ibm_cloud_iam 1.0.2 → 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (491) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +548 -36
  3. data/docs/APIKeysApi.md +714 -0
  4. data/docs/AccessGroupCount.md +20 -0
  5. data/docs/AccountBasedMfaEnrollment.md +24 -0
  6. data/docs/AccountIdpSettings.md +32 -0
  7. data/docs/AccountLimitsApi.md +173 -0
  8. data/docs/AccountLoginSettings.md +18 -0
  9. data/docs/AccountSettingsApi.md +224 -0
  10. data/docs/AccountSettingsAssignedTemplatesSection.md +46 -0
  11. data/docs/AccountSettingsEffectiveSection.md +38 -0
  12. data/docs/AccountSettingsForIdPApi.md +489 -0
  13. data/docs/AccountSettingsMeta.md +24 -0
  14. data/docs/AccountSettingsRequest.md +40 -0
  15. data/docs/AccountSettingsResponse.md +48 -0
  16. data/docs/AccountSettingsTemplateApi.md +720 -0
  17. data/docs/AccountSettingsTemplateAssignmentsApi.md +376 -0
  18. data/docs/AccountSettingsTemplateList.md +30 -0
  19. data/docs/AccountSettingsTemplateRequest.md +24 -0
  20. data/docs/AccountSettingsTemplateResponse.md +44 -0
  21. data/docs/AccountSettingsUserDomainRestriction.md +22 -0
  22. data/docs/AccountSettingsUserMFAResponse.md +28 -0
  23. data/docs/ActionControls.md +22 -0
  24. data/docs/ActionControlsIdentities.md +20 -0
  25. data/docs/ActivitiesApi.md +149 -0
  26. data/docs/Activity.md +20 -0
  27. data/docs/AddAccountIdpSettingRequest.md +22 -0
  28. data/docs/ApiKey.md +44 -33
  29. data/docs/ApiKeyInsideCreateServiceIdRequest.md +18 -13
  30. data/docs/ApiKeyList.md +20 -19
  31. data/docs/ApikeyActivity.md +28 -0
  32. data/docs/ApikeyActivityServiceid.md +20 -0
  33. data/docs/ApikeyActivityUser.md +24 -0
  34. data/docs/AssignedTemplatesAccountSettings.md +40 -0
  35. data/docs/CommonAccountSettingsRequest.md +36 -0
  36. data/docs/CommonAccountSettingsResponse.md +34 -0
  37. data/docs/ConsumersResponse.md +20 -0
  38. data/docs/ConsumersResponseConsumersInner.md +20 -0
  39. data/docs/CreateApiKeyRequest.md +24 -17
  40. data/docs/CreateIdpRequest.md +30 -0
  41. data/docs/CreateIdpRequestProperties.md +20 -0
  42. data/docs/CreateIdpRequestPropertiesIdp.md +26 -0
  43. data/docs/CreateIdpRequestPropertiesSp.md +32 -0
  44. data/docs/CreateIdpRequestPropertiesSpAuthnContext.md +20 -0
  45. data/docs/CreateIdpRequestSecrets.md +20 -0
  46. data/docs/CreateIdpRequestSecretsIdp.md +22 -0
  47. data/docs/CreateIdpRequestSecretsIdpSigningInner.md +20 -0
  48. data/docs/CreateIdpRequestSecretsSp.md +18 -0
  49. data/docs/CreateIdpRequestSecretsSpSigningInner.md +24 -0
  50. data/docs/CreateProfileLinkRequest.md +24 -0
  51. data/docs/CreateProfileLinkRequestLink.md +26 -0
  52. data/docs/CreateServiceIdGroupRequest.md +22 -0
  53. data/docs/CreateServiceIdRequest.md +18 -15
  54. data/docs/CreateTemplateAssignmentRequest.md +24 -0
  55. data/docs/CreateTrustedProfileRequest.md +24 -0
  56. data/docs/EffectiveAccountSettingsResponse.md +26 -0
  57. data/docs/EnityHistoryRecord.md +18 -17
  58. data/docs/EntityActivity.md +22 -0
  59. data/docs/Error.md +14 -13
  60. data/docs/ExceptionResponse.md +14 -13
  61. data/docs/ExceptionResponseContext.md +30 -29
  62. data/docs/IDPManagementApi.md +692 -0
  63. data/docs/IdBasedMfaEnrollment.md +26 -0
  64. data/docs/IdentityCount.md +20 -0
  65. data/docs/IdentityLimitsUsageRequest.md +42 -0
  66. data/docs/IdentityLimitsUsageResponse.md +44 -0
  67. data/docs/IdentityLimitsUsageResponseApikeysPerIdentity.md +20 -0
  68. data/docs/IdentityLimitsUsageResponseClaimRulesPerGroup.md +20 -0
  69. data/docs/IdentityLimitsUsageResponseClaimRulesPerProfile.md +20 -0
  70. data/docs/IdentityLimitsUsageResponseServiceidsPerGroup.md +20 -0
  71. data/docs/IdentityLimitsUsageResponseTemplateVersionsPerTemplate.md +20 -0
  72. data/docs/IdentityPreferenceResponse.md +28 -0
  73. data/docs/IdentityPreferencesApi.md +304 -0
  74. data/docs/IdentityPreferencesResponse.md +18 -0
  75. data/docs/Idp.md +38 -0
  76. data/docs/LimitCount.md +20 -0
  77. data/docs/ListIdPSettings200Response.md +18 -0
  78. data/docs/ListIdps200Response.md +18 -0
  79. data/docs/MFAEnrollmentStatusApi.md +216 -0
  80. data/docs/MFARequirementsResponse.md +12 -11
  81. data/docs/MfaEnrollmentTypeStatus.md +20 -0
  82. data/docs/MfaOptions.md +15 -0
  83. data/docs/OidcExceptionResponse.md +16 -15
  84. data/docs/PolicyTemplateReference.md +20 -0
  85. data/docs/ProfileClaimRule.md +36 -0
  86. data/docs/ProfileClaimRuleConditions.md +22 -0
  87. data/docs/ProfileClaimRuleList.md +20 -0
  88. data/docs/ProfileClaimRuleRequest.md +30 -0
  89. data/docs/ProfileCount.md +20 -0
  90. data/docs/ProfileIdentitiesResponse.md +20 -0
  91. data/docs/ProfileIdentitiesUpdateRequest.md +18 -0
  92. data/docs/ProfileIdentityRequest.md +24 -0
  93. data/docs/ProfileIdentityResponse.md +26 -0
  94. data/docs/ProfileLink.md +32 -0
  95. data/docs/ProfileLinkLink.md +26 -0
  96. data/docs/ProfileLinkList.md +18 -0
  97. data/docs/Report.md +34 -0
  98. data/docs/ReportMfaEnrollmentStatus.md +28 -0
  99. data/docs/ReportReference.md +18 -0
  100. data/docs/ResponseContext.md +28 -27
  101. data/docs/RetrictActions.md +15 -0
  102. data/docs/SamlMetadataImportResponse.md +42 -0
  103. data/docs/ServiceIDGroupsApi.md +347 -0
  104. data/docs/ServiceIDsApi.md +515 -0
  105. data/docs/ServiceId.md +38 -33
  106. data/docs/ServiceIdGroup.md +34 -0
  107. data/docs/ServiceIdGroupCount.md +20 -0
  108. data/docs/ServiceIdGroupList.md +18 -0
  109. data/docs/ServiceIdList.md +20 -19
  110. data/docs/ShareScope.md +20 -0
  111. data/docs/TemplateAccountSettings.md +40 -0
  112. data/docs/TemplateAccountSettingsAllOfRestrictUserDomains.md +20 -0
  113. data/docs/TemplateAssignmentListResponse.md +30 -0
  114. data/docs/TemplateAssignmentResource.md +18 -0
  115. data/docs/TemplateAssignmentResourceError.md +24 -0
  116. data/docs/TemplateAssignmentResponse.md +48 -0
  117. data/docs/TemplateAssignmentResponseResource.md +24 -0
  118. data/docs/TemplateAssignmentResponseResourceDetail.md +26 -0
  119. data/docs/TemplateCount.md +20 -0
  120. data/docs/TemplateProfileComponentRequest.md +26 -0
  121. data/docs/TemplateProfileComponentResponse.md +26 -0
  122. data/docs/TestResult.md +28 -0
  123. data/docs/TestResultStepsInner.md +24 -0
  124. data/docs/TestTriggerResponse.md +20 -0
  125. data/docs/TokenResponse.md +18 -17
  126. data/docs/TokenRetrievalApi.md +461 -0
  127. data/docs/TrustedProfile.md +50 -0
  128. data/docs/TrustedProfileTemplateApi.md +720 -0
  129. data/docs/TrustedProfileTemplateAssignmentsApi.md +376 -0
  130. data/docs/TrustedProfileTemplateClaimRule.md +26 -0
  131. data/docs/TrustedProfileTemplateList.md +30 -0
  132. data/docs/TrustedProfileTemplateRequest.md +28 -0
  133. data/docs/TrustedProfileTemplateResponse.md +48 -0
  134. data/docs/TrustedProfilesApi.md +1414 -0
  135. data/docs/TrustedProfilesList.md +30 -0
  136. data/docs/UpdateAccountIdpSettingRequest.md +22 -0
  137. data/docs/UpdateAccountLoginSettings.md +18 -0
  138. data/docs/UpdateApiKeyRequest.md +16 -9
  139. data/docs/UpdateIdPRequest.md +28 -0
  140. data/docs/UpdateIdPRequestProperties.md +20 -0
  141. data/docs/UpdateIdPRequestPropertiesIdp.md +24 -0
  142. data/docs/UpdateIdPRequestSecrets.md +20 -0
  143. data/docs/UpdateIdPRequestSecretsIdp.md +20 -0
  144. data/docs/UpdatePreferenceRequest.md +20 -0
  145. data/docs/UpdateServiceIdGroupRequest.md +20 -0
  146. data/docs/UpdateServiceIdRequest.md +12 -11
  147. data/docs/UpdateTemplateAssignmentRequest.md +18 -0
  148. data/docs/UpdateTrustedProfileRequest.md +22 -0
  149. data/docs/UserActivity.md +26 -0
  150. data/docs/UserMFAResolved.md +24 -0
  151. data/docs/UserMfa.md +20 -0
  152. data/docs/UserMfaEnrollments.md +24 -0
  153. data/docs/UserReportMfaEnrollmentStatus.md +30 -0
  154. data/docs/UserVisbilityRetrictActions.md +15 -0
  155. data/docs/UserVisbilityRetrictActionsForTemplate.md +15 -0
  156. data/git_push.sh +3 -4
  157. data/ibm_cloud_iam.gemspec +6 -6
  158. data/lib/ibm_cloud_iam/api/account_limits_api.rb +208 -0
  159. data/lib/ibm_cloud_iam/api/account_settings_api.rb +262 -0
  160. data/lib/ibm_cloud_iam/api/account_settings_for_id_p_api.rb +571 -0
  161. data/lib/ibm_cloud_iam/api/account_settings_template_api.rb +823 -0
  162. data/lib/ibm_cloud_iam/api/account_settings_template_assignments_api.rb +422 -0
  163. data/lib/ibm_cloud_iam/api/activities_api.rb +174 -0
  164. data/lib/ibm_cloud_iam/api/api_keys_api.rb +786 -0
  165. data/lib/ibm_cloud_iam/api/identity_preferences_api.rb +357 -0
  166. data/lib/ibm_cloud_iam/api/idp_management_api.rb +744 -0
  167. data/lib/ibm_cloud_iam/api/mfa_enrollment_status_api.rb +248 -0
  168. data/lib/ibm_cloud_iam/api/service_id_groups_api.rb +392 -0
  169. data/lib/ibm_cloud_iam/api/service_ids_api.rb +575 -0
  170. data/lib/ibm_cloud_iam/api/token_retrieval_api.rb +557 -0
  171. data/lib/ibm_cloud_iam/api/trusted_profile_template_api.rb +823 -0
  172. data/lib/ibm_cloud_iam/api/trusted_profile_template_assignments_api.rb +422 -0
  173. data/lib/ibm_cloud_iam/api/trusted_profiles_api.rb +1630 -0
  174. data/lib/ibm_cloud_iam/api_client.rb +74 -65
  175. data/lib/ibm_cloud_iam/api_error.rb +4 -3
  176. data/lib/ibm_cloud_iam/api_model_base.rb +88 -0
  177. data/lib/ibm_cloud_iam/configuration.rb +75 -15
  178. data/lib/ibm_cloud_iam/models/access_group_count.rb +159 -0
  179. data/lib/ibm_cloud_iam/models/account_based_mfa_enrollment.rb +243 -0
  180. data/lib/ibm_cloud_iam/models/account_idp_settings.rb +244 -0
  181. data/lib/ibm_cloud_iam/models/account_login_settings.rb +147 -0
  182. data/lib/ibm_cloud_iam/models/account_settings_assigned_templates_section.rb +377 -0
  183. data/lib/ibm_cloud_iam/models/account_settings_effective_section.rb +282 -0
  184. data/lib/ibm_cloud_iam/models/account_settings_meta.rb +179 -0
  185. data/lib/ibm_cloud_iam/models/account_settings_request.rb +301 -0
  186. data/lib/ibm_cloud_iam/models/account_settings_response.rb +567 -0
  187. data/lib/ibm_cloud_iam/models/account_settings_template_list.rb +256 -0
  188. data/lib/ibm_cloud_iam/models/account_settings_template_request.rb +178 -0
  189. data/lib/ibm_cloud_iam/models/account_settings_template_response.rb +416 -0
  190. data/lib/ibm_cloud_iam/models/account_settings_user_domain_restriction.rb +188 -0
  191. data/lib/ibm_cloud_iam/models/account_settings_user_mfa_response.rb +261 -0
  192. data/lib/ibm_cloud_iam/models/action_controls.rb +199 -0
  193. data/lib/ibm_cloud_iam/models/action_controls_identities.rb +190 -0
  194. data/lib/ibm_cloud_iam/models/activity.rb +175 -0
  195. data/lib/ibm_cloud_iam/models/add_account_idp_setting_request.rb +243 -0
  196. data/lib/ibm_cloud_iam/models/api_key.rb +188 -104
  197. data/lib/ibm_cloud_iam/models/api_key_inside_create_service_id_request.rb +70 -99
  198. data/lib/ibm_cloud_iam/models/api_key_list.rb +46 -95
  199. data/lib/ibm_cloud_iam/models/apikey_activity.rb +231 -0
  200. data/lib/ibm_cloud_iam/models/apikey_activity_serviceid.rb +159 -0
  201. data/lib/ibm_cloud_iam/models/apikey_activity_user.rb +179 -0
  202. data/lib/ibm_cloud_iam/models/assigned_templates_account_settings.rb +296 -0
  203. data/lib/ibm_cloud_iam/models/common_account_settings_request.rb +272 -0
  204. data/lib/ibm_cloud_iam/models/common_account_settings_response.rb +260 -0
  205. data/lib/ibm_cloud_iam/models/consumers_response.rb +158 -0
  206. data/lib/ibm_cloud_iam/models/consumers_response_consumers_inner.rb +158 -0
  207. data/lib/ibm_cloud_iam/models/create_api_key_request.rb +92 -99
  208. data/lib/ibm_cloud_iam/models/create_idp_request.rb +283 -0
  209. data/lib/ibm_cloud_iam/models/create_idp_request_properties.rb +157 -0
  210. data/lib/ibm_cloud_iam/models/create_idp_request_properties_idp.rb +189 -0
  211. data/lib/ibm_cloud_iam/models/create_idp_request_properties_sp.rb +222 -0
  212. data/lib/ibm_cloud_iam/models/create_idp_request_properties_sp_authn_context.rb +163 -0
  213. data/lib/ibm_cloud_iam/models/create_idp_request_secrets.rb +157 -0
  214. data/lib/ibm_cloud_iam/models/create_idp_request_secrets_idp.rb +173 -0
  215. data/lib/ibm_cloud_iam/models/create_idp_request_secrets_idp_signing_inner.rb +192 -0
  216. data/lib/ibm_cloud_iam/models/create_idp_request_secrets_sp.rb +151 -0
  217. data/lib/ibm_cloud_iam/models/create_idp_request_secrets_sp_signing_inner.rb +212 -0
  218. data/lib/ibm_cloud_iam/models/create_profile_link_request.rb +211 -0
  219. data/lib/ibm_cloud_iam/models/create_profile_link_request_link.rb +206 -0
  220. data/lib/ibm_cloud_iam/models/create_service_id_group_request.rb +203 -0
  221. data/lib/ibm_cloud_iam/models/create_service_id_request.rb +68 -95
  222. data/lib/ibm_cloud_iam/models/create_template_assignment_request.rb +280 -0
  223. data/lib/ibm_cloud_iam/models/create_trusted_profile_request.rb +213 -0
  224. data/lib/ibm_cloud_iam/models/effective_account_settings_response.rb +239 -0
  225. data/lib/ibm_cloud_iam/models/enity_history_record.rb +112 -101
  226. data/lib/ibm_cloud_iam/models/entity_activity.rb +185 -0
  227. data/lib/ibm_cloud_iam/models/error.rb +69 -94
  228. data/lib/ibm_cloud_iam/models/exception_response.rb +57 -94
  229. data/lib/ibm_cloud_iam/models/exception_response_context.rb +33 -94
  230. data/lib/ibm_cloud_iam/models/id_based_mfa_enrollment.rb +270 -0
  231. data/lib/ibm_cloud_iam/models/identity_count.rb +159 -0
  232. data/lib/ibm_cloud_iam/models/identity_limits_usage_request.rb +283 -0
  233. data/lib/ibm_cloud_iam/models/identity_limits_usage_response.rb +265 -0
  234. data/lib/ibm_cloud_iam/models/identity_limits_usage_response_apikeys_per_identity.rb +178 -0
  235. data/lib/ibm_cloud_iam/models/identity_limits_usage_response_claim_rules_per_group.rb +178 -0
  236. data/lib/ibm_cloud_iam/models/identity_limits_usage_response_claim_rules_per_profile.rb +178 -0
  237. data/lib/ibm_cloud_iam/models/identity_limits_usage_response_serviceids_per_group.rb +178 -0
  238. data/lib/ibm_cloud_iam/models/identity_limits_usage_response_template_versions_per_template.rb +178 -0
  239. data/lib/ibm_cloud_iam/models/identity_preference_response.rb +200 -0
  240. data/lib/ibm_cloud_iam/models/identity_preferences_response.rb +167 -0
  241. data/lib/ibm_cloud_iam/models/idp.rb +239 -0
  242. data/lib/ibm_cloud_iam/models/limit_count.rb +176 -0
  243. data/lib/ibm_cloud_iam/models/list_id_p_settings200_response.rb +149 -0
  244. data/lib/ibm_cloud_iam/models/list_idps200_response.rb +149 -0
  245. data/lib/ibm_cloud_iam/models/mfa_enrollment_type_status.rb +192 -0
  246. data/lib/ibm_cloud_iam/models/mfa_options.rb +45 -0
  247. data/lib/ibm_cloud_iam/models/mfa_requirements_response.rb +69 -94
  248. data/lib/ibm_cloud_iam/models/oidc_exception_response.rb +57 -94
  249. data/lib/ibm_cloud_iam/models/policy_template_reference.rb +193 -0
  250. data/lib/ibm_cloud_iam/models/profile_claim_rule.rb +342 -0
  251. data/lib/ibm_cloud_iam/models/profile_claim_rule_conditions.rb +219 -0
  252. data/lib/ibm_cloud_iam/models/profile_claim_rule_list.rb +176 -0
  253. data/lib/ibm_cloud_iam/models/profile_claim_rule_request.rb +243 -0
  254. data/lib/ibm_cloud_iam/models/profile_count.rb +159 -0
  255. data/lib/ibm_cloud_iam/models/profile_identities_response.rb +160 -0
  256. data/lib/ibm_cloud_iam/models/profile_identities_update_request.rb +150 -0
  257. data/lib/ibm_cloud_iam/models/profile_identity_request.rb +238 -0
  258. data/lib/ibm_cloud_iam/models/profile_identity_response.rb +265 -0
  259. data/lib/ibm_cloud_iam/models/profile_link.rb +320 -0
  260. data/lib/ibm_cloud_iam/models/profile_link_link.rb +188 -0
  261. data/lib/ibm_cloud_iam/models/profile_link_list.rb +167 -0
  262. data/lib/ibm_cloud_iam/models/report.rb +321 -0
  263. data/lib/ibm_cloud_iam/models/report_mfa_enrollment_status.rb +268 -0
  264. data/lib/ibm_cloud_iam/models/report_reference.rb +165 -0
  265. data/lib/ibm_cloud_iam/models/response_context.rb +33 -94
  266. data/lib/ibm_cloud_iam/models/retrict_actions.rb +41 -0
  267. data/lib/ibm_cloud_iam/models/saml_metadata_import_response.rb +494 -0
  268. data/lib/ibm_cloud_iam/models/service_id.rb +184 -108
  269. data/lib/ibm_cloud_iam/models/service_id_group.rb +313 -0
  270. data/lib/ibm_cloud_iam/models/service_id_group_count.rb +159 -0
  271. data/lib/ibm_cloud_iam/models/service_id_group_list.rb +167 -0
  272. data/lib/ibm_cloud_iam/models/service_id_list.rb +47 -96
  273. data/lib/ibm_cloud_iam/models/share_scope.rb +190 -0
  274. data/lib/ibm_cloud_iam/models/template_account_settings.rb +296 -0
  275. data/lib/ibm_cloud_iam/models/template_account_settings_all_of_restrict_user_domains.rb +159 -0
  276. data/lib/ibm_cloud_iam/models/template_assignment_list_response.rb +227 -0
  277. data/lib/ibm_cloud_iam/models/template_assignment_resource.rb +149 -0
  278. data/lib/ibm_cloud_iam/models/template_assignment_resource_error.rb +179 -0
  279. data/lib/ibm_cloud_iam/models/template_assignment_response.rb +506 -0
  280. data/lib/ibm_cloud_iam/models/template_assignment_response_resource.rb +196 -0
  281. data/lib/ibm_cloud_iam/models/template_assignment_response_resource_detail.rb +203 -0
  282. data/lib/ibm_cloud_iam/models/template_count.rb +159 -0
  283. data/lib/ibm_cloud_iam/models/template_profile_component_request.rb +210 -0
  284. data/lib/ibm_cloud_iam/models/template_profile_component_response.rb +210 -0
  285. data/lib/ibm_cloud_iam/models/test_result.rb +194 -0
  286. data/lib/ibm_cloud_iam/models/test_result_steps_inner.rb +174 -0
  287. data/lib/ibm_cloud_iam/models/test_trigger_response.rb +156 -0
  288. data/lib/ibm_cloud_iam/models/token_response.rb +34 -105
  289. data/lib/ibm_cloud_iam/models/trusted_profile.rb +411 -0
  290. data/lib/ibm_cloud_iam/models/trusted_profile_template_claim_rule.rb +248 -0
  291. data/lib/ibm_cloud_iam/models/trusted_profile_template_list.rb +256 -0
  292. data/lib/ibm_cloud_iam/models/trusted_profile_template_request.rb +199 -0
  293. data/lib/ibm_cloud_iam/models/trusted_profile_template_response.rb +369 -0
  294. data/lib/ibm_cloud_iam/models/trusted_profiles_list.rb +227 -0
  295. data/lib/ibm_cloud_iam/models/update_account_idp_setting_request.rb +202 -0
  296. data/lib/ibm_cloud_iam/models/update_account_login_settings.rb +148 -0
  297. data/lib/ibm_cloud_iam/models/update_api_key_request.rb +68 -99
  298. data/lib/ibm_cloud_iam/models/update_id_p_request.rb +198 -0
  299. data/lib/ibm_cloud_iam/models/update_id_p_request_properties.rb +157 -0
  300. data/lib/ibm_cloud_iam/models/update_id_p_request_properties_idp.rb +179 -0
  301. data/lib/ibm_cloud_iam/models/update_id_p_request_secrets.rb +157 -0
  302. data/lib/ibm_cloud_iam/models/update_id_p_request_secrets_idp.rb +163 -0
  303. data/lib/ibm_cloud_iam/models/update_preference_request.rb +161 -0
  304. data/lib/ibm_cloud_iam/models/update_service_id_group_request.rb +176 -0
  305. data/lib/ibm_cloud_iam/models/update_service_id_request.rb +34 -95
  306. data/lib/ibm_cloud_iam/models/update_template_assignment_request.rb +175 -0
  307. data/lib/ibm_cloud_iam/models/update_trusted_profile_request.rb +169 -0
  308. data/lib/ibm_cloud_iam/models/user_activity.rb +222 -0
  309. data/lib/ibm_cloud_iam/models/user_mfa.rb +179 -0
  310. data/lib/ibm_cloud_iam/models/user_mfa_enrollments.rb +193 -0
  311. data/lib/ibm_cloud_iam/models/user_mfa_resolved.rb +178 -0
  312. data/lib/ibm_cloud_iam/models/user_report_mfa_enrollment_status.rb +291 -0
  313. data/lib/ibm_cloud_iam/models/user_visbility_retrict_actions.rb +40 -0
  314. data/lib/ibm_cloud_iam/models/user_visbility_retrict_actions_for_template.rb +41 -0
  315. data/lib/ibm_cloud_iam/version.rb +4 -4
  316. data/lib/ibm_cloud_iam.rb +140 -9
  317. data/spec/api/account_limits_api_spec.rb +75 -0
  318. data/spec/api/account_settings_api_spec.rb +80 -0
  319. data/spec/api/account_settings_for_id_p_api_spec.rb +132 -0
  320. data/spec/api/account_settings_template_api_spec.rb +184 -0
  321. data/spec/api/account_settings_template_assignments_api_spec.rb +112 -0
  322. data/spec/api/activities_api_spec.rb +64 -0
  323. data/spec/api/api_keys_api_spec.rb +182 -0
  324. data/spec/api/identity_preferences_api_spec.rb +98 -0
  325. data/spec/api/idp_management_api_spec.rb +166 -0
  326. data/spec/api/mfa_enrollment_status_api_spec.rb +77 -0
  327. data/spec/api/service_id_groups_api_spec.rb +102 -0
  328. data/spec/api/service_ids_api_spec.rb +143 -0
  329. data/spec/api/token_retrieval_api_spec.rb +134 -0
  330. data/spec/api/trusted_profile_template_api_spec.rb +184 -0
  331. data/spec/api/trusted_profile_template_assignments_api_spec.rb +112 -0
  332. data/spec/api/trusted_profiles_api_spec.rb +328 -0
  333. data/spec/models/access_group_count_spec.rb +42 -0
  334. data/spec/models/account_based_mfa_enrollment_spec.rb +54 -0
  335. data/spec/models/account_idp_settings_spec.rb +82 -0
  336. data/spec/models/account_login_settings_spec.rb +36 -0
  337. data/spec/models/account_settings_assigned_templates_section_spec.rb +120 -0
  338. data/spec/models/account_settings_effective_section_spec.rb +96 -0
  339. data/spec/models/account_settings_meta_spec.rb +54 -0
  340. data/spec/models/account_settings_request_spec.rb +102 -0
  341. data/spec/models/account_settings_response_spec.rb +126 -0
  342. data/spec/models/account_settings_template_list_spec.rb +72 -0
  343. data/spec/models/account_settings_template_request_spec.rb +54 -0
  344. data/spec/models/account_settings_template_response_spec.rb +114 -0
  345. data/spec/models/account_settings_user_domain_restriction_spec.rb +48 -0
  346. data/spec/models/account_settings_user_mfa_response_spec.rb +66 -0
  347. data/spec/models/action_controls_identities_spec.rb +42 -0
  348. data/spec/models/action_controls_spec.rb +48 -0
  349. data/spec/models/activity_spec.rb +42 -0
  350. data/spec/models/add_account_idp_setting_request_spec.rb +52 -0
  351. data/spec/models/api_key_inside_create_service_id_request_spec.rb +24 -17
  352. data/spec/models/api_key_list_spec.rb +15 -20
  353. data/spec/models/api_key_spec.rb +52 -27
  354. data/spec/models/apikey_activity_serviceid_spec.rb +42 -0
  355. data/spec/models/apikey_activity_spec.rb +66 -0
  356. data/spec/models/apikey_activity_user_spec.rb +54 -0
  357. data/spec/models/assigned_templates_account_settings_spec.rb +102 -0
  358. data/spec/models/common_account_settings_request_spec.rb +90 -0
  359. data/spec/models/common_account_settings_response_spec.rb +84 -0
  360. data/spec/models/consumers_response_consumers_inner_spec.rb +42 -0
  361. data/spec/models/consumers_response_spec.rb +42 -0
  362. data/spec/models/create_api_key_request_spec.rb +32 -19
  363. data/spec/models/create_idp_request_properties_idp_spec.rb +60 -0
  364. data/spec/models/create_idp_request_properties_sp_authn_context_spec.rb +42 -0
  365. data/spec/models/create_idp_request_properties_sp_spec.rb +78 -0
  366. data/spec/models/create_idp_request_properties_spec.rb +42 -0
  367. data/spec/models/create_idp_request_secrets_idp_signing_inner_spec.rb +46 -0
  368. data/spec/models/create_idp_request_secrets_idp_spec.rb +48 -0
  369. data/spec/models/create_idp_request_secrets_sp_signing_inner_spec.rb +58 -0
  370. data/spec/models/create_idp_request_secrets_sp_spec.rb +36 -0
  371. data/spec/models/create_idp_request_secrets_spec.rb +42 -0
  372. data/spec/models/create_idp_request_spec.rb +76 -0
  373. data/spec/models/create_profile_link_request_link_spec.rb +60 -0
  374. data/spec/models/create_profile_link_request_spec.rb +54 -0
  375. data/spec/models/create_service_id_group_request_spec.rb +48 -0
  376. data/spec/models/create_service_id_request_spec.rb +19 -18
  377. data/spec/models/create_template_assignment_request_spec.rb +58 -0
  378. data/spec/models/create_trusted_profile_request_spec.rb +54 -0
  379. data/spec/models/effective_account_settings_response_spec.rb +60 -0
  380. data/spec/models/enity_history_record_spec.rb +14 -19
  381. data/spec/models/entity_activity_spec.rb +48 -0
  382. data/spec/models/error_spec.rb +12 -17
  383. data/spec/models/exception_response_context_spec.rb +20 -25
  384. data/spec/models/exception_response_spec.rb +12 -17
  385. data/spec/models/id_based_mfa_enrollment_spec.rb +64 -0
  386. data/spec/models/identity_count_spec.rb +42 -0
  387. data/spec/models/identity_limits_usage_request_spec.rb +108 -0
  388. data/spec/models/identity_limits_usage_response_apikeys_per_identity_spec.rb +42 -0
  389. data/spec/models/identity_limits_usage_response_claim_rules_per_group_spec.rb +42 -0
  390. data/spec/models/identity_limits_usage_response_claim_rules_per_profile_spec.rb +42 -0
  391. data/spec/models/identity_limits_usage_response_serviceids_per_group_spec.rb +42 -0
  392. data/spec/models/identity_limits_usage_response_spec.rb +114 -0
  393. data/spec/models/identity_limits_usage_response_template_versions_per_template_spec.rb +42 -0
  394. data/spec/models/identity_preference_response_spec.rb +66 -0
  395. data/spec/models/identity_preferences_response_spec.rb +36 -0
  396. data/spec/models/idp_spec.rb +96 -0
  397. data/spec/models/limit_count_spec.rb +42 -0
  398. data/spec/models/list_id_p_settings200_response_spec.rb +36 -0
  399. data/spec/models/list_idps200_response_spec.rb +36 -0
  400. data/spec/models/mfa_enrollment_type_status_spec.rb +42 -0
  401. data/spec/models/mfa_options_spec.rb +30 -0
  402. data/spec/models/mfa_requirements_response_spec.rb +11 -16
  403. data/spec/models/oidc_exception_response_spec.rb +13 -18
  404. data/spec/models/policy_template_reference_spec.rb +42 -0
  405. data/spec/models/profile_claim_rule_conditions_spec.rb +48 -0
  406. data/spec/models/profile_claim_rule_list_spec.rb +42 -0
  407. data/spec/models/profile_claim_rule_request_spec.rb +72 -0
  408. data/spec/models/profile_claim_rule_spec.rb +90 -0
  409. data/spec/models/profile_count_spec.rb +42 -0
  410. data/spec/models/profile_identities_response_spec.rb +42 -0
  411. data/spec/models/profile_identities_update_request_spec.rb +36 -0
  412. data/spec/models/profile_identity_request_spec.rb +58 -0
  413. data/spec/models/profile_identity_response_spec.rb +64 -0
  414. data/spec/models/profile_link_link_spec.rb +60 -0
  415. data/spec/models/profile_link_list_spec.rb +36 -0
  416. data/spec/models/profile_link_spec.rb +78 -0
  417. data/spec/models/report_mfa_enrollment_status_spec.rb +66 -0
  418. data/spec/models/report_reference_spec.rb +36 -0
  419. data/spec/models/report_spec.rb +84 -0
  420. data/spec/models/response_context_spec.rb +19 -24
  421. data/spec/models/retrict_actions_spec.rb +30 -0
  422. data/spec/models/saml_metadata_import_response_spec.rb +112 -0
  423. data/spec/models/service_id_group_count_spec.rb +42 -0
  424. data/spec/models/service_id_group_list_spec.rb +36 -0
  425. data/spec/models/service_id_group_spec.rb +84 -0
  426. data/spec/models/service_id_list_spec.rb +15 -20
  427. data/spec/models/service_id_spec.rb +34 -27
  428. data/spec/models/share_scope_spec.rb +46 -0
  429. data/spec/models/template_account_settings_all_of_restrict_user_domains_spec.rb +42 -0
  430. data/spec/models/template_account_settings_spec.rb +102 -0
  431. data/spec/models/template_assignment_list_response_spec.rb +72 -0
  432. data/spec/models/template_assignment_resource_error_spec.rb +54 -0
  433. data/spec/models/template_assignment_resource_spec.rb +36 -0
  434. data/spec/models/template_assignment_response_resource_detail_spec.rb +60 -0
  435. data/spec/models/template_assignment_response_resource_spec.rb +54 -0
  436. data/spec/models/template_assignment_response_spec.rb +126 -0
  437. data/spec/models/template_count_spec.rb +42 -0
  438. data/spec/models/template_profile_component_request_spec.rb +60 -0
  439. data/spec/models/template_profile_component_response_spec.rb +60 -0
  440. data/spec/models/test_result_spec.rb +66 -0
  441. data/spec/models/test_result_steps_inner_spec.rb +54 -0
  442. data/spec/models/test_trigger_response_spec.rb +42 -0
  443. data/spec/models/token_response_spec.rb +14 -19
  444. data/spec/models/trusted_profile_spec.rb +132 -0
  445. data/spec/models/trusted_profile_template_claim_rule_spec.rb +64 -0
  446. data/spec/models/trusted_profile_template_list_spec.rb +72 -0
  447. data/spec/models/trusted_profile_template_request_spec.rb +66 -0
  448. data/spec/models/trusted_profile_template_response_spec.rb +126 -0
  449. data/spec/models/trusted_profiles_list_spec.rb +72 -0
  450. data/spec/models/update_account_idp_setting_request_spec.rb +52 -0
  451. data/spec/models/update_account_login_settings_spec.rb +36 -0
  452. data/spec/models/update_api_key_request_spec.rb +28 -15
  453. data/spec/models/update_id_p_request_properties_idp_spec.rb +54 -0
  454. data/spec/models/update_id_p_request_properties_spec.rb +42 -0
  455. data/spec/models/update_id_p_request_secrets_idp_spec.rb +42 -0
  456. data/spec/models/update_id_p_request_secrets_spec.rb +42 -0
  457. data/spec/models/update_id_p_request_spec.rb +66 -0
  458. data/spec/models/update_preference_request_spec.rb +42 -0
  459. data/spec/models/update_service_id_group_request_spec.rb +42 -0
  460. data/spec/models/update_service_id_request_spec.rb +11 -16
  461. data/spec/models/update_template_assignment_request_spec.rb +36 -0
  462. data/spec/models/update_trusted_profile_request_spec.rb +48 -0
  463. data/spec/models/user_activity_spec.rb +60 -0
  464. data/spec/models/user_mfa_enrollments_spec.rb +54 -0
  465. data/spec/models/user_mfa_resolved_spec.rb +54 -0
  466. data/spec/models/user_mfa_spec.rb +42 -0
  467. data/spec/models/user_report_mfa_enrollment_status_spec.rb +72 -0
  468. data/spec/models/user_visbility_retrict_actions_for_template_spec.rb +30 -0
  469. data/spec/models/user_visbility_retrict_actions_spec.rb +30 -0
  470. data/spec/spec_helper.rb +3 -3
  471. metadata +549 -35
  472. data/docs/IdentityOperationsApi.md +0 -828
  473. data/docs/InlineObject.md +0 -19
  474. data/docs/InlineObject1.md +0 -23
  475. data/docs/InlineObject2.md +0 -21
  476. data/docs/InlineObject3.md +0 -25
  477. data/docs/TokenOperationsApi.md +0 -226
  478. data/lib/ibm_cloud_iam/api/identity_operations_api.rb +0 -1083
  479. data/lib/ibm_cloud_iam/api/token_operations_api.rb +0 -351
  480. data/lib/ibm_cloud_iam/models/inline_object.rb +0 -229
  481. data/lib/ibm_cloud_iam/models/inline_object1.rb +0 -254
  482. data/lib/ibm_cloud_iam/models/inline_object2.rb +0 -244
  483. data/lib/ibm_cloud_iam/models/inline_object3.rb +0 -269
  484. data/spec/api/identity_operations_api_spec.rb +0 -253
  485. data/spec/api/token_operations_api_spec.rb +0 -94
  486. data/spec/api_client_spec.rb +0 -226
  487. data/spec/configuration_spec.rb +0 -42
  488. data/spec/models/inline_object1_spec.rb +0 -59
  489. data/spec/models/inline_object2_spec.rb +0 -53
  490. data/spec/models/inline_object3_spec.rb +0 -65
  491. data/spec/models/inline_object_spec.rb +0 -47
@@ -0,0 +1,192 @@
1
+ =begin
2
+ #IAM Identity Services
3
+
4
+ #  ## Introduction The IAM Identity Service API is used to manage service IDs, API key identities, trusted profiles, account security settings and to create IAM access tokens for a user or service ID. With trusted profile templates and assignments you can centrally manage access for child accounts in your organization from the root enterprise account. Similarly with settings templates and assignments, you can centrally administer account security settings. For more information, see [Working with template versions](https://cloud.ibm.com/docs/secure-enterprise?topic=secure-enterprise-working-with-versions&interface=ui) and [Best practices for assigning access in an enterprise](https://cloud.ibm.com/docs/secure-enterprise?topic=secure-enterprise-access-enterprises). SDKs for Java, Node, Python, and Go are available to make it easier to programmatically access the API from your code. The client libraries that are provided by the SDKs implement best practices for using the API and reduce the amount of code that you need to write. The tab for each language includes code examples that demonstrate how to use the client libraries. For more information about using the SDKs, see the [IBM Cloud SDK Common project](https://github.com/IBM/ibm-cloud-sdk-common) on GitHub. Installing the Java SDK Maven ```xml <dependency> <groupId>com.ibm.cloud</groupId> <artifactId>iam-identity</artifactId> <version>{version}</version> </dependency> ``` Gradle ```bash compile 'com.ibm.cloud:iam-identity:{version}' ``` Replace `{version}` in these examples with the release version. View on GitHub [https://github.com/IBM/platform-services-java-sdk](https://github.com/IBM/platform-services-java-sdk) Installing the Go SDK Go modules (recommended): Add the following import in your code, and then run `go build` or `go mod tidy` ```go import ( \"github.com/IBM/platform-services-go-sdk/iamidentityv1\" ) ``` ```bash go get -u github.com/IBM/platform-services-go-sdk/iamidentityv1 ``` View on GitHub [https://github.com/IBM/platform-services-go-sdk](https://github.com/IBM/platform-services-go-sdk) Installing the Node SDK ```bash npm install @ibm-cloud/platform-services ``` View on GitHub [https://github.com/IBM/platform-services-node-sdk](https://github.com/IBM/platform-services-node-sdk) Installing the Python SDK ```bash pip install --upgrade \"ibm-platform-services\" ``` View on GitHub [https://github.com/IBM/platform-services-python-sdk](https://github.com/IBM/platform-services-python-sdk) The examples that are provided on this page demonstrate how to use IAM Identity Service For more information and detailed examples, check out the [IBM Cloud SDK Common project on GitHub](https://github.com/IBM/ibm-cloud-sdk-common/blob/master/README.md). The examples that are provided on this page demonstrate how to use IAM Identity Service For more information and detailed examples, check out the [IBM Cloud SDK Common project on GitHub](https://github.com/IBM/ibm-cloud-sdk-common/blob/master/README.md). The examples that are provided on this page demonstrate how to use IAM Identity Service For more information and detailed examples, check out the [IBM Cloud SDK Common project on GitHub](https://github.com/IBM/ibm-cloud-sdk-common/blob/master/README.md). The examples that are provided on this page demonstrate how to use IAM Identity Service For more information and detailed examples, check out the [IBM Cloud SDK Common project on GitHub](https://github.com/IBM/ibm-cloud-sdk-common/blob/master/README.md). ## Endpoint URLs The IAM Identity Services API uses the following public global endpoint URL. When you call the API, add the path for each method to form the complete API endpoint for your requests. ```bash https://iam.cloud.ibm.com ``` Virtual private cloud (VPC) based access requires a virtual private endpoint gateway (VPE gateway). For more information , see [Creating an endpoint gateway](https://cloud.ibm.com/docs/vpc?topic=vpc-ordering-endpoint-gateway). * Private endpoint URL for VPC infrastructure: `https://private.iam.cloud.ibm.com`. VPE gateway creation is supported in all datacenters (see https://cloud.ibm.com/docs/overview?topic=overview-locations#regions). If you enabled service endpoints in your account, you can send API requests over the IBM Cloud® private network at the following base endpoint URLs. For more information, see [Enabling VRF and service endpoints](https://cloud.ibm.com/docs/account?topic=account-vrf-service-endpoint). * Private endpoint URLs for classic infrastructure. Supported URLs: * Sydney: `https://private.au-syd.iam.cloud.ibm.com` * Sao Paulo: `https://private.br-sao.iam.cloud.ibm.com` * Montreal: `https://private.ca-mon.iam.cloud.ibm.com` * Toronto: `https://private.ca-tor.iam.cloud.ibm.com` * Frankfurt DC: `https://private.eu-de.iam.cloud.ibm.com` * London: `https://private.eu-gb.iam.cloud.ibm.com` * Madrid: `https://private.eu-es.iam.cloud.ibm.com` * Tokyo: `https://private.jp-tok.iam.cloud.ibm.com` * Osaka: `https://private.jp-osa.iam.cloud.ibm.com` * Washington DC: `https://private.us-east.iam.cloud.ibm.com` * Dallas: `https://private.us-south.iam.cloud.ibm.com` IAM is a global service and deployed to multiple MZRs world wide. IAM can be reached from all locations using the public global endpoint or using one of the private endpoints. Each request is sent to the closest region related to the client that invokes the call to IAM. Example API request ```bash curl -u \"apikey:{apikey}\" -X {request_method} \"https://iam.cloud.ibm.com/{method_endpoint}\" ``` Replace `{apikey}`, `{request_method}`, and `{method_endpoint}` in this example with the values for your particular API call. ## Authentication Authorization to the Identity Services REST API is enforced by using an IBM Cloud Identity and Access Management (IAM) access token. The token is used to determine the actions that a user or service ID has access to when they use the API. You can generate an access token by first [creating an API key](https://cloud.ibm.com/docs/account?topic=account-iamtoken_from_apikey) and then exchanging your API key for an IBM Cloud IAM token. Don't have an API key? Try running `ibmcloud iam oauth-tokens` in the [IBM Cloud Shell](https://cloud.ibm.com/shell) to quickly generate a personal access token. When you use the SDK, configure an IAM authenticator with the IAM API key. The authenticator automatically obtains the IAM access token for the API key and includes it with each request. You can construct an authenticator in either of two ways: - Programmatically by constructing an IAM authenticator instance and supplying your IAM API key - By defining the API key in external configuration properties and then using the SDK authenticator factory to construct an IAM authenticator that uses the configured IAM API key In this example of using external configuration properties, an IAM authenticator instance is created with the configured API key, and then the service client is constructed with this authenticator instance and the configured service URL. For more information, see the Authentication section of the [IBM Cloud SDK Common](https://github.com/IBM/ibm-cloud-sdk-common/blob/main/README.md) documentation. To call each method, you'll need to be assigned a role that includes the required IAM actions. Each method lists the associated action. For more information about IAM actions and how they map to roles, see [IAM Identity service](https://cloud.ibm.com/docs/account?topic=account-account-services#identity-service-account-management). To retrieve your access token: ```bash curl -X POST \\ \"https://iam.cloud.ibm.com/identity/token\" \\ --header 'Content-Type: application/x-www-form-urlencoded' \\ --header 'Accept: application/json' \\ --data-urlencode 'grant_type=urn:ibm:params:oauth:grant-type:apikey' \\ --data-urlencode 'apikey=<API_KEY>' ``` Replace `<API_KEY>` with your IAM API key. Setting client options through external configuration Example environment variables, where `<SERVICE_URL>` is the endpoint URL and `<API_KEY>` is your IAM API key ```sh export IAM_IDENTITY_URL=<SERVICE_URL> export IAM_IDENTITY_AUTHTYPE=iam export IAM_IDENTITY_APIKEY=<API_KEY> ``` Example of constructing the service client ```go import { \"github.com/IBM/platform-services-go-sdk/iamidentityv1\" } ... serviceClientOptions := &iamidentityv1.IamIdentityV1Options{} serviceClient, err := iamidentityv1.NewIamIdentityV1UsingExternalConfig(serviceClientOptions) ``` Setting client options through external configuration Example environment variables, where `<SERVICE_URL>` is the endpoint URL and `<API_KEY>` is your IAM API key ```sh export IAM_IDENTITY_URL=<SERVICE_URL> export IAM_IDENTITY_AUTHTYPE=iam export IAM_IDENTITY_APIKEY=<API_KEY> ``` Example of constructing the service client ```java import com.ibm.cloud.platform_services.iam_identity.v1.IamIdentity; ... IamIdentity serviceClient = IamIdentity.newInstance(); ``` Setting client options through external configuration Example environment variables, where `<SERVICE_URL>` is the endpoint URL and `<API_KEY>` is your IAM API key ```sh export IAM_IDENTITY_URL=<SERVICE_URL> export IAM_IDENTITY_AUTHTYPE=iam export IAM_IDENTITY_APIKEY=<API_KEY> ``` Example of constructing the service client ```javascript const IamIdentityV1 = require('@ibm-cloud/platform-services/iam-identity/v1'); ... const serviceClient = IamIdentityV1.newInstance({}); ``` Setting client options through external configuration Example environment variables, where `<SERVICE_URL>` is the endpoint URL and `<API_KEY>` is your IAM API key ```sh export IAM_IDENTITY_URL=<SERVICE_URL> export IAM_IDENTITY_AUTHTYPE=iam export IAM_IDENTITY_APIKEY=<API_KEY> ``` Example of constructing the service client ```python from ibm_platform_services import IamIdentityV1 ... service_client = IamIdentityV1.new_instance() ``` You authenticate to the API by using Cloud Identity and Access Management (IAM). You can pass either a bearer token in an authorization header or an [API key](https://cloud.ibm.com/docs/account?topic=account-manapikey). The SDK provides initialization methods for each form of authentication. - Use the API key to have the SDK manage the lifecycle of the access token. The SDK requests an access token, ensures that the access token is valid, includes the access token in each outgoing request, and refreshes it when it expires. - Use the access token to manage the lifecycle yourself. Keep in mind that access tokens are valid for 1 hour, so you must refresh them regularly to maintain access. For more information, see [IAM authentication with the SDK](https://github.com/IBM/ibm-cloud-sdk-common/blob/master/README.md#authentication). For more information, see [IAM authentication with the SDK](https://github.com/IBM/ibm-cloud-sdk-common/blob/master/README.md#authentication). For more information, see [IAM authentication with the SDK](https://github.com/IBM/ibm-cloud-sdk-common/blob/master/README.md#authentication). For more information, see [IAM authentication with the SDK](https://github.com/IBM/ibm-cloud-sdk-common/blob/master/README.md#authentication). ## Auditing You can monitor API activity within your account by using the IBM Cloud Logs service. Whenever an API method is called, an event is generated that you can then track and audit from within IBM Cloud Logs. The specific event type is listed for each individual method. If an event is tracked for a method, you can find it listed with the method. For more information about how to track IAM activity, see [Activity tracking events for IAM](https://cloud.ibm.com/docs/account?topic=account-at_events_iam). ## Error handling The IAM Token Service uses standard HTTP response codes to indicate whether a method completed successfully. A `200` response always indicates success. A `400` type response indicates that a parameter validation failed and can occur if required parameters are missing or if any parameter values are invalid. A `401` or `403` response indicates that the incoming request did not contain valid authentication information. A `500` type response indicates an internal server error that is seen in an unexpected error situation. The Identity Services REST APIs return standard HTTP status codes to indicate the success or failure of a request. The format of the response is represented in JSON as follows: ```json { \"trace\": \"9daee671-916a-4678-850b-10b911f0236d\", \"errors\": [ { \"code\": \"invalid_access_token\", \"message\": \"The provided access token provided is invalid.\" } ] \"status_code\": 401 } ``` If an operation cannot be fulfilled, an appropriate 400 or 500 series HTTP response is returned from the server. The operations that are defined in the `Reference` section describe example errors that might be returned from a failed request. All responses from the Identity Services REST API are in JSON format. The following table show the potential error codes the API might return. | HTTP Error Code | Description | Recovery | |-----------------|-------------|----------| | `200` | Success | The request was successful. | | `201` | Created | The resource was successfully created. | | `204` | No Content | The request was successful. No response body is provided. | | `400` | Bad Request | The input parameters in the request body are either incomplete or in the wrong format. Be sure to include all required parameters in your request. | | `401` | Unauthorized | You are not authorized to make this request. The token is either missing or expired. Get a new valid token and try again. | | `403` | Forbidden | The supplied authentication is not authorized to perform the operation. If this error persists, contact the account owner to check your permissions. | | `404` | Not Found | The requested resource can't be found. | | `409` | Conflict | The entity is already in the requested state. | | `429` | Too Many Requests | Too many requests have been made within a time window. Wait before calling the API again. | | `500` | Internal error | Error that is seen in an unexpected error situation. | ## Additional headers Some additional headers might be required to make successful requests to the API. Those additional headers are: An optional transaction ID can be passed to your request, which can be useful for tracking calls through multiple services using one identifier. The header key must be set to `Transaction-Id` and the value is anything that you choose. If there is not a transaction ID that is passed in, then one is generated randomly. ## API Parameters Some API parameter have additional details that need to be considered while using it in a request. Those API parameters are as follow: ### Filtering list results When listing service IDs, trusted profiles or API keys you can filter the result set by providing an optional `filter` parameter. The exact syntax of this parameter is described below. Query syntax will follow the SCIM query syntax with reduced operator support. The value must be URL encoded. Only the following operators are supported. * Supported attribute operators- - `sw` - starts with - `sw_ci` - starts with ingnore case - non SCIM standard - `ew` - ends with - `ew_ci` - ends with ingnore case - non SCIM standard - `co` - contains - `co_ci` - contains ingnore case - non SCIM standard * Supported operators- - `and` - `or` * Grouping operators- - `()` * Data Values -`Text` * Sample - `name co \"Foo\" and description sw \"Bar\"`
5
+
6
+ The version of the OpenAPI document: 1.0.0
7
+
8
+ Generated by: https://openapi-generator.tech
9
+ Generator version: 7.23.0
10
+
11
+ =end
12
+
13
+ require 'date'
14
+ require 'time'
15
+
16
+ module IbmCloudIam
17
+ class MfaEnrollmentTypeStatus < ApiModelBase
18
+ # Describes whether the enrollment type is required.
19
+ attr_accessor :required
20
+
21
+ # Describes whether the enrollment type is enrolled.
22
+ attr_accessor :enrolled
23
+
24
+ # Attribute mapping from ruby-style variable name to JSON key.
25
+ def self.attribute_map
26
+ {
27
+ :'required' => :'required',
28
+ :'enrolled' => :'enrolled'
29
+ }
30
+ end
31
+
32
+ # Returns attribute mapping this model knows about
33
+ def self.acceptable_attribute_map
34
+ attribute_map
35
+ end
36
+
37
+ # Returns all the JSON keys this model knows about
38
+ def self.acceptable_attributes
39
+ acceptable_attribute_map.values
40
+ end
41
+
42
+ # Attribute type mapping.
43
+ def self.openapi_types
44
+ {
45
+ :'required' => :'Boolean',
46
+ :'enrolled' => :'Boolean'
47
+ }
48
+ end
49
+
50
+ # List of attributes with nullable: true
51
+ def self.openapi_nullable
52
+ Set.new([
53
+ ])
54
+ end
55
+
56
+ # Initializes the object
57
+ # @param [Hash] attributes Model attributes in the form of hash
58
+ def initialize(attributes = {})
59
+ if (!attributes.is_a?(Hash))
60
+ fail ArgumentError, "The input argument (attributes) must be a hash in `IbmCloudIam::MfaEnrollmentTypeStatus` initialize method"
61
+ end
62
+
63
+ # check to see if the attribute exists and convert string to symbol for hash key
64
+ acceptable_attribute_map = self.class.acceptable_attribute_map
65
+ attributes = attributes.each_with_object({}) { |(k, v), h|
66
+ if (!acceptable_attribute_map.key?(k.to_sym))
67
+ fail ArgumentError, "`#{k}` is not a valid attribute in `IbmCloudIam::MfaEnrollmentTypeStatus`. Please check the name to make sure it's valid. List of attributes: " + acceptable_attribute_map.keys.inspect
68
+ end
69
+ h[k.to_sym] = v
70
+ }
71
+
72
+ if attributes.key?(:'required')
73
+ self.required = attributes[:'required']
74
+ else
75
+ self.required = nil
76
+ end
77
+
78
+ if attributes.key?(:'enrolled')
79
+ self.enrolled = attributes[:'enrolled']
80
+ else
81
+ self.enrolled = nil
82
+ end
83
+ end
84
+
85
+ # Show invalid properties with the reasons. Usually used together with valid?
86
+ # @return Array for valid properties with the reasons
87
+ def list_invalid_properties
88
+ warn '[DEPRECATED] the `list_invalid_properties` method is obsolete'
89
+ invalid_properties = Array.new
90
+ if @required.nil?
91
+ invalid_properties.push('invalid value for "required", required cannot be nil.')
92
+ end
93
+
94
+ if @enrolled.nil?
95
+ invalid_properties.push('invalid value for "enrolled", enrolled cannot be nil.')
96
+ end
97
+
98
+ invalid_properties
99
+ end
100
+
101
+ # Check to see if the all the properties in the model are valid
102
+ # @return true if the model is valid
103
+ def valid?
104
+ warn '[DEPRECATED] the `valid?` method is obsolete'
105
+ return false if @required.nil?
106
+ return false if @enrolled.nil?
107
+ true
108
+ end
109
+
110
+ # Custom attribute writer method with validation
111
+ # @param [Object] required Value to be assigned
112
+ def required=(required)
113
+ if required.nil?
114
+ fail ArgumentError, 'required cannot be nil'
115
+ end
116
+
117
+ @required = required
118
+ end
119
+
120
+ # Custom attribute writer method with validation
121
+ # @param [Object] enrolled Value to be assigned
122
+ def enrolled=(enrolled)
123
+ if enrolled.nil?
124
+ fail ArgumentError, 'enrolled cannot be nil'
125
+ end
126
+
127
+ @enrolled = enrolled
128
+ end
129
+
130
+ # Checks equality by comparing each attribute.
131
+ # @param [Object] Object to be compared
132
+ def ==(o)
133
+ return true if self.equal?(o)
134
+ self.class == o.class &&
135
+ required == o.required &&
136
+ enrolled == o.enrolled
137
+ end
138
+
139
+ # @see the `==` method
140
+ # @param [Object] Object to be compared
141
+ def eql?(o)
142
+ self == o
143
+ end
144
+
145
+ # Calculates hash code according to all attributes.
146
+ # @return [Integer] Hash code
147
+ def hash
148
+ [required, enrolled].hash
149
+ end
150
+
151
+ # Builds the object from hash
152
+ # @param [Hash] attributes Model attributes in the form of hash
153
+ # @return [Object] Returns the model itself
154
+ def self.build_from_hash(attributes)
155
+ return nil unless attributes.is_a?(Hash)
156
+ attributes = attributes.transform_keys(&:to_sym)
157
+ transformed_hash = {}
158
+ openapi_types.each_pair do |key, type|
159
+ if attributes.key?(attribute_map[key]) && attributes[attribute_map[key]].nil?
160
+ transformed_hash["#{key}"] = nil
161
+ elsif type =~ /\AArray<(.*)>/i
162
+ # check to ensure the input is an array given that the attribute
163
+ # is documented as an array but the input is not
164
+ if attributes[attribute_map[key]].is_a?(Array)
165
+ transformed_hash["#{key}"] = attributes[attribute_map[key]].map { |v| _deserialize($1, v) }
166
+ end
167
+ elsif !attributes[attribute_map[key]].nil?
168
+ transformed_hash["#{key}"] = _deserialize(type, attributes[attribute_map[key]])
169
+ end
170
+ end
171
+ new(transformed_hash)
172
+ end
173
+
174
+ # Returns the object in the form of hash
175
+ # @return [Hash] Returns the object in the form of hash
176
+ def to_hash
177
+ hash = {}
178
+ self.class.attribute_map.each_pair do |attr, param|
179
+ value = self.send(attr)
180
+ if value.nil?
181
+ is_nullable = self.class.openapi_nullable.include?(attr)
182
+ next if !is_nullable || (is_nullable && !instance_variable_defined?(:"@#{attr}"))
183
+ end
184
+
185
+ hash[param] = _to_hash(value)
186
+ end
187
+ hash
188
+ end
189
+
190
+ end
191
+
192
+ end
@@ -0,0 +1,45 @@
1
+ =begin
2
+ #IAM Identity Services
3
+
4
+ #  ## Introduction The IAM Identity Service API is used to manage service IDs, API key identities, trusted profiles, account security settings and to create IAM access tokens for a user or service ID. With trusted profile templates and assignments you can centrally manage access for child accounts in your organization from the root enterprise account. Similarly with settings templates and assignments, you can centrally administer account security settings. For more information, see [Working with template versions](https://cloud.ibm.com/docs/secure-enterprise?topic=secure-enterprise-working-with-versions&interface=ui) and [Best practices for assigning access in an enterprise](https://cloud.ibm.com/docs/secure-enterprise?topic=secure-enterprise-access-enterprises). SDKs for Java, Node, Python, and Go are available to make it easier to programmatically access the API from your code. The client libraries that are provided by the SDKs implement best practices for using the API and reduce the amount of code that you need to write. The tab for each language includes code examples that demonstrate how to use the client libraries. For more information about using the SDKs, see the [IBM Cloud SDK Common project](https://github.com/IBM/ibm-cloud-sdk-common) on GitHub. Installing the Java SDK Maven ```xml <dependency> <groupId>com.ibm.cloud</groupId> <artifactId>iam-identity</artifactId> <version>{version}</version> </dependency> ``` Gradle ```bash compile 'com.ibm.cloud:iam-identity:{version}' ``` Replace `{version}` in these examples with the release version. View on GitHub [https://github.com/IBM/platform-services-java-sdk](https://github.com/IBM/platform-services-java-sdk) Installing the Go SDK Go modules (recommended): Add the following import in your code, and then run `go build` or `go mod tidy` ```go import ( \"github.com/IBM/platform-services-go-sdk/iamidentityv1\" ) ``` ```bash go get -u github.com/IBM/platform-services-go-sdk/iamidentityv1 ``` View on GitHub [https://github.com/IBM/platform-services-go-sdk](https://github.com/IBM/platform-services-go-sdk) Installing the Node SDK ```bash npm install @ibm-cloud/platform-services ``` View on GitHub [https://github.com/IBM/platform-services-node-sdk](https://github.com/IBM/platform-services-node-sdk) Installing the Python SDK ```bash pip install --upgrade \"ibm-platform-services\" ``` View on GitHub [https://github.com/IBM/platform-services-python-sdk](https://github.com/IBM/platform-services-python-sdk) The examples that are provided on this page demonstrate how to use IAM Identity Service For more information and detailed examples, check out the [IBM Cloud SDK Common project on GitHub](https://github.com/IBM/ibm-cloud-sdk-common/blob/master/README.md). The examples that are provided on this page demonstrate how to use IAM Identity Service For more information and detailed examples, check out the [IBM Cloud SDK Common project on GitHub](https://github.com/IBM/ibm-cloud-sdk-common/blob/master/README.md). The examples that are provided on this page demonstrate how to use IAM Identity Service For more information and detailed examples, check out the [IBM Cloud SDK Common project on GitHub](https://github.com/IBM/ibm-cloud-sdk-common/blob/master/README.md). The examples that are provided on this page demonstrate how to use IAM Identity Service For more information and detailed examples, check out the [IBM Cloud SDK Common project on GitHub](https://github.com/IBM/ibm-cloud-sdk-common/blob/master/README.md). ## Endpoint URLs The IAM Identity Services API uses the following public global endpoint URL. When you call the API, add the path for each method to form the complete API endpoint for your requests. ```bash https://iam.cloud.ibm.com ``` Virtual private cloud (VPC) based access requires a virtual private endpoint gateway (VPE gateway). For more information , see [Creating an endpoint gateway](https://cloud.ibm.com/docs/vpc?topic=vpc-ordering-endpoint-gateway). * Private endpoint URL for VPC infrastructure: `https://private.iam.cloud.ibm.com`. VPE gateway creation is supported in all datacenters (see https://cloud.ibm.com/docs/overview?topic=overview-locations#regions). If you enabled service endpoints in your account, you can send API requests over the IBM Cloud® private network at the following base endpoint URLs. For more information, see [Enabling VRF and service endpoints](https://cloud.ibm.com/docs/account?topic=account-vrf-service-endpoint). * Private endpoint URLs for classic infrastructure. Supported URLs: * Sydney: `https://private.au-syd.iam.cloud.ibm.com` * Sao Paulo: `https://private.br-sao.iam.cloud.ibm.com` * Montreal: `https://private.ca-mon.iam.cloud.ibm.com` * Toronto: `https://private.ca-tor.iam.cloud.ibm.com` * Frankfurt DC: `https://private.eu-de.iam.cloud.ibm.com` * London: `https://private.eu-gb.iam.cloud.ibm.com` * Madrid: `https://private.eu-es.iam.cloud.ibm.com` * Tokyo: `https://private.jp-tok.iam.cloud.ibm.com` * Osaka: `https://private.jp-osa.iam.cloud.ibm.com` * Washington DC: `https://private.us-east.iam.cloud.ibm.com` * Dallas: `https://private.us-south.iam.cloud.ibm.com` IAM is a global service and deployed to multiple MZRs world wide. IAM can be reached from all locations using the public global endpoint or using one of the private endpoints. Each request is sent to the closest region related to the client that invokes the call to IAM. Example API request ```bash curl -u \"apikey:{apikey}\" -X {request_method} \"https://iam.cloud.ibm.com/{method_endpoint}\" ``` Replace `{apikey}`, `{request_method}`, and `{method_endpoint}` in this example with the values for your particular API call. ## Authentication Authorization to the Identity Services REST API is enforced by using an IBM Cloud Identity and Access Management (IAM) access token. The token is used to determine the actions that a user or service ID has access to when they use the API. You can generate an access token by first [creating an API key](https://cloud.ibm.com/docs/account?topic=account-iamtoken_from_apikey) and then exchanging your API key for an IBM Cloud IAM token. Don't have an API key? Try running `ibmcloud iam oauth-tokens` in the [IBM Cloud Shell](https://cloud.ibm.com/shell) to quickly generate a personal access token. When you use the SDK, configure an IAM authenticator with the IAM API key. The authenticator automatically obtains the IAM access token for the API key and includes it with each request. You can construct an authenticator in either of two ways: - Programmatically by constructing an IAM authenticator instance and supplying your IAM API key - By defining the API key in external configuration properties and then using the SDK authenticator factory to construct an IAM authenticator that uses the configured IAM API key In this example of using external configuration properties, an IAM authenticator instance is created with the configured API key, and then the service client is constructed with this authenticator instance and the configured service URL. For more information, see the Authentication section of the [IBM Cloud SDK Common](https://github.com/IBM/ibm-cloud-sdk-common/blob/main/README.md) documentation. To call each method, you'll need to be assigned a role that includes the required IAM actions. Each method lists the associated action. For more information about IAM actions and how they map to roles, see [IAM Identity service](https://cloud.ibm.com/docs/account?topic=account-account-services#identity-service-account-management). To retrieve your access token: ```bash curl -X POST \\ \"https://iam.cloud.ibm.com/identity/token\" \\ --header 'Content-Type: application/x-www-form-urlencoded' \\ --header 'Accept: application/json' \\ --data-urlencode 'grant_type=urn:ibm:params:oauth:grant-type:apikey' \\ --data-urlencode 'apikey=<API_KEY>' ``` Replace `<API_KEY>` with your IAM API key. Setting client options through external configuration Example environment variables, where `<SERVICE_URL>` is the endpoint URL and `<API_KEY>` is your IAM API key ```sh export IAM_IDENTITY_URL=<SERVICE_URL> export IAM_IDENTITY_AUTHTYPE=iam export IAM_IDENTITY_APIKEY=<API_KEY> ``` Example of constructing the service client ```go import { \"github.com/IBM/platform-services-go-sdk/iamidentityv1\" } ... serviceClientOptions := &iamidentityv1.IamIdentityV1Options{} serviceClient, err := iamidentityv1.NewIamIdentityV1UsingExternalConfig(serviceClientOptions) ``` Setting client options through external configuration Example environment variables, where `<SERVICE_URL>` is the endpoint URL and `<API_KEY>` is your IAM API key ```sh export IAM_IDENTITY_URL=<SERVICE_URL> export IAM_IDENTITY_AUTHTYPE=iam export IAM_IDENTITY_APIKEY=<API_KEY> ``` Example of constructing the service client ```java import com.ibm.cloud.platform_services.iam_identity.v1.IamIdentity; ... IamIdentity serviceClient = IamIdentity.newInstance(); ``` Setting client options through external configuration Example environment variables, where `<SERVICE_URL>` is the endpoint URL and `<API_KEY>` is your IAM API key ```sh export IAM_IDENTITY_URL=<SERVICE_URL> export IAM_IDENTITY_AUTHTYPE=iam export IAM_IDENTITY_APIKEY=<API_KEY> ``` Example of constructing the service client ```javascript const IamIdentityV1 = require('@ibm-cloud/platform-services/iam-identity/v1'); ... const serviceClient = IamIdentityV1.newInstance({}); ``` Setting client options through external configuration Example environment variables, where `<SERVICE_URL>` is the endpoint URL and `<API_KEY>` is your IAM API key ```sh export IAM_IDENTITY_URL=<SERVICE_URL> export IAM_IDENTITY_AUTHTYPE=iam export IAM_IDENTITY_APIKEY=<API_KEY> ``` Example of constructing the service client ```python from ibm_platform_services import IamIdentityV1 ... service_client = IamIdentityV1.new_instance() ``` You authenticate to the API by using Cloud Identity and Access Management (IAM). You can pass either a bearer token in an authorization header or an [API key](https://cloud.ibm.com/docs/account?topic=account-manapikey). The SDK provides initialization methods for each form of authentication. - Use the API key to have the SDK manage the lifecycle of the access token. The SDK requests an access token, ensures that the access token is valid, includes the access token in each outgoing request, and refreshes it when it expires. - Use the access token to manage the lifecycle yourself. Keep in mind that access tokens are valid for 1 hour, so you must refresh them regularly to maintain access. For more information, see [IAM authentication with the SDK](https://github.com/IBM/ibm-cloud-sdk-common/blob/master/README.md#authentication). For more information, see [IAM authentication with the SDK](https://github.com/IBM/ibm-cloud-sdk-common/blob/master/README.md#authentication). For more information, see [IAM authentication with the SDK](https://github.com/IBM/ibm-cloud-sdk-common/blob/master/README.md#authentication). For more information, see [IAM authentication with the SDK](https://github.com/IBM/ibm-cloud-sdk-common/blob/master/README.md#authentication). ## Auditing You can monitor API activity within your account by using the IBM Cloud Logs service. Whenever an API method is called, an event is generated that you can then track and audit from within IBM Cloud Logs. The specific event type is listed for each individual method. If an event is tracked for a method, you can find it listed with the method. For more information about how to track IAM activity, see [Activity tracking events for IAM](https://cloud.ibm.com/docs/account?topic=account-at_events_iam). ## Error handling The IAM Token Service uses standard HTTP response codes to indicate whether a method completed successfully. A `200` response always indicates success. A `400` type response indicates that a parameter validation failed and can occur if required parameters are missing or if any parameter values are invalid. A `401` or `403` response indicates that the incoming request did not contain valid authentication information. A `500` type response indicates an internal server error that is seen in an unexpected error situation. The Identity Services REST APIs return standard HTTP status codes to indicate the success or failure of a request. The format of the response is represented in JSON as follows: ```json { \"trace\": \"9daee671-916a-4678-850b-10b911f0236d\", \"errors\": [ { \"code\": \"invalid_access_token\", \"message\": \"The provided access token provided is invalid.\" } ] \"status_code\": 401 } ``` If an operation cannot be fulfilled, an appropriate 400 or 500 series HTTP response is returned from the server. The operations that are defined in the `Reference` section describe example errors that might be returned from a failed request. All responses from the Identity Services REST API are in JSON format. The following table show the potential error codes the API might return. | HTTP Error Code | Description | Recovery | |-----------------|-------------|----------| | `200` | Success | The request was successful. | | `201` | Created | The resource was successfully created. | | `204` | No Content | The request was successful. No response body is provided. | | `400` | Bad Request | The input parameters in the request body are either incomplete or in the wrong format. Be sure to include all required parameters in your request. | | `401` | Unauthorized | You are not authorized to make this request. The token is either missing or expired. Get a new valid token and try again. | | `403` | Forbidden | The supplied authentication is not authorized to perform the operation. If this error persists, contact the account owner to check your permissions. | | `404` | Not Found | The requested resource can't be found. | | `409` | Conflict | The entity is already in the requested state. | | `429` | Too Many Requests | Too many requests have been made within a time window. Wait before calling the API again. | | `500` | Internal error | Error that is seen in an unexpected error situation. | ## Additional headers Some additional headers might be required to make successful requests to the API. Those additional headers are: An optional transaction ID can be passed to your request, which can be useful for tracking calls through multiple services using one identifier. The header key must be set to `Transaction-Id` and the value is anything that you choose. If there is not a transaction ID that is passed in, then one is generated randomly. ## API Parameters Some API parameter have additional details that need to be considered while using it in a request. Those API parameters are as follow: ### Filtering list results When listing service IDs, trusted profiles or API keys you can filter the result set by providing an optional `filter` parameter. The exact syntax of this parameter is described below. Query syntax will follow the SCIM query syntax with reduced operator support. The value must be URL encoded. Only the following operators are supported. * Supported attribute operators- - `sw` - starts with - `sw_ci` - starts with ingnore case - non SCIM standard - `ew` - ends with - `ew_ci` - ends with ingnore case - non SCIM standard - `co` - contains - `co_ci` - contains ingnore case - non SCIM standard * Supported operators- - `and` - `or` * Grouping operators- - `()` * Data Values -`Text` * Sample - `name co \"Foo\" and description sw \"Bar\"`
5
+
6
+ The version of the OpenAPI document: 1.0.0
7
+
8
+ Generated by: https://openapi-generator.tech
9
+ Generator version: 7.23.0
10
+
11
+ =end
12
+
13
+ require 'date'
14
+ require 'time'
15
+
16
+ module IbmCloudIam
17
+ class MfaOptions
18
+ NONE = "NONE".freeze
19
+ NONE_NO_ROPC = "NONE_NO_ROPC".freeze
20
+ TOTP = "TOTP".freeze
21
+ TOTP4_ALL = "TOTP4ALL".freeze
22
+ LEVEL1 = "LEVEL1".freeze
23
+ LEVEL2 = "LEVEL2".freeze
24
+ LEVEL3 = "LEVEL3".freeze
25
+
26
+ def self.all_vars
27
+ @all_vars ||= [NONE, NONE_NO_ROPC, TOTP, TOTP4_ALL, LEVEL1, LEVEL2, LEVEL3].freeze
28
+ end
29
+
30
+ # Builds the enum from string
31
+ # @param [String] The enum value in the form of the string
32
+ # @return [String] The enum value
33
+ def self.build_from_hash(value)
34
+ new.build_from_hash(value)
35
+ end
36
+
37
+ # Builds the enum from string
38
+ # @param [String] The enum value in the form of the string
39
+ # @return [String] The enum value
40
+ def build_from_hash(value)
41
+ return value if MfaOptions.all_vars.include?(value)
42
+ raise "Invalid ENUM value #{value} for class #MfaOptions"
43
+ end
44
+ end
45
+ end
@@ -1,20 +1,21 @@
1
1
  =begin
2
- #IAM Identity Services API
2
+ #IAM Identity Services
3
3
 
4
- #The IAM Identity Service API allows for the management of Identities (Service IDs, ApiKeys).
4
+ #  ## Introduction The IAM Identity Service API is used to manage service IDs, API key identities, trusted profiles, account security settings and to create IAM access tokens for a user or service ID. With trusted profile templates and assignments you can centrally manage access for child accounts in your organization from the root enterprise account. Similarly with settings templates and assignments, you can centrally administer account security settings. For more information, see [Working with template versions](https://cloud.ibm.com/docs/secure-enterprise?topic=secure-enterprise-working-with-versions&interface=ui) and [Best practices for assigning access in an enterprise](https://cloud.ibm.com/docs/secure-enterprise?topic=secure-enterprise-access-enterprises). SDKs for Java, Node, Python, and Go are available to make it easier to programmatically access the API from your code. The client libraries that are provided by the SDKs implement best practices for using the API and reduce the amount of code that you need to write. The tab for each language includes code examples that demonstrate how to use the client libraries. For more information about using the SDKs, see the [IBM Cloud SDK Common project](https://github.com/IBM/ibm-cloud-sdk-common) on GitHub. Installing the Java SDK Maven ```xml <dependency> <groupId>com.ibm.cloud</groupId> <artifactId>iam-identity</artifactId> <version>{version}</version> </dependency> ``` Gradle ```bash compile 'com.ibm.cloud:iam-identity:{version}' ``` Replace `{version}` in these examples with the release version. View on GitHub [https://github.com/IBM/platform-services-java-sdk](https://github.com/IBM/platform-services-java-sdk) Installing the Go SDK Go modules (recommended): Add the following import in your code, and then run `go build` or `go mod tidy` ```go import ( \"github.com/IBM/platform-services-go-sdk/iamidentityv1\" ) ``` ```bash go get -u github.com/IBM/platform-services-go-sdk/iamidentityv1 ``` View on GitHub [https://github.com/IBM/platform-services-go-sdk](https://github.com/IBM/platform-services-go-sdk) Installing the Node SDK ```bash npm install @ibm-cloud/platform-services ``` View on GitHub [https://github.com/IBM/platform-services-node-sdk](https://github.com/IBM/platform-services-node-sdk) Installing the Python SDK ```bash pip install --upgrade \"ibm-platform-services\" ``` View on GitHub [https://github.com/IBM/platform-services-python-sdk](https://github.com/IBM/platform-services-python-sdk) The examples that are provided on this page demonstrate how to use IAM Identity Service For more information and detailed examples, check out the [IBM Cloud SDK Common project on GitHub](https://github.com/IBM/ibm-cloud-sdk-common/blob/master/README.md). The examples that are provided on this page demonstrate how to use IAM Identity Service For more information and detailed examples, check out the [IBM Cloud SDK Common project on GitHub](https://github.com/IBM/ibm-cloud-sdk-common/blob/master/README.md). The examples that are provided on this page demonstrate how to use IAM Identity Service For more information and detailed examples, check out the [IBM Cloud SDK Common project on GitHub](https://github.com/IBM/ibm-cloud-sdk-common/blob/master/README.md). The examples that are provided on this page demonstrate how to use IAM Identity Service For more information and detailed examples, check out the [IBM Cloud SDK Common project on GitHub](https://github.com/IBM/ibm-cloud-sdk-common/blob/master/README.md). ## Endpoint URLs The IAM Identity Services API uses the following public global endpoint URL. When you call the API, add the path for each method to form the complete API endpoint for your requests. ```bash https://iam.cloud.ibm.com ``` Virtual private cloud (VPC) based access requires a virtual private endpoint gateway (VPE gateway). For more information , see [Creating an endpoint gateway](https://cloud.ibm.com/docs/vpc?topic=vpc-ordering-endpoint-gateway). * Private endpoint URL for VPC infrastructure: `https://private.iam.cloud.ibm.com`. VPE gateway creation is supported in all datacenters (see https://cloud.ibm.com/docs/overview?topic=overview-locations#regions). If you enabled service endpoints in your account, you can send API requests over the IBM Cloud® private network at the following base endpoint URLs. For more information, see [Enabling VRF and service endpoints](https://cloud.ibm.com/docs/account?topic=account-vrf-service-endpoint). * Private endpoint URLs for classic infrastructure. Supported URLs: * Sydney: `https://private.au-syd.iam.cloud.ibm.com` * Sao Paulo: `https://private.br-sao.iam.cloud.ibm.com` * Montreal: `https://private.ca-mon.iam.cloud.ibm.com` * Toronto: `https://private.ca-tor.iam.cloud.ibm.com` * Frankfurt DC: `https://private.eu-de.iam.cloud.ibm.com` * London: `https://private.eu-gb.iam.cloud.ibm.com` * Madrid: `https://private.eu-es.iam.cloud.ibm.com` * Tokyo: `https://private.jp-tok.iam.cloud.ibm.com` * Osaka: `https://private.jp-osa.iam.cloud.ibm.com` * Washington DC: `https://private.us-east.iam.cloud.ibm.com` * Dallas: `https://private.us-south.iam.cloud.ibm.com` IAM is a global service and deployed to multiple MZRs world wide. IAM can be reached from all locations using the public global endpoint or using one of the private endpoints. Each request is sent to the closest region related to the client that invokes the call to IAM. Example API request ```bash curl -u \"apikey:{apikey}\" -X {request_method} \"https://iam.cloud.ibm.com/{method_endpoint}\" ``` Replace `{apikey}`, `{request_method}`, and `{method_endpoint}` in this example with the values for your particular API call. ## Authentication Authorization to the Identity Services REST API is enforced by using an IBM Cloud Identity and Access Management (IAM) access token. The token is used to determine the actions that a user or service ID has access to when they use the API. You can generate an access token by first [creating an API key](https://cloud.ibm.com/docs/account?topic=account-iamtoken_from_apikey) and then exchanging your API key for an IBM Cloud IAM token. Don't have an API key? Try running `ibmcloud iam oauth-tokens` in the [IBM Cloud Shell](https://cloud.ibm.com/shell) to quickly generate a personal access token. When you use the SDK, configure an IAM authenticator with the IAM API key. The authenticator automatically obtains the IAM access token for the API key and includes it with each request. You can construct an authenticator in either of two ways: - Programmatically by constructing an IAM authenticator instance and supplying your IAM API key - By defining the API key in external configuration properties and then using the SDK authenticator factory to construct an IAM authenticator that uses the configured IAM API key In this example of using external configuration properties, an IAM authenticator instance is created with the configured API key, and then the service client is constructed with this authenticator instance and the configured service URL. For more information, see the Authentication section of the [IBM Cloud SDK Common](https://github.com/IBM/ibm-cloud-sdk-common/blob/main/README.md) documentation. To call each method, you'll need to be assigned a role that includes the required IAM actions. Each method lists the associated action. For more information about IAM actions and how they map to roles, see [IAM Identity service](https://cloud.ibm.com/docs/account?topic=account-account-services#identity-service-account-management). To retrieve your access token: ```bash curl -X POST \\ \"https://iam.cloud.ibm.com/identity/token\" \\ --header 'Content-Type: application/x-www-form-urlencoded' \\ --header 'Accept: application/json' \\ --data-urlencode 'grant_type=urn:ibm:params:oauth:grant-type:apikey' \\ --data-urlencode 'apikey=<API_KEY>' ``` Replace `<API_KEY>` with your IAM API key. Setting client options through external configuration Example environment variables, where `<SERVICE_URL>` is the endpoint URL and `<API_KEY>` is your IAM API key ```sh export IAM_IDENTITY_URL=<SERVICE_URL> export IAM_IDENTITY_AUTHTYPE=iam export IAM_IDENTITY_APIKEY=<API_KEY> ``` Example of constructing the service client ```go import { \"github.com/IBM/platform-services-go-sdk/iamidentityv1\" } ... serviceClientOptions := &iamidentityv1.IamIdentityV1Options{} serviceClient, err := iamidentityv1.NewIamIdentityV1UsingExternalConfig(serviceClientOptions) ``` Setting client options through external configuration Example environment variables, where `<SERVICE_URL>` is the endpoint URL and `<API_KEY>` is your IAM API key ```sh export IAM_IDENTITY_URL=<SERVICE_URL> export IAM_IDENTITY_AUTHTYPE=iam export IAM_IDENTITY_APIKEY=<API_KEY> ``` Example of constructing the service client ```java import com.ibm.cloud.platform_services.iam_identity.v1.IamIdentity; ... IamIdentity serviceClient = IamIdentity.newInstance(); ``` Setting client options through external configuration Example environment variables, where `<SERVICE_URL>` is the endpoint URL and `<API_KEY>` is your IAM API key ```sh export IAM_IDENTITY_URL=<SERVICE_URL> export IAM_IDENTITY_AUTHTYPE=iam export IAM_IDENTITY_APIKEY=<API_KEY> ``` Example of constructing the service client ```javascript const IamIdentityV1 = require('@ibm-cloud/platform-services/iam-identity/v1'); ... const serviceClient = IamIdentityV1.newInstance({}); ``` Setting client options through external configuration Example environment variables, where `<SERVICE_URL>` is the endpoint URL and `<API_KEY>` is your IAM API key ```sh export IAM_IDENTITY_URL=<SERVICE_URL> export IAM_IDENTITY_AUTHTYPE=iam export IAM_IDENTITY_APIKEY=<API_KEY> ``` Example of constructing the service client ```python from ibm_platform_services import IamIdentityV1 ... service_client = IamIdentityV1.new_instance() ``` You authenticate to the API by using Cloud Identity and Access Management (IAM). You can pass either a bearer token in an authorization header or an [API key](https://cloud.ibm.com/docs/account?topic=account-manapikey). The SDK provides initialization methods for each form of authentication. - Use the API key to have the SDK manage the lifecycle of the access token. The SDK requests an access token, ensures that the access token is valid, includes the access token in each outgoing request, and refreshes it when it expires. - Use the access token to manage the lifecycle yourself. Keep in mind that access tokens are valid for 1 hour, so you must refresh them regularly to maintain access. For more information, see [IAM authentication with the SDK](https://github.com/IBM/ibm-cloud-sdk-common/blob/master/README.md#authentication). For more information, see [IAM authentication with the SDK](https://github.com/IBM/ibm-cloud-sdk-common/blob/master/README.md#authentication). For more information, see [IAM authentication with the SDK](https://github.com/IBM/ibm-cloud-sdk-common/blob/master/README.md#authentication). For more information, see [IAM authentication with the SDK](https://github.com/IBM/ibm-cloud-sdk-common/blob/master/README.md#authentication). ## Auditing You can monitor API activity within your account by using the IBM Cloud Logs service. Whenever an API method is called, an event is generated that you can then track and audit from within IBM Cloud Logs. The specific event type is listed for each individual method. If an event is tracked for a method, you can find it listed with the method. For more information about how to track IAM activity, see [Activity tracking events for IAM](https://cloud.ibm.com/docs/account?topic=account-at_events_iam). ## Error handling The IAM Token Service uses standard HTTP response codes to indicate whether a method completed successfully. A `200` response always indicates success. A `400` type response indicates that a parameter validation failed and can occur if required parameters are missing or if any parameter values are invalid. A `401` or `403` response indicates that the incoming request did not contain valid authentication information. A `500` type response indicates an internal server error that is seen in an unexpected error situation. The Identity Services REST APIs return standard HTTP status codes to indicate the success or failure of a request. The format of the response is represented in JSON as follows: ```json { \"trace\": \"9daee671-916a-4678-850b-10b911f0236d\", \"errors\": [ { \"code\": \"invalid_access_token\", \"message\": \"The provided access token provided is invalid.\" } ] \"status_code\": 401 } ``` If an operation cannot be fulfilled, an appropriate 400 or 500 series HTTP response is returned from the server. The operations that are defined in the `Reference` section describe example errors that might be returned from a failed request. All responses from the Identity Services REST API are in JSON format. The following table show the potential error codes the API might return. | HTTP Error Code | Description | Recovery | |-----------------|-------------|----------| | `200` | Success | The request was successful. | | `201` | Created | The resource was successfully created. | | `204` | No Content | The request was successful. No response body is provided. | | `400` | Bad Request | The input parameters in the request body are either incomplete or in the wrong format. Be sure to include all required parameters in your request. | | `401` | Unauthorized | You are not authorized to make this request. The token is either missing or expired. Get a new valid token and try again. | | `403` | Forbidden | The supplied authentication is not authorized to perform the operation. If this error persists, contact the account owner to check your permissions. | | `404` | Not Found | The requested resource can't be found. | | `409` | Conflict | The entity is already in the requested state. | | `429` | Too Many Requests | Too many requests have been made within a time window. Wait before calling the API again. | | `500` | Internal error | Error that is seen in an unexpected error situation. | ## Additional headers Some additional headers might be required to make successful requests to the API. Those additional headers are: An optional transaction ID can be passed to your request, which can be useful for tracking calls through multiple services using one identifier. The header key must be set to `Transaction-Id` and the value is anything that you choose. If there is not a transaction ID that is passed in, then one is generated randomly. ## API Parameters Some API parameter have additional details that need to be considered while using it in a request. Those API parameters are as follow: ### Filtering list results When listing service IDs, trusted profiles or API keys you can filter the result set by providing an optional `filter` parameter. The exact syntax of this parameter is described below. Query syntax will follow the SCIM query syntax with reduced operator support. The value must be URL encoded. Only the following operators are supported. * Supported attribute operators- - `sw` - starts with - `sw_ci` - starts with ingnore case - non SCIM standard - `ew` - ends with - `ew_ci` - ends with ingnore case - non SCIM standard - `co` - contains - `co_ci` - contains ingnore case - non SCIM standard * Supported operators- - `and` - `or` * Grouping operators- - `()` * Data Values -`Text` * Sample - `name co \"Foo\" and description sw \"Bar\"`
5
5
 
6
6
  The version of the OpenAPI document: 1.0.0
7
7
 
8
8
  Generated by: https://openapi-generator.tech
9
- OpenAPI Generator version: 5.0.0-beta2
9
+ Generator version: 7.23.0
10
10
 
11
11
  =end
12
12
 
13
13
  require 'date'
14
+ require 'time'
14
15
 
15
16
  module IbmCloudIam
16
17
  # Response properties for MFA requirements.
17
- class MFARequirementsResponse
18
+ class MFARequirementsResponse < ApiModelBase
18
19
  # MFA error.
19
20
  attr_accessor :error
20
21
 
@@ -33,6 +34,16 @@ module IbmCloudIam
33
34
  }
34
35
  end
35
36
 
37
+ # Returns attribute mapping this model knows about
38
+ def self.acceptable_attribute_map
39
+ attribute_map
40
+ end
41
+
42
+ # Returns all the JSON keys this model knows about
43
+ def self.acceptable_attributes
44
+ acceptable_attribute_map.values
45
+ end
46
+
36
47
  # Attribute type mapping.
37
48
  def self.openapi_types
38
49
  {
@@ -56,29 +67,37 @@ module IbmCloudIam
56
67
  end
57
68
 
58
69
  # check to see if the attribute exists and convert string to symbol for hash key
70
+ acceptable_attribute_map = self.class.acceptable_attribute_map
59
71
  attributes = attributes.each_with_object({}) { |(k, v), h|
60
- if (!self.class.attribute_map.key?(k.to_sym))
61
- fail ArgumentError, "`#{k}` is not a valid attribute in `IbmCloudIam::MFARequirementsResponse`. Please check the name to make sure it's valid. List of attributes: " + self.class.attribute_map.keys.inspect
72
+ if (!acceptable_attribute_map.key?(k.to_sym))
73
+ fail ArgumentError, "`#{k}` is not a valid attribute in `IbmCloudIam::MFARequirementsResponse`. Please check the name to make sure it's valid. List of attributes: " + acceptable_attribute_map.keys.inspect
62
74
  end
63
75
  h[k.to_sym] = v
64
76
  }
65
77
 
66
78
  if attributes.key?(:'error')
67
79
  self.error = attributes[:'error']
80
+ else
81
+ self.error = nil
68
82
  end
69
83
 
70
84
  if attributes.key?(:'code')
71
85
  self.code = attributes[:'code']
86
+ else
87
+ self.code = nil
72
88
  end
73
89
 
74
90
  if attributes.key?(:'authorization_token')
75
91
  self.authorization_token = attributes[:'authorization_token']
92
+ else
93
+ self.authorization_token = nil
76
94
  end
77
95
  end
78
96
 
79
97
  # Show invalid properties with the reasons. Usually used together with valid?
80
98
  # @return Array for valid properties with the reasons
81
99
  def list_invalid_properties
100
+ warn '[DEPRECATED] the `list_invalid_properties` method is obsolete'
82
101
  invalid_properties = Array.new
83
102
  if @error.nil?
84
103
  invalid_properties.push('invalid value for "error", error cannot be nil.')
@@ -98,12 +117,43 @@ module IbmCloudIam
98
117
  # Check to see if the all the properties in the model are valid
99
118
  # @return true if the model is valid
100
119
  def valid?
120
+ warn '[DEPRECATED] the `valid?` method is obsolete'
101
121
  return false if @error.nil?
102
122
  return false if @code.nil?
103
123
  return false if @authorization_token.nil?
104
124
  true
105
125
  end
106
126
 
127
+ # Custom attribute writer method with validation
128
+ # @param [Object] error Value to be assigned
129
+ def error=(error)
130
+ if error.nil?
131
+ fail ArgumentError, 'error cannot be nil'
132
+ end
133
+
134
+ @error = error
135
+ end
136
+
137
+ # Custom attribute writer method with validation
138
+ # @param [Object] code Value to be assigned
139
+ def code=(code)
140
+ if code.nil?
141
+ fail ArgumentError, 'code cannot be nil'
142
+ end
143
+
144
+ @code = code
145
+ end
146
+
147
+ # Custom attribute writer method with validation
148
+ # @param [Object] authorization_token Value to be assigned
149
+ def authorization_token=(authorization_token)
150
+ if authorization_token.nil?
151
+ fail ArgumentError, 'authorization_token cannot be nil'
152
+ end
153
+
154
+ @authorization_token = authorization_token
155
+ end
156
+
107
157
  # Checks equality by comparing each attribute.
108
158
  # @param [Object] Object to be compared
109
159
  def ==(o)
@@ -130,82 +180,23 @@ module IbmCloudIam
130
180
  # @param [Hash] attributes Model attributes in the form of hash
131
181
  # @return [Object] Returns the model itself
132
182
  def self.build_from_hash(attributes)
133
- new.build_from_hash(attributes)
134
- end
135
-
136
- # Builds the object from hash
137
- # @param [Hash] attributes Model attributes in the form of hash
138
- # @return [Object] Returns the model itself
139
- def build_from_hash(attributes)
140
183
  return nil unless attributes.is_a?(Hash)
141
- self.class.openapi_types.each_pair do |key, type|
142
- if type =~ /\AArray<(.*)>/i
184
+ attributes = attributes.transform_keys(&:to_sym)
185
+ transformed_hash = {}
186
+ openapi_types.each_pair do |key, type|
187
+ if attributes.key?(attribute_map[key]) && attributes[attribute_map[key]].nil?
188
+ transformed_hash["#{key}"] = nil
189
+ elsif type =~ /\AArray<(.*)>/i
143
190
  # check to ensure the input is an array given that the attribute
144
191
  # is documented as an array but the input is not
145
- if attributes[self.class.attribute_map[key]].is_a?(Array)
146
- self.send("#{key}=", attributes[self.class.attribute_map[key]].map { |v| _deserialize($1, v) })
147
- end
148
- elsif !attributes[self.class.attribute_map[key]].nil?
149
- self.send("#{key}=", _deserialize(type, attributes[self.class.attribute_map[key]]))
150
- elsif attributes[self.class.attribute_map[key]].nil? && self.class.openapi_nullable.include?(key)
151
- self.send("#{key}=", nil)
152
- end
153
- end
154
-
155
- self
156
- end
157
-
158
- # Deserializes the data based on type
159
- # @param string type Data type
160
- # @param string value Value to be deserialized
161
- # @return [Object] Deserialized data
162
- def _deserialize(type, value)
163
- case type.to_sym
164
- when :DateTime
165
- DateTime.parse(value)
166
- when :Date
167
- Date.parse(value)
168
- when :String
169
- value.to_s
170
- when :Integer
171
- value.to_i
172
- when :Float
173
- value.to_f
174
- when :Boolean
175
- if value.to_s =~ /\A(true|t|yes|y|1)\z/i
176
- true
177
- else
178
- false
179
- end
180
- when :Object
181
- # generic object (usually a Hash), return directly
182
- value
183
- when /\AArray<(?<inner_type>.+)>\z/
184
- inner_type = Regexp.last_match[:inner_type]
185
- value.map { |v| _deserialize(inner_type, v) }
186
- when /\AHash<(?<k_type>.+?), (?<v_type>.+)>\z/
187
- k_type = Regexp.last_match[:k_type]
188
- v_type = Regexp.last_match[:v_type]
189
- {}.tap do |hash|
190
- value.each do |k, v|
191
- hash[_deserialize(k_type, k)] = _deserialize(v_type, v)
192
+ if attributes[attribute_map[key]].is_a?(Array)
193
+ transformed_hash["#{key}"] = attributes[attribute_map[key]].map { |v| _deserialize($1, v) }
192
194
  end
195
+ elsif !attributes[attribute_map[key]].nil?
196
+ transformed_hash["#{key}"] = _deserialize(type, attributes[attribute_map[key]])
193
197
  end
194
- else # model
195
- IbmCloudIam.const_get(type).build_from_hash(value)
196
198
  end
197
- end
198
-
199
- # Returns the string representation of the object
200
- # @return [String] String presentation of the object
201
- def to_s
202
- to_hash.to_s
203
- end
204
-
205
- # to_body is an alias to to_hash (backward compatibility)
206
- # @return [Hash] Returns the object in the form of hash
207
- def to_body
208
- to_hash
199
+ new(transformed_hash)
209
200
  end
210
201
 
211
202
  # Returns the object in the form of hash
@@ -218,28 +209,12 @@ module IbmCloudIam
218
209
  is_nullable = self.class.openapi_nullable.include?(attr)
219
210
  next if !is_nullable || (is_nullable && !instance_variable_defined?(:"@#{attr}"))
220
211
  end
221
-
212
+
222
213
  hash[param] = _to_hash(value)
223
214
  end
224
215
  hash
225
216
  end
226
217
 
227
- # Outputs non-array value in the form of hash
228
- # For object, use to_hash. Otherwise, just return the value
229
- # @param [Object] value Any valid value
230
- # @return [Hash] Returns the value in the form of hash
231
- def _to_hash(value)
232
- if value.is_a?(Array)
233
- value.compact.map { |v| _to_hash(v) }
234
- elsif value.is_a?(Hash)
235
- {}.tap do |hash|
236
- value.each { |k, v| hash[k] = _to_hash(v) }
237
- end
238
- elsif value.respond_to? :to_hash
239
- value.to_hash
240
- else
241
- value
242
- end
243
- end
244
218
  end
219
+
245
220
  end