ibm_cloud_iam 1.0.2 → 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (491) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +548 -36
  3. data/docs/APIKeysApi.md +714 -0
  4. data/docs/AccessGroupCount.md +20 -0
  5. data/docs/AccountBasedMfaEnrollment.md +24 -0
  6. data/docs/AccountIdpSettings.md +32 -0
  7. data/docs/AccountLimitsApi.md +173 -0
  8. data/docs/AccountLoginSettings.md +18 -0
  9. data/docs/AccountSettingsApi.md +224 -0
  10. data/docs/AccountSettingsAssignedTemplatesSection.md +46 -0
  11. data/docs/AccountSettingsEffectiveSection.md +38 -0
  12. data/docs/AccountSettingsForIdPApi.md +489 -0
  13. data/docs/AccountSettingsMeta.md +24 -0
  14. data/docs/AccountSettingsRequest.md +40 -0
  15. data/docs/AccountSettingsResponse.md +48 -0
  16. data/docs/AccountSettingsTemplateApi.md +720 -0
  17. data/docs/AccountSettingsTemplateAssignmentsApi.md +376 -0
  18. data/docs/AccountSettingsTemplateList.md +30 -0
  19. data/docs/AccountSettingsTemplateRequest.md +24 -0
  20. data/docs/AccountSettingsTemplateResponse.md +44 -0
  21. data/docs/AccountSettingsUserDomainRestriction.md +22 -0
  22. data/docs/AccountSettingsUserMFAResponse.md +28 -0
  23. data/docs/ActionControls.md +22 -0
  24. data/docs/ActionControlsIdentities.md +20 -0
  25. data/docs/ActivitiesApi.md +149 -0
  26. data/docs/Activity.md +20 -0
  27. data/docs/AddAccountIdpSettingRequest.md +22 -0
  28. data/docs/ApiKey.md +44 -33
  29. data/docs/ApiKeyInsideCreateServiceIdRequest.md +18 -13
  30. data/docs/ApiKeyList.md +20 -19
  31. data/docs/ApikeyActivity.md +28 -0
  32. data/docs/ApikeyActivityServiceid.md +20 -0
  33. data/docs/ApikeyActivityUser.md +24 -0
  34. data/docs/AssignedTemplatesAccountSettings.md +40 -0
  35. data/docs/CommonAccountSettingsRequest.md +36 -0
  36. data/docs/CommonAccountSettingsResponse.md +34 -0
  37. data/docs/ConsumersResponse.md +20 -0
  38. data/docs/ConsumersResponseConsumersInner.md +20 -0
  39. data/docs/CreateApiKeyRequest.md +24 -17
  40. data/docs/CreateIdpRequest.md +30 -0
  41. data/docs/CreateIdpRequestProperties.md +20 -0
  42. data/docs/CreateIdpRequestPropertiesIdp.md +26 -0
  43. data/docs/CreateIdpRequestPropertiesSp.md +32 -0
  44. data/docs/CreateIdpRequestPropertiesSpAuthnContext.md +20 -0
  45. data/docs/CreateIdpRequestSecrets.md +20 -0
  46. data/docs/CreateIdpRequestSecretsIdp.md +22 -0
  47. data/docs/CreateIdpRequestSecretsIdpSigningInner.md +20 -0
  48. data/docs/CreateIdpRequestSecretsSp.md +18 -0
  49. data/docs/CreateIdpRequestSecretsSpSigningInner.md +24 -0
  50. data/docs/CreateProfileLinkRequest.md +24 -0
  51. data/docs/CreateProfileLinkRequestLink.md +26 -0
  52. data/docs/CreateServiceIdGroupRequest.md +22 -0
  53. data/docs/CreateServiceIdRequest.md +18 -15
  54. data/docs/CreateTemplateAssignmentRequest.md +24 -0
  55. data/docs/CreateTrustedProfileRequest.md +24 -0
  56. data/docs/EffectiveAccountSettingsResponse.md +26 -0
  57. data/docs/EnityHistoryRecord.md +18 -17
  58. data/docs/EntityActivity.md +22 -0
  59. data/docs/Error.md +14 -13
  60. data/docs/ExceptionResponse.md +14 -13
  61. data/docs/ExceptionResponseContext.md +30 -29
  62. data/docs/IDPManagementApi.md +692 -0
  63. data/docs/IdBasedMfaEnrollment.md +26 -0
  64. data/docs/IdentityCount.md +20 -0
  65. data/docs/IdentityLimitsUsageRequest.md +42 -0
  66. data/docs/IdentityLimitsUsageResponse.md +44 -0
  67. data/docs/IdentityLimitsUsageResponseApikeysPerIdentity.md +20 -0
  68. data/docs/IdentityLimitsUsageResponseClaimRulesPerGroup.md +20 -0
  69. data/docs/IdentityLimitsUsageResponseClaimRulesPerProfile.md +20 -0
  70. data/docs/IdentityLimitsUsageResponseServiceidsPerGroup.md +20 -0
  71. data/docs/IdentityLimitsUsageResponseTemplateVersionsPerTemplate.md +20 -0
  72. data/docs/IdentityPreferenceResponse.md +28 -0
  73. data/docs/IdentityPreferencesApi.md +304 -0
  74. data/docs/IdentityPreferencesResponse.md +18 -0
  75. data/docs/Idp.md +38 -0
  76. data/docs/LimitCount.md +20 -0
  77. data/docs/ListIdPSettings200Response.md +18 -0
  78. data/docs/ListIdps200Response.md +18 -0
  79. data/docs/MFAEnrollmentStatusApi.md +216 -0
  80. data/docs/MFARequirementsResponse.md +12 -11
  81. data/docs/MfaEnrollmentTypeStatus.md +20 -0
  82. data/docs/MfaOptions.md +15 -0
  83. data/docs/OidcExceptionResponse.md +16 -15
  84. data/docs/PolicyTemplateReference.md +20 -0
  85. data/docs/ProfileClaimRule.md +36 -0
  86. data/docs/ProfileClaimRuleConditions.md +22 -0
  87. data/docs/ProfileClaimRuleList.md +20 -0
  88. data/docs/ProfileClaimRuleRequest.md +30 -0
  89. data/docs/ProfileCount.md +20 -0
  90. data/docs/ProfileIdentitiesResponse.md +20 -0
  91. data/docs/ProfileIdentitiesUpdateRequest.md +18 -0
  92. data/docs/ProfileIdentityRequest.md +24 -0
  93. data/docs/ProfileIdentityResponse.md +26 -0
  94. data/docs/ProfileLink.md +32 -0
  95. data/docs/ProfileLinkLink.md +26 -0
  96. data/docs/ProfileLinkList.md +18 -0
  97. data/docs/Report.md +34 -0
  98. data/docs/ReportMfaEnrollmentStatus.md +28 -0
  99. data/docs/ReportReference.md +18 -0
  100. data/docs/ResponseContext.md +28 -27
  101. data/docs/RetrictActions.md +15 -0
  102. data/docs/SamlMetadataImportResponse.md +42 -0
  103. data/docs/ServiceIDGroupsApi.md +347 -0
  104. data/docs/ServiceIDsApi.md +515 -0
  105. data/docs/ServiceId.md +38 -33
  106. data/docs/ServiceIdGroup.md +34 -0
  107. data/docs/ServiceIdGroupCount.md +20 -0
  108. data/docs/ServiceIdGroupList.md +18 -0
  109. data/docs/ServiceIdList.md +20 -19
  110. data/docs/ShareScope.md +20 -0
  111. data/docs/TemplateAccountSettings.md +40 -0
  112. data/docs/TemplateAccountSettingsAllOfRestrictUserDomains.md +20 -0
  113. data/docs/TemplateAssignmentListResponse.md +30 -0
  114. data/docs/TemplateAssignmentResource.md +18 -0
  115. data/docs/TemplateAssignmentResourceError.md +24 -0
  116. data/docs/TemplateAssignmentResponse.md +48 -0
  117. data/docs/TemplateAssignmentResponseResource.md +24 -0
  118. data/docs/TemplateAssignmentResponseResourceDetail.md +26 -0
  119. data/docs/TemplateCount.md +20 -0
  120. data/docs/TemplateProfileComponentRequest.md +26 -0
  121. data/docs/TemplateProfileComponentResponse.md +26 -0
  122. data/docs/TestResult.md +28 -0
  123. data/docs/TestResultStepsInner.md +24 -0
  124. data/docs/TestTriggerResponse.md +20 -0
  125. data/docs/TokenResponse.md +18 -17
  126. data/docs/TokenRetrievalApi.md +461 -0
  127. data/docs/TrustedProfile.md +50 -0
  128. data/docs/TrustedProfileTemplateApi.md +720 -0
  129. data/docs/TrustedProfileTemplateAssignmentsApi.md +376 -0
  130. data/docs/TrustedProfileTemplateClaimRule.md +26 -0
  131. data/docs/TrustedProfileTemplateList.md +30 -0
  132. data/docs/TrustedProfileTemplateRequest.md +28 -0
  133. data/docs/TrustedProfileTemplateResponse.md +48 -0
  134. data/docs/TrustedProfilesApi.md +1414 -0
  135. data/docs/TrustedProfilesList.md +30 -0
  136. data/docs/UpdateAccountIdpSettingRequest.md +22 -0
  137. data/docs/UpdateAccountLoginSettings.md +18 -0
  138. data/docs/UpdateApiKeyRequest.md +16 -9
  139. data/docs/UpdateIdPRequest.md +28 -0
  140. data/docs/UpdateIdPRequestProperties.md +20 -0
  141. data/docs/UpdateIdPRequestPropertiesIdp.md +24 -0
  142. data/docs/UpdateIdPRequestSecrets.md +20 -0
  143. data/docs/UpdateIdPRequestSecretsIdp.md +20 -0
  144. data/docs/UpdatePreferenceRequest.md +20 -0
  145. data/docs/UpdateServiceIdGroupRequest.md +20 -0
  146. data/docs/UpdateServiceIdRequest.md +12 -11
  147. data/docs/UpdateTemplateAssignmentRequest.md +18 -0
  148. data/docs/UpdateTrustedProfileRequest.md +22 -0
  149. data/docs/UserActivity.md +26 -0
  150. data/docs/UserMFAResolved.md +24 -0
  151. data/docs/UserMfa.md +20 -0
  152. data/docs/UserMfaEnrollments.md +24 -0
  153. data/docs/UserReportMfaEnrollmentStatus.md +30 -0
  154. data/docs/UserVisbilityRetrictActions.md +15 -0
  155. data/docs/UserVisbilityRetrictActionsForTemplate.md +15 -0
  156. data/git_push.sh +3 -4
  157. data/ibm_cloud_iam.gemspec +6 -6
  158. data/lib/ibm_cloud_iam/api/account_limits_api.rb +208 -0
  159. data/lib/ibm_cloud_iam/api/account_settings_api.rb +262 -0
  160. data/lib/ibm_cloud_iam/api/account_settings_for_id_p_api.rb +571 -0
  161. data/lib/ibm_cloud_iam/api/account_settings_template_api.rb +823 -0
  162. data/lib/ibm_cloud_iam/api/account_settings_template_assignments_api.rb +422 -0
  163. data/lib/ibm_cloud_iam/api/activities_api.rb +174 -0
  164. data/lib/ibm_cloud_iam/api/api_keys_api.rb +786 -0
  165. data/lib/ibm_cloud_iam/api/identity_preferences_api.rb +357 -0
  166. data/lib/ibm_cloud_iam/api/idp_management_api.rb +744 -0
  167. data/lib/ibm_cloud_iam/api/mfa_enrollment_status_api.rb +248 -0
  168. data/lib/ibm_cloud_iam/api/service_id_groups_api.rb +392 -0
  169. data/lib/ibm_cloud_iam/api/service_ids_api.rb +575 -0
  170. data/lib/ibm_cloud_iam/api/token_retrieval_api.rb +557 -0
  171. data/lib/ibm_cloud_iam/api/trusted_profile_template_api.rb +823 -0
  172. data/lib/ibm_cloud_iam/api/trusted_profile_template_assignments_api.rb +422 -0
  173. data/lib/ibm_cloud_iam/api/trusted_profiles_api.rb +1630 -0
  174. data/lib/ibm_cloud_iam/api_client.rb +74 -65
  175. data/lib/ibm_cloud_iam/api_error.rb +4 -3
  176. data/lib/ibm_cloud_iam/api_model_base.rb +88 -0
  177. data/lib/ibm_cloud_iam/configuration.rb +75 -15
  178. data/lib/ibm_cloud_iam/models/access_group_count.rb +159 -0
  179. data/lib/ibm_cloud_iam/models/account_based_mfa_enrollment.rb +243 -0
  180. data/lib/ibm_cloud_iam/models/account_idp_settings.rb +244 -0
  181. data/lib/ibm_cloud_iam/models/account_login_settings.rb +147 -0
  182. data/lib/ibm_cloud_iam/models/account_settings_assigned_templates_section.rb +377 -0
  183. data/lib/ibm_cloud_iam/models/account_settings_effective_section.rb +282 -0
  184. data/lib/ibm_cloud_iam/models/account_settings_meta.rb +179 -0
  185. data/lib/ibm_cloud_iam/models/account_settings_request.rb +301 -0
  186. data/lib/ibm_cloud_iam/models/account_settings_response.rb +567 -0
  187. data/lib/ibm_cloud_iam/models/account_settings_template_list.rb +256 -0
  188. data/lib/ibm_cloud_iam/models/account_settings_template_request.rb +178 -0
  189. data/lib/ibm_cloud_iam/models/account_settings_template_response.rb +416 -0
  190. data/lib/ibm_cloud_iam/models/account_settings_user_domain_restriction.rb +188 -0
  191. data/lib/ibm_cloud_iam/models/account_settings_user_mfa_response.rb +261 -0
  192. data/lib/ibm_cloud_iam/models/action_controls.rb +199 -0
  193. data/lib/ibm_cloud_iam/models/action_controls_identities.rb +190 -0
  194. data/lib/ibm_cloud_iam/models/activity.rb +175 -0
  195. data/lib/ibm_cloud_iam/models/add_account_idp_setting_request.rb +243 -0
  196. data/lib/ibm_cloud_iam/models/api_key.rb +188 -104
  197. data/lib/ibm_cloud_iam/models/api_key_inside_create_service_id_request.rb +70 -99
  198. data/lib/ibm_cloud_iam/models/api_key_list.rb +46 -95
  199. data/lib/ibm_cloud_iam/models/apikey_activity.rb +231 -0
  200. data/lib/ibm_cloud_iam/models/apikey_activity_serviceid.rb +159 -0
  201. data/lib/ibm_cloud_iam/models/apikey_activity_user.rb +179 -0
  202. data/lib/ibm_cloud_iam/models/assigned_templates_account_settings.rb +296 -0
  203. data/lib/ibm_cloud_iam/models/common_account_settings_request.rb +272 -0
  204. data/lib/ibm_cloud_iam/models/common_account_settings_response.rb +260 -0
  205. data/lib/ibm_cloud_iam/models/consumers_response.rb +158 -0
  206. data/lib/ibm_cloud_iam/models/consumers_response_consumers_inner.rb +158 -0
  207. data/lib/ibm_cloud_iam/models/create_api_key_request.rb +92 -99
  208. data/lib/ibm_cloud_iam/models/create_idp_request.rb +283 -0
  209. data/lib/ibm_cloud_iam/models/create_idp_request_properties.rb +157 -0
  210. data/lib/ibm_cloud_iam/models/create_idp_request_properties_idp.rb +189 -0
  211. data/lib/ibm_cloud_iam/models/create_idp_request_properties_sp.rb +222 -0
  212. data/lib/ibm_cloud_iam/models/create_idp_request_properties_sp_authn_context.rb +163 -0
  213. data/lib/ibm_cloud_iam/models/create_idp_request_secrets.rb +157 -0
  214. data/lib/ibm_cloud_iam/models/create_idp_request_secrets_idp.rb +173 -0
  215. data/lib/ibm_cloud_iam/models/create_idp_request_secrets_idp_signing_inner.rb +192 -0
  216. data/lib/ibm_cloud_iam/models/create_idp_request_secrets_sp.rb +151 -0
  217. data/lib/ibm_cloud_iam/models/create_idp_request_secrets_sp_signing_inner.rb +212 -0
  218. data/lib/ibm_cloud_iam/models/create_profile_link_request.rb +211 -0
  219. data/lib/ibm_cloud_iam/models/create_profile_link_request_link.rb +206 -0
  220. data/lib/ibm_cloud_iam/models/create_service_id_group_request.rb +203 -0
  221. data/lib/ibm_cloud_iam/models/create_service_id_request.rb +68 -95
  222. data/lib/ibm_cloud_iam/models/create_template_assignment_request.rb +280 -0
  223. data/lib/ibm_cloud_iam/models/create_trusted_profile_request.rb +213 -0
  224. data/lib/ibm_cloud_iam/models/effective_account_settings_response.rb +239 -0
  225. data/lib/ibm_cloud_iam/models/enity_history_record.rb +112 -101
  226. data/lib/ibm_cloud_iam/models/entity_activity.rb +185 -0
  227. data/lib/ibm_cloud_iam/models/error.rb +69 -94
  228. data/lib/ibm_cloud_iam/models/exception_response.rb +57 -94
  229. data/lib/ibm_cloud_iam/models/exception_response_context.rb +33 -94
  230. data/lib/ibm_cloud_iam/models/id_based_mfa_enrollment.rb +270 -0
  231. data/lib/ibm_cloud_iam/models/identity_count.rb +159 -0
  232. data/lib/ibm_cloud_iam/models/identity_limits_usage_request.rb +283 -0
  233. data/lib/ibm_cloud_iam/models/identity_limits_usage_response.rb +265 -0
  234. data/lib/ibm_cloud_iam/models/identity_limits_usage_response_apikeys_per_identity.rb +178 -0
  235. data/lib/ibm_cloud_iam/models/identity_limits_usage_response_claim_rules_per_group.rb +178 -0
  236. data/lib/ibm_cloud_iam/models/identity_limits_usage_response_claim_rules_per_profile.rb +178 -0
  237. data/lib/ibm_cloud_iam/models/identity_limits_usage_response_serviceids_per_group.rb +178 -0
  238. data/lib/ibm_cloud_iam/models/identity_limits_usage_response_template_versions_per_template.rb +178 -0
  239. data/lib/ibm_cloud_iam/models/identity_preference_response.rb +200 -0
  240. data/lib/ibm_cloud_iam/models/identity_preferences_response.rb +167 -0
  241. data/lib/ibm_cloud_iam/models/idp.rb +239 -0
  242. data/lib/ibm_cloud_iam/models/limit_count.rb +176 -0
  243. data/lib/ibm_cloud_iam/models/list_id_p_settings200_response.rb +149 -0
  244. data/lib/ibm_cloud_iam/models/list_idps200_response.rb +149 -0
  245. data/lib/ibm_cloud_iam/models/mfa_enrollment_type_status.rb +192 -0
  246. data/lib/ibm_cloud_iam/models/mfa_options.rb +45 -0
  247. data/lib/ibm_cloud_iam/models/mfa_requirements_response.rb +69 -94
  248. data/lib/ibm_cloud_iam/models/oidc_exception_response.rb +57 -94
  249. data/lib/ibm_cloud_iam/models/policy_template_reference.rb +193 -0
  250. data/lib/ibm_cloud_iam/models/profile_claim_rule.rb +342 -0
  251. data/lib/ibm_cloud_iam/models/profile_claim_rule_conditions.rb +219 -0
  252. data/lib/ibm_cloud_iam/models/profile_claim_rule_list.rb +176 -0
  253. data/lib/ibm_cloud_iam/models/profile_claim_rule_request.rb +243 -0
  254. data/lib/ibm_cloud_iam/models/profile_count.rb +159 -0
  255. data/lib/ibm_cloud_iam/models/profile_identities_response.rb +160 -0
  256. data/lib/ibm_cloud_iam/models/profile_identities_update_request.rb +150 -0
  257. data/lib/ibm_cloud_iam/models/profile_identity_request.rb +238 -0
  258. data/lib/ibm_cloud_iam/models/profile_identity_response.rb +265 -0
  259. data/lib/ibm_cloud_iam/models/profile_link.rb +320 -0
  260. data/lib/ibm_cloud_iam/models/profile_link_link.rb +188 -0
  261. data/lib/ibm_cloud_iam/models/profile_link_list.rb +167 -0
  262. data/lib/ibm_cloud_iam/models/report.rb +321 -0
  263. data/lib/ibm_cloud_iam/models/report_mfa_enrollment_status.rb +268 -0
  264. data/lib/ibm_cloud_iam/models/report_reference.rb +165 -0
  265. data/lib/ibm_cloud_iam/models/response_context.rb +33 -94
  266. data/lib/ibm_cloud_iam/models/retrict_actions.rb +41 -0
  267. data/lib/ibm_cloud_iam/models/saml_metadata_import_response.rb +494 -0
  268. data/lib/ibm_cloud_iam/models/service_id.rb +184 -108
  269. data/lib/ibm_cloud_iam/models/service_id_group.rb +313 -0
  270. data/lib/ibm_cloud_iam/models/service_id_group_count.rb +159 -0
  271. data/lib/ibm_cloud_iam/models/service_id_group_list.rb +167 -0
  272. data/lib/ibm_cloud_iam/models/service_id_list.rb +47 -96
  273. data/lib/ibm_cloud_iam/models/share_scope.rb +190 -0
  274. data/lib/ibm_cloud_iam/models/template_account_settings.rb +296 -0
  275. data/lib/ibm_cloud_iam/models/template_account_settings_all_of_restrict_user_domains.rb +159 -0
  276. data/lib/ibm_cloud_iam/models/template_assignment_list_response.rb +227 -0
  277. data/lib/ibm_cloud_iam/models/template_assignment_resource.rb +149 -0
  278. data/lib/ibm_cloud_iam/models/template_assignment_resource_error.rb +179 -0
  279. data/lib/ibm_cloud_iam/models/template_assignment_response.rb +506 -0
  280. data/lib/ibm_cloud_iam/models/template_assignment_response_resource.rb +196 -0
  281. data/lib/ibm_cloud_iam/models/template_assignment_response_resource_detail.rb +203 -0
  282. data/lib/ibm_cloud_iam/models/template_count.rb +159 -0
  283. data/lib/ibm_cloud_iam/models/template_profile_component_request.rb +210 -0
  284. data/lib/ibm_cloud_iam/models/template_profile_component_response.rb +210 -0
  285. data/lib/ibm_cloud_iam/models/test_result.rb +194 -0
  286. data/lib/ibm_cloud_iam/models/test_result_steps_inner.rb +174 -0
  287. data/lib/ibm_cloud_iam/models/test_trigger_response.rb +156 -0
  288. data/lib/ibm_cloud_iam/models/token_response.rb +34 -105
  289. data/lib/ibm_cloud_iam/models/trusted_profile.rb +411 -0
  290. data/lib/ibm_cloud_iam/models/trusted_profile_template_claim_rule.rb +248 -0
  291. data/lib/ibm_cloud_iam/models/trusted_profile_template_list.rb +256 -0
  292. data/lib/ibm_cloud_iam/models/trusted_profile_template_request.rb +199 -0
  293. data/lib/ibm_cloud_iam/models/trusted_profile_template_response.rb +369 -0
  294. data/lib/ibm_cloud_iam/models/trusted_profiles_list.rb +227 -0
  295. data/lib/ibm_cloud_iam/models/update_account_idp_setting_request.rb +202 -0
  296. data/lib/ibm_cloud_iam/models/update_account_login_settings.rb +148 -0
  297. data/lib/ibm_cloud_iam/models/update_api_key_request.rb +68 -99
  298. data/lib/ibm_cloud_iam/models/update_id_p_request.rb +198 -0
  299. data/lib/ibm_cloud_iam/models/update_id_p_request_properties.rb +157 -0
  300. data/lib/ibm_cloud_iam/models/update_id_p_request_properties_idp.rb +179 -0
  301. data/lib/ibm_cloud_iam/models/update_id_p_request_secrets.rb +157 -0
  302. data/lib/ibm_cloud_iam/models/update_id_p_request_secrets_idp.rb +163 -0
  303. data/lib/ibm_cloud_iam/models/update_preference_request.rb +161 -0
  304. data/lib/ibm_cloud_iam/models/update_service_id_group_request.rb +176 -0
  305. data/lib/ibm_cloud_iam/models/update_service_id_request.rb +34 -95
  306. data/lib/ibm_cloud_iam/models/update_template_assignment_request.rb +175 -0
  307. data/lib/ibm_cloud_iam/models/update_trusted_profile_request.rb +169 -0
  308. data/lib/ibm_cloud_iam/models/user_activity.rb +222 -0
  309. data/lib/ibm_cloud_iam/models/user_mfa.rb +179 -0
  310. data/lib/ibm_cloud_iam/models/user_mfa_enrollments.rb +193 -0
  311. data/lib/ibm_cloud_iam/models/user_mfa_resolved.rb +178 -0
  312. data/lib/ibm_cloud_iam/models/user_report_mfa_enrollment_status.rb +291 -0
  313. data/lib/ibm_cloud_iam/models/user_visbility_retrict_actions.rb +40 -0
  314. data/lib/ibm_cloud_iam/models/user_visbility_retrict_actions_for_template.rb +41 -0
  315. data/lib/ibm_cloud_iam/version.rb +4 -4
  316. data/lib/ibm_cloud_iam.rb +140 -9
  317. data/spec/api/account_limits_api_spec.rb +75 -0
  318. data/spec/api/account_settings_api_spec.rb +80 -0
  319. data/spec/api/account_settings_for_id_p_api_spec.rb +132 -0
  320. data/spec/api/account_settings_template_api_spec.rb +184 -0
  321. data/spec/api/account_settings_template_assignments_api_spec.rb +112 -0
  322. data/spec/api/activities_api_spec.rb +64 -0
  323. data/spec/api/api_keys_api_spec.rb +182 -0
  324. data/spec/api/identity_preferences_api_spec.rb +98 -0
  325. data/spec/api/idp_management_api_spec.rb +166 -0
  326. data/spec/api/mfa_enrollment_status_api_spec.rb +77 -0
  327. data/spec/api/service_id_groups_api_spec.rb +102 -0
  328. data/spec/api/service_ids_api_spec.rb +143 -0
  329. data/spec/api/token_retrieval_api_spec.rb +134 -0
  330. data/spec/api/trusted_profile_template_api_spec.rb +184 -0
  331. data/spec/api/trusted_profile_template_assignments_api_spec.rb +112 -0
  332. data/spec/api/trusted_profiles_api_spec.rb +328 -0
  333. data/spec/models/access_group_count_spec.rb +42 -0
  334. data/spec/models/account_based_mfa_enrollment_spec.rb +54 -0
  335. data/spec/models/account_idp_settings_spec.rb +82 -0
  336. data/spec/models/account_login_settings_spec.rb +36 -0
  337. data/spec/models/account_settings_assigned_templates_section_spec.rb +120 -0
  338. data/spec/models/account_settings_effective_section_spec.rb +96 -0
  339. data/spec/models/account_settings_meta_spec.rb +54 -0
  340. data/spec/models/account_settings_request_spec.rb +102 -0
  341. data/spec/models/account_settings_response_spec.rb +126 -0
  342. data/spec/models/account_settings_template_list_spec.rb +72 -0
  343. data/spec/models/account_settings_template_request_spec.rb +54 -0
  344. data/spec/models/account_settings_template_response_spec.rb +114 -0
  345. data/spec/models/account_settings_user_domain_restriction_spec.rb +48 -0
  346. data/spec/models/account_settings_user_mfa_response_spec.rb +66 -0
  347. data/spec/models/action_controls_identities_spec.rb +42 -0
  348. data/spec/models/action_controls_spec.rb +48 -0
  349. data/spec/models/activity_spec.rb +42 -0
  350. data/spec/models/add_account_idp_setting_request_spec.rb +52 -0
  351. data/spec/models/api_key_inside_create_service_id_request_spec.rb +24 -17
  352. data/spec/models/api_key_list_spec.rb +15 -20
  353. data/spec/models/api_key_spec.rb +52 -27
  354. data/spec/models/apikey_activity_serviceid_spec.rb +42 -0
  355. data/spec/models/apikey_activity_spec.rb +66 -0
  356. data/spec/models/apikey_activity_user_spec.rb +54 -0
  357. data/spec/models/assigned_templates_account_settings_spec.rb +102 -0
  358. data/spec/models/common_account_settings_request_spec.rb +90 -0
  359. data/spec/models/common_account_settings_response_spec.rb +84 -0
  360. data/spec/models/consumers_response_consumers_inner_spec.rb +42 -0
  361. data/spec/models/consumers_response_spec.rb +42 -0
  362. data/spec/models/create_api_key_request_spec.rb +32 -19
  363. data/spec/models/create_idp_request_properties_idp_spec.rb +60 -0
  364. data/spec/models/create_idp_request_properties_sp_authn_context_spec.rb +42 -0
  365. data/spec/models/create_idp_request_properties_sp_spec.rb +78 -0
  366. data/spec/models/create_idp_request_properties_spec.rb +42 -0
  367. data/spec/models/create_idp_request_secrets_idp_signing_inner_spec.rb +46 -0
  368. data/spec/models/create_idp_request_secrets_idp_spec.rb +48 -0
  369. data/spec/models/create_idp_request_secrets_sp_signing_inner_spec.rb +58 -0
  370. data/spec/models/create_idp_request_secrets_sp_spec.rb +36 -0
  371. data/spec/models/create_idp_request_secrets_spec.rb +42 -0
  372. data/spec/models/create_idp_request_spec.rb +76 -0
  373. data/spec/models/create_profile_link_request_link_spec.rb +60 -0
  374. data/spec/models/create_profile_link_request_spec.rb +54 -0
  375. data/spec/models/create_service_id_group_request_spec.rb +48 -0
  376. data/spec/models/create_service_id_request_spec.rb +19 -18
  377. data/spec/models/create_template_assignment_request_spec.rb +58 -0
  378. data/spec/models/create_trusted_profile_request_spec.rb +54 -0
  379. data/spec/models/effective_account_settings_response_spec.rb +60 -0
  380. data/spec/models/enity_history_record_spec.rb +14 -19
  381. data/spec/models/entity_activity_spec.rb +48 -0
  382. data/spec/models/error_spec.rb +12 -17
  383. data/spec/models/exception_response_context_spec.rb +20 -25
  384. data/spec/models/exception_response_spec.rb +12 -17
  385. data/spec/models/id_based_mfa_enrollment_spec.rb +64 -0
  386. data/spec/models/identity_count_spec.rb +42 -0
  387. data/spec/models/identity_limits_usage_request_spec.rb +108 -0
  388. data/spec/models/identity_limits_usage_response_apikeys_per_identity_spec.rb +42 -0
  389. data/spec/models/identity_limits_usage_response_claim_rules_per_group_spec.rb +42 -0
  390. data/spec/models/identity_limits_usage_response_claim_rules_per_profile_spec.rb +42 -0
  391. data/spec/models/identity_limits_usage_response_serviceids_per_group_spec.rb +42 -0
  392. data/spec/models/identity_limits_usage_response_spec.rb +114 -0
  393. data/spec/models/identity_limits_usage_response_template_versions_per_template_spec.rb +42 -0
  394. data/spec/models/identity_preference_response_spec.rb +66 -0
  395. data/spec/models/identity_preferences_response_spec.rb +36 -0
  396. data/spec/models/idp_spec.rb +96 -0
  397. data/spec/models/limit_count_spec.rb +42 -0
  398. data/spec/models/list_id_p_settings200_response_spec.rb +36 -0
  399. data/spec/models/list_idps200_response_spec.rb +36 -0
  400. data/spec/models/mfa_enrollment_type_status_spec.rb +42 -0
  401. data/spec/models/mfa_options_spec.rb +30 -0
  402. data/spec/models/mfa_requirements_response_spec.rb +11 -16
  403. data/spec/models/oidc_exception_response_spec.rb +13 -18
  404. data/spec/models/policy_template_reference_spec.rb +42 -0
  405. data/spec/models/profile_claim_rule_conditions_spec.rb +48 -0
  406. data/spec/models/profile_claim_rule_list_spec.rb +42 -0
  407. data/spec/models/profile_claim_rule_request_spec.rb +72 -0
  408. data/spec/models/profile_claim_rule_spec.rb +90 -0
  409. data/spec/models/profile_count_spec.rb +42 -0
  410. data/spec/models/profile_identities_response_spec.rb +42 -0
  411. data/spec/models/profile_identities_update_request_spec.rb +36 -0
  412. data/spec/models/profile_identity_request_spec.rb +58 -0
  413. data/spec/models/profile_identity_response_spec.rb +64 -0
  414. data/spec/models/profile_link_link_spec.rb +60 -0
  415. data/spec/models/profile_link_list_spec.rb +36 -0
  416. data/spec/models/profile_link_spec.rb +78 -0
  417. data/spec/models/report_mfa_enrollment_status_spec.rb +66 -0
  418. data/spec/models/report_reference_spec.rb +36 -0
  419. data/spec/models/report_spec.rb +84 -0
  420. data/spec/models/response_context_spec.rb +19 -24
  421. data/spec/models/retrict_actions_spec.rb +30 -0
  422. data/spec/models/saml_metadata_import_response_spec.rb +112 -0
  423. data/spec/models/service_id_group_count_spec.rb +42 -0
  424. data/spec/models/service_id_group_list_spec.rb +36 -0
  425. data/spec/models/service_id_group_spec.rb +84 -0
  426. data/spec/models/service_id_list_spec.rb +15 -20
  427. data/spec/models/service_id_spec.rb +34 -27
  428. data/spec/models/share_scope_spec.rb +46 -0
  429. data/spec/models/template_account_settings_all_of_restrict_user_domains_spec.rb +42 -0
  430. data/spec/models/template_account_settings_spec.rb +102 -0
  431. data/spec/models/template_assignment_list_response_spec.rb +72 -0
  432. data/spec/models/template_assignment_resource_error_spec.rb +54 -0
  433. data/spec/models/template_assignment_resource_spec.rb +36 -0
  434. data/spec/models/template_assignment_response_resource_detail_spec.rb +60 -0
  435. data/spec/models/template_assignment_response_resource_spec.rb +54 -0
  436. data/spec/models/template_assignment_response_spec.rb +126 -0
  437. data/spec/models/template_count_spec.rb +42 -0
  438. data/spec/models/template_profile_component_request_spec.rb +60 -0
  439. data/spec/models/template_profile_component_response_spec.rb +60 -0
  440. data/spec/models/test_result_spec.rb +66 -0
  441. data/spec/models/test_result_steps_inner_spec.rb +54 -0
  442. data/spec/models/test_trigger_response_spec.rb +42 -0
  443. data/spec/models/token_response_spec.rb +14 -19
  444. data/spec/models/trusted_profile_spec.rb +132 -0
  445. data/spec/models/trusted_profile_template_claim_rule_spec.rb +64 -0
  446. data/spec/models/trusted_profile_template_list_spec.rb +72 -0
  447. data/spec/models/trusted_profile_template_request_spec.rb +66 -0
  448. data/spec/models/trusted_profile_template_response_spec.rb +126 -0
  449. data/spec/models/trusted_profiles_list_spec.rb +72 -0
  450. data/spec/models/update_account_idp_setting_request_spec.rb +52 -0
  451. data/spec/models/update_account_login_settings_spec.rb +36 -0
  452. data/spec/models/update_api_key_request_spec.rb +28 -15
  453. data/spec/models/update_id_p_request_properties_idp_spec.rb +54 -0
  454. data/spec/models/update_id_p_request_properties_spec.rb +42 -0
  455. data/spec/models/update_id_p_request_secrets_idp_spec.rb +42 -0
  456. data/spec/models/update_id_p_request_secrets_spec.rb +42 -0
  457. data/spec/models/update_id_p_request_spec.rb +66 -0
  458. data/spec/models/update_preference_request_spec.rb +42 -0
  459. data/spec/models/update_service_id_group_request_spec.rb +42 -0
  460. data/spec/models/update_service_id_request_spec.rb +11 -16
  461. data/spec/models/update_template_assignment_request_spec.rb +36 -0
  462. data/spec/models/update_trusted_profile_request_spec.rb +48 -0
  463. data/spec/models/user_activity_spec.rb +60 -0
  464. data/spec/models/user_mfa_enrollments_spec.rb +54 -0
  465. data/spec/models/user_mfa_resolved_spec.rb +54 -0
  466. data/spec/models/user_mfa_spec.rb +42 -0
  467. data/spec/models/user_report_mfa_enrollment_status_spec.rb +72 -0
  468. data/spec/models/user_visbility_retrict_actions_for_template_spec.rb +30 -0
  469. data/spec/models/user_visbility_retrict_actions_spec.rb +30 -0
  470. data/spec/spec_helper.rb +3 -3
  471. metadata +549 -35
  472. data/docs/IdentityOperationsApi.md +0 -828
  473. data/docs/InlineObject.md +0 -19
  474. data/docs/InlineObject1.md +0 -23
  475. data/docs/InlineObject2.md +0 -21
  476. data/docs/InlineObject3.md +0 -25
  477. data/docs/TokenOperationsApi.md +0 -226
  478. data/lib/ibm_cloud_iam/api/identity_operations_api.rb +0 -1083
  479. data/lib/ibm_cloud_iam/api/token_operations_api.rb +0 -351
  480. data/lib/ibm_cloud_iam/models/inline_object.rb +0 -229
  481. data/lib/ibm_cloud_iam/models/inline_object1.rb +0 -254
  482. data/lib/ibm_cloud_iam/models/inline_object2.rb +0 -244
  483. data/lib/ibm_cloud_iam/models/inline_object3.rb +0 -269
  484. data/spec/api/identity_operations_api_spec.rb +0 -253
  485. data/spec/api/token_operations_api_spec.rb +0 -94
  486. data/spec/api_client_spec.rb +0 -226
  487. data/spec/configuration_spec.rb +0 -42
  488. data/spec/models/inline_object1_spec.rb +0 -59
  489. data/spec/models/inline_object2_spec.rb +0 -53
  490. data/spec/models/inline_object3_spec.rb +0 -65
  491. data/spec/models/inline_object_spec.rb +0 -47
data/lib/ibm_cloud_iam.rb CHANGED
@@ -1,47 +1,178 @@
1
1
  =begin
2
- #IAM Identity Services API
2
+ #IAM Identity Services
3
3
 
4
- #The IAM Identity Service API allows for the management of Identities (Service IDs, ApiKeys).
4
+ #  ## Introduction The IAM Identity Service API is used to manage service IDs, API key identities, trusted profiles, account security settings and to create IAM access tokens for a user or service ID. With trusted profile templates and assignments you can centrally manage access for child accounts in your organization from the root enterprise account. Similarly with settings templates and assignments, you can centrally administer account security settings. For more information, see [Working with template versions](https://cloud.ibm.com/docs/secure-enterprise?topic=secure-enterprise-working-with-versions&interface=ui) and [Best practices for assigning access in an enterprise](https://cloud.ibm.com/docs/secure-enterprise?topic=secure-enterprise-access-enterprises). SDKs for Java, Node, Python, and Go are available to make it easier to programmatically access the API from your code. The client libraries that are provided by the SDKs implement best practices for using the API and reduce the amount of code that you need to write. The tab for each language includes code examples that demonstrate how to use the client libraries. For more information about using the SDKs, see the [IBM Cloud SDK Common project](https://github.com/IBM/ibm-cloud-sdk-common) on GitHub. Installing the Java SDK Maven ```xml <dependency> <groupId>com.ibm.cloud</groupId> <artifactId>iam-identity</artifactId> <version>{version}</version> </dependency> ``` Gradle ```bash compile 'com.ibm.cloud:iam-identity:{version}' ``` Replace `{version}` in these examples with the release version. View on GitHub [https://github.com/IBM/platform-services-java-sdk](https://github.com/IBM/platform-services-java-sdk) Installing the Go SDK Go modules (recommended): Add the following import in your code, and then run `go build` or `go mod tidy` ```go import ( \"github.com/IBM/platform-services-go-sdk/iamidentityv1\" ) ``` ```bash go get -u github.com/IBM/platform-services-go-sdk/iamidentityv1 ``` View on GitHub [https://github.com/IBM/platform-services-go-sdk](https://github.com/IBM/platform-services-go-sdk) Installing the Node SDK ```bash npm install @ibm-cloud/platform-services ``` View on GitHub [https://github.com/IBM/platform-services-node-sdk](https://github.com/IBM/platform-services-node-sdk) Installing the Python SDK ```bash pip install --upgrade \"ibm-platform-services\" ``` View on GitHub [https://github.com/IBM/platform-services-python-sdk](https://github.com/IBM/platform-services-python-sdk) The examples that are provided on this page demonstrate how to use IAM Identity Service For more information and detailed examples, check out the [IBM Cloud SDK Common project on GitHub](https://github.com/IBM/ibm-cloud-sdk-common/blob/master/README.md). The examples that are provided on this page demonstrate how to use IAM Identity Service For more information and detailed examples, check out the [IBM Cloud SDK Common project on GitHub](https://github.com/IBM/ibm-cloud-sdk-common/blob/master/README.md). The examples that are provided on this page demonstrate how to use IAM Identity Service For more information and detailed examples, check out the [IBM Cloud SDK Common project on GitHub](https://github.com/IBM/ibm-cloud-sdk-common/blob/master/README.md). The examples that are provided on this page demonstrate how to use IAM Identity Service For more information and detailed examples, check out the [IBM Cloud SDK Common project on GitHub](https://github.com/IBM/ibm-cloud-sdk-common/blob/master/README.md). ## Endpoint URLs The IAM Identity Services API uses the following public global endpoint URL. When you call the API, add the path for each method to form the complete API endpoint for your requests. ```bash https://iam.cloud.ibm.com ``` Virtual private cloud (VPC) based access requires a virtual private endpoint gateway (VPE gateway). For more information , see [Creating an endpoint gateway](https://cloud.ibm.com/docs/vpc?topic=vpc-ordering-endpoint-gateway). * Private endpoint URL for VPC infrastructure: `https://private.iam.cloud.ibm.com`. VPE gateway creation is supported in all datacenters (see https://cloud.ibm.com/docs/overview?topic=overview-locations#regions). If you enabled service endpoints in your account, you can send API requests over the IBM Cloud® private network at the following base endpoint URLs. For more information, see [Enabling VRF and service endpoints](https://cloud.ibm.com/docs/account?topic=account-vrf-service-endpoint). * Private endpoint URLs for classic infrastructure. Supported URLs: * Sydney: `https://private.au-syd.iam.cloud.ibm.com` * Sao Paulo: `https://private.br-sao.iam.cloud.ibm.com` * Montreal: `https://private.ca-mon.iam.cloud.ibm.com` * Toronto: `https://private.ca-tor.iam.cloud.ibm.com` * Frankfurt DC: `https://private.eu-de.iam.cloud.ibm.com` * London: `https://private.eu-gb.iam.cloud.ibm.com` * Madrid: `https://private.eu-es.iam.cloud.ibm.com` * Tokyo: `https://private.jp-tok.iam.cloud.ibm.com` * Osaka: `https://private.jp-osa.iam.cloud.ibm.com` * Washington DC: `https://private.us-east.iam.cloud.ibm.com` * Dallas: `https://private.us-south.iam.cloud.ibm.com` IAM is a global service and deployed to multiple MZRs world wide. IAM can be reached from all locations using the public global endpoint or using one of the private endpoints. Each request is sent to the closest region related to the client that invokes the call to IAM. Example API request ```bash curl -u \"apikey:{apikey}\" -X {request_method} \"https://iam.cloud.ibm.com/{method_endpoint}\" ``` Replace `{apikey}`, `{request_method}`, and `{method_endpoint}` in this example with the values for your particular API call. ## Authentication Authorization to the Identity Services REST API is enforced by using an IBM Cloud Identity and Access Management (IAM) access token. The token is used to determine the actions that a user or service ID has access to when they use the API. You can generate an access token by first [creating an API key](https://cloud.ibm.com/docs/account?topic=account-iamtoken_from_apikey) and then exchanging your API key for an IBM Cloud IAM token. Don't have an API key? Try running `ibmcloud iam oauth-tokens` in the [IBM Cloud Shell](https://cloud.ibm.com/shell) to quickly generate a personal access token. When you use the SDK, configure an IAM authenticator with the IAM API key. The authenticator automatically obtains the IAM access token for the API key and includes it with each request. You can construct an authenticator in either of two ways: - Programmatically by constructing an IAM authenticator instance and supplying your IAM API key - By defining the API key in external configuration properties and then using the SDK authenticator factory to construct an IAM authenticator that uses the configured IAM API key In this example of using external configuration properties, an IAM authenticator instance is created with the configured API key, and then the service client is constructed with this authenticator instance and the configured service URL. For more information, see the Authentication section of the [IBM Cloud SDK Common](https://github.com/IBM/ibm-cloud-sdk-common/blob/main/README.md) documentation. To call each method, you'll need to be assigned a role that includes the required IAM actions. Each method lists the associated action. For more information about IAM actions and how they map to roles, see [IAM Identity service](https://cloud.ibm.com/docs/account?topic=account-account-services#identity-service-account-management). To retrieve your access token: ```bash curl -X POST \\ \"https://iam.cloud.ibm.com/identity/token\" \\ --header 'Content-Type: application/x-www-form-urlencoded' \\ --header 'Accept: application/json' \\ --data-urlencode 'grant_type=urn:ibm:params:oauth:grant-type:apikey' \\ --data-urlencode 'apikey=<API_KEY>' ``` Replace `<API_KEY>` with your IAM API key. Setting client options through external configuration Example environment variables, where `<SERVICE_URL>` is the endpoint URL and `<API_KEY>` is your IAM API key ```sh export IAM_IDENTITY_URL=<SERVICE_URL> export IAM_IDENTITY_AUTHTYPE=iam export IAM_IDENTITY_APIKEY=<API_KEY> ``` Example of constructing the service client ```go import { \"github.com/IBM/platform-services-go-sdk/iamidentityv1\" } ... serviceClientOptions := &iamidentityv1.IamIdentityV1Options{} serviceClient, err := iamidentityv1.NewIamIdentityV1UsingExternalConfig(serviceClientOptions) ``` Setting client options through external configuration Example environment variables, where `<SERVICE_URL>` is the endpoint URL and `<API_KEY>` is your IAM API key ```sh export IAM_IDENTITY_URL=<SERVICE_URL> export IAM_IDENTITY_AUTHTYPE=iam export IAM_IDENTITY_APIKEY=<API_KEY> ``` Example of constructing the service client ```java import com.ibm.cloud.platform_services.iam_identity.v1.IamIdentity; ... IamIdentity serviceClient = IamIdentity.newInstance(); ``` Setting client options through external configuration Example environment variables, where `<SERVICE_URL>` is the endpoint URL and `<API_KEY>` is your IAM API key ```sh export IAM_IDENTITY_URL=<SERVICE_URL> export IAM_IDENTITY_AUTHTYPE=iam export IAM_IDENTITY_APIKEY=<API_KEY> ``` Example of constructing the service client ```javascript const IamIdentityV1 = require('@ibm-cloud/platform-services/iam-identity/v1'); ... const serviceClient = IamIdentityV1.newInstance({}); ``` Setting client options through external configuration Example environment variables, where `<SERVICE_URL>` is the endpoint URL and `<API_KEY>` is your IAM API key ```sh export IAM_IDENTITY_URL=<SERVICE_URL> export IAM_IDENTITY_AUTHTYPE=iam export IAM_IDENTITY_APIKEY=<API_KEY> ``` Example of constructing the service client ```python from ibm_platform_services import IamIdentityV1 ... service_client = IamIdentityV1.new_instance() ``` You authenticate to the API by using Cloud Identity and Access Management (IAM). You can pass either a bearer token in an authorization header or an [API key](https://cloud.ibm.com/docs/account?topic=account-manapikey). The SDK provides initialization methods for each form of authentication. - Use the API key to have the SDK manage the lifecycle of the access token. The SDK requests an access token, ensures that the access token is valid, includes the access token in each outgoing request, and refreshes it when it expires. - Use the access token to manage the lifecycle yourself. Keep in mind that access tokens are valid for 1 hour, so you must refresh them regularly to maintain access. For more information, see [IAM authentication with the SDK](https://github.com/IBM/ibm-cloud-sdk-common/blob/master/README.md#authentication). For more information, see [IAM authentication with the SDK](https://github.com/IBM/ibm-cloud-sdk-common/blob/master/README.md#authentication). For more information, see [IAM authentication with the SDK](https://github.com/IBM/ibm-cloud-sdk-common/blob/master/README.md#authentication). For more information, see [IAM authentication with the SDK](https://github.com/IBM/ibm-cloud-sdk-common/blob/master/README.md#authentication). ## Auditing You can monitor API activity within your account by using the IBM Cloud Logs service. Whenever an API method is called, an event is generated that you can then track and audit from within IBM Cloud Logs. The specific event type is listed for each individual method. If an event is tracked for a method, you can find it listed with the method. For more information about how to track IAM activity, see [Activity tracking events for IAM](https://cloud.ibm.com/docs/account?topic=account-at_events_iam). ## Error handling The IAM Token Service uses standard HTTP response codes to indicate whether a method completed successfully. A `200` response always indicates success. A `400` type response indicates that a parameter validation failed and can occur if required parameters are missing or if any parameter values are invalid. A `401` or `403` response indicates that the incoming request did not contain valid authentication information. A `500` type response indicates an internal server error that is seen in an unexpected error situation. The Identity Services REST APIs return standard HTTP status codes to indicate the success or failure of a request. The format of the response is represented in JSON as follows: ```json { \"trace\": \"9daee671-916a-4678-850b-10b911f0236d\", \"errors\": [ { \"code\": \"invalid_access_token\", \"message\": \"The provided access token provided is invalid.\" } ] \"status_code\": 401 } ``` If an operation cannot be fulfilled, an appropriate 400 or 500 series HTTP response is returned from the server. The operations that are defined in the `Reference` section describe example errors that might be returned from a failed request. All responses from the Identity Services REST API are in JSON format. The following table show the potential error codes the API might return. | HTTP Error Code | Description | Recovery | |-----------------|-------------|----------| | `200` | Success | The request was successful. | | `201` | Created | The resource was successfully created. | | `204` | No Content | The request was successful. No response body is provided. | | `400` | Bad Request | The input parameters in the request body are either incomplete or in the wrong format. Be sure to include all required parameters in your request. | | `401` | Unauthorized | You are not authorized to make this request. The token is either missing or expired. Get a new valid token and try again. | | `403` | Forbidden | The supplied authentication is not authorized to perform the operation. If this error persists, contact the account owner to check your permissions. | | `404` | Not Found | The requested resource can't be found. | | `409` | Conflict | The entity is already in the requested state. | | `429` | Too Many Requests | Too many requests have been made within a time window. Wait before calling the API again. | | `500` | Internal error | Error that is seen in an unexpected error situation. | ## Additional headers Some additional headers might be required to make successful requests to the API. Those additional headers are: An optional transaction ID can be passed to your request, which can be useful for tracking calls through multiple services using one identifier. The header key must be set to `Transaction-Id` and the value is anything that you choose. If there is not a transaction ID that is passed in, then one is generated randomly. ## API Parameters Some API parameter have additional details that need to be considered while using it in a request. Those API parameters are as follow: ### Filtering list results When listing service IDs, trusted profiles or API keys you can filter the result set by providing an optional `filter` parameter. The exact syntax of this parameter is described below. Query syntax will follow the SCIM query syntax with reduced operator support. The value must be URL encoded. Only the following operators are supported. * Supported attribute operators- - `sw` - starts with - `sw_ci` - starts with ingnore case - non SCIM standard - `ew` - ends with - `ew_ci` - ends with ingnore case - non SCIM standard - `co` - contains - `co_ci` - contains ingnore case - non SCIM standard * Supported operators- - `and` - `or` * Grouping operators- - `()` * Data Values -`Text` * Sample - `name co \"Foo\" and description sw \"Bar\"`
5
5
 
6
6
  The version of the OpenAPI document: 1.0.0
7
7
 
8
8
  Generated by: https://openapi-generator.tech
9
- OpenAPI Generator version: 5.0.0-beta2
9
+ Generator version: 7.23.0
10
10
 
11
11
  =end
12
12
 
13
13
  # Common files
14
14
  require 'ibm_cloud_iam/api_client'
15
15
  require 'ibm_cloud_iam/api_error'
16
+ require 'ibm_cloud_iam/api_model_base'
16
17
  require 'ibm_cloud_iam/version'
17
18
  require 'ibm_cloud_iam/configuration'
18
19
 
19
20
  # Models
21
+ require 'ibm_cloud_iam/models/access_group_count'
22
+ require 'ibm_cloud_iam/models/account_based_mfa_enrollment'
23
+ require 'ibm_cloud_iam/models/account_idp_settings'
24
+ require 'ibm_cloud_iam/models/account_login_settings'
25
+ require 'ibm_cloud_iam/models/account_settings_assigned_templates_section'
26
+ require 'ibm_cloud_iam/models/account_settings_effective_section'
27
+ require 'ibm_cloud_iam/models/account_settings_meta'
28
+ require 'ibm_cloud_iam/models/account_settings_request'
29
+ require 'ibm_cloud_iam/models/account_settings_response'
30
+ require 'ibm_cloud_iam/models/account_settings_template_list'
31
+ require 'ibm_cloud_iam/models/account_settings_template_request'
32
+ require 'ibm_cloud_iam/models/account_settings_template_response'
33
+ require 'ibm_cloud_iam/models/account_settings_user_domain_restriction'
34
+ require 'ibm_cloud_iam/models/account_settings_user_mfa_response'
35
+ require 'ibm_cloud_iam/models/action_controls'
36
+ require 'ibm_cloud_iam/models/action_controls_identities'
37
+ require 'ibm_cloud_iam/models/activity'
38
+ require 'ibm_cloud_iam/models/add_account_idp_setting_request'
20
39
  require 'ibm_cloud_iam/models/api_key'
21
40
  require 'ibm_cloud_iam/models/api_key_inside_create_service_id_request'
22
41
  require 'ibm_cloud_iam/models/api_key_list'
42
+ require 'ibm_cloud_iam/models/apikey_activity'
43
+ require 'ibm_cloud_iam/models/apikey_activity_serviceid'
44
+ require 'ibm_cloud_iam/models/apikey_activity_user'
45
+ require 'ibm_cloud_iam/models/assigned_templates_account_settings'
46
+ require 'ibm_cloud_iam/models/common_account_settings_request'
47
+ require 'ibm_cloud_iam/models/common_account_settings_response'
48
+ require 'ibm_cloud_iam/models/consumers_response'
49
+ require 'ibm_cloud_iam/models/consumers_response_consumers_inner'
23
50
  require 'ibm_cloud_iam/models/create_api_key_request'
51
+ require 'ibm_cloud_iam/models/create_idp_request'
52
+ require 'ibm_cloud_iam/models/create_idp_request_properties'
53
+ require 'ibm_cloud_iam/models/create_idp_request_properties_idp'
54
+ require 'ibm_cloud_iam/models/create_idp_request_properties_sp'
55
+ require 'ibm_cloud_iam/models/create_idp_request_properties_sp_authn_context'
56
+ require 'ibm_cloud_iam/models/create_idp_request_secrets'
57
+ require 'ibm_cloud_iam/models/create_idp_request_secrets_idp'
58
+ require 'ibm_cloud_iam/models/create_idp_request_secrets_idp_signing_inner'
59
+ require 'ibm_cloud_iam/models/create_idp_request_secrets_sp'
60
+ require 'ibm_cloud_iam/models/create_idp_request_secrets_sp_signing_inner'
61
+ require 'ibm_cloud_iam/models/create_profile_link_request'
62
+ require 'ibm_cloud_iam/models/create_profile_link_request_link'
63
+ require 'ibm_cloud_iam/models/create_service_id_group_request'
24
64
  require 'ibm_cloud_iam/models/create_service_id_request'
65
+ require 'ibm_cloud_iam/models/create_template_assignment_request'
66
+ require 'ibm_cloud_iam/models/create_trusted_profile_request'
67
+ require 'ibm_cloud_iam/models/effective_account_settings_response'
25
68
  require 'ibm_cloud_iam/models/enity_history_record'
69
+ require 'ibm_cloud_iam/models/entity_activity'
26
70
  require 'ibm_cloud_iam/models/error'
27
71
  require 'ibm_cloud_iam/models/exception_response'
28
72
  require 'ibm_cloud_iam/models/exception_response_context'
29
- require 'ibm_cloud_iam/models/inline_object'
30
- require 'ibm_cloud_iam/models/inline_object1'
31
- require 'ibm_cloud_iam/models/inline_object2'
32
- require 'ibm_cloud_iam/models/inline_object3'
73
+ require 'ibm_cloud_iam/models/id_based_mfa_enrollment'
74
+ require 'ibm_cloud_iam/models/identity_count'
75
+ require 'ibm_cloud_iam/models/identity_limits_usage_request'
76
+ require 'ibm_cloud_iam/models/identity_limits_usage_response'
77
+ require 'ibm_cloud_iam/models/identity_limits_usage_response_apikeys_per_identity'
78
+ require 'ibm_cloud_iam/models/identity_limits_usage_response_claim_rules_per_group'
79
+ require 'ibm_cloud_iam/models/identity_limits_usage_response_claim_rules_per_profile'
80
+ require 'ibm_cloud_iam/models/identity_limits_usage_response_serviceids_per_group'
81
+ require 'ibm_cloud_iam/models/identity_limits_usage_response_template_versions_per_template'
82
+ require 'ibm_cloud_iam/models/identity_preference_response'
83
+ require 'ibm_cloud_iam/models/identity_preferences_response'
84
+ require 'ibm_cloud_iam/models/idp'
85
+ require 'ibm_cloud_iam/models/limit_count'
86
+ require 'ibm_cloud_iam/models/list_id_p_settings200_response'
87
+ require 'ibm_cloud_iam/models/list_idps200_response'
33
88
  require 'ibm_cloud_iam/models/mfa_requirements_response'
89
+ require 'ibm_cloud_iam/models/mfa_enrollment_type_status'
90
+ require 'ibm_cloud_iam/models/mfa_options'
34
91
  require 'ibm_cloud_iam/models/oidc_exception_response'
92
+ require 'ibm_cloud_iam/models/policy_template_reference'
93
+ require 'ibm_cloud_iam/models/profile_claim_rule'
94
+ require 'ibm_cloud_iam/models/profile_claim_rule_conditions'
95
+ require 'ibm_cloud_iam/models/profile_claim_rule_list'
96
+ require 'ibm_cloud_iam/models/profile_claim_rule_request'
97
+ require 'ibm_cloud_iam/models/profile_count'
98
+ require 'ibm_cloud_iam/models/profile_identities_response'
99
+ require 'ibm_cloud_iam/models/profile_identities_update_request'
100
+ require 'ibm_cloud_iam/models/profile_identity_request'
101
+ require 'ibm_cloud_iam/models/profile_identity_response'
102
+ require 'ibm_cloud_iam/models/profile_link'
103
+ require 'ibm_cloud_iam/models/profile_link_link'
104
+ require 'ibm_cloud_iam/models/profile_link_list'
105
+ require 'ibm_cloud_iam/models/report'
106
+ require 'ibm_cloud_iam/models/report_mfa_enrollment_status'
107
+ require 'ibm_cloud_iam/models/report_reference'
35
108
  require 'ibm_cloud_iam/models/response_context'
109
+ require 'ibm_cloud_iam/models/retrict_actions'
110
+ require 'ibm_cloud_iam/models/saml_metadata_import_response'
36
111
  require 'ibm_cloud_iam/models/service_id'
112
+ require 'ibm_cloud_iam/models/service_id_group'
113
+ require 'ibm_cloud_iam/models/service_id_group_count'
114
+ require 'ibm_cloud_iam/models/service_id_group_list'
37
115
  require 'ibm_cloud_iam/models/service_id_list'
116
+ require 'ibm_cloud_iam/models/share_scope'
117
+ require 'ibm_cloud_iam/models/template_account_settings'
118
+ require 'ibm_cloud_iam/models/template_account_settings_all_of_restrict_user_domains'
119
+ require 'ibm_cloud_iam/models/template_assignment_list_response'
120
+ require 'ibm_cloud_iam/models/template_assignment_resource'
121
+ require 'ibm_cloud_iam/models/template_assignment_resource_error'
122
+ require 'ibm_cloud_iam/models/template_assignment_response'
123
+ require 'ibm_cloud_iam/models/template_assignment_response_resource'
124
+ require 'ibm_cloud_iam/models/template_assignment_response_resource_detail'
125
+ require 'ibm_cloud_iam/models/template_count'
126
+ require 'ibm_cloud_iam/models/template_profile_component_request'
127
+ require 'ibm_cloud_iam/models/template_profile_component_response'
128
+ require 'ibm_cloud_iam/models/test_result'
129
+ require 'ibm_cloud_iam/models/test_result_steps_inner'
130
+ require 'ibm_cloud_iam/models/test_trigger_response'
38
131
  require 'ibm_cloud_iam/models/token_response'
132
+ require 'ibm_cloud_iam/models/trusted_profile'
133
+ require 'ibm_cloud_iam/models/trusted_profile_template_claim_rule'
134
+ require 'ibm_cloud_iam/models/trusted_profile_template_list'
135
+ require 'ibm_cloud_iam/models/trusted_profile_template_request'
136
+ require 'ibm_cloud_iam/models/trusted_profile_template_response'
137
+ require 'ibm_cloud_iam/models/trusted_profiles_list'
138
+ require 'ibm_cloud_iam/models/update_account_idp_setting_request'
139
+ require 'ibm_cloud_iam/models/update_account_login_settings'
39
140
  require 'ibm_cloud_iam/models/update_api_key_request'
141
+ require 'ibm_cloud_iam/models/update_id_p_request'
142
+ require 'ibm_cloud_iam/models/update_id_p_request_properties'
143
+ require 'ibm_cloud_iam/models/update_id_p_request_properties_idp'
144
+ require 'ibm_cloud_iam/models/update_id_p_request_secrets'
145
+ require 'ibm_cloud_iam/models/update_id_p_request_secrets_idp'
146
+ require 'ibm_cloud_iam/models/update_preference_request'
147
+ require 'ibm_cloud_iam/models/update_service_id_group_request'
40
148
  require 'ibm_cloud_iam/models/update_service_id_request'
149
+ require 'ibm_cloud_iam/models/update_template_assignment_request'
150
+ require 'ibm_cloud_iam/models/update_trusted_profile_request'
151
+ require 'ibm_cloud_iam/models/user_activity'
152
+ require 'ibm_cloud_iam/models/user_mfa_resolved'
153
+ require 'ibm_cloud_iam/models/user_mfa'
154
+ require 'ibm_cloud_iam/models/user_mfa_enrollments'
155
+ require 'ibm_cloud_iam/models/user_report_mfa_enrollment_status'
156
+ require 'ibm_cloud_iam/models/user_visbility_retrict_actions'
157
+ require 'ibm_cloud_iam/models/user_visbility_retrict_actions_for_template'
41
158
 
42
159
  # APIs
43
- require 'ibm_cloud_iam/api/identity_operations_api'
44
- require 'ibm_cloud_iam/api/token_operations_api'
160
+ require 'ibm_cloud_iam/api/api_keys_api'
161
+ require 'ibm_cloud_iam/api/account_limits_api'
162
+ require 'ibm_cloud_iam/api/account_settings_api'
163
+ require 'ibm_cloud_iam/api/account_settings_for_id_p_api'
164
+ require 'ibm_cloud_iam/api/account_settings_template_api'
165
+ require 'ibm_cloud_iam/api/account_settings_template_assignments_api'
166
+ require 'ibm_cloud_iam/api/activities_api'
167
+ require 'ibm_cloud_iam/api/idp_management_api'
168
+ require 'ibm_cloud_iam/api/identity_preferences_api'
169
+ require 'ibm_cloud_iam/api/mfa_enrollment_status_api'
170
+ require 'ibm_cloud_iam/api/service_id_groups_api'
171
+ require 'ibm_cloud_iam/api/service_ids_api'
172
+ require 'ibm_cloud_iam/api/token_retrieval_api'
173
+ require 'ibm_cloud_iam/api/trusted_profile_template_api'
174
+ require 'ibm_cloud_iam/api/trusted_profile_template_assignments_api'
175
+ require 'ibm_cloud_iam/api/trusted_profiles_api'
45
176
 
46
177
  module IbmCloudIam
47
178
  class << self
@@ -0,0 +1,75 @@
1
+ =begin
2
+ #IAM Identity Services
3
+
4
+ #  ## Introduction The IAM Identity Service API is used to manage service IDs, API key identities, trusted profiles, account security settings and to create IAM access tokens for a user or service ID. With trusted profile templates and assignments you can centrally manage access for child accounts in your organization from the root enterprise account. Similarly with settings templates and assignments, you can centrally administer account security settings. For more information, see [Working with template versions](https://cloud.ibm.com/docs/secure-enterprise?topic=secure-enterprise-working-with-versions&interface=ui) and [Best practices for assigning access in an enterprise](https://cloud.ibm.com/docs/secure-enterprise?topic=secure-enterprise-access-enterprises). SDKs for Java, Node, Python, and Go are available to make it easier to programmatically access the API from your code. The client libraries that are provided by the SDKs implement best practices for using the API and reduce the amount of code that you need to write. The tab for each language includes code examples that demonstrate how to use the client libraries. For more information about using the SDKs, see the [IBM Cloud SDK Common project](https://github.com/IBM/ibm-cloud-sdk-common) on GitHub. Installing the Java SDK Maven ```xml <dependency> <groupId>com.ibm.cloud</groupId> <artifactId>iam-identity</artifactId> <version>{version}</version> </dependency> ``` Gradle ```bash compile 'com.ibm.cloud:iam-identity:{version}' ``` Replace `{version}` in these examples with the release version. View on GitHub [https://github.com/IBM/platform-services-java-sdk](https://github.com/IBM/platform-services-java-sdk) Installing the Go SDK Go modules (recommended): Add the following import in your code, and then run `go build` or `go mod tidy` ```go import ( \"github.com/IBM/platform-services-go-sdk/iamidentityv1\" ) ``` ```bash go get -u github.com/IBM/platform-services-go-sdk/iamidentityv1 ``` View on GitHub [https://github.com/IBM/platform-services-go-sdk](https://github.com/IBM/platform-services-go-sdk) Installing the Node SDK ```bash npm install @ibm-cloud/platform-services ``` View on GitHub [https://github.com/IBM/platform-services-node-sdk](https://github.com/IBM/platform-services-node-sdk) Installing the Python SDK ```bash pip install --upgrade \"ibm-platform-services\" ``` View on GitHub [https://github.com/IBM/platform-services-python-sdk](https://github.com/IBM/platform-services-python-sdk) The examples that are provided on this page demonstrate how to use IAM Identity Service For more information and detailed examples, check out the [IBM Cloud SDK Common project on GitHub](https://github.com/IBM/ibm-cloud-sdk-common/blob/master/README.md). The examples that are provided on this page demonstrate how to use IAM Identity Service For more information and detailed examples, check out the [IBM Cloud SDK Common project on GitHub](https://github.com/IBM/ibm-cloud-sdk-common/blob/master/README.md). The examples that are provided on this page demonstrate how to use IAM Identity Service For more information and detailed examples, check out the [IBM Cloud SDK Common project on GitHub](https://github.com/IBM/ibm-cloud-sdk-common/blob/master/README.md). The examples that are provided on this page demonstrate how to use IAM Identity Service For more information and detailed examples, check out the [IBM Cloud SDK Common project on GitHub](https://github.com/IBM/ibm-cloud-sdk-common/blob/master/README.md). ## Endpoint URLs The IAM Identity Services API uses the following public global endpoint URL. When you call the API, add the path for each method to form the complete API endpoint for your requests. ```bash https://iam.cloud.ibm.com ``` Virtual private cloud (VPC) based access requires a virtual private endpoint gateway (VPE gateway). For more information , see [Creating an endpoint gateway](https://cloud.ibm.com/docs/vpc?topic=vpc-ordering-endpoint-gateway). * Private endpoint URL for VPC infrastructure: `https://private.iam.cloud.ibm.com`. VPE gateway creation is supported in all datacenters (see https://cloud.ibm.com/docs/overview?topic=overview-locations#regions). If you enabled service endpoints in your account, you can send API requests over the IBM Cloud® private network at the following base endpoint URLs. For more information, see [Enabling VRF and service endpoints](https://cloud.ibm.com/docs/account?topic=account-vrf-service-endpoint). * Private endpoint URLs for classic infrastructure. Supported URLs: * Sydney: `https://private.au-syd.iam.cloud.ibm.com` * Sao Paulo: `https://private.br-sao.iam.cloud.ibm.com` * Montreal: `https://private.ca-mon.iam.cloud.ibm.com` * Toronto: `https://private.ca-tor.iam.cloud.ibm.com` * Frankfurt DC: `https://private.eu-de.iam.cloud.ibm.com` * London: `https://private.eu-gb.iam.cloud.ibm.com` * Madrid: `https://private.eu-es.iam.cloud.ibm.com` * Tokyo: `https://private.jp-tok.iam.cloud.ibm.com` * Osaka: `https://private.jp-osa.iam.cloud.ibm.com` * Washington DC: `https://private.us-east.iam.cloud.ibm.com` * Dallas: `https://private.us-south.iam.cloud.ibm.com` IAM is a global service and deployed to multiple MZRs world wide. IAM can be reached from all locations using the public global endpoint or using one of the private endpoints. Each request is sent to the closest region related to the client that invokes the call to IAM. Example API request ```bash curl -u \"apikey:{apikey}\" -X {request_method} \"https://iam.cloud.ibm.com/{method_endpoint}\" ``` Replace `{apikey}`, `{request_method}`, and `{method_endpoint}` in this example with the values for your particular API call. ## Authentication Authorization to the Identity Services REST API is enforced by using an IBM Cloud Identity and Access Management (IAM) access token. The token is used to determine the actions that a user or service ID has access to when they use the API. You can generate an access token by first [creating an API key](https://cloud.ibm.com/docs/account?topic=account-iamtoken_from_apikey) and then exchanging your API key for an IBM Cloud IAM token. Don't have an API key? Try running `ibmcloud iam oauth-tokens` in the [IBM Cloud Shell](https://cloud.ibm.com/shell) to quickly generate a personal access token. When you use the SDK, configure an IAM authenticator with the IAM API key. The authenticator automatically obtains the IAM access token for the API key and includes it with each request. You can construct an authenticator in either of two ways: - Programmatically by constructing an IAM authenticator instance and supplying your IAM API key - By defining the API key in external configuration properties and then using the SDK authenticator factory to construct an IAM authenticator that uses the configured IAM API key In this example of using external configuration properties, an IAM authenticator instance is created with the configured API key, and then the service client is constructed with this authenticator instance and the configured service URL. For more information, see the Authentication section of the [IBM Cloud SDK Common](https://github.com/IBM/ibm-cloud-sdk-common/blob/main/README.md) documentation. To call each method, you'll need to be assigned a role that includes the required IAM actions. Each method lists the associated action. For more information about IAM actions and how they map to roles, see [IAM Identity service](https://cloud.ibm.com/docs/account?topic=account-account-services#identity-service-account-management). To retrieve your access token: ```bash curl -X POST \\ \"https://iam.cloud.ibm.com/identity/token\" \\ --header 'Content-Type: application/x-www-form-urlencoded' \\ --header 'Accept: application/json' \\ --data-urlencode 'grant_type=urn:ibm:params:oauth:grant-type:apikey' \\ --data-urlencode 'apikey=<API_KEY>' ``` Replace `<API_KEY>` with your IAM API key. Setting client options through external configuration Example environment variables, where `<SERVICE_URL>` is the endpoint URL and `<API_KEY>` is your IAM API key ```sh export IAM_IDENTITY_URL=<SERVICE_URL> export IAM_IDENTITY_AUTHTYPE=iam export IAM_IDENTITY_APIKEY=<API_KEY> ``` Example of constructing the service client ```go import { \"github.com/IBM/platform-services-go-sdk/iamidentityv1\" } ... serviceClientOptions := &iamidentityv1.IamIdentityV1Options{} serviceClient, err := iamidentityv1.NewIamIdentityV1UsingExternalConfig(serviceClientOptions) ``` Setting client options through external configuration Example environment variables, where `<SERVICE_URL>` is the endpoint URL and `<API_KEY>` is your IAM API key ```sh export IAM_IDENTITY_URL=<SERVICE_URL> export IAM_IDENTITY_AUTHTYPE=iam export IAM_IDENTITY_APIKEY=<API_KEY> ``` Example of constructing the service client ```java import com.ibm.cloud.platform_services.iam_identity.v1.IamIdentity; ... IamIdentity serviceClient = IamIdentity.newInstance(); ``` Setting client options through external configuration Example environment variables, where `<SERVICE_URL>` is the endpoint URL and `<API_KEY>` is your IAM API key ```sh export IAM_IDENTITY_URL=<SERVICE_URL> export IAM_IDENTITY_AUTHTYPE=iam export IAM_IDENTITY_APIKEY=<API_KEY> ``` Example of constructing the service client ```javascript const IamIdentityV1 = require('@ibm-cloud/platform-services/iam-identity/v1'); ... const serviceClient = IamIdentityV1.newInstance({}); ``` Setting client options through external configuration Example environment variables, where `<SERVICE_URL>` is the endpoint URL and `<API_KEY>` is your IAM API key ```sh export IAM_IDENTITY_URL=<SERVICE_URL> export IAM_IDENTITY_AUTHTYPE=iam export IAM_IDENTITY_APIKEY=<API_KEY> ``` Example of constructing the service client ```python from ibm_platform_services import IamIdentityV1 ... service_client = IamIdentityV1.new_instance() ``` You authenticate to the API by using Cloud Identity and Access Management (IAM). You can pass either a bearer token in an authorization header or an [API key](https://cloud.ibm.com/docs/account?topic=account-manapikey). The SDK provides initialization methods for each form of authentication. - Use the API key to have the SDK manage the lifecycle of the access token. The SDK requests an access token, ensures that the access token is valid, includes the access token in each outgoing request, and refreshes it when it expires. - Use the access token to manage the lifecycle yourself. Keep in mind that access tokens are valid for 1 hour, so you must refresh them regularly to maintain access. For more information, see [IAM authentication with the SDK](https://github.com/IBM/ibm-cloud-sdk-common/blob/master/README.md#authentication). For more information, see [IAM authentication with the SDK](https://github.com/IBM/ibm-cloud-sdk-common/blob/master/README.md#authentication). For more information, see [IAM authentication with the SDK](https://github.com/IBM/ibm-cloud-sdk-common/blob/master/README.md#authentication). For more information, see [IAM authentication with the SDK](https://github.com/IBM/ibm-cloud-sdk-common/blob/master/README.md#authentication). ## Auditing You can monitor API activity within your account by using the IBM Cloud Logs service. Whenever an API method is called, an event is generated that you can then track and audit from within IBM Cloud Logs. The specific event type is listed for each individual method. If an event is tracked for a method, you can find it listed with the method. For more information about how to track IAM activity, see [Activity tracking events for IAM](https://cloud.ibm.com/docs/account?topic=account-at_events_iam). ## Error handling The IAM Token Service uses standard HTTP response codes to indicate whether a method completed successfully. A `200` response always indicates success. A `400` type response indicates that a parameter validation failed and can occur if required parameters are missing or if any parameter values are invalid. A `401` or `403` response indicates that the incoming request did not contain valid authentication information. A `500` type response indicates an internal server error that is seen in an unexpected error situation. The Identity Services REST APIs return standard HTTP status codes to indicate the success or failure of a request. The format of the response is represented in JSON as follows: ```json { \"trace\": \"9daee671-916a-4678-850b-10b911f0236d\", \"errors\": [ { \"code\": \"invalid_access_token\", \"message\": \"The provided access token provided is invalid.\" } ] \"status_code\": 401 } ``` If an operation cannot be fulfilled, an appropriate 400 or 500 series HTTP response is returned from the server. The operations that are defined in the `Reference` section describe example errors that might be returned from a failed request. All responses from the Identity Services REST API are in JSON format. The following table show the potential error codes the API might return. | HTTP Error Code | Description | Recovery | |-----------------|-------------|----------| | `200` | Success | The request was successful. | | `201` | Created | The resource was successfully created. | | `204` | No Content | The request was successful. No response body is provided. | | `400` | Bad Request | The input parameters in the request body are either incomplete or in the wrong format. Be sure to include all required parameters in your request. | | `401` | Unauthorized | You are not authorized to make this request. The token is either missing or expired. Get a new valid token and try again. | | `403` | Forbidden | The supplied authentication is not authorized to perform the operation. If this error persists, contact the account owner to check your permissions. | | `404` | Not Found | The requested resource can't be found. | | `409` | Conflict | The entity is already in the requested state. | | `429` | Too Many Requests | Too many requests have been made within a time window. Wait before calling the API again. | | `500` | Internal error | Error that is seen in an unexpected error situation. | ## Additional headers Some additional headers might be required to make successful requests to the API. Those additional headers are: An optional transaction ID can be passed to your request, which can be useful for tracking calls through multiple services using one identifier. The header key must be set to `Transaction-Id` and the value is anything that you choose. If there is not a transaction ID that is passed in, then one is generated randomly. ## API Parameters Some API parameter have additional details that need to be considered while using it in a request. Those API parameters are as follow: ### Filtering list results When listing service IDs, trusted profiles or API keys you can filter the result set by providing an optional `filter` parameter. The exact syntax of this parameter is described below. Query syntax will follow the SCIM query syntax with reduced operator support. The value must be URL encoded. Only the following operators are supported. * Supported attribute operators- - `sw` - starts with - `sw_ci` - starts with ingnore case - non SCIM standard - `ew` - ends with - `ew_ci` - ends with ingnore case - non SCIM standard - `co` - contains - `co_ci` - contains ingnore case - non SCIM standard * Supported operators- - `and` - `or` * Grouping operators- - `()` * Data Values -`Text` * Sample - `name co \"Foo\" and description sw \"Bar\"`
5
+
6
+ The version of the OpenAPI document: 1.0.0
7
+
8
+ Generated by: https://openapi-generator.tech
9
+ Generator version: 7.23.0
10
+
11
+ =end
12
+
13
+ require 'spec_helper'
14
+ require 'json'
15
+
16
+ # Unit tests for IbmCloudIam::AccountLimitsApi
17
+ # Automatically generated by openapi-generator (https://openapi-generator.tech)
18
+ # Please update as you see appropriate
19
+ describe 'AccountLimitsApi' do
20
+ before do
21
+ # run before each test
22
+ @api_instance = IbmCloudIam::AccountLimitsApi.new
23
+ end
24
+
25
+ after do
26
+ # run after each test
27
+ end
28
+
29
+ describe 'test an instance of AccountLimitsApi' do
30
+ it 'should create an instance of AccountLimitsApi' do
31
+ expect(@api_instance).to be_instance_of(IbmCloudIam::AccountLimitsApi)
32
+ end
33
+ end
34
+
35
+ # unit tests for bulk_list_account_entity_consumption
36
+ # Get account entity limits via POST request
37
+ # Returns the details of an account&#39;s entity limits using a body for larger list of parameters for consumption details.
38
+ # @param account_id Unique ID of the account.
39
+ # @param authorization Authorization Token used for the request. The supported token type is a Cloud IAM Access Token. If the token is omitted the request will fail with BXNIM0308E: &#39;No authorization header found&#39;. Please make sure that the provided token has the required authority for the request.
40
+ # @param [Hash] opts the optional parameters
41
+ # @option opts [IdentityLimitsUsageRequest] :identity_limits_usage_request
42
+ # @return [IdentityLimitsUsageResponse]
43
+ describe 'bulk_list_account_entity_consumption test' do
44
+ it 'should work' do
45
+ # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/
46
+ end
47
+ end
48
+
49
+ # unit tests for get_account_limits
50
+ # Get account entity limits
51
+ # Returns the details of an account&#39;s entity limits with query parameters for consumption details.
52
+ # @param account_id Unique ID of the account.
53
+ # @param authorization Authorization Token used for the request. The supported token type is a Cloud IAM Access Token. If the token is omitted the request will fail with BXNIM0308E: &#39;No authorization header found&#39;. Please make sure that the provided token has the required authority for the request.
54
+ # @param [Hash] opts the optional parameters
55
+ # @option opts [Boolean] :serviceid_groups Boolean to include serviceid group consumption.
56
+ # @option opts [String] :serviceids_per_group Comma seperated list of ServiceID groups to include for consumption.
57
+ # @option opts [String] :profiles Boolean to include trusted profiles consumption.
58
+ # @option opts [String] :apikeys_per_identity Comma seperated list of IAM IDs to include for API key consumption.
59
+ # @option opts [String] :templates Boolean to include template consumption.
60
+ # @option opts [String] :template_versions_per_template Comma seperated list of template IDs to include for template version consumption.
61
+ # @option opts [String] :idps Boolean to include identity provider consumption.
62
+ # @option opts [String] :claim_rules_per_group Comma seperated list of access groups to include for claim rules consumption.
63
+ # @option opts [String] :claim_rules_per_profile Comma seperated list of profiles to include for claim rules consumption.
64
+ # @option opts [String] :cr_links Boolean to include compute resource links consumption.
65
+ # @option opts [String] :cr_links_per_profile Comma seperated list of profile IDs to include for cr links consumption.
66
+ # @option opts [String] :cr_rules Boolean to include compute resource rules consumption.
67
+ # @option opts [String] :cr_rules_per_profile Comma seperated list of profile IDs to include for cr rules consumption.
68
+ # @return [IdentityLimitsUsageResponse]
69
+ describe 'get_account_limits test' do
70
+ it 'should work' do
71
+ # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/
72
+ end
73
+ end
74
+
75
+ end
@@ -0,0 +1,80 @@
1
+ =begin
2
+ #IAM Identity Services
3
+
4
+ #  ## Introduction The IAM Identity Service API is used to manage service IDs, API key identities, trusted profiles, account security settings and to create IAM access tokens for a user or service ID. With trusted profile templates and assignments you can centrally manage access for child accounts in your organization from the root enterprise account. Similarly with settings templates and assignments, you can centrally administer account security settings. For more information, see [Working with template versions](https://cloud.ibm.com/docs/secure-enterprise?topic=secure-enterprise-working-with-versions&interface=ui) and [Best practices for assigning access in an enterprise](https://cloud.ibm.com/docs/secure-enterprise?topic=secure-enterprise-access-enterprises). SDKs for Java, Node, Python, and Go are available to make it easier to programmatically access the API from your code. The client libraries that are provided by the SDKs implement best practices for using the API and reduce the amount of code that you need to write. The tab for each language includes code examples that demonstrate how to use the client libraries. For more information about using the SDKs, see the [IBM Cloud SDK Common project](https://github.com/IBM/ibm-cloud-sdk-common) on GitHub. Installing the Java SDK Maven ```xml <dependency> <groupId>com.ibm.cloud</groupId> <artifactId>iam-identity</artifactId> <version>{version}</version> </dependency> ``` Gradle ```bash compile 'com.ibm.cloud:iam-identity:{version}' ``` Replace `{version}` in these examples with the release version. View on GitHub [https://github.com/IBM/platform-services-java-sdk](https://github.com/IBM/platform-services-java-sdk) Installing the Go SDK Go modules (recommended): Add the following import in your code, and then run `go build` or `go mod tidy` ```go import ( \"github.com/IBM/platform-services-go-sdk/iamidentityv1\" ) ``` ```bash go get -u github.com/IBM/platform-services-go-sdk/iamidentityv1 ``` View on GitHub [https://github.com/IBM/platform-services-go-sdk](https://github.com/IBM/platform-services-go-sdk) Installing the Node SDK ```bash npm install @ibm-cloud/platform-services ``` View on GitHub [https://github.com/IBM/platform-services-node-sdk](https://github.com/IBM/platform-services-node-sdk) Installing the Python SDK ```bash pip install --upgrade \"ibm-platform-services\" ``` View on GitHub [https://github.com/IBM/platform-services-python-sdk](https://github.com/IBM/platform-services-python-sdk) The examples that are provided on this page demonstrate how to use IAM Identity Service For more information and detailed examples, check out the [IBM Cloud SDK Common project on GitHub](https://github.com/IBM/ibm-cloud-sdk-common/blob/master/README.md). The examples that are provided on this page demonstrate how to use IAM Identity Service For more information and detailed examples, check out the [IBM Cloud SDK Common project on GitHub](https://github.com/IBM/ibm-cloud-sdk-common/blob/master/README.md). The examples that are provided on this page demonstrate how to use IAM Identity Service For more information and detailed examples, check out the [IBM Cloud SDK Common project on GitHub](https://github.com/IBM/ibm-cloud-sdk-common/blob/master/README.md). The examples that are provided on this page demonstrate how to use IAM Identity Service For more information and detailed examples, check out the [IBM Cloud SDK Common project on GitHub](https://github.com/IBM/ibm-cloud-sdk-common/blob/master/README.md). ## Endpoint URLs The IAM Identity Services API uses the following public global endpoint URL. When you call the API, add the path for each method to form the complete API endpoint for your requests. ```bash https://iam.cloud.ibm.com ``` Virtual private cloud (VPC) based access requires a virtual private endpoint gateway (VPE gateway). For more information , see [Creating an endpoint gateway](https://cloud.ibm.com/docs/vpc?topic=vpc-ordering-endpoint-gateway). * Private endpoint URL for VPC infrastructure: `https://private.iam.cloud.ibm.com`. VPE gateway creation is supported in all datacenters (see https://cloud.ibm.com/docs/overview?topic=overview-locations#regions). If you enabled service endpoints in your account, you can send API requests over the IBM Cloud® private network at the following base endpoint URLs. For more information, see [Enabling VRF and service endpoints](https://cloud.ibm.com/docs/account?topic=account-vrf-service-endpoint). * Private endpoint URLs for classic infrastructure. Supported URLs: * Sydney: `https://private.au-syd.iam.cloud.ibm.com` * Sao Paulo: `https://private.br-sao.iam.cloud.ibm.com` * Montreal: `https://private.ca-mon.iam.cloud.ibm.com` * Toronto: `https://private.ca-tor.iam.cloud.ibm.com` * Frankfurt DC: `https://private.eu-de.iam.cloud.ibm.com` * London: `https://private.eu-gb.iam.cloud.ibm.com` * Madrid: `https://private.eu-es.iam.cloud.ibm.com` * Tokyo: `https://private.jp-tok.iam.cloud.ibm.com` * Osaka: `https://private.jp-osa.iam.cloud.ibm.com` * Washington DC: `https://private.us-east.iam.cloud.ibm.com` * Dallas: `https://private.us-south.iam.cloud.ibm.com` IAM is a global service and deployed to multiple MZRs world wide. IAM can be reached from all locations using the public global endpoint or using one of the private endpoints. Each request is sent to the closest region related to the client that invokes the call to IAM. Example API request ```bash curl -u \"apikey:{apikey}\" -X {request_method} \"https://iam.cloud.ibm.com/{method_endpoint}\" ``` Replace `{apikey}`, `{request_method}`, and `{method_endpoint}` in this example with the values for your particular API call. ## Authentication Authorization to the Identity Services REST API is enforced by using an IBM Cloud Identity and Access Management (IAM) access token. The token is used to determine the actions that a user or service ID has access to when they use the API. You can generate an access token by first [creating an API key](https://cloud.ibm.com/docs/account?topic=account-iamtoken_from_apikey) and then exchanging your API key for an IBM Cloud IAM token. Don't have an API key? Try running `ibmcloud iam oauth-tokens` in the [IBM Cloud Shell](https://cloud.ibm.com/shell) to quickly generate a personal access token. When you use the SDK, configure an IAM authenticator with the IAM API key. The authenticator automatically obtains the IAM access token for the API key and includes it with each request. You can construct an authenticator in either of two ways: - Programmatically by constructing an IAM authenticator instance and supplying your IAM API key - By defining the API key in external configuration properties and then using the SDK authenticator factory to construct an IAM authenticator that uses the configured IAM API key In this example of using external configuration properties, an IAM authenticator instance is created with the configured API key, and then the service client is constructed with this authenticator instance and the configured service URL. For more information, see the Authentication section of the [IBM Cloud SDK Common](https://github.com/IBM/ibm-cloud-sdk-common/blob/main/README.md) documentation. To call each method, you'll need to be assigned a role that includes the required IAM actions. Each method lists the associated action. For more information about IAM actions and how they map to roles, see [IAM Identity service](https://cloud.ibm.com/docs/account?topic=account-account-services#identity-service-account-management). To retrieve your access token: ```bash curl -X POST \\ \"https://iam.cloud.ibm.com/identity/token\" \\ --header 'Content-Type: application/x-www-form-urlencoded' \\ --header 'Accept: application/json' \\ --data-urlencode 'grant_type=urn:ibm:params:oauth:grant-type:apikey' \\ --data-urlencode 'apikey=<API_KEY>' ``` Replace `<API_KEY>` with your IAM API key. Setting client options through external configuration Example environment variables, where `<SERVICE_URL>` is the endpoint URL and `<API_KEY>` is your IAM API key ```sh export IAM_IDENTITY_URL=<SERVICE_URL> export IAM_IDENTITY_AUTHTYPE=iam export IAM_IDENTITY_APIKEY=<API_KEY> ``` Example of constructing the service client ```go import { \"github.com/IBM/platform-services-go-sdk/iamidentityv1\" } ... serviceClientOptions := &iamidentityv1.IamIdentityV1Options{} serviceClient, err := iamidentityv1.NewIamIdentityV1UsingExternalConfig(serviceClientOptions) ``` Setting client options through external configuration Example environment variables, where `<SERVICE_URL>` is the endpoint URL and `<API_KEY>` is your IAM API key ```sh export IAM_IDENTITY_URL=<SERVICE_URL> export IAM_IDENTITY_AUTHTYPE=iam export IAM_IDENTITY_APIKEY=<API_KEY> ``` Example of constructing the service client ```java import com.ibm.cloud.platform_services.iam_identity.v1.IamIdentity; ... IamIdentity serviceClient = IamIdentity.newInstance(); ``` Setting client options through external configuration Example environment variables, where `<SERVICE_URL>` is the endpoint URL and `<API_KEY>` is your IAM API key ```sh export IAM_IDENTITY_URL=<SERVICE_URL> export IAM_IDENTITY_AUTHTYPE=iam export IAM_IDENTITY_APIKEY=<API_KEY> ``` Example of constructing the service client ```javascript const IamIdentityV1 = require('@ibm-cloud/platform-services/iam-identity/v1'); ... const serviceClient = IamIdentityV1.newInstance({}); ``` Setting client options through external configuration Example environment variables, where `<SERVICE_URL>` is the endpoint URL and `<API_KEY>` is your IAM API key ```sh export IAM_IDENTITY_URL=<SERVICE_URL> export IAM_IDENTITY_AUTHTYPE=iam export IAM_IDENTITY_APIKEY=<API_KEY> ``` Example of constructing the service client ```python from ibm_platform_services import IamIdentityV1 ... service_client = IamIdentityV1.new_instance() ``` You authenticate to the API by using Cloud Identity and Access Management (IAM). You can pass either a bearer token in an authorization header or an [API key](https://cloud.ibm.com/docs/account?topic=account-manapikey). The SDK provides initialization methods for each form of authentication. - Use the API key to have the SDK manage the lifecycle of the access token. The SDK requests an access token, ensures that the access token is valid, includes the access token in each outgoing request, and refreshes it when it expires. - Use the access token to manage the lifecycle yourself. Keep in mind that access tokens are valid for 1 hour, so you must refresh them regularly to maintain access. For more information, see [IAM authentication with the SDK](https://github.com/IBM/ibm-cloud-sdk-common/blob/master/README.md#authentication). For more information, see [IAM authentication with the SDK](https://github.com/IBM/ibm-cloud-sdk-common/blob/master/README.md#authentication). For more information, see [IAM authentication with the SDK](https://github.com/IBM/ibm-cloud-sdk-common/blob/master/README.md#authentication). For more information, see [IAM authentication with the SDK](https://github.com/IBM/ibm-cloud-sdk-common/blob/master/README.md#authentication). ## Auditing You can monitor API activity within your account by using the IBM Cloud Logs service. Whenever an API method is called, an event is generated that you can then track and audit from within IBM Cloud Logs. The specific event type is listed for each individual method. If an event is tracked for a method, you can find it listed with the method. For more information about how to track IAM activity, see [Activity tracking events for IAM](https://cloud.ibm.com/docs/account?topic=account-at_events_iam). ## Error handling The IAM Token Service uses standard HTTP response codes to indicate whether a method completed successfully. A `200` response always indicates success. A `400` type response indicates that a parameter validation failed and can occur if required parameters are missing or if any parameter values are invalid. A `401` or `403` response indicates that the incoming request did not contain valid authentication information. A `500` type response indicates an internal server error that is seen in an unexpected error situation. The Identity Services REST APIs return standard HTTP status codes to indicate the success or failure of a request. The format of the response is represented in JSON as follows: ```json { \"trace\": \"9daee671-916a-4678-850b-10b911f0236d\", \"errors\": [ { \"code\": \"invalid_access_token\", \"message\": \"The provided access token provided is invalid.\" } ] \"status_code\": 401 } ``` If an operation cannot be fulfilled, an appropriate 400 or 500 series HTTP response is returned from the server. The operations that are defined in the `Reference` section describe example errors that might be returned from a failed request. All responses from the Identity Services REST API are in JSON format. The following table show the potential error codes the API might return. | HTTP Error Code | Description | Recovery | |-----------------|-------------|----------| | `200` | Success | The request was successful. | | `201` | Created | The resource was successfully created. | | `204` | No Content | The request was successful. No response body is provided. | | `400` | Bad Request | The input parameters in the request body are either incomplete or in the wrong format. Be sure to include all required parameters in your request. | | `401` | Unauthorized | You are not authorized to make this request. The token is either missing or expired. Get a new valid token and try again. | | `403` | Forbidden | The supplied authentication is not authorized to perform the operation. If this error persists, contact the account owner to check your permissions. | | `404` | Not Found | The requested resource can't be found. | | `409` | Conflict | The entity is already in the requested state. | | `429` | Too Many Requests | Too many requests have been made within a time window. Wait before calling the API again. | | `500` | Internal error | Error that is seen in an unexpected error situation. | ## Additional headers Some additional headers might be required to make successful requests to the API. Those additional headers are: An optional transaction ID can be passed to your request, which can be useful for tracking calls through multiple services using one identifier. The header key must be set to `Transaction-Id` and the value is anything that you choose. If there is not a transaction ID that is passed in, then one is generated randomly. ## API Parameters Some API parameter have additional details that need to be considered while using it in a request. Those API parameters are as follow: ### Filtering list results When listing service IDs, trusted profiles or API keys you can filter the result set by providing an optional `filter` parameter. The exact syntax of this parameter is described below. Query syntax will follow the SCIM query syntax with reduced operator support. The value must be URL encoded. Only the following operators are supported. * Supported attribute operators- - `sw` - starts with - `sw_ci` - starts with ingnore case - non SCIM standard - `ew` - ends with - `ew_ci` - ends with ingnore case - non SCIM standard - `co` - contains - `co_ci` - contains ingnore case - non SCIM standard * Supported operators- - `and` - `or` * Grouping operators- - `()` * Data Values -`Text` * Sample - `name co \"Foo\" and description sw \"Bar\"`
5
+
6
+ The version of the OpenAPI document: 1.0.0
7
+
8
+ Generated by: https://openapi-generator.tech
9
+ Generator version: 7.23.0
10
+
11
+ =end
12
+
13
+ require 'spec_helper'
14
+ require 'json'
15
+
16
+ # Unit tests for IbmCloudIam::AccountSettingsApi
17
+ # Automatically generated by openapi-generator (https://openapi-generator.tech)
18
+ # Please update as you see appropriate
19
+ describe 'AccountSettingsApi' do
20
+ before do
21
+ # run before each test
22
+ @api_instance = IbmCloudIam::AccountSettingsApi.new
23
+ end
24
+
25
+ after do
26
+ # run after each test
27
+ end
28
+
29
+ describe 'test an instance of AccountSettingsApi' do
30
+ it 'should create an instance of AccountSettingsApi' do
31
+ expect(@api_instance).to be_instance_of(IbmCloudIam::AccountSettingsApi)
32
+ end
33
+ end
34
+
35
+ # unit tests for get_account_settings
36
+ # Get account configurations
37
+ # Returns the details of an account&#39;s configuration.
38
+ # @param account_id Unique ID of the account.
39
+ # @param authorization Authorization Token used for the request. The supported token type is a Cloud IAM Access Token. If the token is omitted the request will fail with BXNIM0308E: &#39;No authorization header found&#39;. Make sure that the provided token has the required authority for the request.
40
+ # @param [Hash] opts the optional parameters
41
+ # @option opts [Boolean] :include_history Defines if the entity history is included in the response.
42
+ # @option opts [Boolean] :resolve_user_mfa Enrich MFA exemptions with user PI.
43
+ # @return [AccountSettingsResponse]
44
+ describe 'get_account_settings test' do
45
+ it 'should work' do
46
+ # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/
47
+ end
48
+ end
49
+
50
+ # unit tests for get_effective_account_settings
51
+ # Get effective account settings configuration
52
+ # Returns effective account settings for given account ID
53
+ # @param account_id Unique ID of the account.
54
+ # @param authorization Authorization Token used for the request. The supported token type is a Cloud IAM Access Token. If the token is omitted the request will fail with BXNIM0308E: &#39;No authorization header found&#39;. Make sure that the provided token has the required authority for the request.
55
+ # @param [Hash] opts the optional parameters
56
+ # @option opts [Boolean] :include_history Defines if the entity history is included in the response.
57
+ # @option opts [Boolean] :resolve_user_mfa Enrich MFA exemptions with user information.
58
+ # @return [EffectiveAccountSettingsResponse]
59
+ describe 'get_effective_account_settings test' do
60
+ it 'should work' do
61
+ # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/
62
+ end
63
+ end
64
+
65
+ # unit tests for update_account_settings
66
+ # Update account configurations
67
+ # Allows a user to configure settings on their account with regards to MFA, MFA excemption list, session lifetimes, access control for creating new identities, and enforcing IP restrictions on token creation.
68
+ # @param authorization Authorization Token used for the request. The supported token type is a Cloud IAM Access Token. If the token is omitted the request will fail with BXNIM0308E: &#39;No authorization header found&#39;. Make sure that the provided token has the required authority for the request.
69
+ # @param if_match Version of the account settings to be updated. Specify the version that you retrieved as entity_tag (ETag header) when reading the account. This value helps identifying parallel usage of this API. Pass * to indicate to update any version available. This might result in stale updates.
70
+ # @param account_id The id of the account to update the settings for.
71
+ # @param account_settings_request Request to update an account&#39;s settings.
72
+ # @param [Hash] opts the optional parameters
73
+ # @return [AccountSettingsResponse]
74
+ describe 'update_account_settings test' do
75
+ it 'should work' do
76
+ # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/
77
+ end
78
+ end
79
+
80
+ end
@@ -0,0 +1,132 @@
1
+ =begin
2
+ #IAM Identity Services
3
+
4
+ #  ## Introduction The IAM Identity Service API is used to manage service IDs, API key identities, trusted profiles, account security settings and to create IAM access tokens for a user or service ID. With trusted profile templates and assignments you can centrally manage access for child accounts in your organization from the root enterprise account. Similarly with settings templates and assignments, you can centrally administer account security settings. For more information, see [Working with template versions](https://cloud.ibm.com/docs/secure-enterprise?topic=secure-enterprise-working-with-versions&interface=ui) and [Best practices for assigning access in an enterprise](https://cloud.ibm.com/docs/secure-enterprise?topic=secure-enterprise-access-enterprises). SDKs for Java, Node, Python, and Go are available to make it easier to programmatically access the API from your code. The client libraries that are provided by the SDKs implement best practices for using the API and reduce the amount of code that you need to write. The tab for each language includes code examples that demonstrate how to use the client libraries. For more information about using the SDKs, see the [IBM Cloud SDK Common project](https://github.com/IBM/ibm-cloud-sdk-common) on GitHub. Installing the Java SDK Maven ```xml <dependency> <groupId>com.ibm.cloud</groupId> <artifactId>iam-identity</artifactId> <version>{version}</version> </dependency> ``` Gradle ```bash compile 'com.ibm.cloud:iam-identity:{version}' ``` Replace `{version}` in these examples with the release version. View on GitHub [https://github.com/IBM/platform-services-java-sdk](https://github.com/IBM/platform-services-java-sdk) Installing the Go SDK Go modules (recommended): Add the following import in your code, and then run `go build` or `go mod tidy` ```go import ( \"github.com/IBM/platform-services-go-sdk/iamidentityv1\" ) ``` ```bash go get -u github.com/IBM/platform-services-go-sdk/iamidentityv1 ``` View on GitHub [https://github.com/IBM/platform-services-go-sdk](https://github.com/IBM/platform-services-go-sdk) Installing the Node SDK ```bash npm install @ibm-cloud/platform-services ``` View on GitHub [https://github.com/IBM/platform-services-node-sdk](https://github.com/IBM/platform-services-node-sdk) Installing the Python SDK ```bash pip install --upgrade \"ibm-platform-services\" ``` View on GitHub [https://github.com/IBM/platform-services-python-sdk](https://github.com/IBM/platform-services-python-sdk) The examples that are provided on this page demonstrate how to use IAM Identity Service For more information and detailed examples, check out the [IBM Cloud SDK Common project on GitHub](https://github.com/IBM/ibm-cloud-sdk-common/blob/master/README.md). The examples that are provided on this page demonstrate how to use IAM Identity Service For more information and detailed examples, check out the [IBM Cloud SDK Common project on GitHub](https://github.com/IBM/ibm-cloud-sdk-common/blob/master/README.md). The examples that are provided on this page demonstrate how to use IAM Identity Service For more information and detailed examples, check out the [IBM Cloud SDK Common project on GitHub](https://github.com/IBM/ibm-cloud-sdk-common/blob/master/README.md). The examples that are provided on this page demonstrate how to use IAM Identity Service For more information and detailed examples, check out the [IBM Cloud SDK Common project on GitHub](https://github.com/IBM/ibm-cloud-sdk-common/blob/master/README.md). ## Endpoint URLs The IAM Identity Services API uses the following public global endpoint URL. When you call the API, add the path for each method to form the complete API endpoint for your requests. ```bash https://iam.cloud.ibm.com ``` Virtual private cloud (VPC) based access requires a virtual private endpoint gateway (VPE gateway). For more information , see [Creating an endpoint gateway](https://cloud.ibm.com/docs/vpc?topic=vpc-ordering-endpoint-gateway). * Private endpoint URL for VPC infrastructure: `https://private.iam.cloud.ibm.com`. VPE gateway creation is supported in all datacenters (see https://cloud.ibm.com/docs/overview?topic=overview-locations#regions). If you enabled service endpoints in your account, you can send API requests over the IBM Cloud® private network at the following base endpoint URLs. For more information, see [Enabling VRF and service endpoints](https://cloud.ibm.com/docs/account?topic=account-vrf-service-endpoint). * Private endpoint URLs for classic infrastructure. Supported URLs: * Sydney: `https://private.au-syd.iam.cloud.ibm.com` * Sao Paulo: `https://private.br-sao.iam.cloud.ibm.com` * Montreal: `https://private.ca-mon.iam.cloud.ibm.com` * Toronto: `https://private.ca-tor.iam.cloud.ibm.com` * Frankfurt DC: `https://private.eu-de.iam.cloud.ibm.com` * London: `https://private.eu-gb.iam.cloud.ibm.com` * Madrid: `https://private.eu-es.iam.cloud.ibm.com` * Tokyo: `https://private.jp-tok.iam.cloud.ibm.com` * Osaka: `https://private.jp-osa.iam.cloud.ibm.com` * Washington DC: `https://private.us-east.iam.cloud.ibm.com` * Dallas: `https://private.us-south.iam.cloud.ibm.com` IAM is a global service and deployed to multiple MZRs world wide. IAM can be reached from all locations using the public global endpoint or using one of the private endpoints. Each request is sent to the closest region related to the client that invokes the call to IAM. Example API request ```bash curl -u \"apikey:{apikey}\" -X {request_method} \"https://iam.cloud.ibm.com/{method_endpoint}\" ``` Replace `{apikey}`, `{request_method}`, and `{method_endpoint}` in this example with the values for your particular API call. ## Authentication Authorization to the Identity Services REST API is enforced by using an IBM Cloud Identity and Access Management (IAM) access token. The token is used to determine the actions that a user or service ID has access to when they use the API. You can generate an access token by first [creating an API key](https://cloud.ibm.com/docs/account?topic=account-iamtoken_from_apikey) and then exchanging your API key for an IBM Cloud IAM token. Don't have an API key? Try running `ibmcloud iam oauth-tokens` in the [IBM Cloud Shell](https://cloud.ibm.com/shell) to quickly generate a personal access token. When you use the SDK, configure an IAM authenticator with the IAM API key. The authenticator automatically obtains the IAM access token for the API key and includes it with each request. You can construct an authenticator in either of two ways: - Programmatically by constructing an IAM authenticator instance and supplying your IAM API key - By defining the API key in external configuration properties and then using the SDK authenticator factory to construct an IAM authenticator that uses the configured IAM API key In this example of using external configuration properties, an IAM authenticator instance is created with the configured API key, and then the service client is constructed with this authenticator instance and the configured service URL. For more information, see the Authentication section of the [IBM Cloud SDK Common](https://github.com/IBM/ibm-cloud-sdk-common/blob/main/README.md) documentation. To call each method, you'll need to be assigned a role that includes the required IAM actions. Each method lists the associated action. For more information about IAM actions and how they map to roles, see [IAM Identity service](https://cloud.ibm.com/docs/account?topic=account-account-services#identity-service-account-management). To retrieve your access token: ```bash curl -X POST \\ \"https://iam.cloud.ibm.com/identity/token\" \\ --header 'Content-Type: application/x-www-form-urlencoded' \\ --header 'Accept: application/json' \\ --data-urlencode 'grant_type=urn:ibm:params:oauth:grant-type:apikey' \\ --data-urlencode 'apikey=<API_KEY>' ``` Replace `<API_KEY>` with your IAM API key. Setting client options through external configuration Example environment variables, where `<SERVICE_URL>` is the endpoint URL and `<API_KEY>` is your IAM API key ```sh export IAM_IDENTITY_URL=<SERVICE_URL> export IAM_IDENTITY_AUTHTYPE=iam export IAM_IDENTITY_APIKEY=<API_KEY> ``` Example of constructing the service client ```go import { \"github.com/IBM/platform-services-go-sdk/iamidentityv1\" } ... serviceClientOptions := &iamidentityv1.IamIdentityV1Options{} serviceClient, err := iamidentityv1.NewIamIdentityV1UsingExternalConfig(serviceClientOptions) ``` Setting client options through external configuration Example environment variables, where `<SERVICE_URL>` is the endpoint URL and `<API_KEY>` is your IAM API key ```sh export IAM_IDENTITY_URL=<SERVICE_URL> export IAM_IDENTITY_AUTHTYPE=iam export IAM_IDENTITY_APIKEY=<API_KEY> ``` Example of constructing the service client ```java import com.ibm.cloud.platform_services.iam_identity.v1.IamIdentity; ... IamIdentity serviceClient = IamIdentity.newInstance(); ``` Setting client options through external configuration Example environment variables, where `<SERVICE_URL>` is the endpoint URL and `<API_KEY>` is your IAM API key ```sh export IAM_IDENTITY_URL=<SERVICE_URL> export IAM_IDENTITY_AUTHTYPE=iam export IAM_IDENTITY_APIKEY=<API_KEY> ``` Example of constructing the service client ```javascript const IamIdentityV1 = require('@ibm-cloud/platform-services/iam-identity/v1'); ... const serviceClient = IamIdentityV1.newInstance({}); ``` Setting client options through external configuration Example environment variables, where `<SERVICE_URL>` is the endpoint URL and `<API_KEY>` is your IAM API key ```sh export IAM_IDENTITY_URL=<SERVICE_URL> export IAM_IDENTITY_AUTHTYPE=iam export IAM_IDENTITY_APIKEY=<API_KEY> ``` Example of constructing the service client ```python from ibm_platform_services import IamIdentityV1 ... service_client = IamIdentityV1.new_instance() ``` You authenticate to the API by using Cloud Identity and Access Management (IAM). You can pass either a bearer token in an authorization header or an [API key](https://cloud.ibm.com/docs/account?topic=account-manapikey). The SDK provides initialization methods for each form of authentication. - Use the API key to have the SDK manage the lifecycle of the access token. The SDK requests an access token, ensures that the access token is valid, includes the access token in each outgoing request, and refreshes it when it expires. - Use the access token to manage the lifecycle yourself. Keep in mind that access tokens are valid for 1 hour, so you must refresh them regularly to maintain access. For more information, see [IAM authentication with the SDK](https://github.com/IBM/ibm-cloud-sdk-common/blob/master/README.md#authentication). For more information, see [IAM authentication with the SDK](https://github.com/IBM/ibm-cloud-sdk-common/blob/master/README.md#authentication). For more information, see [IAM authentication with the SDK](https://github.com/IBM/ibm-cloud-sdk-common/blob/master/README.md#authentication). For more information, see [IAM authentication with the SDK](https://github.com/IBM/ibm-cloud-sdk-common/blob/master/README.md#authentication). ## Auditing You can monitor API activity within your account by using the IBM Cloud Logs service. Whenever an API method is called, an event is generated that you can then track and audit from within IBM Cloud Logs. The specific event type is listed for each individual method. If an event is tracked for a method, you can find it listed with the method. For more information about how to track IAM activity, see [Activity tracking events for IAM](https://cloud.ibm.com/docs/account?topic=account-at_events_iam). ## Error handling The IAM Token Service uses standard HTTP response codes to indicate whether a method completed successfully. A `200` response always indicates success. A `400` type response indicates that a parameter validation failed and can occur if required parameters are missing or if any parameter values are invalid. A `401` or `403` response indicates that the incoming request did not contain valid authentication information. A `500` type response indicates an internal server error that is seen in an unexpected error situation. The Identity Services REST APIs return standard HTTP status codes to indicate the success or failure of a request. The format of the response is represented in JSON as follows: ```json { \"trace\": \"9daee671-916a-4678-850b-10b911f0236d\", \"errors\": [ { \"code\": \"invalid_access_token\", \"message\": \"The provided access token provided is invalid.\" } ] \"status_code\": 401 } ``` If an operation cannot be fulfilled, an appropriate 400 or 500 series HTTP response is returned from the server. The operations that are defined in the `Reference` section describe example errors that might be returned from a failed request. All responses from the Identity Services REST API are in JSON format. The following table show the potential error codes the API might return. | HTTP Error Code | Description | Recovery | |-----------------|-------------|----------| | `200` | Success | The request was successful. | | `201` | Created | The resource was successfully created. | | `204` | No Content | The request was successful. No response body is provided. | | `400` | Bad Request | The input parameters in the request body are either incomplete or in the wrong format. Be sure to include all required parameters in your request. | | `401` | Unauthorized | You are not authorized to make this request. The token is either missing or expired. Get a new valid token and try again. | | `403` | Forbidden | The supplied authentication is not authorized to perform the operation. If this error persists, contact the account owner to check your permissions. | | `404` | Not Found | The requested resource can't be found. | | `409` | Conflict | The entity is already in the requested state. | | `429` | Too Many Requests | Too many requests have been made within a time window. Wait before calling the API again. | | `500` | Internal error | Error that is seen in an unexpected error situation. | ## Additional headers Some additional headers might be required to make successful requests to the API. Those additional headers are: An optional transaction ID can be passed to your request, which can be useful for tracking calls through multiple services using one identifier. The header key must be set to `Transaction-Id` and the value is anything that you choose. If there is not a transaction ID that is passed in, then one is generated randomly. ## API Parameters Some API parameter have additional details that need to be considered while using it in a request. Those API parameters are as follow: ### Filtering list results When listing service IDs, trusted profiles or API keys you can filter the result set by providing an optional `filter` parameter. The exact syntax of this parameter is described below. Query syntax will follow the SCIM query syntax with reduced operator support. The value must be URL encoded. Only the following operators are supported. * Supported attribute operators- - `sw` - starts with - `sw_ci` - starts with ingnore case - non SCIM standard - `ew` - ends with - `ew_ci` - ends with ingnore case - non SCIM standard - `co` - contains - `co_ci` - contains ingnore case - non SCIM standard * Supported operators- - `and` - `or` * Grouping operators- - `()` * Data Values -`Text` * Sample - `name co \"Foo\" and description sw \"Bar\"`
5
+
6
+ The version of the OpenAPI document: 1.0.0
7
+
8
+ Generated by: https://openapi-generator.tech
9
+ Generator version: 7.23.0
10
+
11
+ =end
12
+
13
+ require 'spec_helper'
14
+ require 'json'
15
+
16
+ # Unit tests for IbmCloudIam::AccountSettingsForIdPApi
17
+ # Automatically generated by openapi-generator (https://openapi-generator.tech)
18
+ # Please update as you see appropriate
19
+ describe 'AccountSettingsForIdPApi' do
20
+ before do
21
+ # run before each test
22
+ @api_instance = IbmCloudIam::AccountSettingsForIdPApi.new
23
+ end
24
+
25
+ after do
26
+ # run after each test
27
+ end
28
+
29
+ describe 'test an instance of AccountSettingsForIdPApi' do
30
+ it 'should create an instance of AccountSettingsForIdPApi' do
31
+ expect(@api_instance).to be_instance_of(IbmCloudIam::AccountSettingsForIdPApi)
32
+ end
33
+ end
34
+
35
+ # unit tests for add_id_p_setting
36
+ # Add IdP Setting
37
+ #
38
+ # @param account_id Account which is bound to the IDP
39
+ # @param idp_id Identity provider ID
40
+ # @param authorization Authorization Token used for the request. The supported token type is a Cloud IAM Access Token. If the token is omitted the request will fail with BXNIM0308E: &#39;No authorization header found&#39;. Please make sure that the provided token has the required authority for the request.
41
+ # @param add_account_idp_setting_request Request to add idp
42
+ # @param [Hash] opts the optional parameters
43
+ # @return [AccountIdpSettings]
44
+ describe 'add_id_p_setting test' do
45
+ it 'should work' do
46
+ # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/
47
+ end
48
+ end
49
+
50
+ # unit tests for get_id_p_setting
51
+ # Get IdP setting
52
+ # @param account_id Account which is bound to the IDP
53
+ # @param idp_id Identity provider ID
54
+ # @param authorization Authorization Token used for the request. The supported token type is a Cloud IAM Access Token. If the token is omitted the request will fail with BXNIM0308E: &#39;No authorization header found&#39;. Please make sure that the provided token has the required authority for the request.
55
+ # @param [Hash] opts the optional parameters
56
+ # @return [AccountIdpSettings]
57
+ describe 'get_id_p_setting test' do
58
+ it 'should work' do
59
+ # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/
60
+ end
61
+ end
62
+
63
+ # unit tests for get_login_settings
64
+ # Get account login settings
65
+ #
66
+ # @param account_id Account which is bound to the alias
67
+ # @param authorization Authorization Token used for the request. The supported token type is a Cloud IAM Access Token. If the token is omitted the request will fail with BXNIM0308E: &#39;No authorization header found&#39;. Please make sure that the provided token has the required authority for the request.
68
+ # @param [Hash] opts the optional parameters
69
+ # @return [AccountLoginSettings]
70
+ describe 'get_login_settings test' do
71
+ it 'should work' do
72
+ # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/
73
+ end
74
+ end
75
+
76
+ # unit tests for list_id_p_settings
77
+ # List IdP Settings
78
+ # @param authorization Authorization Token used for the request. The supported token type is a Cloud IAM Access Token. If the token is omitted the request will fail with BXNIM0308E: &#39;No authorization header found&#39;. Please make sure that the provided token has the required authority for the request.
79
+ # @param account_id Account which is bound to the IDP
80
+ # @param [Hash] opts the optional parameters
81
+ # @option opts [String] :type Type of IDP
82
+ # @option opts [String] :include_idp_metadata Flag if meta-information about account and idp should be included
83
+ # @return [ListIdPSettings200Response]
84
+ describe 'list_id_p_settings test' do
85
+ it 'should work' do
86
+ # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/
87
+ end
88
+ end
89
+
90
+ # unit tests for remove_id_p_setting
91
+ # Remove IdP Setting
92
+ #
93
+ # @param account_id Account which is bound to the IDP
94
+ # @param idp_id Identity provider ID
95
+ # @param authorization Authorization Token used for the request. The supported token type is a Cloud IAM Access Token. If the token is omitted the request will fail with BXNIM0308E: &#39;No authorization header found&#39;. Please make sure that the provided token has the required authority for the request.
96
+ # @param [Hash] opts the optional parameters
97
+ # @return [nil]
98
+ describe 'remove_id_p_setting test' do
99
+ it 'should work' do
100
+ # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/
101
+ end
102
+ end
103
+
104
+ # unit tests for update_id_p_setting
105
+ # Update IdP Setting
106
+ #
107
+ # @param account_id Account which is bound to the IDP
108
+ # @param idp_id Identity provider ID
109
+ # @param authorization Authorization Token used for the request. The supported token type is a Cloud IAM Access Token. If the token is omitted the request will fail with BXNIM0308E: &#39;No authorization header found&#39;. Please make sure that the provided token has the required authority for the request.
110
+ # @param update_account_idp_setting_request Request to update idp
111
+ # @param [Hash] opts the optional parameters
112
+ # @return [AccountIdpSettings]
113
+ describe 'update_id_p_setting test' do
114
+ it 'should work' do
115
+ # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/
116
+ end
117
+ end
118
+
119
+ # unit tests for update_login_settings
120
+ # Update account login settings
121
+ # @param account_id Account which is bound to the alias
122
+ # @param authorization Authorization Token used for the request. The supported token type is a Cloud IAM Access Token. If the token is omitted the request will fail with BXNIM0308E: &#39;No authorization header found&#39;. Please make sure that the provided token has the required authority for the request.
123
+ # @param update_account_login_settings Request to update
124
+ # @param [Hash] opts the optional parameters
125
+ # @return [AccountLoginSettings]
126
+ describe 'update_login_settings test' do
127
+ it 'should work' do
128
+ # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/
129
+ end
130
+ end
131
+
132
+ end