6ea2f006b4ed7094c1a08dcdd:1a0ec336-f391-4091-a6fb-5e084a4c56f4::.
395
+ # @param [Hash] opts the optional parameters
396
+ # @return [Array<(TokenResponse, Integer, Hash)>] TokenResponse data, response status code and response headers
397
+ def get_token_iam_authz_with_http_info(grant_type, access_token, desired_iam_id, opts = {})
398
+ if @api_client.config.debugging
399
+ @api_client.config.logger.debug 'Calling API: TokenRetrievalApi.get_token_iam_authz ...'
400
+ end
401
+ # verify the required parameter 'grant_type' is set
402
+ if @api_client.config.client_side_validation && grant_type.nil?
403
+ fail ArgumentError, "Missing the required parameter 'grant_type' when calling TokenRetrievalApi.get_token_iam_authz"
404
+ end
405
+ # verify the required parameter 'access_token' is set
406
+ if @api_client.config.client_side_validation && access_token.nil?
407
+ fail ArgumentError, "Missing the required parameter 'access_token' when calling TokenRetrievalApi.get_token_iam_authz"
408
+ end
409
+ # verify the required parameter 'desired_iam_id' is set
410
+ if @api_client.config.client_side_validation && desired_iam_id.nil?
411
+ fail ArgumentError, "Missing the required parameter 'desired_iam_id' when calling TokenRetrievalApi.get_token_iam_authz"
412
+ end
413
+ # resource path
414
+ local_var_path = '/identity/token#iam-authz'
415
+
416
+ # query parameters
417
+ query_params = opts[:query_params] || {}
418
+
419
+ # header parameters
420
+ header_params = opts[:header_params] || {}
421
+ # HTTP header 'Accept' (if needed)
422
+ header_params['Accept'] = @api_client.select_header_accept(['application/json']) unless header_params['Accept']
423
+ # HTTP header 'Content-Type'
424
+ content_type = @api_client.select_header_content_type(['application/x-www-form-urlencoded'])
425
+ if !content_type.nil?
426
+ header_params['Content-Type'] = content_type
427
+ end
428
+
429
+ # form parameters
430
+ form_params = opts[:form_params] || {}
431
+ form_params['grant_type'] = grant_type
432
+ form_params['access_token'] = access_token
433
+ form_params['desired_iam_id'] = desired_iam_id
434
+
435
+ # http body (model)
436
+ post_body = opts[:debug_body]
437
+
438
+ # return_type
439
+ return_type = opts[:debug_return_type] || 'TokenResponse'
440
+
441
+ # auth_names
442
+ auth_names = opts[:debug_auth_names] || []
443
+
444
+ new_options = opts.merge(
445
+ :operation => :"TokenRetrievalApi.get_token_iam_authz",
446
+ :header_params => header_params,
447
+ :query_params => query_params,
448
+ :form_params => form_params,
449
+ :body => post_body,
450
+ :auth_names => auth_names,
451
+ :return_type => return_type
452
+ )
453
+
454
+ data, status_code, headers = @api_client.call_api(:POST, local_var_path, new_options)
455
+ if @api_client.config.debugging
456
+ @api_client.config.logger.debug "API called: TokenRetrievalApi#get_token_iam_authz\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
457
+ end
458
+ return data, status_code, headers
459
+ end
460
+
461
+ # Create an IAM access token for a user using username / password credentials and an optional account identifier
462
+ # Creates a non-opaque access token for a username and password. To be able to call IBM Cloud APIs, the token must be made account-specific. For this purpose, also pass the 32 character long identifier for your account in the API call. This API call is possible only for non-federated IBMid users.
463
+ # @param authorization [String] Basic Authorization Header containing a valid client ID and secret. If this header is omitted the request fails with BXNIM0308E: &#39;No authorization header found&#39;. You can use the client ID and secret that is used by the IBM Cloud CLI: &#x60;bx / bx&#x60;
464
+ # @param grant_type [String] Grant type for this API call. You must set the grant type to &#x60;password&#x60;.
465
+ # @param username [String] The value of the username.
466
+ # @param password [String] The value of the password.
467
+ # @param [Hash] opts the optional parameters
468
+ # @option opts [String] :ibm_cloud_tenant A comma separated list of enterprise ids and/or account ids. If present, an IAM token for the username / password / account combination can only be created if the account id matches the passed account or the account is member of the enterprise id in this header.
469
+ # @option opts [String] :account The 32 character identifier of the account. Specify this parameter to get an account-specific IAM token. IBM Cloud APIs require that IAM tokens are account-specific.
470
+ # @return [TokenResponse]
471
+ def get_token_password(authorization, grant_type, username, password, opts = {})
472
+ data, _status_code, _headers = get_token_password_with_http_info(authorization, grant_type, username, password, opts)
473
+ data
474
+ end
475
+
476
+ # Create an IAM access token for a user using username / password credentials and an optional account identifier
477
+ # Creates a non-opaque access token for a username and password. To be able to call IBM Cloud APIs, the token must be made account-specific. For this purpose, also pass the 32 character long identifier for your account in the API call. This API call is possible only for non-federated IBMid users.
478
+ # @param authorization [String] Basic Authorization Header containing a valid client ID and secret. If this header is omitted the request fails with BXNIM0308E: &#39;No authorization header found&#39;. You can use the client ID and secret that is used by the IBM Cloud CLI: &#x60;bx / bx&#x60;
479
+ # @param grant_type [String] Grant type for this API call. You must set the grant type to &#x60;password&#x60;.
480
+ # @param username [String] The value of the username.
481
+ # @param password [String] The value of the password.
482
+ # @param [Hash] opts the optional parameters
483
+ # @option opts [String] :ibm_cloud_tenant A comma separated list of enterprise ids and/or account ids. If present, an IAM token for the username / password / account combination can only be created if the account id matches the passed account or the account is member of the enterprise id in this header.
484
+ # @option opts [String] :account The 32 character identifier of the account. Specify this parameter to get an account-specific IAM token. IBM Cloud APIs require that IAM tokens are account-specific.
485
+ # @return [Array<(TokenResponse, Integer, Hash)>] TokenResponse data, response status code and response headers
486
+ def get_token_password_with_http_info(authorization, grant_type, username, password, opts = {})
487
+ if @api_client.config.debugging
488
+ @api_client.config.logger.debug 'Calling API: TokenRetrievalApi.get_token_password ...'
489
+ end
490
+ # verify the required parameter 'authorization' is set
491
+ if @api_client.config.client_side_validation && authorization.nil?
492
+ fail ArgumentError, "Missing the required parameter 'authorization' when calling TokenRetrievalApi.get_token_password"
493
+ end
494
+ # verify the required parameter 'grant_type' is set
495
+ if @api_client.config.client_side_validation && grant_type.nil?
496
+ fail ArgumentError, "Missing the required parameter 'grant_type' when calling TokenRetrievalApi.get_token_password"
497
+ end
498
+ # verify the required parameter 'username' is set
499
+ if @api_client.config.client_side_validation && username.nil?
500
+ fail ArgumentError, "Missing the required parameter 'username' when calling TokenRetrievalApi.get_token_password"
501
+ end
502
+ # verify the required parameter 'password' is set
503
+ if @api_client.config.client_side_validation && password.nil?
504
+ fail ArgumentError, "Missing the required parameter 'password' when calling TokenRetrievalApi.get_token_password"
505
+ end
506
+ # resource path
507
+ local_var_path = '/identity/token#password'
508
+
509
+ # query parameters
510
+ query_params = opts[:query_params] || {}
511
+
512
+ # header parameters
513
+ header_params = opts[:header_params] || {}
514
+ # HTTP header 'Accept' (if needed)
515
+ header_params['Accept'] = @api_client.select_header_accept(['application/json']) unless header_params['Accept']
516
+ # HTTP header 'Content-Type'
517
+ content_type = @api_client.select_header_content_type(['application/x-www-form-urlencoded'])
518
+ if !content_type.nil?
519
+ header_params['Content-Type'] = content_type
520
+ end
521
+ header_params[:'Authorization'] = authorization
522
+ header_params[:'ibm-cloud-tenant'] = opts[:'ibm_cloud_tenant'] if !opts[:'ibm_cloud_tenant'].nil?
523
+
524
+ # form parameters
525
+ form_params = opts[:form_params] || {}
526
+ form_params['grant_type'] = grant_type
527
+ form_params['username'] = username
528
+ form_params['password'] = password
529
+ form_params['account'] = opts[:'account'] if !opts[:'account'].nil?
530
+
531
+ # http body (model)
532
+ post_body = opts[:debug_body]
533
+
534
+ # return_type
535
+ return_type = opts[:debug_return_type] || 'TokenResponse'
536
+
537
+ # auth_names
538
+ auth_names = opts[:debug_auth_names] || []
539
+
540
+ new_options = opts.merge(
541
+ :operation => :"TokenRetrievalApi.get_token_password",
542
+ :header_params => header_params,
543
+ :query_params => query_params,
544
+ :form_params => form_params,
545
+ :body => post_body,
546
+ :auth_names => auth_names,
547
+ :return_type => return_type
548
+ )
549
+
550
+ data, status_code, headers = @api_client.call_api(:POST, local_var_path, new_options)
551
+ if @api_client.config.debugging
552
+ @api_client.config.logger.debug "API called: TokenRetrievalApi#get_token_password\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
553
+ end
554
+ return data, status_code, headers
555
+ end
556
+ end
557
+ end