ibm_cloud_iam 1.0.2 → 2.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +548 -36
- data/docs/APIKeysApi.md +714 -0
- data/docs/AccessGroupCount.md +20 -0
- data/docs/AccountBasedMfaEnrollment.md +24 -0
- data/docs/AccountIdpSettings.md +32 -0
- data/docs/AccountLimitsApi.md +173 -0
- data/docs/AccountLoginSettings.md +18 -0
- data/docs/AccountSettingsApi.md +224 -0
- data/docs/AccountSettingsAssignedTemplatesSection.md +46 -0
- data/docs/AccountSettingsEffectiveSection.md +38 -0
- data/docs/AccountSettingsForIdPApi.md +489 -0
- data/docs/AccountSettingsMeta.md +24 -0
- data/docs/AccountSettingsRequest.md +40 -0
- data/docs/AccountSettingsResponse.md +48 -0
- data/docs/AccountSettingsTemplateApi.md +720 -0
- data/docs/AccountSettingsTemplateAssignmentsApi.md +376 -0
- data/docs/AccountSettingsTemplateList.md +30 -0
- data/docs/AccountSettingsTemplateRequest.md +24 -0
- data/docs/AccountSettingsTemplateResponse.md +44 -0
- data/docs/AccountSettingsUserDomainRestriction.md +22 -0
- data/docs/AccountSettingsUserMFAResponse.md +28 -0
- data/docs/ActionControls.md +22 -0
- data/docs/ActionControlsIdentities.md +20 -0
- data/docs/ActivitiesApi.md +149 -0
- data/docs/Activity.md +20 -0
- data/docs/AddAccountIdpSettingRequest.md +22 -0
- data/docs/ApiKey.md +44 -33
- data/docs/ApiKeyInsideCreateServiceIdRequest.md +18 -13
- data/docs/ApiKeyList.md +20 -19
- data/docs/ApikeyActivity.md +28 -0
- data/docs/ApikeyActivityServiceid.md +20 -0
- data/docs/ApikeyActivityUser.md +24 -0
- data/docs/AssignedTemplatesAccountSettings.md +40 -0
- data/docs/CommonAccountSettingsRequest.md +36 -0
- data/docs/CommonAccountSettingsResponse.md +34 -0
- data/docs/ConsumersResponse.md +20 -0
- data/docs/ConsumersResponseConsumersInner.md +20 -0
- data/docs/CreateApiKeyRequest.md +24 -17
- data/docs/CreateIdpRequest.md +30 -0
- data/docs/CreateIdpRequestProperties.md +20 -0
- data/docs/CreateIdpRequestPropertiesIdp.md +26 -0
- data/docs/CreateIdpRequestPropertiesSp.md +32 -0
- data/docs/CreateIdpRequestPropertiesSpAuthnContext.md +20 -0
- data/docs/CreateIdpRequestSecrets.md +20 -0
- data/docs/CreateIdpRequestSecretsIdp.md +22 -0
- data/docs/CreateIdpRequestSecretsIdpSigningInner.md +20 -0
- data/docs/CreateIdpRequestSecretsSp.md +18 -0
- data/docs/CreateIdpRequestSecretsSpSigningInner.md +24 -0
- data/docs/CreateProfileLinkRequest.md +24 -0
- data/docs/CreateProfileLinkRequestLink.md +26 -0
- data/docs/CreateServiceIdGroupRequest.md +22 -0
- data/docs/CreateServiceIdRequest.md +18 -15
- data/docs/CreateTemplateAssignmentRequest.md +24 -0
- data/docs/CreateTrustedProfileRequest.md +24 -0
- data/docs/EffectiveAccountSettingsResponse.md +26 -0
- data/docs/EnityHistoryRecord.md +18 -17
- data/docs/EntityActivity.md +22 -0
- data/docs/Error.md +14 -13
- data/docs/ExceptionResponse.md +14 -13
- data/docs/ExceptionResponseContext.md +30 -29
- data/docs/IDPManagementApi.md +692 -0
- data/docs/IdBasedMfaEnrollment.md +26 -0
- data/docs/IdentityCount.md +20 -0
- data/docs/IdentityLimitsUsageRequest.md +42 -0
- data/docs/IdentityLimitsUsageResponse.md +44 -0
- data/docs/IdentityLimitsUsageResponseApikeysPerIdentity.md +20 -0
- data/docs/IdentityLimitsUsageResponseClaimRulesPerGroup.md +20 -0
- data/docs/IdentityLimitsUsageResponseClaimRulesPerProfile.md +20 -0
- data/docs/IdentityLimitsUsageResponseServiceidsPerGroup.md +20 -0
- data/docs/IdentityLimitsUsageResponseTemplateVersionsPerTemplate.md +20 -0
- data/docs/IdentityPreferenceResponse.md +28 -0
- data/docs/IdentityPreferencesApi.md +304 -0
- data/docs/IdentityPreferencesResponse.md +18 -0
- data/docs/Idp.md +38 -0
- data/docs/LimitCount.md +20 -0
- data/docs/ListIdPSettings200Response.md +18 -0
- data/docs/ListIdps200Response.md +18 -0
- data/docs/MFAEnrollmentStatusApi.md +216 -0
- data/docs/MFARequirementsResponse.md +12 -11
- data/docs/MfaEnrollmentTypeStatus.md +20 -0
- data/docs/MfaOptions.md +15 -0
- data/docs/OidcExceptionResponse.md +16 -15
- data/docs/PolicyTemplateReference.md +20 -0
- data/docs/ProfileClaimRule.md +36 -0
- data/docs/ProfileClaimRuleConditions.md +22 -0
- data/docs/ProfileClaimRuleList.md +20 -0
- data/docs/ProfileClaimRuleRequest.md +30 -0
- data/docs/ProfileCount.md +20 -0
- data/docs/ProfileIdentitiesResponse.md +20 -0
- data/docs/ProfileIdentitiesUpdateRequest.md +18 -0
- data/docs/ProfileIdentityRequest.md +24 -0
- data/docs/ProfileIdentityResponse.md +26 -0
- data/docs/ProfileLink.md +32 -0
- data/docs/ProfileLinkLink.md +26 -0
- data/docs/ProfileLinkList.md +18 -0
- data/docs/Report.md +34 -0
- data/docs/ReportMfaEnrollmentStatus.md +28 -0
- data/docs/ReportReference.md +18 -0
- data/docs/ResponseContext.md +28 -27
- data/docs/RetrictActions.md +15 -0
- data/docs/SamlMetadataImportResponse.md +42 -0
- data/docs/ServiceIDGroupsApi.md +347 -0
- data/docs/ServiceIDsApi.md +515 -0
- data/docs/ServiceId.md +38 -33
- data/docs/ServiceIdGroup.md +34 -0
- data/docs/ServiceIdGroupCount.md +20 -0
- data/docs/ServiceIdGroupList.md +18 -0
- data/docs/ServiceIdList.md +20 -19
- data/docs/ShareScope.md +20 -0
- data/docs/TemplateAccountSettings.md +40 -0
- data/docs/TemplateAccountSettingsAllOfRestrictUserDomains.md +20 -0
- data/docs/TemplateAssignmentListResponse.md +30 -0
- data/docs/TemplateAssignmentResource.md +18 -0
- data/docs/TemplateAssignmentResourceError.md +24 -0
- data/docs/TemplateAssignmentResponse.md +48 -0
- data/docs/TemplateAssignmentResponseResource.md +24 -0
- data/docs/TemplateAssignmentResponseResourceDetail.md +26 -0
- data/docs/TemplateCount.md +20 -0
- data/docs/TemplateProfileComponentRequest.md +26 -0
- data/docs/TemplateProfileComponentResponse.md +26 -0
- data/docs/TestResult.md +28 -0
- data/docs/TestResultStepsInner.md +24 -0
- data/docs/TestTriggerResponse.md +20 -0
- data/docs/TokenResponse.md +18 -17
- data/docs/TokenRetrievalApi.md +461 -0
- data/docs/TrustedProfile.md +50 -0
- data/docs/TrustedProfileTemplateApi.md +720 -0
- data/docs/TrustedProfileTemplateAssignmentsApi.md +376 -0
- data/docs/TrustedProfileTemplateClaimRule.md +26 -0
- data/docs/TrustedProfileTemplateList.md +30 -0
- data/docs/TrustedProfileTemplateRequest.md +28 -0
- data/docs/TrustedProfileTemplateResponse.md +48 -0
- data/docs/TrustedProfilesApi.md +1414 -0
- data/docs/TrustedProfilesList.md +30 -0
- data/docs/UpdateAccountIdpSettingRequest.md +22 -0
- data/docs/UpdateAccountLoginSettings.md +18 -0
- data/docs/UpdateApiKeyRequest.md +16 -9
- data/docs/UpdateIdPRequest.md +28 -0
- data/docs/UpdateIdPRequestProperties.md +20 -0
- data/docs/UpdateIdPRequestPropertiesIdp.md +24 -0
- data/docs/UpdateIdPRequestSecrets.md +20 -0
- data/docs/UpdateIdPRequestSecretsIdp.md +20 -0
- data/docs/UpdatePreferenceRequest.md +20 -0
- data/docs/UpdateServiceIdGroupRequest.md +20 -0
- data/docs/UpdateServiceIdRequest.md +12 -11
- data/docs/UpdateTemplateAssignmentRequest.md +18 -0
- data/docs/UpdateTrustedProfileRequest.md +22 -0
- data/docs/UserActivity.md +26 -0
- data/docs/UserMFAResolved.md +24 -0
- data/docs/UserMfa.md +20 -0
- data/docs/UserMfaEnrollments.md +24 -0
- data/docs/UserReportMfaEnrollmentStatus.md +30 -0
- data/docs/UserVisbilityRetrictActions.md +15 -0
- data/docs/UserVisbilityRetrictActionsForTemplate.md +15 -0
- data/git_push.sh +3 -4
- data/ibm_cloud_iam.gemspec +6 -6
- data/lib/ibm_cloud_iam/api/account_limits_api.rb +208 -0
- data/lib/ibm_cloud_iam/api/account_settings_api.rb +262 -0
- data/lib/ibm_cloud_iam/api/account_settings_for_id_p_api.rb +571 -0
- data/lib/ibm_cloud_iam/api/account_settings_template_api.rb +823 -0
- data/lib/ibm_cloud_iam/api/account_settings_template_assignments_api.rb +422 -0
- data/lib/ibm_cloud_iam/api/activities_api.rb +174 -0
- data/lib/ibm_cloud_iam/api/api_keys_api.rb +786 -0
- data/lib/ibm_cloud_iam/api/identity_preferences_api.rb +357 -0
- data/lib/ibm_cloud_iam/api/idp_management_api.rb +744 -0
- data/lib/ibm_cloud_iam/api/mfa_enrollment_status_api.rb +248 -0
- data/lib/ibm_cloud_iam/api/service_id_groups_api.rb +392 -0
- data/lib/ibm_cloud_iam/api/service_ids_api.rb +575 -0
- data/lib/ibm_cloud_iam/api/token_retrieval_api.rb +557 -0
- data/lib/ibm_cloud_iam/api/trusted_profile_template_api.rb +823 -0
- data/lib/ibm_cloud_iam/api/trusted_profile_template_assignments_api.rb +422 -0
- data/lib/ibm_cloud_iam/api/trusted_profiles_api.rb +1630 -0
- data/lib/ibm_cloud_iam/api_client.rb +74 -65
- data/lib/ibm_cloud_iam/api_error.rb +4 -3
- data/lib/ibm_cloud_iam/api_model_base.rb +88 -0
- data/lib/ibm_cloud_iam/configuration.rb +75 -15
- data/lib/ibm_cloud_iam/models/access_group_count.rb +159 -0
- data/lib/ibm_cloud_iam/models/account_based_mfa_enrollment.rb +243 -0
- data/lib/ibm_cloud_iam/models/account_idp_settings.rb +244 -0
- data/lib/ibm_cloud_iam/models/account_login_settings.rb +147 -0
- data/lib/ibm_cloud_iam/models/account_settings_assigned_templates_section.rb +377 -0
- data/lib/ibm_cloud_iam/models/account_settings_effective_section.rb +282 -0
- data/lib/ibm_cloud_iam/models/account_settings_meta.rb +179 -0
- data/lib/ibm_cloud_iam/models/account_settings_request.rb +301 -0
- data/lib/ibm_cloud_iam/models/account_settings_response.rb +567 -0
- data/lib/ibm_cloud_iam/models/account_settings_template_list.rb +256 -0
- data/lib/ibm_cloud_iam/models/account_settings_template_request.rb +178 -0
- data/lib/ibm_cloud_iam/models/account_settings_template_response.rb +416 -0
- data/lib/ibm_cloud_iam/models/account_settings_user_domain_restriction.rb +188 -0
- data/lib/ibm_cloud_iam/models/account_settings_user_mfa_response.rb +261 -0
- data/lib/ibm_cloud_iam/models/action_controls.rb +199 -0
- data/lib/ibm_cloud_iam/models/action_controls_identities.rb +190 -0
- data/lib/ibm_cloud_iam/models/activity.rb +175 -0
- data/lib/ibm_cloud_iam/models/add_account_idp_setting_request.rb +243 -0
- data/lib/ibm_cloud_iam/models/api_key.rb +188 -104
- data/lib/ibm_cloud_iam/models/api_key_inside_create_service_id_request.rb +70 -99
- data/lib/ibm_cloud_iam/models/api_key_list.rb +46 -95
- data/lib/ibm_cloud_iam/models/apikey_activity.rb +231 -0
- data/lib/ibm_cloud_iam/models/apikey_activity_serviceid.rb +159 -0
- data/lib/ibm_cloud_iam/models/apikey_activity_user.rb +179 -0
- data/lib/ibm_cloud_iam/models/assigned_templates_account_settings.rb +296 -0
- data/lib/ibm_cloud_iam/models/common_account_settings_request.rb +272 -0
- data/lib/ibm_cloud_iam/models/common_account_settings_response.rb +260 -0
- data/lib/ibm_cloud_iam/models/consumers_response.rb +158 -0
- data/lib/ibm_cloud_iam/models/consumers_response_consumers_inner.rb +158 -0
- data/lib/ibm_cloud_iam/models/create_api_key_request.rb +92 -99
- data/lib/ibm_cloud_iam/models/create_idp_request.rb +283 -0
- data/lib/ibm_cloud_iam/models/create_idp_request_properties.rb +157 -0
- data/lib/ibm_cloud_iam/models/create_idp_request_properties_idp.rb +189 -0
- data/lib/ibm_cloud_iam/models/create_idp_request_properties_sp.rb +222 -0
- data/lib/ibm_cloud_iam/models/create_idp_request_properties_sp_authn_context.rb +163 -0
- data/lib/ibm_cloud_iam/models/create_idp_request_secrets.rb +157 -0
- data/lib/ibm_cloud_iam/models/create_idp_request_secrets_idp.rb +173 -0
- data/lib/ibm_cloud_iam/models/create_idp_request_secrets_idp_signing_inner.rb +192 -0
- data/lib/ibm_cloud_iam/models/create_idp_request_secrets_sp.rb +151 -0
- data/lib/ibm_cloud_iam/models/create_idp_request_secrets_sp_signing_inner.rb +212 -0
- data/lib/ibm_cloud_iam/models/create_profile_link_request.rb +211 -0
- data/lib/ibm_cloud_iam/models/create_profile_link_request_link.rb +206 -0
- data/lib/ibm_cloud_iam/models/create_service_id_group_request.rb +203 -0
- data/lib/ibm_cloud_iam/models/create_service_id_request.rb +68 -95
- data/lib/ibm_cloud_iam/models/create_template_assignment_request.rb +280 -0
- data/lib/ibm_cloud_iam/models/create_trusted_profile_request.rb +213 -0
- data/lib/ibm_cloud_iam/models/effective_account_settings_response.rb +239 -0
- data/lib/ibm_cloud_iam/models/enity_history_record.rb +112 -101
- data/lib/ibm_cloud_iam/models/entity_activity.rb +185 -0
- data/lib/ibm_cloud_iam/models/error.rb +69 -94
- data/lib/ibm_cloud_iam/models/exception_response.rb +57 -94
- data/lib/ibm_cloud_iam/models/exception_response_context.rb +33 -94
- data/lib/ibm_cloud_iam/models/id_based_mfa_enrollment.rb +270 -0
- data/lib/ibm_cloud_iam/models/identity_count.rb +159 -0
- data/lib/ibm_cloud_iam/models/identity_limits_usage_request.rb +283 -0
- data/lib/ibm_cloud_iam/models/identity_limits_usage_response.rb +265 -0
- data/lib/ibm_cloud_iam/models/identity_limits_usage_response_apikeys_per_identity.rb +178 -0
- data/lib/ibm_cloud_iam/models/identity_limits_usage_response_claim_rules_per_group.rb +178 -0
- data/lib/ibm_cloud_iam/models/identity_limits_usage_response_claim_rules_per_profile.rb +178 -0
- data/lib/ibm_cloud_iam/models/identity_limits_usage_response_serviceids_per_group.rb +178 -0
- data/lib/ibm_cloud_iam/models/identity_limits_usage_response_template_versions_per_template.rb +178 -0
- data/lib/ibm_cloud_iam/models/identity_preference_response.rb +200 -0
- data/lib/ibm_cloud_iam/models/identity_preferences_response.rb +167 -0
- data/lib/ibm_cloud_iam/models/idp.rb +239 -0
- data/lib/ibm_cloud_iam/models/limit_count.rb +176 -0
- data/lib/ibm_cloud_iam/models/list_id_p_settings200_response.rb +149 -0
- data/lib/ibm_cloud_iam/models/list_idps200_response.rb +149 -0
- data/lib/ibm_cloud_iam/models/mfa_enrollment_type_status.rb +192 -0
- data/lib/ibm_cloud_iam/models/mfa_options.rb +45 -0
- data/lib/ibm_cloud_iam/models/mfa_requirements_response.rb +69 -94
- data/lib/ibm_cloud_iam/models/oidc_exception_response.rb +57 -94
- data/lib/ibm_cloud_iam/models/policy_template_reference.rb +193 -0
- data/lib/ibm_cloud_iam/models/profile_claim_rule.rb +342 -0
- data/lib/ibm_cloud_iam/models/profile_claim_rule_conditions.rb +219 -0
- data/lib/ibm_cloud_iam/models/profile_claim_rule_list.rb +176 -0
- data/lib/ibm_cloud_iam/models/profile_claim_rule_request.rb +243 -0
- data/lib/ibm_cloud_iam/models/profile_count.rb +159 -0
- data/lib/ibm_cloud_iam/models/profile_identities_response.rb +160 -0
- data/lib/ibm_cloud_iam/models/profile_identities_update_request.rb +150 -0
- data/lib/ibm_cloud_iam/models/profile_identity_request.rb +238 -0
- data/lib/ibm_cloud_iam/models/profile_identity_response.rb +265 -0
- data/lib/ibm_cloud_iam/models/profile_link.rb +320 -0
- data/lib/ibm_cloud_iam/models/profile_link_link.rb +188 -0
- data/lib/ibm_cloud_iam/models/profile_link_list.rb +167 -0
- data/lib/ibm_cloud_iam/models/report.rb +321 -0
- data/lib/ibm_cloud_iam/models/report_mfa_enrollment_status.rb +268 -0
- data/lib/ibm_cloud_iam/models/report_reference.rb +165 -0
- data/lib/ibm_cloud_iam/models/response_context.rb +33 -94
- data/lib/ibm_cloud_iam/models/retrict_actions.rb +41 -0
- data/lib/ibm_cloud_iam/models/saml_metadata_import_response.rb +494 -0
- data/lib/ibm_cloud_iam/models/service_id.rb +184 -108
- data/lib/ibm_cloud_iam/models/service_id_group.rb +313 -0
- data/lib/ibm_cloud_iam/models/service_id_group_count.rb +159 -0
- data/lib/ibm_cloud_iam/models/service_id_group_list.rb +167 -0
- data/lib/ibm_cloud_iam/models/service_id_list.rb +47 -96
- data/lib/ibm_cloud_iam/models/share_scope.rb +190 -0
- data/lib/ibm_cloud_iam/models/template_account_settings.rb +296 -0
- data/lib/ibm_cloud_iam/models/template_account_settings_all_of_restrict_user_domains.rb +159 -0
- data/lib/ibm_cloud_iam/models/template_assignment_list_response.rb +227 -0
- data/lib/ibm_cloud_iam/models/template_assignment_resource.rb +149 -0
- data/lib/ibm_cloud_iam/models/template_assignment_resource_error.rb +179 -0
- data/lib/ibm_cloud_iam/models/template_assignment_response.rb +506 -0
- data/lib/ibm_cloud_iam/models/template_assignment_response_resource.rb +196 -0
- data/lib/ibm_cloud_iam/models/template_assignment_response_resource_detail.rb +203 -0
- data/lib/ibm_cloud_iam/models/template_count.rb +159 -0
- data/lib/ibm_cloud_iam/models/template_profile_component_request.rb +210 -0
- data/lib/ibm_cloud_iam/models/template_profile_component_response.rb +210 -0
- data/lib/ibm_cloud_iam/models/test_result.rb +194 -0
- data/lib/ibm_cloud_iam/models/test_result_steps_inner.rb +174 -0
- data/lib/ibm_cloud_iam/models/test_trigger_response.rb +156 -0
- data/lib/ibm_cloud_iam/models/token_response.rb +34 -105
- data/lib/ibm_cloud_iam/models/trusted_profile.rb +411 -0
- data/lib/ibm_cloud_iam/models/trusted_profile_template_claim_rule.rb +248 -0
- data/lib/ibm_cloud_iam/models/trusted_profile_template_list.rb +256 -0
- data/lib/ibm_cloud_iam/models/trusted_profile_template_request.rb +199 -0
- data/lib/ibm_cloud_iam/models/trusted_profile_template_response.rb +369 -0
- data/lib/ibm_cloud_iam/models/trusted_profiles_list.rb +227 -0
- data/lib/ibm_cloud_iam/models/update_account_idp_setting_request.rb +202 -0
- data/lib/ibm_cloud_iam/models/update_account_login_settings.rb +148 -0
- data/lib/ibm_cloud_iam/models/update_api_key_request.rb +68 -99
- data/lib/ibm_cloud_iam/models/update_id_p_request.rb +198 -0
- data/lib/ibm_cloud_iam/models/update_id_p_request_properties.rb +157 -0
- data/lib/ibm_cloud_iam/models/update_id_p_request_properties_idp.rb +179 -0
- data/lib/ibm_cloud_iam/models/update_id_p_request_secrets.rb +157 -0
- data/lib/ibm_cloud_iam/models/update_id_p_request_secrets_idp.rb +163 -0
- data/lib/ibm_cloud_iam/models/update_preference_request.rb +161 -0
- data/lib/ibm_cloud_iam/models/update_service_id_group_request.rb +176 -0
- data/lib/ibm_cloud_iam/models/update_service_id_request.rb +34 -95
- data/lib/ibm_cloud_iam/models/update_template_assignment_request.rb +175 -0
- data/lib/ibm_cloud_iam/models/update_trusted_profile_request.rb +169 -0
- data/lib/ibm_cloud_iam/models/user_activity.rb +222 -0
- data/lib/ibm_cloud_iam/models/user_mfa.rb +179 -0
- data/lib/ibm_cloud_iam/models/user_mfa_enrollments.rb +193 -0
- data/lib/ibm_cloud_iam/models/user_mfa_resolved.rb +178 -0
- data/lib/ibm_cloud_iam/models/user_report_mfa_enrollment_status.rb +291 -0
- data/lib/ibm_cloud_iam/models/user_visbility_retrict_actions.rb +40 -0
- data/lib/ibm_cloud_iam/models/user_visbility_retrict_actions_for_template.rb +41 -0
- data/lib/ibm_cloud_iam/version.rb +4 -4
- data/lib/ibm_cloud_iam.rb +140 -9
- data/spec/api/account_limits_api_spec.rb +75 -0
- data/spec/api/account_settings_api_spec.rb +80 -0
- data/spec/api/account_settings_for_id_p_api_spec.rb +132 -0
- data/spec/api/account_settings_template_api_spec.rb +184 -0
- data/spec/api/account_settings_template_assignments_api_spec.rb +112 -0
- data/spec/api/activities_api_spec.rb +64 -0
- data/spec/api/api_keys_api_spec.rb +182 -0
- data/spec/api/identity_preferences_api_spec.rb +98 -0
- data/spec/api/idp_management_api_spec.rb +166 -0
- data/spec/api/mfa_enrollment_status_api_spec.rb +77 -0
- data/spec/api/service_id_groups_api_spec.rb +102 -0
- data/spec/api/service_ids_api_spec.rb +143 -0
- data/spec/api/token_retrieval_api_spec.rb +134 -0
- data/spec/api/trusted_profile_template_api_spec.rb +184 -0
- data/spec/api/trusted_profile_template_assignments_api_spec.rb +112 -0
- data/spec/api/trusted_profiles_api_spec.rb +328 -0
- data/spec/models/access_group_count_spec.rb +42 -0
- data/spec/models/account_based_mfa_enrollment_spec.rb +54 -0
- data/spec/models/account_idp_settings_spec.rb +82 -0
- data/spec/models/account_login_settings_spec.rb +36 -0
- data/spec/models/account_settings_assigned_templates_section_spec.rb +120 -0
- data/spec/models/account_settings_effective_section_spec.rb +96 -0
- data/spec/models/account_settings_meta_spec.rb +54 -0
- data/spec/models/account_settings_request_spec.rb +102 -0
- data/spec/models/account_settings_response_spec.rb +126 -0
- data/spec/models/account_settings_template_list_spec.rb +72 -0
- data/spec/models/account_settings_template_request_spec.rb +54 -0
- data/spec/models/account_settings_template_response_spec.rb +114 -0
- data/spec/models/account_settings_user_domain_restriction_spec.rb +48 -0
- data/spec/models/account_settings_user_mfa_response_spec.rb +66 -0
- data/spec/models/action_controls_identities_spec.rb +42 -0
- data/spec/models/action_controls_spec.rb +48 -0
- data/spec/models/activity_spec.rb +42 -0
- data/spec/models/add_account_idp_setting_request_spec.rb +52 -0
- data/spec/models/api_key_inside_create_service_id_request_spec.rb +24 -17
- data/spec/models/api_key_list_spec.rb +15 -20
- data/spec/models/api_key_spec.rb +52 -27
- data/spec/models/apikey_activity_serviceid_spec.rb +42 -0
- data/spec/models/apikey_activity_spec.rb +66 -0
- data/spec/models/apikey_activity_user_spec.rb +54 -0
- data/spec/models/assigned_templates_account_settings_spec.rb +102 -0
- data/spec/models/common_account_settings_request_spec.rb +90 -0
- data/spec/models/common_account_settings_response_spec.rb +84 -0
- data/spec/models/consumers_response_consumers_inner_spec.rb +42 -0
- data/spec/models/consumers_response_spec.rb +42 -0
- data/spec/models/create_api_key_request_spec.rb +32 -19
- data/spec/models/create_idp_request_properties_idp_spec.rb +60 -0
- data/spec/models/create_idp_request_properties_sp_authn_context_spec.rb +42 -0
- data/spec/models/create_idp_request_properties_sp_spec.rb +78 -0
- data/spec/models/create_idp_request_properties_spec.rb +42 -0
- data/spec/models/create_idp_request_secrets_idp_signing_inner_spec.rb +46 -0
- data/spec/models/create_idp_request_secrets_idp_spec.rb +48 -0
- data/spec/models/create_idp_request_secrets_sp_signing_inner_spec.rb +58 -0
- data/spec/models/create_idp_request_secrets_sp_spec.rb +36 -0
- data/spec/models/create_idp_request_secrets_spec.rb +42 -0
- data/spec/models/create_idp_request_spec.rb +76 -0
- data/spec/models/create_profile_link_request_link_spec.rb +60 -0
- data/spec/models/create_profile_link_request_spec.rb +54 -0
- data/spec/models/create_service_id_group_request_spec.rb +48 -0
- data/spec/models/create_service_id_request_spec.rb +19 -18
- data/spec/models/create_template_assignment_request_spec.rb +58 -0
- data/spec/models/create_trusted_profile_request_spec.rb +54 -0
- data/spec/models/effective_account_settings_response_spec.rb +60 -0
- data/spec/models/enity_history_record_spec.rb +14 -19
- data/spec/models/entity_activity_spec.rb +48 -0
- data/spec/models/error_spec.rb +12 -17
- data/spec/models/exception_response_context_spec.rb +20 -25
- data/spec/models/exception_response_spec.rb +12 -17
- data/spec/models/id_based_mfa_enrollment_spec.rb +64 -0
- data/spec/models/identity_count_spec.rb +42 -0
- data/spec/models/identity_limits_usage_request_spec.rb +108 -0
- data/spec/models/identity_limits_usage_response_apikeys_per_identity_spec.rb +42 -0
- data/spec/models/identity_limits_usage_response_claim_rules_per_group_spec.rb +42 -0
- data/spec/models/identity_limits_usage_response_claim_rules_per_profile_spec.rb +42 -0
- data/spec/models/identity_limits_usage_response_serviceids_per_group_spec.rb +42 -0
- data/spec/models/identity_limits_usage_response_spec.rb +114 -0
- data/spec/models/identity_limits_usage_response_template_versions_per_template_spec.rb +42 -0
- data/spec/models/identity_preference_response_spec.rb +66 -0
- data/spec/models/identity_preferences_response_spec.rb +36 -0
- data/spec/models/idp_spec.rb +96 -0
- data/spec/models/limit_count_spec.rb +42 -0
- data/spec/models/list_id_p_settings200_response_spec.rb +36 -0
- data/spec/models/list_idps200_response_spec.rb +36 -0
- data/spec/models/mfa_enrollment_type_status_spec.rb +42 -0
- data/spec/models/mfa_options_spec.rb +30 -0
- data/spec/models/mfa_requirements_response_spec.rb +11 -16
- data/spec/models/oidc_exception_response_spec.rb +13 -18
- data/spec/models/policy_template_reference_spec.rb +42 -0
- data/spec/models/profile_claim_rule_conditions_spec.rb +48 -0
- data/spec/models/profile_claim_rule_list_spec.rb +42 -0
- data/spec/models/profile_claim_rule_request_spec.rb +72 -0
- data/spec/models/profile_claim_rule_spec.rb +90 -0
- data/spec/models/profile_count_spec.rb +42 -0
- data/spec/models/profile_identities_response_spec.rb +42 -0
- data/spec/models/profile_identities_update_request_spec.rb +36 -0
- data/spec/models/profile_identity_request_spec.rb +58 -0
- data/spec/models/profile_identity_response_spec.rb +64 -0
- data/spec/models/profile_link_link_spec.rb +60 -0
- data/spec/models/profile_link_list_spec.rb +36 -0
- data/spec/models/profile_link_spec.rb +78 -0
- data/spec/models/report_mfa_enrollment_status_spec.rb +66 -0
- data/spec/models/report_reference_spec.rb +36 -0
- data/spec/models/report_spec.rb +84 -0
- data/spec/models/response_context_spec.rb +19 -24
- data/spec/models/retrict_actions_spec.rb +30 -0
- data/spec/models/saml_metadata_import_response_spec.rb +112 -0
- data/spec/models/service_id_group_count_spec.rb +42 -0
- data/spec/models/service_id_group_list_spec.rb +36 -0
- data/spec/models/service_id_group_spec.rb +84 -0
- data/spec/models/service_id_list_spec.rb +15 -20
- data/spec/models/service_id_spec.rb +34 -27
- data/spec/models/share_scope_spec.rb +46 -0
- data/spec/models/template_account_settings_all_of_restrict_user_domains_spec.rb +42 -0
- data/spec/models/template_account_settings_spec.rb +102 -0
- data/spec/models/template_assignment_list_response_spec.rb +72 -0
- data/spec/models/template_assignment_resource_error_spec.rb +54 -0
- data/spec/models/template_assignment_resource_spec.rb +36 -0
- data/spec/models/template_assignment_response_resource_detail_spec.rb +60 -0
- data/spec/models/template_assignment_response_resource_spec.rb +54 -0
- data/spec/models/template_assignment_response_spec.rb +126 -0
- data/spec/models/template_count_spec.rb +42 -0
- data/spec/models/template_profile_component_request_spec.rb +60 -0
- data/spec/models/template_profile_component_response_spec.rb +60 -0
- data/spec/models/test_result_spec.rb +66 -0
- data/spec/models/test_result_steps_inner_spec.rb +54 -0
- data/spec/models/test_trigger_response_spec.rb +42 -0
- data/spec/models/token_response_spec.rb +14 -19
- data/spec/models/trusted_profile_spec.rb +132 -0
- data/spec/models/trusted_profile_template_claim_rule_spec.rb +64 -0
- data/spec/models/trusted_profile_template_list_spec.rb +72 -0
- data/spec/models/trusted_profile_template_request_spec.rb +66 -0
- data/spec/models/trusted_profile_template_response_spec.rb +126 -0
- data/spec/models/trusted_profiles_list_spec.rb +72 -0
- data/spec/models/update_account_idp_setting_request_spec.rb +52 -0
- data/spec/models/update_account_login_settings_spec.rb +36 -0
- data/spec/models/update_api_key_request_spec.rb +28 -15
- data/spec/models/update_id_p_request_properties_idp_spec.rb +54 -0
- data/spec/models/update_id_p_request_properties_spec.rb +42 -0
- data/spec/models/update_id_p_request_secrets_idp_spec.rb +42 -0
- data/spec/models/update_id_p_request_secrets_spec.rb +42 -0
- data/spec/models/update_id_p_request_spec.rb +66 -0
- data/spec/models/update_preference_request_spec.rb +42 -0
- data/spec/models/update_service_id_group_request_spec.rb +42 -0
- data/spec/models/update_service_id_request_spec.rb +11 -16
- data/spec/models/update_template_assignment_request_spec.rb +36 -0
- data/spec/models/update_trusted_profile_request_spec.rb +48 -0
- data/spec/models/user_activity_spec.rb +60 -0
- data/spec/models/user_mfa_enrollments_spec.rb +54 -0
- data/spec/models/user_mfa_resolved_spec.rb +54 -0
- data/spec/models/user_mfa_spec.rb +42 -0
- data/spec/models/user_report_mfa_enrollment_status_spec.rb +72 -0
- data/spec/models/user_visbility_retrict_actions_for_template_spec.rb +30 -0
- data/spec/models/user_visbility_retrict_actions_spec.rb +30 -0
- data/spec/spec_helper.rb +3 -3
- metadata +549 -35
- data/docs/IdentityOperationsApi.md +0 -828
- data/docs/InlineObject.md +0 -19
- data/docs/InlineObject1.md +0 -23
- data/docs/InlineObject2.md +0 -21
- data/docs/InlineObject3.md +0 -25
- data/docs/TokenOperationsApi.md +0 -226
- data/lib/ibm_cloud_iam/api/identity_operations_api.rb +0 -1083
- data/lib/ibm_cloud_iam/api/token_operations_api.rb +0 -351
- data/lib/ibm_cloud_iam/models/inline_object.rb +0 -229
- data/lib/ibm_cloud_iam/models/inline_object1.rb +0 -254
- data/lib/ibm_cloud_iam/models/inline_object2.rb +0 -244
- data/lib/ibm_cloud_iam/models/inline_object3.rb +0 -269
- data/spec/api/identity_operations_api_spec.rb +0 -253
- data/spec/api/token_operations_api_spec.rb +0 -94
- data/spec/api_client_spec.rb +0 -226
- data/spec/configuration_spec.rb +0 -42
- data/spec/models/inline_object1_spec.rb +0 -59
- data/spec/models/inline_object2_spec.rb +0 -53
- data/spec/models/inline_object3_spec.rb +0 -65
- data/spec/models/inline_object_spec.rb +0 -47
|
@@ -1,12 +1,12 @@
|
|
|
1
1
|
=begin
|
|
2
|
-
#IAM Identity Services
|
|
2
|
+
#IAM Identity Services
|
|
3
3
|
|
|
4
|
-
#The IAM Identity Service API allows for the management of Identities (Service IDs, ApiKeys).
|
|
4
|
+
# ## Introduction The IAM Identity Service API is used to manage service IDs, API key identities, trusted profiles, account security settings and to create IAM access tokens for a user or service ID. With trusted profile templates and assignments you can centrally manage access for child accounts in your organization from the root enterprise account. Similarly with settings templates and assignments, you can centrally administer account security settings. For more information, see [Working with template versions](https://cloud.ibm.com/docs/secure-enterprise?topic=secure-enterprise-working-with-versions&interface=ui) and [Best practices for assigning access in an enterprise](https://cloud.ibm.com/docs/secure-enterprise?topic=secure-enterprise-access-enterprises). SDKs for Java, Node, Python, and Go are available to make it easier to programmatically access the API from your code. The client libraries that are provided by the SDKs implement best practices for using the API and reduce the amount of code that you need to write. The tab for each language includes code examples that demonstrate how to use the client libraries. For more information about using the SDKs, see the [IBM Cloud SDK Common project](https://github.com/IBM/ibm-cloud-sdk-common) on GitHub. Installing the Java SDK Maven ```xml <dependency> <groupId>com.ibm.cloud</groupId> <artifactId>iam-identity</artifactId> <version>{version}</version> </dependency> ``` Gradle ```bash compile 'com.ibm.cloud:iam-identity:{version}' ``` Replace `{version}` in these examples with the release version. View on GitHub [https://github.com/IBM/platform-services-java-sdk](https://github.com/IBM/platform-services-java-sdk) Installing the Go SDK Go modules (recommended): Add the following import in your code, and then run `go build` or `go mod tidy` ```go import ( \"github.com/IBM/platform-services-go-sdk/iamidentityv1\" ) ``` ```bash go get -u github.com/IBM/platform-services-go-sdk/iamidentityv1 ``` View on GitHub [https://github.com/IBM/platform-services-go-sdk](https://github.com/IBM/platform-services-go-sdk) Installing the Node SDK ```bash npm install @ibm-cloud/platform-services ``` View on GitHub [https://github.com/IBM/platform-services-node-sdk](https://github.com/IBM/platform-services-node-sdk) Installing the Python SDK ```bash pip install --upgrade \"ibm-platform-services\" ``` View on GitHub [https://github.com/IBM/platform-services-python-sdk](https://github.com/IBM/platform-services-python-sdk) The examples that are provided on this page demonstrate how to use IAM Identity Service For more information and detailed examples, check out the [IBM Cloud SDK Common project on GitHub](https://github.com/IBM/ibm-cloud-sdk-common/blob/master/README.md). The examples that are provided on this page demonstrate how to use IAM Identity Service For more information and detailed examples, check out the [IBM Cloud SDK Common project on GitHub](https://github.com/IBM/ibm-cloud-sdk-common/blob/master/README.md). The examples that are provided on this page demonstrate how to use IAM Identity Service For more information and detailed examples, check out the [IBM Cloud SDK Common project on GitHub](https://github.com/IBM/ibm-cloud-sdk-common/blob/master/README.md). The examples that are provided on this page demonstrate how to use IAM Identity Service For more information and detailed examples, check out the [IBM Cloud SDK Common project on GitHub](https://github.com/IBM/ibm-cloud-sdk-common/blob/master/README.md). ## Endpoint URLs The IAM Identity Services API uses the following public global endpoint URL. When you call the API, add the path for each method to form the complete API endpoint for your requests. ```bash https://iam.cloud.ibm.com ``` Virtual private cloud (VPC) based access requires a virtual private endpoint gateway (VPE gateway). For more information , see [Creating an endpoint gateway](https://cloud.ibm.com/docs/vpc?topic=vpc-ordering-endpoint-gateway). * Private endpoint URL for VPC infrastructure: `https://private.iam.cloud.ibm.com`. VPE gateway creation is supported in all datacenters (see https://cloud.ibm.com/docs/overview?topic=overview-locations#regions). If you enabled service endpoints in your account, you can send API requests over the IBM Cloud® private network at the following base endpoint URLs. For more information, see [Enabling VRF and service endpoints](https://cloud.ibm.com/docs/account?topic=account-vrf-service-endpoint). * Private endpoint URLs for classic infrastructure. Supported URLs: * Sydney: `https://private.au-syd.iam.cloud.ibm.com` * Sao Paulo: `https://private.br-sao.iam.cloud.ibm.com` * Montreal: `https://private.ca-mon.iam.cloud.ibm.com` * Toronto: `https://private.ca-tor.iam.cloud.ibm.com` * Frankfurt DC: `https://private.eu-de.iam.cloud.ibm.com` * London: `https://private.eu-gb.iam.cloud.ibm.com` * Madrid: `https://private.eu-es.iam.cloud.ibm.com` * Tokyo: `https://private.jp-tok.iam.cloud.ibm.com` * Osaka: `https://private.jp-osa.iam.cloud.ibm.com` * Washington DC: `https://private.us-east.iam.cloud.ibm.com` * Dallas: `https://private.us-south.iam.cloud.ibm.com` IAM is a global service and deployed to multiple MZRs world wide. IAM can be reached from all locations using the public global endpoint or using one of the private endpoints. Each request is sent to the closest region related to the client that invokes the call to IAM. Example API request ```bash curl -u \"apikey:{apikey}\" -X {request_method} \"https://iam.cloud.ibm.com/{method_endpoint}\" ``` Replace `{apikey}`, `{request_method}`, and `{method_endpoint}` in this example with the values for your particular API call. ## Authentication Authorization to the Identity Services REST API is enforced by using an IBM Cloud Identity and Access Management (IAM) access token. The token is used to determine the actions that a user or service ID has access to when they use the API. You can generate an access token by first [creating an API key](https://cloud.ibm.com/docs/account?topic=account-iamtoken_from_apikey) and then exchanging your API key for an IBM Cloud IAM token. Don't have an API key? Try running `ibmcloud iam oauth-tokens` in the [IBM Cloud Shell](https://cloud.ibm.com/shell) to quickly generate a personal access token. When you use the SDK, configure an IAM authenticator with the IAM API key. The authenticator automatically obtains the IAM access token for the API key and includes it with each request. You can construct an authenticator in either of two ways: - Programmatically by constructing an IAM authenticator instance and supplying your IAM API key - By defining the API key in external configuration properties and then using the SDK authenticator factory to construct an IAM authenticator that uses the configured IAM API key In this example of using external configuration properties, an IAM authenticator instance is created with the configured API key, and then the service client is constructed with this authenticator instance and the configured service URL. For more information, see the Authentication section of the [IBM Cloud SDK Common](https://github.com/IBM/ibm-cloud-sdk-common/blob/main/README.md) documentation. To call each method, you'll need to be assigned a role that includes the required IAM actions. Each method lists the associated action. For more information about IAM actions and how they map to roles, see [IAM Identity service](https://cloud.ibm.com/docs/account?topic=account-account-services#identity-service-account-management). To retrieve your access token: ```bash curl -X POST \\ \"https://iam.cloud.ibm.com/identity/token\" \\ --header 'Content-Type: application/x-www-form-urlencoded' \\ --header 'Accept: application/json' \\ --data-urlencode 'grant_type=urn:ibm:params:oauth:grant-type:apikey' \\ --data-urlencode 'apikey=<API_KEY>' ``` Replace `<API_KEY>` with your IAM API key. Setting client options through external configuration Example environment variables, where `<SERVICE_URL>` is the endpoint URL and `<API_KEY>` is your IAM API key ```sh export IAM_IDENTITY_URL=<SERVICE_URL> export IAM_IDENTITY_AUTHTYPE=iam export IAM_IDENTITY_APIKEY=<API_KEY> ``` Example of constructing the service client ```go import { \"github.com/IBM/platform-services-go-sdk/iamidentityv1\" } ... serviceClientOptions := &iamidentityv1.IamIdentityV1Options{} serviceClient, err := iamidentityv1.NewIamIdentityV1UsingExternalConfig(serviceClientOptions) ``` Setting client options through external configuration Example environment variables, where `<SERVICE_URL>` is the endpoint URL and `<API_KEY>` is your IAM API key ```sh export IAM_IDENTITY_URL=<SERVICE_URL> export IAM_IDENTITY_AUTHTYPE=iam export IAM_IDENTITY_APIKEY=<API_KEY> ``` Example of constructing the service client ```java import com.ibm.cloud.platform_services.iam_identity.v1.IamIdentity; ... IamIdentity serviceClient = IamIdentity.newInstance(); ``` Setting client options through external configuration Example environment variables, where `<SERVICE_URL>` is the endpoint URL and `<API_KEY>` is your IAM API key ```sh export IAM_IDENTITY_URL=<SERVICE_URL> export IAM_IDENTITY_AUTHTYPE=iam export IAM_IDENTITY_APIKEY=<API_KEY> ``` Example of constructing the service client ```javascript const IamIdentityV1 = require('@ibm-cloud/platform-services/iam-identity/v1'); ... const serviceClient = IamIdentityV1.newInstance({}); ``` Setting client options through external configuration Example environment variables, where `<SERVICE_URL>` is the endpoint URL and `<API_KEY>` is your IAM API key ```sh export IAM_IDENTITY_URL=<SERVICE_URL> export IAM_IDENTITY_AUTHTYPE=iam export IAM_IDENTITY_APIKEY=<API_KEY> ``` Example of constructing the service client ```python from ibm_platform_services import IamIdentityV1 ... service_client = IamIdentityV1.new_instance() ``` You authenticate to the API by using Cloud Identity and Access Management (IAM). You can pass either a bearer token in an authorization header or an [API key](https://cloud.ibm.com/docs/account?topic=account-manapikey). The SDK provides initialization methods for each form of authentication. - Use the API key to have the SDK manage the lifecycle of the access token. The SDK requests an access token, ensures that the access token is valid, includes the access token in each outgoing request, and refreshes it when it expires. - Use the access token to manage the lifecycle yourself. Keep in mind that access tokens are valid for 1 hour, so you must refresh them regularly to maintain access. For more information, see [IAM authentication with the SDK](https://github.com/IBM/ibm-cloud-sdk-common/blob/master/README.md#authentication). For more information, see [IAM authentication with the SDK](https://github.com/IBM/ibm-cloud-sdk-common/blob/master/README.md#authentication). For more information, see [IAM authentication with the SDK](https://github.com/IBM/ibm-cloud-sdk-common/blob/master/README.md#authentication). For more information, see [IAM authentication with the SDK](https://github.com/IBM/ibm-cloud-sdk-common/blob/master/README.md#authentication). ## Auditing You can monitor API activity within your account by using the IBM Cloud Logs service. Whenever an API method is called, an event is generated that you can then track and audit from within IBM Cloud Logs. The specific event type is listed for each individual method. If an event is tracked for a method, you can find it listed with the method. For more information about how to track IAM activity, see [Activity tracking events for IAM](https://cloud.ibm.com/docs/account?topic=account-at_events_iam). ## Error handling The IAM Token Service uses standard HTTP response codes to indicate whether a method completed successfully. A `200` response always indicates success. A `400` type response indicates that a parameter validation failed and can occur if required parameters are missing or if any parameter values are invalid. A `401` or `403` response indicates that the incoming request did not contain valid authentication information. A `500` type response indicates an internal server error that is seen in an unexpected error situation. The Identity Services REST APIs return standard HTTP status codes to indicate the success or failure of a request. The format of the response is represented in JSON as follows: ```json { \"trace\": \"9daee671-916a-4678-850b-10b911f0236d\", \"errors\": [ { \"code\": \"invalid_access_token\", \"message\": \"The provided access token provided is invalid.\" } ] \"status_code\": 401 } ``` If an operation cannot be fulfilled, an appropriate 400 or 500 series HTTP response is returned from the server. The operations that are defined in the `Reference` section describe example errors that might be returned from a failed request. All responses from the Identity Services REST API are in JSON format. The following table show the potential error codes the API might return. | HTTP Error Code | Description | Recovery | |-----------------|-------------|----------| | `200` | Success | The request was successful. | | `201` | Created | The resource was successfully created. | | `204` | No Content | The request was successful. No response body is provided. | | `400` | Bad Request | The input parameters in the request body are either incomplete or in the wrong format. Be sure to include all required parameters in your request. | | `401` | Unauthorized | You are not authorized to make this request. The token is either missing or expired. Get a new valid token and try again. | | `403` | Forbidden | The supplied authentication is not authorized to perform the operation. If this error persists, contact the account owner to check your permissions. | | `404` | Not Found | The requested resource can't be found. | | `409` | Conflict | The entity is already in the requested state. | | `429` | Too Many Requests | Too many requests have been made within a time window. Wait before calling the API again. | | `500` | Internal error | Error that is seen in an unexpected error situation. | ## Additional headers Some additional headers might be required to make successful requests to the API. Those additional headers are: An optional transaction ID can be passed to your request, which can be useful for tracking calls through multiple services using one identifier. The header key must be set to `Transaction-Id` and the value is anything that you choose. If there is not a transaction ID that is passed in, then one is generated randomly. ## API Parameters Some API parameter have additional details that need to be considered while using it in a request. Those API parameters are as follow: ### Filtering list results When listing service IDs, trusted profiles or API keys you can filter the result set by providing an optional `filter` parameter. The exact syntax of this parameter is described below. Query syntax will follow the SCIM query syntax with reduced operator support. The value must be URL encoded. Only the following operators are supported. * Supported attribute operators- - `sw` - starts with - `sw_ci` - starts with ingnore case - non SCIM standard - `ew` - ends with - `ew_ci` - ends with ingnore case - non SCIM standard - `co` - contains - `co_ci` - contains ingnore case - non SCIM standard * Supported operators- - `and` - `or` * Grouping operators- - `()` * Data Values -`Text` * Sample - `name co \"Foo\" and description sw \"Bar\"`
|
|
5
5
|
|
|
6
6
|
The version of the OpenAPI document: 1.0.0
|
|
7
7
|
|
|
8
8
|
Generated by: https://openapi-generator.tech
|
|
9
|
-
|
|
9
|
+
Generator version: 7.23.0
|
|
10
10
|
|
|
11
11
|
=end
|
|
12
12
|
|
|
@@ -14,8 +14,10 @@ require 'date'
|
|
|
14
14
|
require 'json'
|
|
15
15
|
require 'logger'
|
|
16
16
|
require 'tempfile'
|
|
17
|
+
require 'time'
|
|
17
18
|
require 'typhoeus'
|
|
18
19
|
|
|
20
|
+
|
|
19
21
|
module IbmCloudIam
|
|
20
22
|
class ApiClient
|
|
21
23
|
# The Configuration object holding settings to be used in the API client.
|
|
@@ -44,9 +46,11 @@ module IbmCloudIam
|
|
|
44
46
|
# Call an API with given options.
|
|
45
47
|
#
|
|
46
48
|
# @return [Array<(Object, Integer, Hash)>] an array of 3 elements:
|
|
47
|
-
# the data deserialized from response body (
|
|
49
|
+
# the data deserialized from response body (may be a Tempfile or nil), response status code and response headers.
|
|
48
50
|
def call_api(http_method, path, opts = {})
|
|
49
51
|
request = build_request(http_method, path, opts)
|
|
52
|
+
tempfile = nil
|
|
53
|
+
(download_file(request) { tempfile = _1 }) if opts[:return_type] == 'File'
|
|
50
54
|
response = request.run
|
|
51
55
|
|
|
52
56
|
if @config.debugging
|
|
@@ -68,7 +72,9 @@ module IbmCloudIam
|
|
|
68
72
|
end
|
|
69
73
|
end
|
|
70
74
|
|
|
71
|
-
if opts[:return_type]
|
|
75
|
+
if opts[:return_type] == 'File'
|
|
76
|
+
data = tempfile
|
|
77
|
+
elsif opts[:return_type]
|
|
72
78
|
data = deserialize(response, opts[:return_type])
|
|
73
79
|
else
|
|
74
80
|
data = nil
|
|
@@ -86,12 +92,13 @@ module IbmCloudIam
|
|
|
86
92
|
# @option opts [Object] :body HTTP body (JSON/XML)
|
|
87
93
|
# @return [Typhoeus::Request] A Typhoeus Request
|
|
88
94
|
def build_request(http_method, path, opts = {})
|
|
89
|
-
url = build_request_url(path)
|
|
95
|
+
url = build_request_url(path, opts)
|
|
90
96
|
http_method = http_method.to_sym.downcase
|
|
91
97
|
|
|
92
98
|
header_params = @default_headers.merge(opts[:header_params] || {})
|
|
93
99
|
query_params = opts[:query_params] || {}
|
|
94
100
|
form_params = opts[:form_params] || {}
|
|
101
|
+
follow_location = opts[:follow_location] || true
|
|
95
102
|
|
|
96
103
|
|
|
97
104
|
# set ssl_verifyhosts option based on @config.verify_ssl_host (true/false)
|
|
@@ -107,7 +114,8 @@ module IbmCloudIam
|
|
|
107
114
|
:ssl_verifyhost => _verify_ssl_host,
|
|
108
115
|
:sslcert => @config.cert_file,
|
|
109
116
|
:sslkey => @config.key_file,
|
|
110
|
-
:verbose => @config.debugging
|
|
117
|
+
:verbose => @config.debugging,
|
|
118
|
+
:followlocation => follow_location
|
|
111
119
|
}
|
|
112
120
|
|
|
113
121
|
# set custom cert, if provided
|
|
@@ -121,9 +129,7 @@ module IbmCloudIam
|
|
|
121
129
|
end
|
|
122
130
|
end
|
|
123
131
|
|
|
124
|
-
|
|
125
|
-
download_file(request) if opts[:return_type] == 'File'
|
|
126
|
-
request
|
|
132
|
+
Typhoeus::Request.new(url, req_opts)
|
|
127
133
|
end
|
|
128
134
|
|
|
129
135
|
# Builds the HTTP request body
|
|
@@ -154,6 +160,47 @@ module IbmCloudIam
|
|
|
154
160
|
data
|
|
155
161
|
end
|
|
156
162
|
|
|
163
|
+
# Save response body into a file in (the defined) temporary folder, using the filename
|
|
164
|
+
# from the "Content-Disposition" header if provided, otherwise a random filename.
|
|
165
|
+
# The response body is written to the file in chunks in order to handle files which
|
|
166
|
+
# size is larger than maximum Ruby String or even larger than the maximum memory a Ruby
|
|
167
|
+
# process can use.
|
|
168
|
+
#
|
|
169
|
+
# @see Configuration#temp_folder_path
|
|
170
|
+
#
|
|
171
|
+
# @return [Tempfile] the tempfile generated
|
|
172
|
+
def download_file(request)
|
|
173
|
+
tempfile = nil
|
|
174
|
+
encoding = nil
|
|
175
|
+
request.on_headers do |response|
|
|
176
|
+
content_disposition = response.headers['Content-Disposition']
|
|
177
|
+
if content_disposition && content_disposition =~ /filename=/i
|
|
178
|
+
filename = content_disposition[/filename=['"]?([^'"\s]+)['"]?/, 1]
|
|
179
|
+
prefix = sanitize_filename(filename)
|
|
180
|
+
else
|
|
181
|
+
prefix = 'download-'
|
|
182
|
+
end
|
|
183
|
+
prefix = prefix + '-' unless prefix.end_with?('-')
|
|
184
|
+
encoding = response.body.encoding
|
|
185
|
+
tempfile = Tempfile.open(prefix, @config.temp_folder_path, encoding: encoding)
|
|
186
|
+
end
|
|
187
|
+
request.on_body do |chunk|
|
|
188
|
+
chunk.force_encoding(encoding)
|
|
189
|
+
tempfile.write(chunk)
|
|
190
|
+
end
|
|
191
|
+
request.on_complete do
|
|
192
|
+
if !tempfile
|
|
193
|
+
fail ApiError.new("Failed to create the tempfile based on the HTTP response from the server: #{request.inspect}")
|
|
194
|
+
end
|
|
195
|
+
tempfile.close
|
|
196
|
+
@config.logger.info "Temp file written to #{tempfile.path}, please copy the file to a proper folder "\
|
|
197
|
+
"with e.g. `FileUtils.cp(tempfile.path, '/new/file/path')` otherwise the temp file "\
|
|
198
|
+
"will be deleted automatically with GC. It's also recommended to delete the temp file "\
|
|
199
|
+
"explicitly with `tempfile.delete`"
|
|
200
|
+
yield tempfile if block_given?
|
|
201
|
+
end
|
|
202
|
+
end
|
|
203
|
+
|
|
157
204
|
# Check if the given MIME is a JSON MIME.
|
|
158
205
|
# JSON MIME examples:
|
|
159
206
|
# application/json
|
|
@@ -163,7 +210,7 @@ module IbmCloudIam
|
|
|
163
210
|
# @param [String] mime MIME
|
|
164
211
|
# @return [Boolean] True if the MIME is application/json
|
|
165
212
|
def json_mime?(mime)
|
|
166
|
-
(mime == '*/*') || !(mime =~
|
|
213
|
+
(mime == '*/*') || !(mime =~ /^Application\/.*json(?!p)(;.*)?/i).nil?
|
|
167
214
|
end
|
|
168
215
|
|
|
169
216
|
# Deserialize the response to the given return type.
|
|
@@ -172,15 +219,10 @@ module IbmCloudIam
|
|
|
172
219
|
# @param [String] return_type some examples: "User", "Array<User>", "Hash<String, Integer>"
|
|
173
220
|
def deserialize(response, return_type)
|
|
174
221
|
body = response.body
|
|
175
|
-
|
|
176
|
-
# handle file downloading - return the File instance processed in request callbacks
|
|
177
|
-
# note that response body is empty when the file is written in chunks in request on_body callback
|
|
178
|
-
return @tempfile if return_type == 'File'
|
|
179
|
-
|
|
180
222
|
return nil if body.nil? || body.empty?
|
|
181
223
|
|
|
182
224
|
# return response body directly for String return type
|
|
183
|
-
return body if return_type == 'String'
|
|
225
|
+
return body.to_s if return_type == 'String'
|
|
184
226
|
|
|
185
227
|
# ensuring a default content type
|
|
186
228
|
content_type = response.headers['Content-Type'] || 'application/json'
|
|
@@ -190,7 +232,7 @@ module IbmCloudIam
|
|
|
190
232
|
begin
|
|
191
233
|
data = JSON.parse("[#{body}]", :symbolize_names => true)[0]
|
|
192
234
|
rescue JSON::ParserError => e
|
|
193
|
-
if %w(String Date
|
|
235
|
+
if %w(String Date Time).include?(return_type)
|
|
194
236
|
data = body
|
|
195
237
|
else
|
|
196
238
|
raise e
|
|
@@ -215,9 +257,9 @@ module IbmCloudIam
|
|
|
215
257
|
data.to_f
|
|
216
258
|
when 'Boolean'
|
|
217
259
|
data == true
|
|
218
|
-
when '
|
|
260
|
+
when 'Time'
|
|
219
261
|
# parse date time (expecting ISO 8601 format)
|
|
220
|
-
|
|
262
|
+
Time.parse data
|
|
221
263
|
when 'Date'
|
|
222
264
|
# parse date time (expecting ISO 8601 format)
|
|
223
265
|
Date.parse data
|
|
@@ -235,45 +277,12 @@ module IbmCloudIam
|
|
|
235
277
|
data.each { |k, v| hash[k] = convert_to_type(v, sub_type) }
|
|
236
278
|
end
|
|
237
279
|
else
|
|
238
|
-
# models
|
|
239
|
-
IbmCloudIam.const_get(return_type)
|
|
240
|
-
|
|
241
|
-
|
|
242
|
-
|
|
243
|
-
# Save response body into a file in (the defined) temporary folder, using the filename
|
|
244
|
-
# from the "Content-Disposition" header if provided, otherwise a random filename.
|
|
245
|
-
# The response body is written to the file in chunks in order to handle files which
|
|
246
|
-
# size is larger than maximum Ruby String or even larger than the maximum memory a Ruby
|
|
247
|
-
# process can use.
|
|
248
|
-
#
|
|
249
|
-
# @see Configuration#temp_folder_path
|
|
250
|
-
def download_file(request)
|
|
251
|
-
tempfile = nil
|
|
252
|
-
encoding = nil
|
|
253
|
-
request.on_headers do |response|
|
|
254
|
-
content_disposition = response.headers['Content-Disposition']
|
|
255
|
-
if content_disposition && content_disposition =~ /filename=/i
|
|
256
|
-
filename = content_disposition[/filename=['"]?([^'"\s]+)['"]?/, 1]
|
|
257
|
-
prefix = sanitize_filename(filename)
|
|
280
|
+
# models (e.g. Pet) or oneOf/anyOf
|
|
281
|
+
klass = IbmCloudIam.const_get(return_type)
|
|
282
|
+
if klass.respond_to?(:openapi_one_of) || klass.respond_to?(:openapi_any_of)
|
|
283
|
+
klass.build(data)
|
|
258
284
|
else
|
|
259
|
-
|
|
260
|
-
end
|
|
261
|
-
prefix = prefix + '-' unless prefix.end_with?('-')
|
|
262
|
-
encoding = response.body.encoding
|
|
263
|
-
tempfile = Tempfile.open(prefix, @config.temp_folder_path, encoding: encoding)
|
|
264
|
-
@tempfile = tempfile
|
|
265
|
-
end
|
|
266
|
-
request.on_body do |chunk|
|
|
267
|
-
chunk.force_encoding(encoding)
|
|
268
|
-
tempfile.write(chunk)
|
|
269
|
-
end
|
|
270
|
-
request.on_complete do |response|
|
|
271
|
-
if tempfile
|
|
272
|
-
tempfile.close
|
|
273
|
-
@config.logger.info "Temp file written to #{tempfile.path}, please copy the file to a proper folder "\
|
|
274
|
-
"with e.g. `FileUtils.cp(tempfile.path, '/new/file/path')` otherwise the temp file "\
|
|
275
|
-
"will be deleted automatically with GC. It's also recommended to delete the temp file "\
|
|
276
|
-
"explicitly with `tempfile.delete`"
|
|
285
|
+
klass.build_from_hash(data)
|
|
277
286
|
end
|
|
278
287
|
end
|
|
279
288
|
end
|
|
@@ -284,16 +293,16 @@ module IbmCloudIam
|
|
|
284
293
|
# @param [String] filename the filename to be sanitized
|
|
285
294
|
# @return [String] the sanitized filename
|
|
286
295
|
def sanitize_filename(filename)
|
|
287
|
-
filename.
|
|
296
|
+
filename.split(/[\/\\]/).last
|
|
288
297
|
end
|
|
289
298
|
|
|
290
|
-
def build_request_url(path)
|
|
299
|
+
def build_request_url(path, opts = {})
|
|
291
300
|
# Add leading and trailing slashes to path
|
|
292
301
|
path = "/#{path}".gsub(/\/+/, '/')
|
|
293
|
-
@config.base_url + path
|
|
302
|
+
@config.base_url(opts[:operation]) + path
|
|
294
303
|
end
|
|
295
304
|
|
|
296
|
-
# Update
|
|
305
|
+
# Update header and query params based on authentication settings.
|
|
297
306
|
#
|
|
298
307
|
# @param [Hash] header_params Header parameters
|
|
299
308
|
# @param [Hash] query_params Query parameters
|
|
@@ -305,7 +314,7 @@ module IbmCloudIam
|
|
|
305
314
|
case auth_setting[:in]
|
|
306
315
|
when 'header' then header_params[auth_setting[:key]] = auth_setting[:value]
|
|
307
316
|
when 'query' then query_params[auth_setting[:key]] = auth_setting[:value]
|
|
308
|
-
else fail ArgumentError, 'Authentication token must be in `query`
|
|
317
|
+
else fail ArgumentError, 'Authentication token must be in `query` or `header`'
|
|
309
318
|
end
|
|
310
319
|
end
|
|
311
320
|
end
|
|
@@ -332,8 +341,8 @@ module IbmCloudIam
|
|
|
332
341
|
# @param [Array] content_types array for Content-Type
|
|
333
342
|
# @return [String] the Content-Type header (e.g. application/json)
|
|
334
343
|
def select_header_content_type(content_types)
|
|
335
|
-
#
|
|
336
|
-
return
|
|
344
|
+
# return nil by default
|
|
345
|
+
return if content_types.nil? || content_types.empty?
|
|
337
346
|
# use JSON when present, otherwise use the first one
|
|
338
347
|
json_content_type = content_types.find { |s| json_mime?(s) }
|
|
339
348
|
json_content_type || content_types.first
|
|
@@ -1,12 +1,12 @@
|
|
|
1
1
|
=begin
|
|
2
|
-
#IAM Identity Services
|
|
2
|
+
#IAM Identity Services
|
|
3
3
|
|
|
4
|
-
#The IAM Identity Service API allows for the management of Identities (Service IDs, ApiKeys).
|
|
4
|
+
# ## Introduction The IAM Identity Service API is used to manage service IDs, API key identities, trusted profiles, account security settings and to create IAM access tokens for a user or service ID. With trusted profile templates and assignments you can centrally manage access for child accounts in your organization from the root enterprise account. Similarly with settings templates and assignments, you can centrally administer account security settings. For more information, see [Working with template versions](https://cloud.ibm.com/docs/secure-enterprise?topic=secure-enterprise-working-with-versions&interface=ui) and [Best practices for assigning access in an enterprise](https://cloud.ibm.com/docs/secure-enterprise?topic=secure-enterprise-access-enterprises). SDKs for Java, Node, Python, and Go are available to make it easier to programmatically access the API from your code. The client libraries that are provided by the SDKs implement best practices for using the API and reduce the amount of code that you need to write. The tab for each language includes code examples that demonstrate how to use the client libraries. For more information about using the SDKs, see the [IBM Cloud SDK Common project](https://github.com/IBM/ibm-cloud-sdk-common) on GitHub. Installing the Java SDK Maven ```xml <dependency> <groupId>com.ibm.cloud</groupId> <artifactId>iam-identity</artifactId> <version>{version}</version> </dependency> ``` Gradle ```bash compile 'com.ibm.cloud:iam-identity:{version}' ``` Replace `{version}` in these examples with the release version. View on GitHub [https://github.com/IBM/platform-services-java-sdk](https://github.com/IBM/platform-services-java-sdk) Installing the Go SDK Go modules (recommended): Add the following import in your code, and then run `go build` or `go mod tidy` ```go import ( \"github.com/IBM/platform-services-go-sdk/iamidentityv1\" ) ``` ```bash go get -u github.com/IBM/platform-services-go-sdk/iamidentityv1 ``` View on GitHub [https://github.com/IBM/platform-services-go-sdk](https://github.com/IBM/platform-services-go-sdk) Installing the Node SDK ```bash npm install @ibm-cloud/platform-services ``` View on GitHub [https://github.com/IBM/platform-services-node-sdk](https://github.com/IBM/platform-services-node-sdk) Installing the Python SDK ```bash pip install --upgrade \"ibm-platform-services\" ``` View on GitHub [https://github.com/IBM/platform-services-python-sdk](https://github.com/IBM/platform-services-python-sdk) The examples that are provided on this page demonstrate how to use IAM Identity Service For more information and detailed examples, check out the [IBM Cloud SDK Common project on GitHub](https://github.com/IBM/ibm-cloud-sdk-common/blob/master/README.md). The examples that are provided on this page demonstrate how to use IAM Identity Service For more information and detailed examples, check out the [IBM Cloud SDK Common project on GitHub](https://github.com/IBM/ibm-cloud-sdk-common/blob/master/README.md). The examples that are provided on this page demonstrate how to use IAM Identity Service For more information and detailed examples, check out the [IBM Cloud SDK Common project on GitHub](https://github.com/IBM/ibm-cloud-sdk-common/blob/master/README.md). The examples that are provided on this page demonstrate how to use IAM Identity Service For more information and detailed examples, check out the [IBM Cloud SDK Common project on GitHub](https://github.com/IBM/ibm-cloud-sdk-common/blob/master/README.md). ## Endpoint URLs The IAM Identity Services API uses the following public global endpoint URL. When you call the API, add the path for each method to form the complete API endpoint for your requests. ```bash https://iam.cloud.ibm.com ``` Virtual private cloud (VPC) based access requires a virtual private endpoint gateway (VPE gateway). For more information , see [Creating an endpoint gateway](https://cloud.ibm.com/docs/vpc?topic=vpc-ordering-endpoint-gateway). * Private endpoint URL for VPC infrastructure: `https://private.iam.cloud.ibm.com`. VPE gateway creation is supported in all datacenters (see https://cloud.ibm.com/docs/overview?topic=overview-locations#regions). If you enabled service endpoints in your account, you can send API requests over the IBM Cloud® private network at the following base endpoint URLs. For more information, see [Enabling VRF and service endpoints](https://cloud.ibm.com/docs/account?topic=account-vrf-service-endpoint). * Private endpoint URLs for classic infrastructure. Supported URLs: * Sydney: `https://private.au-syd.iam.cloud.ibm.com` * Sao Paulo: `https://private.br-sao.iam.cloud.ibm.com` * Montreal: `https://private.ca-mon.iam.cloud.ibm.com` * Toronto: `https://private.ca-tor.iam.cloud.ibm.com` * Frankfurt DC: `https://private.eu-de.iam.cloud.ibm.com` * London: `https://private.eu-gb.iam.cloud.ibm.com` * Madrid: `https://private.eu-es.iam.cloud.ibm.com` * Tokyo: `https://private.jp-tok.iam.cloud.ibm.com` * Osaka: `https://private.jp-osa.iam.cloud.ibm.com` * Washington DC: `https://private.us-east.iam.cloud.ibm.com` * Dallas: `https://private.us-south.iam.cloud.ibm.com` IAM is a global service and deployed to multiple MZRs world wide. IAM can be reached from all locations using the public global endpoint or using one of the private endpoints. Each request is sent to the closest region related to the client that invokes the call to IAM. Example API request ```bash curl -u \"apikey:{apikey}\" -X {request_method} \"https://iam.cloud.ibm.com/{method_endpoint}\" ``` Replace `{apikey}`, `{request_method}`, and `{method_endpoint}` in this example with the values for your particular API call. ## Authentication Authorization to the Identity Services REST API is enforced by using an IBM Cloud Identity and Access Management (IAM) access token. The token is used to determine the actions that a user or service ID has access to when they use the API. You can generate an access token by first [creating an API key](https://cloud.ibm.com/docs/account?topic=account-iamtoken_from_apikey) and then exchanging your API key for an IBM Cloud IAM token. Don't have an API key? Try running `ibmcloud iam oauth-tokens` in the [IBM Cloud Shell](https://cloud.ibm.com/shell) to quickly generate a personal access token. When you use the SDK, configure an IAM authenticator with the IAM API key. The authenticator automatically obtains the IAM access token for the API key and includes it with each request. You can construct an authenticator in either of two ways: - Programmatically by constructing an IAM authenticator instance and supplying your IAM API key - By defining the API key in external configuration properties and then using the SDK authenticator factory to construct an IAM authenticator that uses the configured IAM API key In this example of using external configuration properties, an IAM authenticator instance is created with the configured API key, and then the service client is constructed with this authenticator instance and the configured service URL. For more information, see the Authentication section of the [IBM Cloud SDK Common](https://github.com/IBM/ibm-cloud-sdk-common/blob/main/README.md) documentation. To call each method, you'll need to be assigned a role that includes the required IAM actions. Each method lists the associated action. For more information about IAM actions and how they map to roles, see [IAM Identity service](https://cloud.ibm.com/docs/account?topic=account-account-services#identity-service-account-management). To retrieve your access token: ```bash curl -X POST \\ \"https://iam.cloud.ibm.com/identity/token\" \\ --header 'Content-Type: application/x-www-form-urlencoded' \\ --header 'Accept: application/json' \\ --data-urlencode 'grant_type=urn:ibm:params:oauth:grant-type:apikey' \\ --data-urlencode 'apikey=<API_KEY>' ``` Replace `<API_KEY>` with your IAM API key. Setting client options through external configuration Example environment variables, where `<SERVICE_URL>` is the endpoint URL and `<API_KEY>` is your IAM API key ```sh export IAM_IDENTITY_URL=<SERVICE_URL> export IAM_IDENTITY_AUTHTYPE=iam export IAM_IDENTITY_APIKEY=<API_KEY> ``` Example of constructing the service client ```go import { \"github.com/IBM/platform-services-go-sdk/iamidentityv1\" } ... serviceClientOptions := &iamidentityv1.IamIdentityV1Options{} serviceClient, err := iamidentityv1.NewIamIdentityV1UsingExternalConfig(serviceClientOptions) ``` Setting client options through external configuration Example environment variables, where `<SERVICE_URL>` is the endpoint URL and `<API_KEY>` is your IAM API key ```sh export IAM_IDENTITY_URL=<SERVICE_URL> export IAM_IDENTITY_AUTHTYPE=iam export IAM_IDENTITY_APIKEY=<API_KEY> ``` Example of constructing the service client ```java import com.ibm.cloud.platform_services.iam_identity.v1.IamIdentity; ... IamIdentity serviceClient = IamIdentity.newInstance(); ``` Setting client options through external configuration Example environment variables, where `<SERVICE_URL>` is the endpoint URL and `<API_KEY>` is your IAM API key ```sh export IAM_IDENTITY_URL=<SERVICE_URL> export IAM_IDENTITY_AUTHTYPE=iam export IAM_IDENTITY_APIKEY=<API_KEY> ``` Example of constructing the service client ```javascript const IamIdentityV1 = require('@ibm-cloud/platform-services/iam-identity/v1'); ... const serviceClient = IamIdentityV1.newInstance({}); ``` Setting client options through external configuration Example environment variables, where `<SERVICE_URL>` is the endpoint URL and `<API_KEY>` is your IAM API key ```sh export IAM_IDENTITY_URL=<SERVICE_URL> export IAM_IDENTITY_AUTHTYPE=iam export IAM_IDENTITY_APIKEY=<API_KEY> ``` Example of constructing the service client ```python from ibm_platform_services import IamIdentityV1 ... service_client = IamIdentityV1.new_instance() ``` You authenticate to the API by using Cloud Identity and Access Management (IAM). You can pass either a bearer token in an authorization header or an [API key](https://cloud.ibm.com/docs/account?topic=account-manapikey). The SDK provides initialization methods for each form of authentication. - Use the API key to have the SDK manage the lifecycle of the access token. The SDK requests an access token, ensures that the access token is valid, includes the access token in each outgoing request, and refreshes it when it expires. - Use the access token to manage the lifecycle yourself. Keep in mind that access tokens are valid for 1 hour, so you must refresh them regularly to maintain access. For more information, see [IAM authentication with the SDK](https://github.com/IBM/ibm-cloud-sdk-common/blob/master/README.md#authentication). For more information, see [IAM authentication with the SDK](https://github.com/IBM/ibm-cloud-sdk-common/blob/master/README.md#authentication). For more information, see [IAM authentication with the SDK](https://github.com/IBM/ibm-cloud-sdk-common/blob/master/README.md#authentication). For more information, see [IAM authentication with the SDK](https://github.com/IBM/ibm-cloud-sdk-common/blob/master/README.md#authentication). ## Auditing You can monitor API activity within your account by using the IBM Cloud Logs service. Whenever an API method is called, an event is generated that you can then track and audit from within IBM Cloud Logs. The specific event type is listed for each individual method. If an event is tracked for a method, you can find it listed with the method. For more information about how to track IAM activity, see [Activity tracking events for IAM](https://cloud.ibm.com/docs/account?topic=account-at_events_iam). ## Error handling The IAM Token Service uses standard HTTP response codes to indicate whether a method completed successfully. A `200` response always indicates success. A `400` type response indicates that a parameter validation failed and can occur if required parameters are missing or if any parameter values are invalid. A `401` or `403` response indicates that the incoming request did not contain valid authentication information. A `500` type response indicates an internal server error that is seen in an unexpected error situation. The Identity Services REST APIs return standard HTTP status codes to indicate the success or failure of a request. The format of the response is represented in JSON as follows: ```json { \"trace\": \"9daee671-916a-4678-850b-10b911f0236d\", \"errors\": [ { \"code\": \"invalid_access_token\", \"message\": \"The provided access token provided is invalid.\" } ] \"status_code\": 401 } ``` If an operation cannot be fulfilled, an appropriate 400 or 500 series HTTP response is returned from the server. The operations that are defined in the `Reference` section describe example errors that might be returned from a failed request. All responses from the Identity Services REST API are in JSON format. The following table show the potential error codes the API might return. | HTTP Error Code | Description | Recovery | |-----------------|-------------|----------| | `200` | Success | The request was successful. | | `201` | Created | The resource was successfully created. | | `204` | No Content | The request was successful. No response body is provided. | | `400` | Bad Request | The input parameters in the request body are either incomplete or in the wrong format. Be sure to include all required parameters in your request. | | `401` | Unauthorized | You are not authorized to make this request. The token is either missing or expired. Get a new valid token and try again. | | `403` | Forbidden | The supplied authentication is not authorized to perform the operation. If this error persists, contact the account owner to check your permissions. | | `404` | Not Found | The requested resource can't be found. | | `409` | Conflict | The entity is already in the requested state. | | `429` | Too Many Requests | Too many requests have been made within a time window. Wait before calling the API again. | | `500` | Internal error | Error that is seen in an unexpected error situation. | ## Additional headers Some additional headers might be required to make successful requests to the API. Those additional headers are: An optional transaction ID can be passed to your request, which can be useful for tracking calls through multiple services using one identifier. The header key must be set to `Transaction-Id` and the value is anything that you choose. If there is not a transaction ID that is passed in, then one is generated randomly. ## API Parameters Some API parameter have additional details that need to be considered while using it in a request. Those API parameters are as follow: ### Filtering list results When listing service IDs, trusted profiles or API keys you can filter the result set by providing an optional `filter` parameter. The exact syntax of this parameter is described below. Query syntax will follow the SCIM query syntax with reduced operator support. The value must be URL encoded. Only the following operators are supported. * Supported attribute operators- - `sw` - starts with - `sw_ci` - starts with ingnore case - non SCIM standard - `ew` - ends with - `ew_ci` - ends with ingnore case - non SCIM standard - `co` - contains - `co_ci` - contains ingnore case - non SCIM standard * Supported operators- - `and` - `or` * Grouping operators- - `()` * Data Values -`Text` * Sample - `name co \"Foo\" and description sw \"Bar\"`
|
|
5
5
|
|
|
6
6
|
The version of the OpenAPI document: 1.0.0
|
|
7
7
|
|
|
8
8
|
Generated by: https://openapi-generator.tech
|
|
9
|
-
|
|
9
|
+
Generator version: 7.23.0
|
|
10
10
|
|
|
11
11
|
=end
|
|
12
12
|
|
|
@@ -32,6 +32,7 @@ module IbmCloudIam
|
|
|
32
32
|
end
|
|
33
33
|
else
|
|
34
34
|
super arg
|
|
35
|
+
@message = arg
|
|
35
36
|
end
|
|
36
37
|
end
|
|
37
38
|
|
|
@@ -0,0 +1,88 @@
|
|
|
1
|
+
=begin
|
|
2
|
+
#IAM Identity Services
|
|
3
|
+
|
|
4
|
+
# ## Introduction The IAM Identity Service API is used to manage service IDs, API key identities, trusted profiles, account security settings and to create IAM access tokens for a user or service ID. With trusted profile templates and assignments you can centrally manage access for child accounts in your organization from the root enterprise account. Similarly with settings templates and assignments, you can centrally administer account security settings. For more information, see [Working with template versions](https://cloud.ibm.com/docs/secure-enterprise?topic=secure-enterprise-working-with-versions&interface=ui) and [Best practices for assigning access in an enterprise](https://cloud.ibm.com/docs/secure-enterprise?topic=secure-enterprise-access-enterprises). SDKs for Java, Node, Python, and Go are available to make it easier to programmatically access the API from your code. The client libraries that are provided by the SDKs implement best practices for using the API and reduce the amount of code that you need to write. The tab for each language includes code examples that demonstrate how to use the client libraries. For more information about using the SDKs, see the [IBM Cloud SDK Common project](https://github.com/IBM/ibm-cloud-sdk-common) on GitHub. Installing the Java SDK Maven ```xml <dependency> <groupId>com.ibm.cloud</groupId> <artifactId>iam-identity</artifactId> <version>{version}</version> </dependency> ``` Gradle ```bash compile 'com.ibm.cloud:iam-identity:{version}' ``` Replace `{version}` in these examples with the release version. View on GitHub [https://github.com/IBM/platform-services-java-sdk](https://github.com/IBM/platform-services-java-sdk) Installing the Go SDK Go modules (recommended): Add the following import in your code, and then run `go build` or `go mod tidy` ```go import ( \"github.com/IBM/platform-services-go-sdk/iamidentityv1\" ) ``` ```bash go get -u github.com/IBM/platform-services-go-sdk/iamidentityv1 ``` View on GitHub [https://github.com/IBM/platform-services-go-sdk](https://github.com/IBM/platform-services-go-sdk) Installing the Node SDK ```bash npm install @ibm-cloud/platform-services ``` View on GitHub [https://github.com/IBM/platform-services-node-sdk](https://github.com/IBM/platform-services-node-sdk) Installing the Python SDK ```bash pip install --upgrade \"ibm-platform-services\" ``` View on GitHub [https://github.com/IBM/platform-services-python-sdk](https://github.com/IBM/platform-services-python-sdk) The examples that are provided on this page demonstrate how to use IAM Identity Service For more information and detailed examples, check out the [IBM Cloud SDK Common project on GitHub](https://github.com/IBM/ibm-cloud-sdk-common/blob/master/README.md). The examples that are provided on this page demonstrate how to use IAM Identity Service For more information and detailed examples, check out the [IBM Cloud SDK Common project on GitHub](https://github.com/IBM/ibm-cloud-sdk-common/blob/master/README.md). The examples that are provided on this page demonstrate how to use IAM Identity Service For more information and detailed examples, check out the [IBM Cloud SDK Common project on GitHub](https://github.com/IBM/ibm-cloud-sdk-common/blob/master/README.md). The examples that are provided on this page demonstrate how to use IAM Identity Service For more information and detailed examples, check out the [IBM Cloud SDK Common project on GitHub](https://github.com/IBM/ibm-cloud-sdk-common/blob/master/README.md). ## Endpoint URLs The IAM Identity Services API uses the following public global endpoint URL. When you call the API, add the path for each method to form the complete API endpoint for your requests. ```bash https://iam.cloud.ibm.com ``` Virtual private cloud (VPC) based access requires a virtual private endpoint gateway (VPE gateway). For more information , see [Creating an endpoint gateway](https://cloud.ibm.com/docs/vpc?topic=vpc-ordering-endpoint-gateway). * Private endpoint URL for VPC infrastructure: `https://private.iam.cloud.ibm.com`. VPE gateway creation is supported in all datacenters (see https://cloud.ibm.com/docs/overview?topic=overview-locations#regions). If you enabled service endpoints in your account, you can send API requests over the IBM Cloud® private network at the following base endpoint URLs. For more information, see [Enabling VRF and service endpoints](https://cloud.ibm.com/docs/account?topic=account-vrf-service-endpoint). * Private endpoint URLs for classic infrastructure. Supported URLs: * Sydney: `https://private.au-syd.iam.cloud.ibm.com` * Sao Paulo: `https://private.br-sao.iam.cloud.ibm.com` * Montreal: `https://private.ca-mon.iam.cloud.ibm.com` * Toronto: `https://private.ca-tor.iam.cloud.ibm.com` * Frankfurt DC: `https://private.eu-de.iam.cloud.ibm.com` * London: `https://private.eu-gb.iam.cloud.ibm.com` * Madrid: `https://private.eu-es.iam.cloud.ibm.com` * Tokyo: `https://private.jp-tok.iam.cloud.ibm.com` * Osaka: `https://private.jp-osa.iam.cloud.ibm.com` * Washington DC: `https://private.us-east.iam.cloud.ibm.com` * Dallas: `https://private.us-south.iam.cloud.ibm.com` IAM is a global service and deployed to multiple MZRs world wide. IAM can be reached from all locations using the public global endpoint or using one of the private endpoints. Each request is sent to the closest region related to the client that invokes the call to IAM. Example API request ```bash curl -u \"apikey:{apikey}\" -X {request_method} \"https://iam.cloud.ibm.com/{method_endpoint}\" ``` Replace `{apikey}`, `{request_method}`, and `{method_endpoint}` in this example with the values for your particular API call. ## Authentication Authorization to the Identity Services REST API is enforced by using an IBM Cloud Identity and Access Management (IAM) access token. The token is used to determine the actions that a user or service ID has access to when they use the API. You can generate an access token by first [creating an API key](https://cloud.ibm.com/docs/account?topic=account-iamtoken_from_apikey) and then exchanging your API key for an IBM Cloud IAM token. Don't have an API key? Try running `ibmcloud iam oauth-tokens` in the [IBM Cloud Shell](https://cloud.ibm.com/shell) to quickly generate a personal access token. When you use the SDK, configure an IAM authenticator with the IAM API key. The authenticator automatically obtains the IAM access token for the API key and includes it with each request. You can construct an authenticator in either of two ways: - Programmatically by constructing an IAM authenticator instance and supplying your IAM API key - By defining the API key in external configuration properties and then using the SDK authenticator factory to construct an IAM authenticator that uses the configured IAM API key In this example of using external configuration properties, an IAM authenticator instance is created with the configured API key, and then the service client is constructed with this authenticator instance and the configured service URL. For more information, see the Authentication section of the [IBM Cloud SDK Common](https://github.com/IBM/ibm-cloud-sdk-common/blob/main/README.md) documentation. To call each method, you'll need to be assigned a role that includes the required IAM actions. Each method lists the associated action. For more information about IAM actions and how they map to roles, see [IAM Identity service](https://cloud.ibm.com/docs/account?topic=account-account-services#identity-service-account-management). To retrieve your access token: ```bash curl -X POST \\ \"https://iam.cloud.ibm.com/identity/token\" \\ --header 'Content-Type: application/x-www-form-urlencoded' \\ --header 'Accept: application/json' \\ --data-urlencode 'grant_type=urn:ibm:params:oauth:grant-type:apikey' \\ --data-urlencode 'apikey=<API_KEY>' ``` Replace `<API_KEY>` with your IAM API key. Setting client options through external configuration Example environment variables, where `<SERVICE_URL>` is the endpoint URL and `<API_KEY>` is your IAM API key ```sh export IAM_IDENTITY_URL=<SERVICE_URL> export IAM_IDENTITY_AUTHTYPE=iam export IAM_IDENTITY_APIKEY=<API_KEY> ``` Example of constructing the service client ```go import { \"github.com/IBM/platform-services-go-sdk/iamidentityv1\" } ... serviceClientOptions := &iamidentityv1.IamIdentityV1Options{} serviceClient, err := iamidentityv1.NewIamIdentityV1UsingExternalConfig(serviceClientOptions) ``` Setting client options through external configuration Example environment variables, where `<SERVICE_URL>` is the endpoint URL and `<API_KEY>` is your IAM API key ```sh export IAM_IDENTITY_URL=<SERVICE_URL> export IAM_IDENTITY_AUTHTYPE=iam export IAM_IDENTITY_APIKEY=<API_KEY> ``` Example of constructing the service client ```java import com.ibm.cloud.platform_services.iam_identity.v1.IamIdentity; ... IamIdentity serviceClient = IamIdentity.newInstance(); ``` Setting client options through external configuration Example environment variables, where `<SERVICE_URL>` is the endpoint URL and `<API_KEY>` is your IAM API key ```sh export IAM_IDENTITY_URL=<SERVICE_URL> export IAM_IDENTITY_AUTHTYPE=iam export IAM_IDENTITY_APIKEY=<API_KEY> ``` Example of constructing the service client ```javascript const IamIdentityV1 = require('@ibm-cloud/platform-services/iam-identity/v1'); ... const serviceClient = IamIdentityV1.newInstance({}); ``` Setting client options through external configuration Example environment variables, where `<SERVICE_URL>` is the endpoint URL and `<API_KEY>` is your IAM API key ```sh export IAM_IDENTITY_URL=<SERVICE_URL> export IAM_IDENTITY_AUTHTYPE=iam export IAM_IDENTITY_APIKEY=<API_KEY> ``` Example of constructing the service client ```python from ibm_platform_services import IamIdentityV1 ... service_client = IamIdentityV1.new_instance() ``` You authenticate to the API by using Cloud Identity and Access Management (IAM). You can pass either a bearer token in an authorization header or an [API key](https://cloud.ibm.com/docs/account?topic=account-manapikey). The SDK provides initialization methods for each form of authentication. - Use the API key to have the SDK manage the lifecycle of the access token. The SDK requests an access token, ensures that the access token is valid, includes the access token in each outgoing request, and refreshes it when it expires. - Use the access token to manage the lifecycle yourself. Keep in mind that access tokens are valid for 1 hour, so you must refresh them regularly to maintain access. For more information, see [IAM authentication with the SDK](https://github.com/IBM/ibm-cloud-sdk-common/blob/master/README.md#authentication). For more information, see [IAM authentication with the SDK](https://github.com/IBM/ibm-cloud-sdk-common/blob/master/README.md#authentication). For more information, see [IAM authentication with the SDK](https://github.com/IBM/ibm-cloud-sdk-common/blob/master/README.md#authentication). For more information, see [IAM authentication with the SDK](https://github.com/IBM/ibm-cloud-sdk-common/blob/master/README.md#authentication). ## Auditing You can monitor API activity within your account by using the IBM Cloud Logs service. Whenever an API method is called, an event is generated that you can then track and audit from within IBM Cloud Logs. The specific event type is listed for each individual method. If an event is tracked for a method, you can find it listed with the method. For more information about how to track IAM activity, see [Activity tracking events for IAM](https://cloud.ibm.com/docs/account?topic=account-at_events_iam). ## Error handling The IAM Token Service uses standard HTTP response codes to indicate whether a method completed successfully. A `200` response always indicates success. A `400` type response indicates that a parameter validation failed and can occur if required parameters are missing or if any parameter values are invalid. A `401` or `403` response indicates that the incoming request did not contain valid authentication information. A `500` type response indicates an internal server error that is seen in an unexpected error situation. The Identity Services REST APIs return standard HTTP status codes to indicate the success or failure of a request. The format of the response is represented in JSON as follows: ```json { \"trace\": \"9daee671-916a-4678-850b-10b911f0236d\", \"errors\": [ { \"code\": \"invalid_access_token\", \"message\": \"The provided access token provided is invalid.\" } ] \"status_code\": 401 } ``` If an operation cannot be fulfilled, an appropriate 400 or 500 series HTTP response is returned from the server. The operations that are defined in the `Reference` section describe example errors that might be returned from a failed request. All responses from the Identity Services REST API are in JSON format. The following table show the potential error codes the API might return. | HTTP Error Code | Description | Recovery | |-----------------|-------------|----------| | `200` | Success | The request was successful. | | `201` | Created | The resource was successfully created. | | `204` | No Content | The request was successful. No response body is provided. | | `400` | Bad Request | The input parameters in the request body are either incomplete or in the wrong format. Be sure to include all required parameters in your request. | | `401` | Unauthorized | You are not authorized to make this request. The token is either missing or expired. Get a new valid token and try again. | | `403` | Forbidden | The supplied authentication is not authorized to perform the operation. If this error persists, contact the account owner to check your permissions. | | `404` | Not Found | The requested resource can't be found. | | `409` | Conflict | The entity is already in the requested state. | | `429` | Too Many Requests | Too many requests have been made within a time window. Wait before calling the API again. | | `500` | Internal error | Error that is seen in an unexpected error situation. | ## Additional headers Some additional headers might be required to make successful requests to the API. Those additional headers are: An optional transaction ID can be passed to your request, which can be useful for tracking calls through multiple services using one identifier. The header key must be set to `Transaction-Id` and the value is anything that you choose. If there is not a transaction ID that is passed in, then one is generated randomly. ## API Parameters Some API parameter have additional details that need to be considered while using it in a request. Those API parameters are as follow: ### Filtering list results When listing service IDs, trusted profiles or API keys you can filter the result set by providing an optional `filter` parameter. The exact syntax of this parameter is described below. Query syntax will follow the SCIM query syntax with reduced operator support. The value must be URL encoded. Only the following operators are supported. * Supported attribute operators- - `sw` - starts with - `sw_ci` - starts with ingnore case - non SCIM standard - `ew` - ends with - `ew_ci` - ends with ingnore case - non SCIM standard - `co` - contains - `co_ci` - contains ingnore case - non SCIM standard * Supported operators- - `and` - `or` * Grouping operators- - `()` * Data Values -`Text` * Sample - `name co \"Foo\" and description sw \"Bar\"`
|
|
5
|
+
|
|
6
|
+
The version of the OpenAPI document: 1.0.0
|
|
7
|
+
|
|
8
|
+
Generated by: https://openapi-generator.tech
|
|
9
|
+
Generator version: 7.23.0
|
|
10
|
+
|
|
11
|
+
=end
|
|
12
|
+
|
|
13
|
+
module IbmCloudIam
|
|
14
|
+
class ApiModelBase
|
|
15
|
+
# Deserializes the data based on type
|
|
16
|
+
# @param string type Data type
|
|
17
|
+
# @param string value Value to be deserialized
|
|
18
|
+
# @return [Object] Deserialized data
|
|
19
|
+
def self._deserialize(type, value)
|
|
20
|
+
case type.to_sym
|
|
21
|
+
when :Time
|
|
22
|
+
Time.parse(value)
|
|
23
|
+
when :Date
|
|
24
|
+
Date.parse(value)
|
|
25
|
+
when :String
|
|
26
|
+
value.to_s
|
|
27
|
+
when :Integer
|
|
28
|
+
value.to_i
|
|
29
|
+
when :Float
|
|
30
|
+
value.to_f
|
|
31
|
+
when :Boolean
|
|
32
|
+
if value.to_s =~ /\A(true|t|yes|y|1)\z/i
|
|
33
|
+
true
|
|
34
|
+
else
|
|
35
|
+
false
|
|
36
|
+
end
|
|
37
|
+
when :Object
|
|
38
|
+
# generic object (usually a Hash), return directly
|
|
39
|
+
value
|
|
40
|
+
when /\AArray<(?<inner_type>.+)>\z/
|
|
41
|
+
inner_type = Regexp.last_match[:inner_type]
|
|
42
|
+
value.map { |v| _deserialize(inner_type, v) }
|
|
43
|
+
when /\AHash<(?<k_type>.+?), (?<v_type>.+)>\z/
|
|
44
|
+
k_type = Regexp.last_match[:k_type]
|
|
45
|
+
v_type = Regexp.last_match[:v_type]
|
|
46
|
+
{}.tap do |hash|
|
|
47
|
+
value.each do |k, v|
|
|
48
|
+
hash[_deserialize(k_type, k)] = _deserialize(v_type, v)
|
|
49
|
+
end
|
|
50
|
+
end
|
|
51
|
+
else # model
|
|
52
|
+
# models (e.g. Pet) or oneOf
|
|
53
|
+
klass = IbmCloudIam.const_get(type)
|
|
54
|
+
klass.respond_to?(:openapi_any_of) || klass.respond_to?(:openapi_one_of) ? klass.build(value) : klass.build_from_hash(value)
|
|
55
|
+
end
|
|
56
|
+
end
|
|
57
|
+
|
|
58
|
+
# Returns the string representation of the object
|
|
59
|
+
# @return [String] String presentation of the object
|
|
60
|
+
def to_s
|
|
61
|
+
to_hash.to_s
|
|
62
|
+
end
|
|
63
|
+
|
|
64
|
+
# to_body is an alias to to_hash (backward compatibility)
|
|
65
|
+
# @return [Hash] Returns the object in the form of hash
|
|
66
|
+
def to_body
|
|
67
|
+
to_hash
|
|
68
|
+
end
|
|
69
|
+
|
|
70
|
+
# Outputs non-array value in the form of hash
|
|
71
|
+
# For object, use to_hash. Otherwise, just return the value
|
|
72
|
+
# @param [Object] value Any valid value
|
|
73
|
+
# @return [Hash] Returns the value in the form of hash
|
|
74
|
+
def _to_hash(value)
|
|
75
|
+
if value.is_a?(Array)
|
|
76
|
+
value.compact.map { |v| _to_hash(v) }
|
|
77
|
+
elsif value.is_a?(Hash)
|
|
78
|
+
{}.tap do |hash|
|
|
79
|
+
value.each { |k, v| hash[k] = _to_hash(v) }
|
|
80
|
+
end
|
|
81
|
+
elsif value.respond_to? :to_hash
|
|
82
|
+
value.to_hash
|
|
83
|
+
else
|
|
84
|
+
value
|
|
85
|
+
end
|
|
86
|
+
end
|
|
87
|
+
end
|
|
88
|
+
end
|