@ibm-cloud/secrets-manager 2.0.2 → 2.0.3

package/CHANGELOG.md

@@ -1,3 +1,5 @@
+## [2.0.3](https://github.com/IBM/secrets-manager-node-sdk/compare/v2.0.2...v2.0.3) (2024-02-07)
+
 ## [2.0.2](https://github.com/IBM/secrets-manager-node-sdk/compare/v2.0.1...v2.0.2) (2023-12-11)
 
 ## [2.0.1](https://github.com/IBM/secrets-manager-node-sdk/compare/v2.0.0...v2.0.1) (2023-09-19)

package/README.md

@@ -227,8 +227,7 @@ npm test
 
 ## Questions
 
-If you're having difficulties using this SDK, you can ask questions about this project by
-using [Stack Overflow](https://stackoverflow.com/questions/tagged/ibm-secrets-manager). Be sure to include
+If you're having difficulties using this SDK, you can ask questions about this project by using [Stack Overflow](https://stackoverflow.com/questions/tagged/ibm-secrets-manager). Be sure to include
 the `ibm-cloud` and `ibm-secrets-manager` tags.
 
 You can also check out the [Secrets Manager documentation](https://cloud.ibm.com/docs/secrets-manager)

package/examples/secrets-manager.v2.test.js

@@ -2,7 +2,7 @@
  * @jest-environment node
  */
 /**
- * (C) Copyright IBM Corp. 2023.
+ * (C) Copyright IBM Corp. 2024.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@ibm-cloud/secrets-manager",
-  "version": "2.0.2",
+  "version": "2.0.3",
   "description": "Client library for IBM Cloud Secrets Manager",
   "repository": {
     "type": "git",
@@ -36,7 +36,7 @@
   },
   "dependencies": {
     "extend": "^3.0.2",
-    "ibm-cloud-sdk-core": "^4.1.2"
+    "ibm-cloud-sdk-core": "^4.2.2"
   },
   "jest": {
     "collectCoverage": true,

package/secrets-manager/v2.d.ts

@@ -1,5 +1,5 @@
 /**
- * (C) Copyright IBM Corp. 2023.
+ * (C) Copyright IBM Corp. 2024.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -53,7 +53,7 @@ declare class SecretsManagerV2 extends BaseService {
      * @param {UserOptions} [options] - The parameters to send to the service.
      * @param {string} [options.serviceName] - The name of the service to configure
      * @param {Authenticator} [options.authenticator] - The Authenticator object used to authenticate requests to the service
-     * @param {string} [options.serviceUrl] - The URL for the service
+     * @param {string} [options.serviceUrl] - The base URL for the service
      * @returns {SecretsManagerV2}
      */
     static newInstance(options: UserOptions): SecretsManagerV2;
@@ -61,7 +61,7 @@ declare class SecretsManagerV2 extends BaseService {
      * Construct a SecretsManagerV2 object.
      *
      * @param {Object} options - Options for the service.
-     * @param {string} [options.serviceUrl] - The base url to use when contacting the service. The base url may differ between IBM Cloud regions.
+     * @param {string} [options.serviceUrl] - The base URL for the service
      * @param {OutgoingHttpHeaders} [options.headers] - Default headers that shall be included with every request to the service.
      * @param {Authenticator} options.authenticator - The Authenticator object used to authenticate requests to the service
      * @constructor
@@ -1450,13 +1450,6 @@ declare namespace SecretsManagerV2 {
     /** The details of your configuration. */
     interface ConfigurationPrototype {
     }
-    /** The Cloud Object Storage HMAC keys that are returned after you create a service credentials secret. */
-    interface CosHmacKeys {
-        /** The access key ID for Cloud Object Storage HMAC credentials. */
-        access_key_id?: string;
-        /** The secret access key ID for Cloud Object Storage HMAC credentials. */
-        secret_access_key?: string;
-    }
     /** The details of the Event Notifications registration. */
     interface NotificationsRegistration {
         /** A CRN that uniquely identifies an IBM Cloud resource. */
@@ -1482,6 +1475,39 @@ declare namespace SecretsManagerV2 {
         /** A URL that points to a page in a collection. */
         href: string;
     }
+    /** Policy for auto-generated passwords. */
+    interface PasswordGenerationPolicy {
+        /** The length of auto-generated passwords. */
+        length?: number;
+        /** Include digits in auto-generated passwords. */
+        include_digits?: boolean;
+        /** Include symbols in auto-generated passwords. */
+        include_symbols?: boolean;
+        /** Include uppercase letters in auto-generated passwords. */
+        include_uppercase?: boolean;
+    }
+    /** Policy patch for auto-generated passwords. Policy properties that are included in the patch are updated. Properties that are not included in the patch remain unchanged. */
+    interface PasswordGenerationPolicyPatch {
+        /** The length of auto-generated passwords. */
+        length?: number;
+        /** Include digits in auto-generated passwords. */
+        include_digits?: boolean;
+        /** Include symbols in auto-generated passwords. */
+        include_symbols?: boolean;
+        /** Include uppercase letters in auto-generated passwords. */
+        include_uppercase?: boolean;
+    }
+    /** Policy for auto-generated passwords. */
+    interface PasswordGenerationPolicyRO {
+        /** The length of auto-generated passwords. */
+        length?: number;
+        /** Include digits in auto-generated passwords. */
+        include_digits?: boolean;
+        /** Include symbols in auto-generated passwords. */
+        include_symbols?: boolean;
+        /** Include uppercase letters in auto-generated passwords. */
+        include_uppercase?: boolean;
+    }
     /** The configuration data of your Private Certificate. */
     interface PrivateCertificateCAData {
     }
@@ -1763,10 +1789,6 @@ declare namespace SecretsManagerV2 {
          *  field to understand the duration of the lease.
          */
         apikey?: string;
-        /** The Cloud Object Storage HMAC keys that are returned after you create a service credentials secret. */
-        cos_hmac_keys?: CosHmacKeys;
-        /** The endpoints that are returned after you create a service credentials secret. */
-        endpoints?: string;
         /** The IAM API key description for the generated service credentials. */
         iam_apikey_description?: string;
         /** The IAM API key id for the generated service credentials. */
@@ -1777,8 +1799,8 @@ declare namespace SecretsManagerV2 {
         iam_role_crn?: string;
         /** The IAM Service ID CRN. */
         iam_serviceid_crn?: string;
-        /** The resource instance CRN that is returned after you create a service credentials secret. */
-        resource_instance_id?: string;
+        /** ServiceCredentialsSecretCredentials accepts additional properties. */
+        [propName: string]: any;
     }
     /** The properties that are required to create the service credentials for the specified source service instance. */
     interface ServiceCredentialsSecretSourceService {
@@ -1796,6 +1818,23 @@ declare namespace SecretsManagerV2 {
          *  roles.
          */
         role?: ServiceCredentialsSourceServiceRole;
+    }
+    /** The properties of the resource key that was created for this source service instance. */
+    interface ServiceCredentialsSecretSourceServiceRO {
+        /** The source service instance identifier. */
+        instance: ServiceCredentialsSourceServiceInstance;
+        /** Configuration options represented as key-value pairs. Service-defined options are used in the generation of
+         *  credentials for some services. For example, Cloud Object Storage accepts the optional boolean parameter HMAC for
+         *  creating specific kind of credentials.
+         */
+        parameters?: ServiceCredentialsSourceServiceParameters;
+        /** The service-specific custom role. CRN is accepted. The role is assigned as part of an access policy to any
+         *  auto-generated IAM service ID.  If you provide an existing service ID, it is added to the access policy for that
+         *  ID.  If a role is not provided, any new service IDs that are autogenerated, will not have an assigned access
+         *  policy and provided service IDs are not changed in any way.  Refer to the service documentation for supported
+         *  roles.
+         */
+        role?: ServiceCredentialsSourceServiceRole;
         /** The source service IAM data is returned in case IAM credentials where created for this secret. */
         iam?: ServiceCredentialsSourceServiceIam;
         /** The source service resource key data of the generated service credentials. */
@@ -4207,7 +4246,7 @@ declare namespace SecretsManagerV2 {
         serial_number?: string;
         /** The type of configuration action. */
         action_type: PrivateCertificateConfigurationActionSignIntermediate.Constants.ActionType | string;
-        /** The unique name of your configuration. */
+        /** The name of the intermediate certificate authority configuration. */
         intermediate_certificate_authority: string;
     }
     namespace PrivateCertificateConfigurationActionSignIntermediate {
@@ -4306,7 +4345,7 @@ declare namespace SecretsManagerV2 {
         serial_number?: string;
         /** The type of configuration action. */
         action_type: PrivateCertificateConfigurationActionSignIntermediatePrototype.Constants.ActionType | string;
-        /** The unique name of your configuration. */
+        /** The name of the intermediate certificate authority configuration. */
         intermediate_certificate_authority: string;
     }
     namespace PrivateCertificateConfigurationActionSignIntermediatePrototype {
@@ -6425,8 +6464,8 @@ declare namespace SecretsManagerV2 {
         updated_at: string;
         /** The configuration of the Let's Encrypt CA environment. */
         lets_encrypt_environment: PublicCertificateConfigurationCALetsEncrypt.Constants.LetsEncryptEnvironment | string;
-        /** If the CA offers multiple certificate chains, prefer the chain with an issuer matching this Subject Common
-         *  Name. If no match, the default offered chain will be used.
+        /** This field supports only the chains that Let's Encrypt provides. Keep empty to use the default or supply a
+         *  valid Let's Encrypt-provided value. For a list of supported chains, see: https://letsencrypt.org/certificates/.
          */
         lets_encrypt_preferred_chain?: string;
         /** The PEM-encoded private key of your Let's Encrypt account. The data must be formatted on a single line with
@@ -6486,8 +6525,8 @@ declare namespace SecretsManagerV2 {
         updated_at: string;
         /** The configuration of the Let's Encrypt CA environment. */
         lets_encrypt_environment: PublicCertificateConfigurationCALetsEncryptMetadata.Constants.LetsEncryptEnvironment | string;
-        /** If the CA offers multiple certificate chains, prefer the chain with an issuer matching this Subject Common
-         *  Name. If no match, the default offered chain will be used.
+        /** This field supports only the chains that Let's Encrypt provides. Keep empty to use the default or supply a
+         *  valid Let's Encrypt-provided value. For a list of supported chains, see: https://letsencrypt.org/certificates/.
          */
         lets_encrypt_preferred_chain?: string;
     }
@@ -6529,8 +6568,8 @@ declare namespace SecretsManagerV2 {
          *  embedded newline characters.
          */
         lets_encrypt_private_key?: string;
-        /** If the CA offers multiple certificate chains, prefer the chain with an issuer matching this Subject Common
-         *  Name. If no match, the default offered chain will be used.
+        /** This field supports only the chains that Let's Encrypt provides. Keep empty to use the default or supply a
+         *  valid Let's Encrypt-provided value. For a list of supported chains, see: https://letsencrypt.org/certificates/.
          */
         lets_encrypt_preferred_chain?: string;
     }
@@ -6562,8 +6601,8 @@ declare namespace SecretsManagerV2 {
          *  embedded newline characters.
          */
         lets_encrypt_private_key: string;
-        /** If the CA offers multiple certificate chains, prefer the chain with an issuer matching this Subject Common
-         *  Name. If no match, the default offered chain will be used.
+        /** This field supports only the chains that Let's Encrypt provides. Keep empty to use the default or supply a
+         *  valid Let's Encrypt-provided value. For a list of supported chains, see: https://letsencrypt.org/certificates/.
          */
         lets_encrypt_preferred_chain?: string;
     }
@@ -6765,16 +6804,22 @@ declare namespace SecretsManagerV2 {
         created_at: string;
         /** The date when a resource was modified. The date format follows `RFC 3339`. */
         updated_at: string;
-        /** An IBM Cloud API key that can to list domains in your Cloud Internet Services instance.
+        /** An IBM Cloud API key that can list domains in your Cloud Internet Services instance and add DNS records.
          *
          *  To grant Secrets Manager the ability to view the Cloud Internet Services instance and all of its domains, the
-         *  API key must be assigned the Reader service role on Internet Services (`internet-svcs`).
+         *  API key must be assigned the Reader service role on Internet Services (`internet-svcs`). In order to add DNS
+         *  records you need to assign the Manager role.
          *
-         *  If you need to manage specific domains, you can assign the Manager role. For production environments, it is
-         *  recommended that you assign the Reader access role, and then use the
+         *  If you want to manage specific domains, you can assign the Manager role for this specific domain.  For
+         *  production environments, it is recommended that you assign the Reader access role, and then use the
          *  [IAM Policy Management API](https://cloud.ibm.com/apidocs/iam-policy-management#create-policy) to control
-         *  specific domains. For more information, see the
-         *  [docs](https://cloud.ibm.com/docs/secrets-manager?topic=secrets-manager-prepare-order-certificates#authorize-specific-domains).
+         *  specific domains.
+         *
+         *  If an IBM Cloud API key value is empty Secrets Manager tries to access your Cloud Internet Services instance
+         *  with service-to-service authorization.
+         *
+         *  For more information, see the
+         *  [docs](https://cloud.ibm.com/docs/secrets-manager?topic=secrets-manager-prepare-order-certificates#authorize-cis).
          */
         cloud_internet_services_apikey?: string;
         /** A CRN that uniquely identifies an IBM Cloud resource. */
@@ -6853,16 +6898,22 @@ declare namespace SecretsManagerV2 {
     }
     /** The configuration update of the Cloud Internet Services DNS. */
     interface PublicCertificateConfigurationDNSCloudInternetServicesPatch extends ConfigurationPatch {
-        /** An IBM Cloud API key that can to list domains in your Cloud Internet Services instance.
+        /** An IBM Cloud API key that can list domains in your Cloud Internet Services instance and add DNS records.
          *
          *  To grant Secrets Manager the ability to view the Cloud Internet Services instance and all of its domains, the
-         *  API key must be assigned the Reader service role on Internet Services (`internet-svcs`).
+         *  API key must be assigned the Reader service role on Internet Services (`internet-svcs`). In order to add DNS
+         *  records you need to assign the Manager role.
          *
-         *  If you need to manage specific domains, you can assign the Manager role. For production environments, it is
-         *  recommended that you assign the Reader access role, and then use the
+         *  If you want to manage specific domains, you can assign the Manager role for this specific domain.  For
+         *  production environments, it is recommended that you assign the Reader access role, and then use the
          *  [IAM Policy Management API](https://cloud.ibm.com/apidocs/iam-policy-management#create-policy) to control
-         *  specific domains. For more information, see the
-         *  [docs](https://cloud.ibm.com/docs/secrets-manager?topic=secrets-manager-prepare-order-certificates#authorize-specific-domains).
+         *  specific domains.
+         *
+         *  If an IBM Cloud API key value is empty Secrets Manager tries to access your Cloud Internet Services instance
+         *  with service-to-service authorization.
+         *
+         *  For more information, see the
+         *  [docs](https://cloud.ibm.com/docs/secrets-manager?topic=secrets-manager-prepare-order-certificates#authorize-cis).
          */
         cloud_internet_services_apikey: string;
         /** A CRN that uniquely identifies an IBM Cloud resource. */
@@ -6881,16 +6932,22 @@ declare namespace SecretsManagerV2 {
          *  To protect your privacy, do not use personal data, such as your name or location, as an name for your secret.
          */
         name: string;
-        /** An IBM Cloud API key that can to list domains in your Cloud Internet Services instance.
+        /** An IBM Cloud API key that can list domains in your Cloud Internet Services instance and add DNS records.
          *
          *  To grant Secrets Manager the ability to view the Cloud Internet Services instance and all of its domains, the
-         *  API key must be assigned the Reader service role on Internet Services (`internet-svcs`).
+         *  API key must be assigned the Reader service role on Internet Services (`internet-svcs`). In order to add DNS
+         *  records you need to assign the Manager role.
          *
-         *  If you need to manage specific domains, you can assign the Manager role. For production environments, it is
-         *  recommended that you assign the Reader access role, and then use the
+         *  If you want to manage specific domains, you can assign the Manager role for this specific domain.  For
+         *  production environments, it is recommended that you assign the Reader access role, and then use the
          *  [IAM Policy Management API](https://cloud.ibm.com/apidocs/iam-policy-management#create-policy) to control
-         *  specific domains. For more information, see the
-         *  [docs](https://cloud.ibm.com/docs/secrets-manager?topic=secrets-manager-prepare-order-certificates#authorize-specific-domains).
+         *  specific domains.
+         *
+         *  If an IBM Cloud API key value is empty Secrets Manager tries to access your Cloud Internet Services instance
+         *  with service-to-service authorization.
+         *
+         *  For more information, see the
+         *  [docs](https://cloud.ibm.com/docs/secrets-manager?topic=secrets-manager-prepare-order-certificates#authorize-cis).
          */
         cloud_internet_services_apikey?: string;
         /** A CRN that uniquely identifies an IBM Cloud resource. */
@@ -7346,10 +7403,8 @@ declare namespace SecretsManagerV2 {
          *  optional. If it is set the minimum duration is 1 day. The maximum is 90 days. By default, the TTL is set to 0.
          */
         ttl?: string;
-        /** The properties that are required to create the service credentials for the specified source service
-         *  instance.
-         */
-        source_service: ServiceCredentialsSecretSourceService;
+        /** The properties of the resource key that was created for this source service instance. */
+        source_service: ServiceCredentialsSecretSourceServiceRO;
         /** The properties of the service credentials secret payload. */
         credentials: ServiceCredentialsSecretCredentials;
     }
@@ -7443,10 +7498,8 @@ declare namespace SecretsManagerV2 {
          *  optional. If it is set the minimum duration is 1 day. The maximum is 90 days. By default, the TTL is set to 0.
          */
         ttl?: string;
-        /** The properties that are required to create the service credentials for the specified source service
-         *  instance.
-         */
-        source_service: ServiceCredentialsSecretSourceService;
+        /** The properties of the resource key that was created for this source service instance. */
+        source_service: ServiceCredentialsSecretSourceServiceRO;
     }
     namespace ServiceCredentialsSecretMetadata {
         namespace Constants {
@@ -7758,6 +7811,8 @@ declare namespace SecretsManagerV2 {
          *  for secrets that can be auto-rotated and an existing rotation policy.
          */
         next_rotation_date?: string;
+        /** Policy for auto-generated passwords. */
+        password_generation_policy?: PasswordGenerationPolicyRO;
         /** The username that is assigned to an `username_password` secret. */
         username: string;
         /** The password that is assigned to an `username_password` secret. */
@@ -7849,6 +7904,8 @@ declare namespace SecretsManagerV2 {
          *  for secrets that can be auto-rotated and an existing rotation policy.
          */
         next_rotation_date?: string;
+        /** Policy for auto-generated passwords. */
+        password_generation_policy?: PasswordGenerationPolicyRO;
     }
     namespace UsernamePasswordSecretMetadata {
         namespace Constants {
@@ -7903,6 +7960,10 @@ declare namespace SecretsManagerV2 {
          *  types: Arbitrary, username_password.
          */
         expiration_date?: string;
+        /** Policy patch for auto-generated passwords. Policy properties that are included in the patch are updated.
+         *  Properties that are not included in the patch remain unchanged.
+         */
+        password_generation_policy?: PasswordGenerationPolicyPatch;
     }
     /** UsernamePasswordSecretPrototype. */
     interface UsernamePasswordSecretPrototype extends SecretPrototype {
@@ -7932,8 +7993,10 @@ declare namespace SecretsManagerV2 {
         labels?: string[];
         /** The username that is assigned to an `username_password` secret. */
         username: string;
-        /** The password that is assigned to an `username_password` secret. */
-        password: string;
+        /** The password that is assigned to an `username_password` secret. If you omit this parameter, Secrets Manager
+         *  generates a new random password for your secret.
+         */
+        password?: string;
         /** The date when the secret material expires. The date format follows the `RFC 3339` format. Supported secret
          *  types: Arbitrary, username_password.
          */
@@ -7946,6 +8009,8 @@ declare namespace SecretsManagerV2 {
          *  username_password, private_cert, public_cert, iam_credentials.
          */
         rotation?: RotationPolicy;
+        /** Policy for auto-generated passwords. */
+        password_generation_policy?: PasswordGenerationPolicy;
     }
     namespace UsernamePasswordSecretPrototype {
         namespace Constants {
@@ -8074,7 +8139,9 @@ declare namespace SecretsManagerV2 {
     }
     /** UsernamePasswordSecretVersionPrototype. */
     interface UsernamePasswordSecretVersionPrototype extends SecretVersionPrototype {
-        /** The password that is assigned to an `username_password` secret. */
+        /** The password that is assigned to an `username_password` secret. If you omit this parameter, Secrets Manager
+         *  generates a new random password for your secret.
+         */
         password?: string;
         /** The secret metadata that a user can customize. */
         custom_metadata?: JsonObject;

package/secrets-manager/v2.js

@@ -1,6 +1,6 @@
 "use strict";
 /**
- * (C) Copyright IBM Corp. 2023.
+ * (C) Copyright IBM Corp. 2024.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -77,7 +77,7 @@ var __generator = (this && this.__generator) || function (thisArg, body) {
     }
 };
 /**
- * IBM OpenAPI SDK Code Generator Version: 3.82.1-2082d402-20231115-195014
+ * IBM OpenAPI SDK Code Generator Version: 3.84.2-a032c73d-20240125-175315
  */
 /* eslint-disable max-classes-per-file */
 /* eslint-disable no-await-in-loop */
@@ -97,7 +97,7 @@ var SecretsManagerV2 = /** @class */ (function (_super) {
      * Construct a SecretsManagerV2 object.
      *
      * @param {Object} options - Options for the service.
-     * @param {string} [options.serviceUrl] - The base url to use when contacting the service. The base url may differ between IBM Cloud regions.
+     * @param {string} [options.serviceUrl] - The base URL for the service
      * @param {OutgoingHttpHeaders} [options.headers] - Default headers that shall be included with every request to the service.
      * @param {Authenticator} options.authenticator - The Authenticator object used to authenticate requests to the service
      * @constructor
@@ -142,7 +142,7 @@ var SecretsManagerV2 = /** @class */ (function (_super) {
      * @param {UserOptions} [options] - The parameters to send to the service.
      * @param {string} [options.serviceName] - The name of the service to configure
      * @param {Authenticator} [options.authenticator] - The Authenticator object used to authenticate requests to the service
-     * @param {string} [options.serviceUrl] - The URL for the service
+     * @param {string} [options.serviceUrl] - The base URL for the service
      * @returns {SecretsManagerV2}
      */
     SecretsManagerV2.newInstance = function (options) {