ibm-platform-services 0.68.3__py3-none-any.whl → 0.70.0__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. ibm_platform_services/iam_identity_v1.py +595 -616
  2. ibm_platform_services/iam_policy_management_v1.py +5245 -2854
  3. ibm_platform_services/version.py +1 -1
  4. {ibm_platform_services-0.68.3.dist-info → ibm_platform_services-0.70.0.dist-info}/METADATA +2 -2
  5. {ibm_platform_services-0.68.3.dist-info → ibm_platform_services-0.70.0.dist-info}/RECORD +8 -8
  6. {ibm_platform_services-0.68.3.dist-info → ibm_platform_services-0.70.0.dist-info}/WHEEL +0 -0
  7. {ibm_platform_services-0.68.3.dist-info → ibm_platform_services-0.70.0.dist-info}/licenses/LICENSE +0 -0
  8. {ibm_platform_services-0.68.3.dist-info → ibm_platform_services-0.70.0.dist-info}/top_level.txt +0 -0
ibm_platform_services/iam_identity_v1.py CHANGED
@@ -14,7 +14,7 @@
14
14
  # See the License for the specific language governing permissions and
15
15
  # limitations under the License.
16
16
 
17
- # IBM OpenAPI SDK Code Generator Version: 3.106.0-09823488-20250707-071701
17
+ # IBM OpenAPI SDK Code Generator Version: 3.107.1-41b0fbd0-20250825-080732
18
18
 
19
19
  """
20
20
  The IAM Identity Service API allows for the management of Account Settings and Identities
@@ -2792,6 +2792,7 @@ class IamIdentityV1(BaseService):
2792
2792
  account_id: str,
2793
2793
  *,
2794
2794
  include_history: Optional[bool] = None,
2795
+ resolve_user_mfa: Optional[bool] = None,
2795
2796
  **kwargs,
2796
2797
  ) -> DetailedResponse:
2797
2798
  """
@@ -2802,6 +2803,8 @@ class IamIdentityV1(BaseService):
2802
2803
  :param str account_id: Unique ID of the account.
2803
2804
  :param bool include_history: (optional) Defines if the entity history is
2804
2805
  included in the response.
2806
+ :param bool resolve_user_mfa: (optional) Enrich MFA exemptions with user
2807
+ PI.
2805
2808
  :param dict headers: A `dict` containing the request headers
2806
2809
  :return: A `DetailedResponse` containing the result, headers and HTTP status code.
2807
2810
  :rtype: DetailedResponse with `dict` result representing a `AccountSettingsResponse` object
@@ -2819,6 +2822,7 @@ class IamIdentityV1(BaseService):
2819
2822
 
2820
2823
  params = {
2821
2824
  'include_history': include_history,
2825
+ 'resolve_user_mfa': resolve_user_mfa,
2822
2826
  }
2823
2827
 
2824
2828
  if 'headers' in kwargs:
@@ -2847,14 +2851,16 @@ class IamIdentityV1(BaseService):
2847
2851
  *,
2848
2852
  restrict_create_service_id: Optional[str] = None,
2849
2853
  restrict_create_platform_apikey: Optional[str] = None,
2854
+ restrict_user_list_visibility: Optional[str] = None,
2855
+ restrict_user_domains: Optional[List['AccountSettingsUserDomainRestriction']] = None,
2850
2856
  allowed_ip_addresses: Optional[str] = None,
2851
2857
  mfa: Optional[str] = None,
2852
- user_mfa: Optional[List['AccountSettingsUserMFA']] = None,
2853
2858
  session_expiration_in_seconds: Optional[str] = None,
2854
2859
  session_invalidation_in_seconds: Optional[str] = None,
2855
2860
  max_sessions_per_identity: Optional[str] = None,
2856
2861
  system_access_token_expiration_in_seconds: Optional[str] = None,
2857
2862
  system_refresh_token_expiration_in_seconds: Optional[str] = None,
2863
+ user_mfa: Optional[List['UserMfa']] = None,
2858
2864
  **kwargs,
2859
2865
  ) -> DetailedResponse:
2860
2866
  """
@@ -2871,21 +2877,31 @@ class IamIdentityV1(BaseService):
2871
2877
  updates.
2872
2878
  :param str account_id: The id of the account to update the settings for.
2873
2879
  :param str restrict_create_service_id: (optional) Defines whether or not
2874
- creating a service ID is access controlled. Valid values:
2880
+ creating the resource is access controlled. Valid values:
2875
2881
  * RESTRICTED - only users assigned the 'Service ID creator' role on the
2876
2882
  IAM Identity Service can create service IDs, including the account owner
2877
2883
  * NOT_RESTRICTED - all members of an account can create service IDs
2878
2884
  * NOT_SET - to 'unset' a previous set value.
2879
2885
  :param str restrict_create_platform_apikey: (optional) Defines whether or
2880
- not creating platform API keys is access controlled. Valid values:
2881
- * RESTRICTED - only users assigned the 'User API key creator' role on the
2882
- IAM Identity Service can create API keys, including the account owner
2883
- * NOT_RESTRICTED - all members of an account can create platform API keys
2886
+ not creating the resource is access controlled. Valid values:
2887
+ * RESTRICTED - only users assigned the 'Service ID creator' role on the
2888
+ IAM Identity Service can create service IDs, including the account owner
2889
+ * NOT_RESTRICTED - all members of an account can create service IDs
2884
2890
  * NOT_SET - to 'unset' a previous set value.
2891
+ :param str restrict_user_list_visibility: (optional) Defines whether or not
2892
+ user visibility is access controlled. Valid values:
2893
+ * RESTRICTED - users can view only specific types of users in the
2894
+ account, such as those the user has invited to the account, or descendants
2895
+ of those users based on the classic infrastructure hierarchy
2896
+ * NOT_RESTRICTED - any user in the account can view other users from the
2897
+ Users page in IBM Cloud console.
2898
+ :param List[AccountSettingsUserDomainRestriction] restrict_user_domains:
2899
+ (optional) Defines if account invitations are restricted to specified
2900
+ domains. To remove an entry for a realm_id, perform an update (PUT) request
2901
+ with only the realm_id set.
2885
2902
  :param str allowed_ip_addresses: (optional) Defines the IP addresses and
2886
2903
  subnets from which IAM tokens can be created for the account.
2887
- :param str mfa: (optional) Defines the MFA trait for the account. Valid
2888
- values:
2904
+ :param str mfa: (optional) MFA trait definitions as follows:
2889
2905
  * NONE - No MFA trait set
2890
2906
  * NONE_NO_ROPC- No MFA, disable CLI logins with only a password
2891
2907
  * TOTP - For all non-federated IBMId users
@@ -2893,8 +2909,6 @@ class IamIdentityV1(BaseService):
2893
2909
  * LEVEL1 - Email-based MFA for all users
2894
2910
  * LEVEL2 - TOTP-based MFA for all users
2895
2911
  * LEVEL3 - U2F MFA for all users.
2896
- :param List[AccountSettingsUserMFA] user_mfa: (optional) List of users that
2897
- are exempted from the MFA requirement of the account.
2898
2912
  :param str session_expiration_in_seconds: (optional) Defines the session
2899
2913
  expiration in seconds for the account. Valid values:
2900
2914
  * Any whole number between between '900' and '86400'
@@ -2905,7 +2919,7 @@ class IamIdentityV1(BaseService):
2905
2919
  * Any whole number between '900' and '7200'
2906
2920
  * NOT_SET - To unset account setting and use service default.
2907
2921
  :param str max_sessions_per_identity: (optional) Defines the max allowed
2908
- sessions per identity required by the account. Value values:
2922
+ sessions per identity required by the account. Valid values:
2909
2923
  * Any whole number greater than 0
2910
2924
  * NOT_SET - To unset account setting and use service default.
2911
2925
  :param str system_access_token_expiration_in_seconds: (optional) Defines
@@ -2916,6 +2930,8 @@ class IamIdentityV1(BaseService):
2916
2930
  the refresh token expiration in seconds. Valid values:
2917
2931
  * Any whole number between '900' and '259200'
2918
2932
  * NOT_SET - To unset account setting and use service default.
2933
+ :param List[UserMfa] user_mfa: (optional) List of users that are exempted
2934
+ from the MFA requirement of the account.
2919
2935
  :param dict headers: A `dict` containing the request headers
2920
2936
  :return: A `DetailedResponse` containing the result, headers and HTTP status code.
2921
2937
  :rtype: DetailedResponse with `dict` result representing a `AccountSettingsResponse` object
@@ -2925,6 +2941,8 @@ class IamIdentityV1(BaseService):
2925
2941
  raise ValueError('if_match must be provided')
2926
2942
  if not account_id:
2927
2943
  raise ValueError('account_id must be provided')
2944
+ if restrict_user_domains is not None:
2945
+ restrict_user_domains = [convert_model(x) for x in restrict_user_domains]
2928
2946
  if user_mfa is not None:
2929
2947
  user_mfa = [convert_model(x) for x in user_mfa]
2930
2948
  headers = {
@@ -2940,14 +2958,16 @@ class IamIdentityV1(BaseService):
2940
2958
  data = {
2941
2959
  'restrict_create_service_id': restrict_create_service_id,
2942
2960
  'restrict_create_platform_apikey': restrict_create_platform_apikey,
2961
+ 'restrict_user_list_visibility': restrict_user_list_visibility,
2962
+ 'restrict_user_domains': restrict_user_domains,
2943
2963
  'allowed_ip_addresses': allowed_ip_addresses,
2944
2964
  'mfa': mfa,
2945
- 'user_mfa': user_mfa,
2946
2965
  'session_expiration_in_seconds': session_expiration_in_seconds,
2947
2966
  'session_invalidation_in_seconds': session_invalidation_in_seconds,
2948
2967
  'max_sessions_per_identity': max_sessions_per_identity,
2949
2968
  'system_access_token_expiration_in_seconds': system_access_token_expiration_in_seconds,
2950
2969
  'system_refresh_token_expiration_in_seconds': system_refresh_token_expiration_in_seconds,
2970
+ 'user_mfa': user_mfa,
2951
2971
  }
2952
2972
  data = {k: v for (k, v) in data.items() if v is not None}
2953
2973
  data = json.dumps(data)
@@ -5727,314 +5747,39 @@ class AccountBasedMfaEnrollment:
5727
5747
  return not self == other
5728
5748
 
5729
5749
 
5730
- class AccountSettingsAccountSection:
5750
+ class AccountSettingsAssignedTemplatesSection:
5731
5751
  """
5732
- AccountSettingsAccountSection.
5752
+ Response body format for Account Settings REST requests.
5733
5753
 
5734
- :param str account_id: (optional) Unique ID of the account.
5754
+ :param str template_id: Template Id.
5755
+ :param int template_version: Template version.
5756
+ :param str template_name: Template name.
5735
5757
  :param str restrict_create_service_id: (optional) Defines whether or not
5736
- creating a service ID is access controlled. Valid values:
5758
+ creating the resource is access controlled. Valid values:
5737
5759
  * RESTRICTED - only users assigned the 'Service ID creator' role on the IAM
5738
5760
  Identity Service can create service IDs, including the account owner
5739
5761
  * NOT_RESTRICTED - all members of an account can create service IDs
5740
5762
  * NOT_SET - to 'unset' a previous set value.
5741
5763
  :param str restrict_create_platform_apikey: (optional) Defines whether or not
5742
- creating platform API keys is access controlled. Valid values:
5743
- * RESTRICTED - to apply access control
5744
- * NOT_RESTRICTED - to remove access control
5745
- * NOT_SET - to 'unset' a previous set value.
5746
- :param str allowed_ip_addresses: (optional) Defines the IP addresses and subnets
5747
- from which IAM tokens can be created for the account.
5748
- :param str mfa: (optional) Defines the MFA requirement for the user. Valid
5749
- values:
5750
- * NONE - No MFA trait set
5751
- * NONE_NO_ROPC- No MFA, disable CLI logins with only a password
5752
- * TOTP - For all non-federated IBMId users
5753
- * TOTP4ALL - For all users
5754
- * LEVEL1 - Email-based MFA for all users
5755
- * LEVEL2 - TOTP-based MFA for all users
5756
- * LEVEL3 - U2F MFA for all users.
5757
- :param List[EffectiveAccountSettingsUserMFA] user_mfa: (optional) List of users
5758
- that are exempted from the MFA requirement of the account.
5759
- :param List[EnityHistoryRecord] history: (optional) History of the Account
5760
- Settings.
5761
- :param str session_expiration_in_seconds: (optional) Defines the session
5762
- expiration in seconds for the account. Valid values:
5763
- * Any whole number between between '900' and '86400'
5764
- * NOT_SET - To unset account setting and use service default.
5765
- :param str session_invalidation_in_seconds: (optional) Defines the period of
5766
- time in seconds in which a session will be invalidated due to inactivity. Valid
5767
- values:
5768
- * Any whole number between '900' and '7200'
5769
- * NOT_SET - To unset account setting and use service default.
5770
- :param str max_sessions_per_identity: (optional) Defines the max allowed
5771
- sessions per identity required by the account. Valid values:
5772
- * Any whole number greater than 0
5773
- * NOT_SET - To unset account setting and use service default.
5774
- :param str system_access_token_expiration_in_seconds: (optional) Defines the
5775
- access token expiration in seconds. Valid values:
5776
- * Any whole number between '900' and '3600'
5777
- * NOT_SET - To unset account setting and use service default.
5778
- :param str system_refresh_token_expiration_in_seconds: (optional) Defines the
5779
- refresh token expiration in seconds. Valid values:
5780
- * Any whole number between '900' and '259200'
5781
- * NOT_SET - To unset account setting and use service default.
5782
- """
5783
-
5784
- def __init__(
5785
- self,
5786
- *,
5787
- account_id: Optional[str] = None,
5788
- restrict_create_service_id: Optional[str] = None,
5789
- restrict_create_platform_apikey: Optional[str] = None,
5790
- allowed_ip_addresses: Optional[str] = None,
5791
- mfa: Optional[str] = None,
5792
- user_mfa: Optional[List['EffectiveAccountSettingsUserMFA']] = None,
5793
- history: Optional[List['EnityHistoryRecord']] = None,
5794
- session_expiration_in_seconds: Optional[str] = None,
5795
- session_invalidation_in_seconds: Optional[str] = None,
5796
- max_sessions_per_identity: Optional[str] = None,
5797
- system_access_token_expiration_in_seconds: Optional[str] = None,
5798
- system_refresh_token_expiration_in_seconds: Optional[str] = None,
5799
- ) -> None:
5800
- """
5801
- Initialize a AccountSettingsAccountSection object.
5802
-
5803
- :param str account_id: (optional) Unique ID of the account.
5804
- :param str restrict_create_service_id: (optional) Defines whether or not
5805
- creating a service ID is access controlled. Valid values:
5806
- * RESTRICTED - only users assigned the 'Service ID creator' role on the
5807
- IAM Identity Service can create service IDs, including the account owner
5808
- * NOT_RESTRICTED - all members of an account can create service IDs
5809
- * NOT_SET - to 'unset' a previous set value.
5810
- :param str restrict_create_platform_apikey: (optional) Defines whether or
5811
- not creating platform API keys is access controlled. Valid values:
5812
- * RESTRICTED - to apply access control
5813
- * NOT_RESTRICTED - to remove access control
5814
- * NOT_SET - to 'unset' a previous set value.
5815
- :param str allowed_ip_addresses: (optional) Defines the IP addresses and
5816
- subnets from which IAM tokens can be created for the account.
5817
- :param str mfa: (optional) Defines the MFA requirement for the user. Valid
5818
- values:
5819
- * NONE - No MFA trait set
5820
- * NONE_NO_ROPC- No MFA, disable CLI logins with only a password
5821
- * TOTP - For all non-federated IBMId users
5822
- * TOTP4ALL - For all users
5823
- * LEVEL1 - Email-based MFA for all users
5824
- * LEVEL2 - TOTP-based MFA for all users
5825
- * LEVEL3 - U2F MFA for all users.
5826
- :param List[EffectiveAccountSettingsUserMFA] user_mfa: (optional) List of
5827
- users that are exempted from the MFA requirement of the account.
5828
- :param List[EnityHistoryRecord] history: (optional) History of the Account
5829
- Settings.
5830
- :param str session_expiration_in_seconds: (optional) Defines the session
5831
- expiration in seconds for the account. Valid values:
5832
- * Any whole number between between '900' and '86400'
5833
- * NOT_SET - To unset account setting and use service default.
5834
- :param str session_invalidation_in_seconds: (optional) Defines the period
5835
- of time in seconds in which a session will be invalidated due to
5836
- inactivity. Valid values:
5837
- * Any whole number between '900' and '7200'
5838
- * NOT_SET - To unset account setting and use service default.
5839
- :param str max_sessions_per_identity: (optional) Defines the max allowed
5840
- sessions per identity required by the account. Valid values:
5841
- * Any whole number greater than 0
5842
- * NOT_SET - To unset account setting and use service default.
5843
- :param str system_access_token_expiration_in_seconds: (optional) Defines
5844
- the access token expiration in seconds. Valid values:
5845
- * Any whole number between '900' and '3600'
5846
- * NOT_SET - To unset account setting and use service default.
5847
- :param str system_refresh_token_expiration_in_seconds: (optional) Defines
5848
- the refresh token expiration in seconds. Valid values:
5849
- * Any whole number between '900' and '259200'
5850
- * NOT_SET - To unset account setting and use service default.
5851
- """
5852
- self.account_id = account_id
5853
- self.restrict_create_service_id = restrict_create_service_id
5854
- self.restrict_create_platform_apikey = restrict_create_platform_apikey
5855
- self.allowed_ip_addresses = allowed_ip_addresses
5856
- self.mfa = mfa
5857
- self.user_mfa = user_mfa
5858
- self.history = history
5859
- self.session_expiration_in_seconds = session_expiration_in_seconds
5860
- self.session_invalidation_in_seconds = session_invalidation_in_seconds
5861
- self.max_sessions_per_identity = max_sessions_per_identity
5862
- self.system_access_token_expiration_in_seconds = system_access_token_expiration_in_seconds
5863
- self.system_refresh_token_expiration_in_seconds = system_refresh_token_expiration_in_seconds
5864
-
5865
- @classmethod
5866
- def from_dict(cls, _dict: Dict) -> 'AccountSettingsAccountSection':
5867
- """Initialize a AccountSettingsAccountSection object from a json dictionary."""
5868
- args = {}
5869
- if (account_id := _dict.get('account_id')) is not None:
5870
- args['account_id'] = account_id
5871
- if (restrict_create_service_id := _dict.get('restrict_create_service_id')) is not None:
5872
- args['restrict_create_service_id'] = restrict_create_service_id
5873
- if (restrict_create_platform_apikey := _dict.get('restrict_create_platform_apikey')) is not None:
5874
- args['restrict_create_platform_apikey'] = restrict_create_platform_apikey
5875
- if (allowed_ip_addresses := _dict.get('allowed_ip_addresses')) is not None:
5876
- args['allowed_ip_addresses'] = allowed_ip_addresses
5877
- if (mfa := _dict.get('mfa')) is not None:
5878
- args['mfa'] = mfa
5879
- if (user_mfa := _dict.get('user_mfa')) is not None:
5880
- args['user_mfa'] = [EffectiveAccountSettingsUserMFA.from_dict(v) for v in user_mfa]
5881
- if (history := _dict.get('history')) is not None:
5882
- args['history'] = [EnityHistoryRecord.from_dict(v) for v in history]
5883
- if (session_expiration_in_seconds := _dict.get('session_expiration_in_seconds')) is not None:
5884
- args['session_expiration_in_seconds'] = session_expiration_in_seconds
5885
- if (session_invalidation_in_seconds := _dict.get('session_invalidation_in_seconds')) is not None:
5886
- args['session_invalidation_in_seconds'] = session_invalidation_in_seconds
5887
- if (max_sessions_per_identity := _dict.get('max_sessions_per_identity')) is not None:
5888
- args['max_sessions_per_identity'] = max_sessions_per_identity
5889
- if (
5890
- system_access_token_expiration_in_seconds := _dict.get('system_access_token_expiration_in_seconds')
5891
- ) is not None:
5892
- args['system_access_token_expiration_in_seconds'] = system_access_token_expiration_in_seconds
5893
- if (
5894
- system_refresh_token_expiration_in_seconds := _dict.get('system_refresh_token_expiration_in_seconds')
5895
- ) is not None:
5896
- args['system_refresh_token_expiration_in_seconds'] = system_refresh_token_expiration_in_seconds
5897
- return cls(**args)
5898
-
5899
- @classmethod
5900
- def _from_dict(cls, _dict):
5901
- """Initialize a AccountSettingsAccountSection object from a json dictionary."""
5902
- return cls.from_dict(_dict)
5903
-
5904
- def to_dict(self) -> Dict:
5905
- """Return a json dictionary representing this model."""
5906
- _dict = {}
5907
- if hasattr(self, 'account_id') and self.account_id is not None:
5908
- _dict['account_id'] = self.account_id
5909
- if hasattr(self, 'restrict_create_service_id') and self.restrict_create_service_id is not None:
5910
- _dict['restrict_create_service_id'] = self.restrict_create_service_id
5911
- if hasattr(self, 'restrict_create_platform_apikey') and self.restrict_create_platform_apikey is not None:
5912
- _dict['restrict_create_platform_apikey'] = self.restrict_create_platform_apikey
5913
- if hasattr(self, 'allowed_ip_addresses') and self.allowed_ip_addresses is not None:
5914
- _dict['allowed_ip_addresses'] = self.allowed_ip_addresses
5915
- if hasattr(self, 'mfa') and self.mfa is not None:
5916
- _dict['mfa'] = self.mfa
5917
- if hasattr(self, 'user_mfa') and self.user_mfa is not None:
5918
- user_mfa_list = []
5919
- for v in self.user_mfa:
5920
- if isinstance(v, dict):
5921
- user_mfa_list.append(v)
5922
- else:
5923
- user_mfa_list.append(v.to_dict())
5924
- _dict['user_mfa'] = user_mfa_list
5925
- if hasattr(self, 'history') and self.history is not None:
5926
- history_list = []
5927
- for v in self.history:
5928
- if isinstance(v, dict):
5929
- history_list.append(v)
5930
- else:
5931
- history_list.append(v.to_dict())
5932
- _dict['history'] = history_list
5933
- if hasattr(self, 'session_expiration_in_seconds') and self.session_expiration_in_seconds is not None:
5934
- _dict['session_expiration_in_seconds'] = self.session_expiration_in_seconds
5935
- if hasattr(self, 'session_invalidation_in_seconds') and self.session_invalidation_in_seconds is not None:
5936
- _dict['session_invalidation_in_seconds'] = self.session_invalidation_in_seconds
5937
- if hasattr(self, 'max_sessions_per_identity') and self.max_sessions_per_identity is not None:
5938
- _dict['max_sessions_per_identity'] = self.max_sessions_per_identity
5939
- if (
5940
- hasattr(self, 'system_access_token_expiration_in_seconds')
5941
- and self.system_access_token_expiration_in_seconds is not None
5942
- ):
5943
- _dict['system_access_token_expiration_in_seconds'] = self.system_access_token_expiration_in_seconds
5944
- if (
5945
- hasattr(self, 'system_refresh_token_expiration_in_seconds')
5946
- and self.system_refresh_token_expiration_in_seconds is not None
5947
- ):
5948
- _dict['system_refresh_token_expiration_in_seconds'] = self.system_refresh_token_expiration_in_seconds
5949
- return _dict
5950
-
5951
- def _to_dict(self):
5952
- """Return a json dictionary representing this model."""
5953
- return self.to_dict()
5954
-
5955
- def __str__(self) -> str:
5956
- """Return a `str` version of this AccountSettingsAccountSection object."""
5957
- return json.dumps(self.to_dict(), indent=2)
5958
-
5959
- def __eq__(self, other: 'AccountSettingsAccountSection') -> bool:
5960
- """Return `true` when self and other are equal, false otherwise."""
5961
- if not isinstance(other, self.__class__):
5962
- return False
5963
- return self.__dict__ == other.__dict__
5964
-
5965
- def __ne__(self, other: 'AccountSettingsAccountSection') -> bool:
5966
- """Return `true` when self and other are not equal, false otherwise."""
5967
- return not self == other
5968
-
5969
- class RestrictCreateServiceIdEnum(str, Enum):
5970
- """
5971
- Defines whether or not creating a service ID is access controlled. Valid values:
5972
- * RESTRICTED - only users assigned the 'Service ID creator' role on the IAM
5973
- Identity Service can create service IDs, including the account owner
5974
- * NOT_RESTRICTED - all members of an account can create service IDs
5975
- * NOT_SET - to 'unset' a previous set value.
5976
- """
5977
-
5978
- RESTRICTED = 'RESTRICTED'
5979
- NOT_RESTRICTED = 'NOT_RESTRICTED'
5980
- NOT_SET = 'NOT_SET'
5981
-
5982
- class RestrictCreatePlatformApikeyEnum(str, Enum):
5983
- """
5984
- Defines whether or not creating platform API keys is access controlled. Valid
5985
- values:
5986
- * RESTRICTED - to apply access control
5987
- * NOT_RESTRICTED - to remove access control
5988
- * NOT_SET - to 'unset' a previous set value.
5989
- """
5990
-
5991
- RESTRICTED = 'RESTRICTED'
5992
- NOT_RESTRICTED = 'NOT_RESTRICTED'
5993
- NOT_SET = 'NOT_SET'
5994
-
5995
- class MfaEnum(str, Enum):
5996
- """
5997
- Defines the MFA requirement for the user. Valid values:
5998
- * NONE - No MFA trait set
5999
- * NONE_NO_ROPC- No MFA, disable CLI logins with only a password
6000
- * TOTP - For all non-federated IBMId users
6001
- * TOTP4ALL - For all users
6002
- * LEVEL1 - Email-based MFA for all users
6003
- * LEVEL2 - TOTP-based MFA for all users
6004
- * LEVEL3 - U2F MFA for all users.
6005
- """
6006
-
6007
- NONE = 'NONE'
6008
- NONE_NO_ROPC = 'NONE_NO_ROPC'
6009
- TOTP = 'TOTP'
6010
- TOTP4ALL = 'TOTP4ALL'
6011
- LEVEL1 = 'LEVEL1'
6012
- LEVEL2 = 'LEVEL2'
6013
- LEVEL3 = 'LEVEL3'
6014
-
6015
-
6016
- class AccountSettingsAssignedTemplatesSection:
6017
- """
6018
- AccountSettingsAssignedTemplatesSection.
6019
-
6020
- :param str template_id: (optional) Template Id.
6021
- :param int template_version: (optional) Template version.
6022
- :param str template_name: (optional) Template name.
6023
- :param str restrict_create_service_id: (optional) Defines whether or not
6024
- creating a service ID is access controlled. Valid values:
5764
+ creating the resource is access controlled. Valid values:
6025
5765
  * RESTRICTED - only users assigned the 'Service ID creator' role on the IAM
6026
5766
  Identity Service can create service IDs, including the account owner
6027
5767
  * NOT_RESTRICTED - all members of an account can create service IDs
6028
5768
  * NOT_SET - to 'unset' a previous set value.
6029
- :param str restrict_create_platform_apikey: (optional) Defines whether or not
6030
- creating platform API keys is access controlled. Valid values:
6031
- * RESTRICTED - to apply access control
6032
- * NOT_RESTRICTED - to remove access control
6033
- * NOT_SET - to 'unset' a previous set value.
5769
+ :param str restrict_user_list_visibility: (optional) Defines whether or not user
5770
+ visibility is access controlled. Valid values:
5771
+ * RESTRICTED - users can view only specific types of users in the account,
5772
+ such as those the user has invited to the account, or descendants of those users
5773
+ based on the classic infrastructure hierarchy
5774
+ * NOT_RESTRICTED - any user in the account can view other users from the Users
5775
+ page in IBM Cloud console.
5776
+ :param List[AccountSettingsUserDomainRestriction] restrict_user_domains:
5777
+ (optional) Defines if account invitations are restricted to specified domains.
5778
+ To remove an entry for a realm_id, perform an update (PUT) request with only the
5779
+ realm_id set.
6034
5780
  :param str allowed_ip_addresses: (optional) Defines the IP addresses and subnets
6035
5781
  from which IAM tokens can be created for the account.
6036
- :param str mfa: (optional) Defines the MFA requirement for the user. Valid
6037
- values:
5782
+ :param str mfa: (optional) MFA trait definitions as follows:
6038
5783
  * NONE - No MFA trait set
6039
5784
  * NONE_NO_ROPC- No MFA, disable CLI logins with only a password
6040
5785
  * TOTP - For all non-federated IBMId users
@@ -6042,8 +5787,6 @@ class AccountSettingsAssignedTemplatesSection:
6042
5787
  * LEVEL1 - Email-based MFA for all users
6043
5788
  * LEVEL2 - TOTP-based MFA for all users
6044
5789
  * LEVEL3 - U2F MFA for all users.
6045
- :param List[EffectiveAccountSettingsUserMFA] user_mfa: (optional) List of users
6046
- that are exempted from the MFA requirement of the account.
6047
5790
  :param str session_expiration_in_seconds: (optional) Defines the session
6048
5791
  expiration in seconds for the account. Valid values:
6049
5792
  * Any whole number between between '900' and '86400'
@@ -6065,46 +5808,61 @@ class AccountSettingsAssignedTemplatesSection:
6065
5808
  refresh token expiration in seconds. Valid values:
6066
5809
  * Any whole number between '900' and '259200'
6067
5810
  * NOT_SET - To unset account setting and use service default.
5811
+ :param List[AccountSettingsUserMFAResponse] user_mfa: (optional) List of users
5812
+ that are exempted from the MFA requirement of the account.
6068
5813
  """
6069
5814
 
6070
5815
  def __init__(
6071
5816
  self,
5817
+ template_id: str,
5818
+ template_version: int,
5819
+ template_name: str,
6072
5820
  *,
6073
- template_id: Optional[str] = None,
6074
- template_version: Optional[int] = None,
6075
- template_name: Optional[str] = None,
6076
5821
  restrict_create_service_id: Optional[str] = None,
6077
5822
  restrict_create_platform_apikey: Optional[str] = None,
5823
+ restrict_user_list_visibility: Optional[str] = None,
5824
+ restrict_user_domains: Optional[List['AccountSettingsUserDomainRestriction']] = None,
6078
5825
  allowed_ip_addresses: Optional[str] = None,
6079
5826
  mfa: Optional[str] = None,
6080
- user_mfa: Optional[List['EffectiveAccountSettingsUserMFA']] = None,
6081
5827
  session_expiration_in_seconds: Optional[str] = None,
6082
5828
  session_invalidation_in_seconds: Optional[str] = None,
6083
5829
  max_sessions_per_identity: Optional[str] = None,
6084
5830
  system_access_token_expiration_in_seconds: Optional[str] = None,
6085
5831
  system_refresh_token_expiration_in_seconds: Optional[str] = None,
5832
+ user_mfa: Optional[List['AccountSettingsUserMFAResponse']] = None,
6086
5833
  ) -> None:
6087
5834
  """
6088
5835
  Initialize a AccountSettingsAssignedTemplatesSection object.
6089
5836
 
6090
- :param str template_id: (optional) Template Id.
6091
- :param int template_version: (optional) Template version.
6092
- :param str template_name: (optional) Template name.
5837
+ :param str template_id: Template Id.
5838
+ :param int template_version: Template version.
5839
+ :param str template_name: Template name.
6093
5840
  :param str restrict_create_service_id: (optional) Defines whether or not
6094
- creating a service ID is access controlled. Valid values:
5841
+ creating the resource is access controlled. Valid values:
6095
5842
  * RESTRICTED - only users assigned the 'Service ID creator' role on the
6096
5843
  IAM Identity Service can create service IDs, including the account owner
6097
5844
  * NOT_RESTRICTED - all members of an account can create service IDs
6098
5845
  * NOT_SET - to 'unset' a previous set value.
6099
5846
  :param str restrict_create_platform_apikey: (optional) Defines whether or
6100
- not creating platform API keys is access controlled. Valid values:
6101
- * RESTRICTED - to apply access control
6102
- * NOT_RESTRICTED - to remove access control
5847
+ not creating the resource is access controlled. Valid values:
5848
+ * RESTRICTED - only users assigned the 'Service ID creator' role on the
5849
+ IAM Identity Service can create service IDs, including the account owner
5850
+ * NOT_RESTRICTED - all members of an account can create service IDs
6103
5851
  * NOT_SET - to 'unset' a previous set value.
5852
+ :param str restrict_user_list_visibility: (optional) Defines whether or not
5853
+ user visibility is access controlled. Valid values:
5854
+ * RESTRICTED - users can view only specific types of users in the
5855
+ account, such as those the user has invited to the account, or descendants
5856
+ of those users based on the classic infrastructure hierarchy
5857
+ * NOT_RESTRICTED - any user in the account can view other users from the
5858
+ Users page in IBM Cloud console.
5859
+ :param List[AccountSettingsUserDomainRestriction] restrict_user_domains:
5860
+ (optional) Defines if account invitations are restricted to specified
5861
+ domains. To remove an entry for a realm_id, perform an update (PUT) request
5862
+ with only the realm_id set.
6104
5863
  :param str allowed_ip_addresses: (optional) Defines the IP addresses and
6105
5864
  subnets from which IAM tokens can be created for the account.
6106
- :param str mfa: (optional) Defines the MFA requirement for the user. Valid
6107
- values:
5865
+ :param str mfa: (optional) MFA trait definitions as follows:
6108
5866
  * NONE - No MFA trait set
6109
5867
  * NONE_NO_ROPC- No MFA, disable CLI logins with only a password
6110
5868
  * TOTP - For all non-federated IBMId users
@@ -6112,8 +5870,6 @@ class AccountSettingsAssignedTemplatesSection:
6112
5870
  * LEVEL1 - Email-based MFA for all users
6113
5871
  * LEVEL2 - TOTP-based MFA for all users
6114
5872
  * LEVEL3 - U2F MFA for all users.
6115
- :param List[EffectiveAccountSettingsUserMFA] user_mfa: (optional) List of
6116
- users that are exempted from the MFA requirement of the account.
6117
5873
  :param str session_expiration_in_seconds: (optional) Defines the session
6118
5874
  expiration in seconds for the account. Valid values:
6119
5875
  * Any whole number between between '900' and '86400'
@@ -6135,20 +5891,24 @@ class AccountSettingsAssignedTemplatesSection:
6135
5891
  the refresh token expiration in seconds. Valid values:
6136
5892
  * Any whole number between '900' and '259200'
6137
5893
  * NOT_SET - To unset account setting and use service default.
5894
+ :param List[AccountSettingsUserMFAResponse] user_mfa: (optional) List of
5895
+ users that are exempted from the MFA requirement of the account.
6138
5896
  """
6139
5897
  self.template_id = template_id
6140
5898
  self.template_version = template_version
6141
5899
  self.template_name = template_name
6142
5900
  self.restrict_create_service_id = restrict_create_service_id
6143
5901
  self.restrict_create_platform_apikey = restrict_create_platform_apikey
5902
+ self.restrict_user_list_visibility = restrict_user_list_visibility
5903
+ self.restrict_user_domains = restrict_user_domains
6144
5904
  self.allowed_ip_addresses = allowed_ip_addresses
6145
5905
  self.mfa = mfa
6146
- self.user_mfa = user_mfa
6147
5906
  self.session_expiration_in_seconds = session_expiration_in_seconds
6148
5907
  self.session_invalidation_in_seconds = session_invalidation_in_seconds
6149
5908
  self.max_sessions_per_identity = max_sessions_per_identity
6150
5909
  self.system_access_token_expiration_in_seconds = system_access_token_expiration_in_seconds
6151
5910
  self.system_refresh_token_expiration_in_seconds = system_refresh_token_expiration_in_seconds
5911
+ self.user_mfa = user_mfa
6152
5912
 
6153
5913
  @classmethod
6154
5914
  def from_dict(cls, _dict: Dict) -> 'AccountSettingsAssignedTemplatesSection':
@@ -6156,20 +5916,36 @@ class AccountSettingsAssignedTemplatesSection:
6156
5916
  args = {}
6157
5917
  if (template_id := _dict.get('template_id')) is not None:
6158
5918
  args['template_id'] = template_id
5919
+ else:
5920
+ raise ValueError(
5921
+ 'Required property \'template_id\' not present in AccountSettingsAssignedTemplatesSection JSON'
5922
+ )
6159
5923
  if (template_version := _dict.get('template_version')) is not None:
6160
5924
  args['template_version'] = template_version
5925
+ else:
5926
+ raise ValueError(
5927
+ 'Required property \'template_version\' not present in AccountSettingsAssignedTemplatesSection JSON'
5928
+ )
6161
5929
  if (template_name := _dict.get('template_name')) is not None:
6162
5930
  args['template_name'] = template_name
5931
+ else:
5932
+ raise ValueError(
5933
+ 'Required property \'template_name\' not present in AccountSettingsAssignedTemplatesSection JSON'
5934
+ )
6163
5935
  if (restrict_create_service_id := _dict.get('restrict_create_service_id')) is not None:
6164
5936
  args['restrict_create_service_id'] = restrict_create_service_id
6165
5937
  if (restrict_create_platform_apikey := _dict.get('restrict_create_platform_apikey')) is not None:
6166
5938
  args['restrict_create_platform_apikey'] = restrict_create_platform_apikey
5939
+ if (restrict_user_list_visibility := _dict.get('restrict_user_list_visibility')) is not None:
5940
+ args['restrict_user_list_visibility'] = restrict_user_list_visibility
5941
+ if (restrict_user_domains := _dict.get('restrict_user_domains')) is not None:
5942
+ args['restrict_user_domains'] = [
5943
+ AccountSettingsUserDomainRestriction.from_dict(v) for v in restrict_user_domains
5944
+ ]
6167
5945
  if (allowed_ip_addresses := _dict.get('allowed_ip_addresses')) is not None:
6168
5946
  args['allowed_ip_addresses'] = allowed_ip_addresses
6169
5947
  if (mfa := _dict.get('mfa')) is not None:
6170
5948
  args['mfa'] = mfa
6171
- if (user_mfa := _dict.get('user_mfa')) is not None:
6172
- args['user_mfa'] = [EffectiveAccountSettingsUserMFA.from_dict(v) for v in user_mfa]
6173
5949
  if (session_expiration_in_seconds := _dict.get('session_expiration_in_seconds')) is not None:
6174
5950
  args['session_expiration_in_seconds'] = session_expiration_in_seconds
6175
5951
  if (session_invalidation_in_seconds := _dict.get('session_invalidation_in_seconds')) is not None:
@@ -6184,6 +5960,8 @@ class AccountSettingsAssignedTemplatesSection:
6184
5960
  system_refresh_token_expiration_in_seconds := _dict.get('system_refresh_token_expiration_in_seconds')
6185
5961
  ) is not None:
6186
5962
  args['system_refresh_token_expiration_in_seconds'] = system_refresh_token_expiration_in_seconds
5963
+ if (user_mfa := _dict.get('user_mfa')) is not None:
5964
+ args['user_mfa'] = [AccountSettingsUserMFAResponse.from_dict(v) for v in user_mfa]
6187
5965
  return cls(**args)
6188
5966
 
6189
5967
  @classmethod
@@ -6204,18 +5982,20 @@ class AccountSettingsAssignedTemplatesSection:
6204
5982
  _dict['restrict_create_service_id'] = self.restrict_create_service_id
6205
5983
  if hasattr(self, 'restrict_create_platform_apikey') and self.restrict_create_platform_apikey is not None:
6206
5984
  _dict['restrict_create_platform_apikey'] = self.restrict_create_platform_apikey
5985
+ if hasattr(self, 'restrict_user_list_visibility') and self.restrict_user_list_visibility is not None:
5986
+ _dict['restrict_user_list_visibility'] = self.restrict_user_list_visibility
5987
+ if hasattr(self, 'restrict_user_domains') and self.restrict_user_domains is not None:
5988
+ restrict_user_domains_list = []
5989
+ for v in self.restrict_user_domains:
5990
+ if isinstance(v, dict):
5991
+ restrict_user_domains_list.append(v)
5992
+ else:
5993
+ restrict_user_domains_list.append(v.to_dict())
5994
+ _dict['restrict_user_domains'] = restrict_user_domains_list
6207
5995
  if hasattr(self, 'allowed_ip_addresses') and self.allowed_ip_addresses is not None:
6208
5996
  _dict['allowed_ip_addresses'] = self.allowed_ip_addresses
6209
5997
  if hasattr(self, 'mfa') and self.mfa is not None:
6210
5998
  _dict['mfa'] = self.mfa
6211
- if hasattr(self, 'user_mfa') and self.user_mfa is not None:
6212
- user_mfa_list = []
6213
- for v in self.user_mfa:
6214
- if isinstance(v, dict):
6215
- user_mfa_list.append(v)
6216
- else:
6217
- user_mfa_list.append(v.to_dict())
6218
- _dict['user_mfa'] = user_mfa_list
6219
5999
  if hasattr(self, 'session_expiration_in_seconds') and self.session_expiration_in_seconds is not None:
6220
6000
  _dict['session_expiration_in_seconds'] = self.session_expiration_in_seconds
6221
6001
  if hasattr(self, 'session_invalidation_in_seconds') and self.session_invalidation_in_seconds is not None:
@@ -6232,6 +6012,14 @@ class AccountSettingsAssignedTemplatesSection:
6232
6012
  and self.system_refresh_token_expiration_in_seconds is not None
6233
6013
  ):
6234
6014
  _dict['system_refresh_token_expiration_in_seconds'] = self.system_refresh_token_expiration_in_seconds
6015
+ if hasattr(self, 'user_mfa') and self.user_mfa is not None:
6016
+ user_mfa_list = []
6017
+ for v in self.user_mfa:
6018
+ if isinstance(v, dict):
6019
+ user_mfa_list.append(v)
6020
+ else:
6021
+ user_mfa_list.append(v.to_dict())
6022
+ _dict['user_mfa'] = user_mfa_list
6235
6023
  return _dict
6236
6024
 
6237
6025
  def _to_dict(self):
@@ -6254,7 +6042,7 @@ class AccountSettingsAssignedTemplatesSection:
6254
6042
 
6255
6043
  class RestrictCreateServiceIdEnum(str, Enum):
6256
6044
  """
6257
- Defines whether or not creating a service ID is access controlled. Valid values:
6045
+ Defines whether or not creating the resource is access controlled. Valid values:
6258
6046
  * RESTRICTED - only users assigned the 'Service ID creator' role on the IAM
6259
6047
  Identity Service can create service IDs, including the account owner
6260
6048
  * NOT_RESTRICTED - all members of an account can create service IDs
@@ -6267,10 +6055,10 @@ class AccountSettingsAssignedTemplatesSection:
6267
6055
 
6268
6056
  class RestrictCreatePlatformApikeyEnum(str, Enum):
6269
6057
  """
6270
- Defines whether or not creating platform API keys is access controlled. Valid
6271
- values:
6272
- * RESTRICTED - to apply access control
6273
- * NOT_RESTRICTED - to remove access control
6058
+ Defines whether or not creating the resource is access controlled. Valid values:
6059
+ * RESTRICTED - only users assigned the 'Service ID creator' role on the IAM
6060
+ Identity Service can create service IDs, including the account owner
6061
+ * NOT_RESTRICTED - all members of an account can create service IDs
6274
6062
  * NOT_SET - to 'unset' a previous set value.
6275
6063
  """
6276
6064
 
@@ -6278,9 +6066,22 @@ class AccountSettingsAssignedTemplatesSection:
6278
6066
  NOT_RESTRICTED = 'NOT_RESTRICTED'
6279
6067
  NOT_SET = 'NOT_SET'
6280
6068
 
6069
+ class RestrictUserListVisibilityEnum(str, Enum):
6070
+ """
6071
+ Defines whether or not user visibility is access controlled. Valid values:
6072
+ * RESTRICTED - users can view only specific types of users in the account, such
6073
+ as those the user has invited to the account, or descendants of those users based
6074
+ on the classic infrastructure hierarchy
6075
+ * NOT_RESTRICTED - any user in the account can view other users from the Users
6076
+ page in IBM Cloud console.
6077
+ """
6078
+
6079
+ NOT_RESTRICTED = 'NOT_RESTRICTED'
6080
+ RESTRICTED = 'RESTRICTED'
6081
+
6281
6082
  class MfaEnum(str, Enum):
6282
6083
  """
6283
- Defines the MFA requirement for the user. Valid values:
6084
+ MFA trait definitions as follows:
6284
6085
  * NONE - No MFA trait set
6285
6086
  * NONE_NO_ROPC- No MFA, disable CLI logins with only a password
6286
6087
  * TOTP - For all non-federated IBMId users
@@ -6304,19 +6105,20 @@ class AccountSettingsComponent:
6304
6105
  AccountSettingsComponent.
6305
6106
 
6306
6107
  :param str restrict_create_service_id: (optional) Defines whether or not
6307
- creating a service ID is access controlled. Valid values:
6108
+ creating the resource is access controlled. Valid values:
6308
6109
  * RESTRICTED - only users assigned the 'Service ID creator' role on the IAM
6309
6110
  Identity Service can create service IDs, including the account owner
6310
6111
  * NOT_RESTRICTED - all members of an account can create service IDs
6311
6112
  * NOT_SET - to 'unset' a previous set value.
6312
6113
  :param str restrict_create_platform_apikey: (optional) Defines whether or not
6313
- creating platform API keys is access controlled. Valid values:
6314
- * RESTRICTED - to apply access control
6315
- * NOT_RESTRICTED - to remove access control
6114
+ creating the resource is access controlled. Valid values:
6115
+ * RESTRICTED - only users assigned the 'Service ID creator' role on the IAM
6116
+ Identity Service can create service IDs, including the account owner
6117
+ * NOT_RESTRICTED - all members of an account can create service IDs
6316
6118
  * NOT_SET - to 'unset' a previous set value.
6317
6119
  :param str allowed_ip_addresses: (optional) Defines the IP addresses and subnets
6318
6120
  from which IAM tokens can be created for the account.
6319
- :param str mfa: (optional) Defines the MFA trait for the account. Valid values:
6121
+ :param str mfa: (optional) MFA trait definitions as follows:
6320
6122
  * NONE - No MFA trait set
6321
6123
  * NONE_NO_ROPC- No MFA, disable CLI logins with only a password
6322
6124
  * TOTP - For all non-federated IBMId users
@@ -6324,8 +6126,8 @@ class AccountSettingsComponent:
6324
6126
  * LEVEL1 - Email-based MFA for all users
6325
6127
  * LEVEL2 - TOTP-based MFA for all users
6326
6128
  * LEVEL3 - U2F MFA for all users.
6327
- :param List[AccountSettingsUserMFA] user_mfa: (optional) List of users that are
6328
- exempted from the MFA requirement of the account.
6129
+ :param List[UserMfa] user_mfa: (optional) List of users that are exempted from
6130
+ the MFA requirement of the account.
6329
6131
  :param str session_expiration_in_seconds: (optional) Defines the session
6330
6132
  expiration in seconds for the account. Valid values:
6331
6133
  * Any whole number between between '900' and '86400'
@@ -6356,7 +6158,7 @@ class AccountSettingsComponent:
6356
6158
  restrict_create_platform_apikey: Optional[str] = None,
6357
6159
  allowed_ip_addresses: Optional[str] = None,
6358
6160
  mfa: Optional[str] = None,
6359
- user_mfa: Optional[List['AccountSettingsUserMFA']] = None,
6161
+ user_mfa: Optional[List['UserMfa']] = None,
6360
6162
  session_expiration_in_seconds: Optional[str] = None,
6361
6163
  session_invalidation_in_seconds: Optional[str] = None,
6362
6164
  max_sessions_per_identity: Optional[str] = None,
@@ -6367,20 +6169,20 @@ class AccountSettingsComponent:
6367
6169
  Initialize a AccountSettingsComponent object.
6368
6170
 
6369
6171
  :param str restrict_create_service_id: (optional) Defines whether or not
6370
- creating a service ID is access controlled. Valid values:
6172
+ creating the resource is access controlled. Valid values:
6371
6173
  * RESTRICTED - only users assigned the 'Service ID creator' role on the
6372
6174
  IAM Identity Service can create service IDs, including the account owner
6373
6175
  * NOT_RESTRICTED - all members of an account can create service IDs
6374
6176
  * NOT_SET - to 'unset' a previous set value.
6375
6177
  :param str restrict_create_platform_apikey: (optional) Defines whether or
6376
- not creating platform API keys is access controlled. Valid values:
6377
- * RESTRICTED - to apply access control
6378
- * NOT_RESTRICTED - to remove access control
6178
+ not creating the resource is access controlled. Valid values:
6179
+ * RESTRICTED - only users assigned the 'Service ID creator' role on the
6180
+ IAM Identity Service can create service IDs, including the account owner
6181
+ * NOT_RESTRICTED - all members of an account can create service IDs
6379
6182
  * NOT_SET - to 'unset' a previous set value.
6380
6183
  :param str allowed_ip_addresses: (optional) Defines the IP addresses and
6381
6184
  subnets from which IAM tokens can be created for the account.
6382
- :param str mfa: (optional) Defines the MFA trait for the account. Valid
6383
- values:
6185
+ :param str mfa: (optional) MFA trait definitions as follows:
6384
6186
  * NONE - No MFA trait set
6385
6187
  * NONE_NO_ROPC- No MFA, disable CLI logins with only a password
6386
6188
  * TOTP - For all non-federated IBMId users
@@ -6388,8 +6190,8 @@ class AccountSettingsComponent:
6388
6190
  * LEVEL1 - Email-based MFA for all users
6389
6191
  * LEVEL2 - TOTP-based MFA for all users
6390
6192
  * LEVEL3 - U2F MFA for all users.
6391
- :param List[AccountSettingsUserMFA] user_mfa: (optional) List of users that
6392
- are exempted from the MFA requirement of the account.
6193
+ :param List[UserMfa] user_mfa: (optional) List of users that are exempted
6194
+ from the MFA requirement of the account.
6393
6195
  :param str session_expiration_in_seconds: (optional) Defines the session
6394
6196
  expiration in seconds for the account. Valid values:
6395
6197
  * Any whole number between between '900' and '86400'
@@ -6436,7 +6238,7 @@ class AccountSettingsComponent:
6436
6238
  if (mfa := _dict.get('mfa')) is not None:
6437
6239
  args['mfa'] = mfa
6438
6240
  if (user_mfa := _dict.get('user_mfa')) is not None:
6439
- args['user_mfa'] = [AccountSettingsUserMFA.from_dict(v) for v in user_mfa]
6241
+ args['user_mfa'] = [UserMfa.from_dict(v) for v in user_mfa]
6440
6242
  if (session_expiration_in_seconds := _dict.get('session_expiration_in_seconds')) is not None:
6441
6243
  args['session_expiration_in_seconds'] = session_expiration_in_seconds
6442
6244
  if (session_invalidation_in_seconds := _dict.get('session_invalidation_in_seconds')) is not None:
@@ -6515,7 +6317,7 @@ class AccountSettingsComponent:
6515
6317
 
6516
6318
  class RestrictCreateServiceIdEnum(str, Enum):
6517
6319
  """
6518
- Defines whether or not creating a service ID is access controlled. Valid values:
6320
+ Defines whether or not creating the resource is access controlled. Valid values:
6519
6321
  * RESTRICTED - only users assigned the 'Service ID creator' role on the IAM
6520
6322
  Identity Service can create service IDs, including the account owner
6521
6323
  * NOT_RESTRICTED - all members of an account can create service IDs
@@ -6528,10 +6330,10 @@ class AccountSettingsComponent:
6528
6330
 
6529
6331
  class RestrictCreatePlatformApikeyEnum(str, Enum):
6530
6332
  """
6531
- Defines whether or not creating platform API keys is access controlled. Valid
6532
- values:
6533
- * RESTRICTED - to apply access control
6534
- * NOT_RESTRICTED - to remove access control
6333
+ Defines whether or not creating the resource is access controlled. Valid values:
6334
+ * RESTRICTED - only users assigned the 'Service ID creator' role on the IAM
6335
+ Identity Service can create service IDs, including the account owner
6336
+ * NOT_RESTRICTED - all members of an account can create service IDs
6535
6337
  * NOT_SET - to 'unset' a previous set value.
6536
6338
  """
6537
6339
 
@@ -6541,7 +6343,7 @@ class AccountSettingsComponent:
6541
6343
 
6542
6344
  class MfaEnum(str, Enum):
6543
6345
  """
6544
- Defines the MFA trait for the account. Valid values:
6346
+ MFA trait definitions as follows:
6545
6347
  * NONE - No MFA trait set
6546
6348
  * NONE_NO_ROPC- No MFA, disable CLI logins with only a password
6547
6349
  * TOTP - For all non-federated IBMId users
@@ -6565,20 +6367,27 @@ class AccountSettingsEffectiveSection:
6565
6367
  AccountSettingsEffectiveSection.
6566
6368
 
6567
6369
  :param str restrict_create_service_id: (optional) Defines whether or not
6568
- creating a service ID is access controlled. Valid values:
6370
+ creating the resource is access controlled. Valid values:
6569
6371
  * RESTRICTED - only users assigned the 'Service ID creator' role on the IAM
6570
6372
  Identity Service can create service IDs, including the account owner
6571
6373
  * NOT_RESTRICTED - all members of an account can create service IDs
6572
6374
  * NOT_SET - to 'unset' a previous set value.
6573
6375
  :param str restrict_create_platform_apikey: (optional) Defines whether or not
6574
- creating platform API keys is access controlled. Valid values:
6575
- * RESTRICTED - to apply access control
6576
- * NOT_RESTRICTED - to remove access control
6376
+ creating the resource is access controlled. Valid values:
6377
+ * RESTRICTED - only users assigned the 'Service ID creator' role on the IAM
6378
+ Identity Service can create service IDs, including the account owner
6379
+ * NOT_RESTRICTED - all members of an account can create service IDs
6577
6380
  * NOT_SET - to 'unset' a previous set value.
6381
+ :param str restrict_user_list_visibility: (optional) Defines whether or not user
6382
+ visibility is access controlled. Valid values:
6383
+ * RESTRICTED - users can view only specific types of users in the account,
6384
+ such as those the user has invited to the account, or descendants of those users
6385
+ based on the classic infrastructure hierarchy
6386
+ * NOT_RESTRICTED - any user in the account can view other users from the Users
6387
+ page in IBM Cloud console.
6578
6388
  :param str allowed_ip_addresses: (optional) Defines the IP addresses and subnets
6579
6389
  from which IAM tokens can be created for the account.
6580
- :param str mfa: (optional) Defines the MFA requirement for the user. Valid
6581
- values:
6390
+ :param str mfa: (optional) MFA trait definitions as follows:
6582
6391
  * NONE - No MFA trait set
6583
6392
  * NONE_NO_ROPC- No MFA, disable CLI logins with only a password
6584
6393
  * TOTP - For all non-federated IBMId users
@@ -6586,7 +6395,7 @@ class AccountSettingsEffectiveSection:
6586
6395
  * LEVEL1 - Email-based MFA for all users
6587
6396
  * LEVEL2 - TOTP-based MFA for all users
6588
6397
  * LEVEL3 - U2F MFA for all users.
6589
- :param List[EffectiveAccountSettingsUserMFA] user_mfa: (optional) List of users
6398
+ :param List[AccountSettingsUserMFAResponse] user_mfa: (optional) List of users
6590
6399
  that are exempted from the MFA requirement of the account.
6591
6400
  :param str session_expiration_in_seconds: (optional) Defines the session
6592
6401
  expiration in seconds for the account. Valid values:
@@ -6616,9 +6425,10 @@ class AccountSettingsEffectiveSection:
6616
6425
  *,
6617
6426
  restrict_create_service_id: Optional[str] = None,
6618
6427
  restrict_create_platform_apikey: Optional[str] = None,
6428
+ restrict_user_list_visibility: Optional[str] = None,
6619
6429
  allowed_ip_addresses: Optional[str] = None,
6620
6430
  mfa: Optional[str] = None,
6621
- user_mfa: Optional[List['EffectiveAccountSettingsUserMFA']] = None,
6431
+ user_mfa: Optional[List['AccountSettingsUserMFAResponse']] = None,
6622
6432
  session_expiration_in_seconds: Optional[str] = None,
6623
6433
  session_invalidation_in_seconds: Optional[str] = None,
6624
6434
  max_sessions_per_identity: Optional[str] = None,
@@ -6629,20 +6439,27 @@ class AccountSettingsEffectiveSection:
6629
6439
  Initialize a AccountSettingsEffectiveSection object.
6630
6440
 
6631
6441
  :param str restrict_create_service_id: (optional) Defines whether or not
6632
- creating a service ID is access controlled. Valid values:
6442
+ creating the resource is access controlled. Valid values:
6633
6443
  * RESTRICTED - only users assigned the 'Service ID creator' role on the
6634
6444
  IAM Identity Service can create service IDs, including the account owner
6635
6445
  * NOT_RESTRICTED - all members of an account can create service IDs
6636
6446
  * NOT_SET - to 'unset' a previous set value.
6637
6447
  :param str restrict_create_platform_apikey: (optional) Defines whether or
6638
- not creating platform API keys is access controlled. Valid values:
6639
- * RESTRICTED - to apply access control
6640
- * NOT_RESTRICTED - to remove access control
6448
+ not creating the resource is access controlled. Valid values:
6449
+ * RESTRICTED - only users assigned the 'Service ID creator' role on the
6450
+ IAM Identity Service can create service IDs, including the account owner
6451
+ * NOT_RESTRICTED - all members of an account can create service IDs
6641
6452
  * NOT_SET - to 'unset' a previous set value.
6453
+ :param str restrict_user_list_visibility: (optional) Defines whether or not
6454
+ user visibility is access controlled. Valid values:
6455
+ * RESTRICTED - users can view only specific types of users in the
6456
+ account, such as those the user has invited to the account, or descendants
6457
+ of those users based on the classic infrastructure hierarchy
6458
+ * NOT_RESTRICTED - any user in the account can view other users from the
6459
+ Users page in IBM Cloud console.
6642
6460
  :param str allowed_ip_addresses: (optional) Defines the IP addresses and
6643
6461
  subnets from which IAM tokens can be created for the account.
6644
- :param str mfa: (optional) Defines the MFA requirement for the user. Valid
6645
- values:
6462
+ :param str mfa: (optional) MFA trait definitions as follows:
6646
6463
  * NONE - No MFA trait set
6647
6464
  * NONE_NO_ROPC- No MFA, disable CLI logins with only a password
6648
6465
  * TOTP - For all non-federated IBMId users
@@ -6650,7 +6467,7 @@ class AccountSettingsEffectiveSection:
6650
6467
  * LEVEL1 - Email-based MFA for all users
6651
6468
  * LEVEL2 - TOTP-based MFA for all users
6652
6469
  * LEVEL3 - U2F MFA for all users.
6653
- :param List[EffectiveAccountSettingsUserMFA] user_mfa: (optional) List of
6470
+ :param List[AccountSettingsUserMFAResponse] user_mfa: (optional) List of
6654
6471
  users that are exempted from the MFA requirement of the account.
6655
6472
  :param str session_expiration_in_seconds: (optional) Defines the session
6656
6473
  expiration in seconds for the account. Valid values:
@@ -6676,6 +6493,7 @@ class AccountSettingsEffectiveSection:
6676
6493
  """
6677
6494
  self.restrict_create_service_id = restrict_create_service_id
6678
6495
  self.restrict_create_platform_apikey = restrict_create_platform_apikey
6496
+ self.restrict_user_list_visibility = restrict_user_list_visibility
6679
6497
  self.allowed_ip_addresses = allowed_ip_addresses
6680
6498
  self.mfa = mfa
6681
6499
  self.user_mfa = user_mfa
@@ -6693,12 +6511,14 @@ class AccountSettingsEffectiveSection:
6693
6511
  args['restrict_create_service_id'] = restrict_create_service_id
6694
6512
  if (restrict_create_platform_apikey := _dict.get('restrict_create_platform_apikey')) is not None:
6695
6513
  args['restrict_create_platform_apikey'] = restrict_create_platform_apikey
6514
+ if (restrict_user_list_visibility := _dict.get('restrict_user_list_visibility')) is not None:
6515
+ args['restrict_user_list_visibility'] = restrict_user_list_visibility
6696
6516
  if (allowed_ip_addresses := _dict.get('allowed_ip_addresses')) is not None:
6697
6517
  args['allowed_ip_addresses'] = allowed_ip_addresses
6698
6518
  if (mfa := _dict.get('mfa')) is not None:
6699
6519
  args['mfa'] = mfa
6700
6520
  if (user_mfa := _dict.get('user_mfa')) is not None:
6701
- args['user_mfa'] = [EffectiveAccountSettingsUserMFA.from_dict(v) for v in user_mfa]
6521
+ args['user_mfa'] = [AccountSettingsUserMFAResponse.from_dict(v) for v in user_mfa]
6702
6522
  if (session_expiration_in_seconds := _dict.get('session_expiration_in_seconds')) is not None:
6703
6523
  args['session_expiration_in_seconds'] = session_expiration_in_seconds
6704
6524
  if (session_invalidation_in_seconds := _dict.get('session_invalidation_in_seconds')) is not None:
@@ -6727,6 +6547,8 @@ class AccountSettingsEffectiveSection:
6727
6547
  _dict['restrict_create_service_id'] = self.restrict_create_service_id
6728
6548
  if hasattr(self, 'restrict_create_platform_apikey') and self.restrict_create_platform_apikey is not None:
6729
6549
  _dict['restrict_create_platform_apikey'] = self.restrict_create_platform_apikey
6550
+ if hasattr(self, 'restrict_user_list_visibility') and self.restrict_user_list_visibility is not None:
6551
+ _dict['restrict_user_list_visibility'] = self.restrict_user_list_visibility
6730
6552
  if hasattr(self, 'allowed_ip_addresses') and self.allowed_ip_addresses is not None:
6731
6553
  _dict['allowed_ip_addresses'] = self.allowed_ip_addresses
6732
6554
  if hasattr(self, 'mfa') and self.mfa is not None:
@@ -6777,7 +6599,7 @@ class AccountSettingsEffectiveSection:
6777
6599
 
6778
6600
  class RestrictCreateServiceIdEnum(str, Enum):
6779
6601
  """
6780
- Defines whether or not creating a service ID is access controlled. Valid values:
6602
+ Defines whether or not creating the resource is access controlled. Valid values:
6781
6603
  * RESTRICTED - only users assigned the 'Service ID creator' role on the IAM
6782
6604
  Identity Service can create service IDs, including the account owner
6783
6605
  * NOT_RESTRICTED - all members of an account can create service IDs
@@ -6790,10 +6612,10 @@ class AccountSettingsEffectiveSection:
6790
6612
 
6791
6613
  class RestrictCreatePlatformApikeyEnum(str, Enum):
6792
6614
  """
6793
- Defines whether or not creating platform API keys is access controlled. Valid
6794
- values:
6795
- * RESTRICTED - to apply access control
6796
- * NOT_RESTRICTED - to remove access control
6615
+ Defines whether or not creating the resource is access controlled. Valid values:
6616
+ * RESTRICTED - only users assigned the 'Service ID creator' role on the IAM
6617
+ Identity Service can create service IDs, including the account owner
6618
+ * NOT_RESTRICTED - all members of an account can create service IDs
6797
6619
  * NOT_SET - to 'unset' a previous set value.
6798
6620
  """
6799
6621
 
@@ -6801,9 +6623,22 @@ class AccountSettingsEffectiveSection:
6801
6623
  NOT_RESTRICTED = 'NOT_RESTRICTED'
6802
6624
  NOT_SET = 'NOT_SET'
6803
6625
 
6626
+ class RestrictUserListVisibilityEnum(str, Enum):
6627
+ """
6628
+ Defines whether or not user visibility is access controlled. Valid values:
6629
+ * RESTRICTED - users can view only specific types of users in the account, such
6630
+ as those the user has invited to the account, or descendants of those users based
6631
+ on the classic infrastructure hierarchy
6632
+ * NOT_RESTRICTED - any user in the account can view other users from the Users
6633
+ page in IBM Cloud console.
6634
+ """
6635
+
6636
+ NOT_RESTRICTED = 'NOT_RESTRICTED'
6637
+ RESTRICTED = 'RESTRICTED'
6638
+
6804
6639
  class MfaEnum(str, Enum):
6805
6640
  """
6806
- Defines the MFA requirement for the user. Valid values:
6641
+ MFA trait definitions as follows:
6807
6642
  * NONE - No MFA trait set
6808
6643
  * NONE_NO_ROPC- No MFA, disable CLI logins with only a password
6809
6644
  * TOTP - For all non-federated IBMId users
@@ -6824,26 +6659,39 @@ class AccountSettingsEffectiveSection:
6824
6659
 
6825
6660
  class AccountSettingsResponse:
6826
6661
  """
6827
- Response body format for Account Settings REST requests.
6662
+ Input body parameters for the Account Settings REST request.
6828
6663
 
6829
6664
  :param ResponseContext context: (optional) Context with key properties for
6830
6665
  problem determination.
6831
6666
  :param str account_id: Unique ID of the account.
6832
- :param str restrict_create_service_id: Defines whether or not creating a service
6833
- ID is access controlled. Valid values:
6667
+ :param str entity_tag: Version of the account settings.
6668
+ :param List[EnityHistoryRecord] history: (optional) History of the Account
6669
+ Settings.
6670
+ :param str restrict_create_service_id: Defines whether or not creating the
6671
+ resource is access controlled. Valid values:
6834
6672
  * RESTRICTED - only users assigned the 'Service ID creator' role on the IAM
6835
6673
  Identity Service can create service IDs, including the account owner
6836
6674
  * NOT_RESTRICTED - all members of an account can create service IDs
6837
6675
  * NOT_SET - to 'unset' a previous set value.
6838
- :param str restrict_create_platform_apikey: Defines whether or not creating
6839
- platform API keys is access controlled. Valid values:
6840
- * RESTRICTED - to apply access control
6841
- * NOT_RESTRICTED - to remove access control
6676
+ :param str restrict_create_platform_apikey: Defines whether or not creating the
6677
+ resource is access controlled. Valid values:
6678
+ * RESTRICTED - only users assigned the 'Service ID creator' role on the IAM
6679
+ Identity Service can create service IDs, including the account owner
6680
+ * NOT_RESTRICTED - all members of an account can create service IDs
6842
6681
  * NOT_SET - to 'unset' a previous set value.
6682
+ :param str restrict_user_list_visibility: Defines whether or not user visibility
6683
+ is access controlled. Valid values:
6684
+ * RESTRICTED - users can view only specific types of users in the account,
6685
+ such as those the user has invited to the account, or descendants of those users
6686
+ based on the classic infrastructure hierarchy
6687
+ * NOT_RESTRICTED - any user in the account can view other users from the Users
6688
+ page in IBM Cloud console.
6689
+ :param List[AccountSettingsUserDomainRestriction] restrict_user_domains: Defines
6690
+ if account invitations are restricted to specified domains. To remove an entry
6691
+ for a realm_id, perform an update (PUT) request with only the realm_id set.
6843
6692
  :param str allowed_ip_addresses: Defines the IP addresses and subnets from which
6844
6693
  IAM tokens can be created for the account.
6845
- :param str entity_tag: Version of the account settings.
6846
- :param str mfa: Defines the MFA trait for the account. Valid values:
6694
+ :param str mfa: MFA trait definitions as follows:
6847
6695
  * NONE - No MFA trait set
6848
6696
  * NONE_NO_ROPC- No MFA, disable CLI logins with only a password
6849
6697
  * TOTP - For all non-federated IBMId users
@@ -6851,10 +6699,6 @@ class AccountSettingsResponse:
6851
6699
  * LEVEL1 - Email-based MFA for all users
6852
6700
  * LEVEL2 - TOTP-based MFA for all users
6853
6701
  * LEVEL3 - U2F MFA for all users.
6854
- :param List[AccountSettingsUserMFA] user_mfa: List of users that are exempted
6855
- from the MFA requirement of the account.
6856
- :param List[EnityHistoryRecord] history: (optional) History of the Account
6857
- Settings.
6858
6702
  :param str session_expiration_in_seconds: Defines the session expiration in
6859
6703
  seconds for the account. Valid values:
6860
6704
  * Any whole number between between '900' and '86400'
@@ -6875,22 +6719,26 @@ class AccountSettingsResponse:
6875
6719
  expiration in seconds. Valid values:
6876
6720
  * Any whole number between '900' and '259200'
6877
6721
  * NOT_SET - To unset account setting and use service default.
6722
+ :param List[AccountSettingsUserMFAResponse] user_mfa: List of users that are
6723
+ exempted from the MFA requirement of the account.
6878
6724
  """
6879
6725
 
6880
6726
  def __init__(
6881
6727
  self,
6882
6728
  account_id: str,
6729
+ entity_tag: str,
6883
6730
  restrict_create_service_id: str,
6884
6731
  restrict_create_platform_apikey: str,
6732
+ restrict_user_list_visibility: str,
6733
+ restrict_user_domains: List['AccountSettingsUserDomainRestriction'],
6885
6734
  allowed_ip_addresses: str,
6886
- entity_tag: str,
6887
6735
  mfa: str,
6888
- user_mfa: List['AccountSettingsUserMFA'],
6889
6736
  session_expiration_in_seconds: str,
6890
6737
  session_invalidation_in_seconds: str,
6891
6738
  max_sessions_per_identity: str,
6892
6739
  system_access_token_expiration_in_seconds: str,
6893
6740
  system_refresh_token_expiration_in_seconds: str,
6741
+ user_mfa: List['AccountSettingsUserMFAResponse'],
6894
6742
  *,
6895
6743
  context: Optional['ResponseContext'] = None,
6896
6744
  history: Optional[List['EnityHistoryRecord']] = None,
@@ -6899,21 +6747,33 @@ class AccountSettingsResponse:
6899
6747
  Initialize a AccountSettingsResponse object.
6900
6748
 
6901
6749
  :param str account_id: Unique ID of the account.
6902
- :param str restrict_create_service_id: Defines whether or not creating a
6903
- service ID is access controlled. Valid values:
6750
+ :param str entity_tag: Version of the account settings.
6751
+ :param str restrict_create_service_id: Defines whether or not creating the
6752
+ resource is access controlled. Valid values:
6904
6753
  * RESTRICTED - only users assigned the 'Service ID creator' role on the
6905
6754
  IAM Identity Service can create service IDs, including the account owner
6906
6755
  * NOT_RESTRICTED - all members of an account can create service IDs
6907
6756
  * NOT_SET - to 'unset' a previous set value.
6908
6757
  :param str restrict_create_platform_apikey: Defines whether or not creating
6909
- platform API keys is access controlled. Valid values:
6910
- * RESTRICTED - to apply access control
6911
- * NOT_RESTRICTED - to remove access control
6758
+ the resource is access controlled. Valid values:
6759
+ * RESTRICTED - only users assigned the 'Service ID creator' role on the
6760
+ IAM Identity Service can create service IDs, including the account owner
6761
+ * NOT_RESTRICTED - all members of an account can create service IDs
6912
6762
  * NOT_SET - to 'unset' a previous set value.
6763
+ :param str restrict_user_list_visibility: Defines whether or not user
6764
+ visibility is access controlled. Valid values:
6765
+ * RESTRICTED - users can view only specific types of users in the
6766
+ account, such as those the user has invited to the account, or descendants
6767
+ of those users based on the classic infrastructure hierarchy
6768
+ * NOT_RESTRICTED - any user in the account can view other users from the
6769
+ Users page in IBM Cloud console.
6770
+ :param List[AccountSettingsUserDomainRestriction] restrict_user_domains:
6771
+ Defines if account invitations are restricted to specified domains. To
6772
+ remove an entry for a realm_id, perform an update (PUT) request with only
6773
+ the realm_id set.
6913
6774
  :param str allowed_ip_addresses: Defines the IP addresses and subnets from
6914
6775
  which IAM tokens can be created for the account.
6915
- :param str entity_tag: Version of the account settings.
6916
- :param str mfa: Defines the MFA trait for the account. Valid values:
6776
+ :param str mfa: MFA trait definitions as follows:
6917
6777
  * NONE - No MFA trait set
6918
6778
  * NONE_NO_ROPC- No MFA, disable CLI logins with only a password
6919
6779
  * TOTP - For all non-federated IBMId users
@@ -6921,8 +6781,6 @@ class AccountSettingsResponse:
6921
6781
  * LEVEL1 - Email-based MFA for all users
6922
6782
  * LEVEL2 - TOTP-based MFA for all users
6923
6783
  * LEVEL3 - U2F MFA for all users.
6924
- :param List[AccountSettingsUserMFA] user_mfa: List of users that are
6925
- exempted from the MFA requirement of the account.
6926
6784
  :param str session_expiration_in_seconds: Defines the session expiration in
6927
6785
  seconds for the account. Valid values:
6928
6786
  * Any whole number between between '900' and '86400'
@@ -6944,6 +6802,8 @@ class AccountSettingsResponse:
6944
6802
  token expiration in seconds. Valid values:
6945
6803
  * Any whole number between '900' and '259200'
6946
6804
  * NOT_SET - To unset account setting and use service default.
6805
+ :param List[AccountSettingsUserMFAResponse] user_mfa: List of users that
6806
+ are exempted from the MFA requirement of the account.
6947
6807
  :param ResponseContext context: (optional) Context with key properties for
6948
6808
  problem determination.
6949
6809
  :param List[EnityHistoryRecord] history: (optional) History of the Account
@@ -6951,18 +6811,20 @@ class AccountSettingsResponse:
6951
6811
  """
6952
6812
  self.context = context
6953
6813
  self.account_id = account_id
6814
+ self.entity_tag = entity_tag
6815
+ self.history = history
6954
6816
  self.restrict_create_service_id = restrict_create_service_id
6955
6817
  self.restrict_create_platform_apikey = restrict_create_platform_apikey
6818
+ self.restrict_user_list_visibility = restrict_user_list_visibility
6819
+ self.restrict_user_domains = restrict_user_domains
6956
6820
  self.allowed_ip_addresses = allowed_ip_addresses
6957
- self.entity_tag = entity_tag
6958
6821
  self.mfa = mfa
6959
- self.user_mfa = user_mfa
6960
- self.history = history
6961
6822
  self.session_expiration_in_seconds = session_expiration_in_seconds
6962
6823
  self.session_invalidation_in_seconds = session_invalidation_in_seconds
6963
6824
  self.max_sessions_per_identity = max_sessions_per_identity
6964
6825
  self.system_access_token_expiration_in_seconds = system_access_token_expiration_in_seconds
6965
6826
  self.system_refresh_token_expiration_in_seconds = system_refresh_token_expiration_in_seconds
6827
+ self.user_mfa = user_mfa
6966
6828
 
6967
6829
  @classmethod
6968
6830
  def from_dict(cls, _dict: Dict) -> 'AccountSettingsResponse':
@@ -6974,6 +6836,12 @@ class AccountSettingsResponse:
6974
6836
  args['account_id'] = account_id
6975
6837
  else:
6976
6838
  raise ValueError('Required property \'account_id\' not present in AccountSettingsResponse JSON')
6839
+ if (entity_tag := _dict.get('entity_tag')) is not None:
6840
+ args['entity_tag'] = entity_tag
6841
+ else:
6842
+ raise ValueError('Required property \'entity_tag\' not present in AccountSettingsResponse JSON')
6843
+ if (history := _dict.get('history')) is not None:
6844
+ args['history'] = [EnityHistoryRecord.from_dict(v) for v in history]
6977
6845
  if (restrict_create_service_id := _dict.get('restrict_create_service_id')) is not None:
6978
6846
  args['restrict_create_service_id'] = restrict_create_service_id
6979
6847
  else:
@@ -6986,24 +6854,26 @@ class AccountSettingsResponse:
6986
6854
  raise ValueError(
6987
6855
  'Required property \'restrict_create_platform_apikey\' not present in AccountSettingsResponse JSON'
6988
6856
  )
6857
+ if (restrict_user_list_visibility := _dict.get('restrict_user_list_visibility')) is not None:
6858
+ args['restrict_user_list_visibility'] = restrict_user_list_visibility
6859
+ else:
6860
+ raise ValueError(
6861
+ 'Required property \'restrict_user_list_visibility\' not present in AccountSettingsResponse JSON'
6862
+ )
6863
+ if (restrict_user_domains := _dict.get('restrict_user_domains')) is not None:
6864
+ args['restrict_user_domains'] = [
6865
+ AccountSettingsUserDomainRestriction.from_dict(v) for v in restrict_user_domains
6866
+ ]
6867
+ else:
6868
+ raise ValueError('Required property \'restrict_user_domains\' not present in AccountSettingsResponse JSON')
6989
6869
  if (allowed_ip_addresses := _dict.get('allowed_ip_addresses')) is not None:
6990
6870
  args['allowed_ip_addresses'] = allowed_ip_addresses
6991
6871
  else:
6992
6872
  raise ValueError('Required property \'allowed_ip_addresses\' not present in AccountSettingsResponse JSON')
6993
- if (entity_tag := _dict.get('entity_tag')) is not None:
6994
- args['entity_tag'] = entity_tag
6995
- else:
6996
- raise ValueError('Required property \'entity_tag\' not present in AccountSettingsResponse JSON')
6997
6873
  if (mfa := _dict.get('mfa')) is not None:
6998
6874
  args['mfa'] = mfa
6999
6875
  else:
7000
6876
  raise ValueError('Required property \'mfa\' not present in AccountSettingsResponse JSON')
7001
- if (user_mfa := _dict.get('user_mfa')) is not None:
7002
- args['user_mfa'] = [AccountSettingsUserMFA.from_dict(v) for v in user_mfa]
7003
- else:
7004
- raise ValueError('Required property \'user_mfa\' not present in AccountSettingsResponse JSON')
7005
- if (history := _dict.get('history')) is not None:
7006
- args['history'] = [EnityHistoryRecord.from_dict(v) for v in history]
7007
6877
  if (session_expiration_in_seconds := _dict.get('session_expiration_in_seconds')) is not None:
7008
6878
  args['session_expiration_in_seconds'] = session_expiration_in_seconds
7009
6879
  else:
@@ -7038,6 +6908,10 @@ class AccountSettingsResponse:
7038
6908
  raise ValueError(
7039
6909
  'Required property \'system_refresh_token_expiration_in_seconds\' not present in AccountSettingsResponse JSON'
7040
6910
  )
6911
+ if (user_mfa := _dict.get('user_mfa')) is not None:
6912
+ args['user_mfa'] = [AccountSettingsUserMFAResponse.from_dict(v) for v in user_mfa]
6913
+ else:
6914
+ raise ValueError('Required property \'user_mfa\' not present in AccountSettingsResponse JSON')
7041
6915
  return cls(**args)
7042
6916
 
7043
6917
  @classmethod
@@ -7055,24 +6929,8 @@ class AccountSettingsResponse:
7055
6929
  _dict['context'] = self.context.to_dict()
7056
6930
  if hasattr(self, 'account_id') and self.account_id is not None:
7057
6931
  _dict['account_id'] = self.account_id
7058
- if hasattr(self, 'restrict_create_service_id') and self.restrict_create_service_id is not None:
7059
- _dict['restrict_create_service_id'] = self.restrict_create_service_id
7060
- if hasattr(self, 'restrict_create_platform_apikey') and self.restrict_create_platform_apikey is not None:
7061
- _dict['restrict_create_platform_apikey'] = self.restrict_create_platform_apikey
7062
- if hasattr(self, 'allowed_ip_addresses') and self.allowed_ip_addresses is not None:
7063
- _dict['allowed_ip_addresses'] = self.allowed_ip_addresses
7064
6932
  if hasattr(self, 'entity_tag') and self.entity_tag is not None:
7065
6933
  _dict['entity_tag'] = self.entity_tag
7066
- if hasattr(self, 'mfa') and self.mfa is not None:
7067
- _dict['mfa'] = self.mfa
7068
- if hasattr(self, 'user_mfa') and self.user_mfa is not None:
7069
- user_mfa_list = []
7070
- for v in self.user_mfa:
7071
- if isinstance(v, dict):
7072
- user_mfa_list.append(v)
7073
- else:
7074
- user_mfa_list.append(v.to_dict())
7075
- _dict['user_mfa'] = user_mfa_list
7076
6934
  if hasattr(self, 'history') and self.history is not None:
7077
6935
  history_list = []
7078
6936
  for v in self.history:
@@ -7081,6 +6939,24 @@ class AccountSettingsResponse:
7081
6939
  else:
7082
6940
  history_list.append(v.to_dict())
7083
6941
  _dict['history'] = history_list
6942
+ if hasattr(self, 'restrict_create_service_id') and self.restrict_create_service_id is not None:
6943
+ _dict['restrict_create_service_id'] = self.restrict_create_service_id
6944
+ if hasattr(self, 'restrict_create_platform_apikey') and self.restrict_create_platform_apikey is not None:
6945
+ _dict['restrict_create_platform_apikey'] = self.restrict_create_platform_apikey
6946
+ if hasattr(self, 'restrict_user_list_visibility') and self.restrict_user_list_visibility is not None:
6947
+ _dict['restrict_user_list_visibility'] = self.restrict_user_list_visibility
6948
+ if hasattr(self, 'restrict_user_domains') and self.restrict_user_domains is not None:
6949
+ restrict_user_domains_list = []
6950
+ for v in self.restrict_user_domains:
6951
+ if isinstance(v, dict):
6952
+ restrict_user_domains_list.append(v)
6953
+ else:
6954
+ restrict_user_domains_list.append(v.to_dict())
6955
+ _dict['restrict_user_domains'] = restrict_user_domains_list
6956
+ if hasattr(self, 'allowed_ip_addresses') and self.allowed_ip_addresses is not None:
6957
+ _dict['allowed_ip_addresses'] = self.allowed_ip_addresses
6958
+ if hasattr(self, 'mfa') and self.mfa is not None:
6959
+ _dict['mfa'] = self.mfa
7084
6960
  if hasattr(self, 'session_expiration_in_seconds') and self.session_expiration_in_seconds is not None:
7085
6961
  _dict['session_expiration_in_seconds'] = self.session_expiration_in_seconds
7086
6962
  if hasattr(self, 'session_invalidation_in_seconds') and self.session_invalidation_in_seconds is not None:
@@ -7097,6 +6973,14 @@ class AccountSettingsResponse:
7097
6973
  and self.system_refresh_token_expiration_in_seconds is not None
7098
6974
  ):
7099
6975
  _dict['system_refresh_token_expiration_in_seconds'] = self.system_refresh_token_expiration_in_seconds
6976
+ if hasattr(self, 'user_mfa') and self.user_mfa is not None:
6977
+ user_mfa_list = []
6978
+ for v in self.user_mfa:
6979
+ if isinstance(v, dict):
6980
+ user_mfa_list.append(v)
6981
+ else:
6982
+ user_mfa_list.append(v.to_dict())
6983
+ _dict['user_mfa'] = user_mfa_list
7100
6984
  return _dict
7101
6985
 
7102
6986
  def _to_dict(self):
@@ -7119,7 +7003,7 @@ class AccountSettingsResponse:
7119
7003
 
7120
7004
  class RestrictCreateServiceIdEnum(str, Enum):
7121
7005
  """
7122
- Defines whether or not creating a service ID is access controlled. Valid values:
7006
+ Defines whether or not creating the resource is access controlled. Valid values:
7123
7007
  * RESTRICTED - only users assigned the 'Service ID creator' role on the IAM
7124
7008
  Identity Service can create service IDs, including the account owner
7125
7009
  * NOT_RESTRICTED - all members of an account can create service IDs
@@ -7132,10 +7016,10 @@ class AccountSettingsResponse:
7132
7016
 
7133
7017
  class RestrictCreatePlatformApikeyEnum(str, Enum):
7134
7018
  """
7135
- Defines whether or not creating platform API keys is access controlled. Valid
7136
- values:
7137
- * RESTRICTED - to apply access control
7138
- * NOT_RESTRICTED - to remove access control
7019
+ Defines whether or not creating the resource is access controlled. Valid values:
7020
+ * RESTRICTED - only users assigned the 'Service ID creator' role on the IAM
7021
+ Identity Service can create service IDs, including the account owner
7022
+ * NOT_RESTRICTED - all members of an account can create service IDs
7139
7023
  * NOT_SET - to 'unset' a previous set value.
7140
7024
  """
7141
7025
 
@@ -7143,9 +7027,22 @@ class AccountSettingsResponse:
7143
7027
  NOT_RESTRICTED = 'NOT_RESTRICTED'
7144
7028
  NOT_SET = 'NOT_SET'
7145
7029
 
7030
+ class RestrictUserListVisibilityEnum(str, Enum):
7031
+ """
7032
+ Defines whether or not user visibility is access controlled. Valid values:
7033
+ * RESTRICTED - users can view only specific types of users in the account, such
7034
+ as those the user has invited to the account, or descendants of those users based
7035
+ on the classic infrastructure hierarchy
7036
+ * NOT_RESTRICTED - any user in the account can view other users from the Users
7037
+ page in IBM Cloud console.
7038
+ """
7039
+
7040
+ NOT_RESTRICTED = 'NOT_RESTRICTED'
7041
+ RESTRICTED = 'RESTRICTED'
7042
+
7146
7043
  class MfaEnum(str, Enum):
7147
7044
  """
7148
- Defines the MFA trait for the account. Valid values:
7045
+ MFA trait definitions as follows:
7149
7046
  * NONE - No MFA trait set
7150
7047
  * NONE_NO_ROPC- No MFA, disable CLI logins with only a password
7151
7048
  * TOTP - For all non-federated IBMId users
@@ -7483,26 +7380,113 @@ class AccountSettingsTemplateResponse:
7483
7380
  return self.to_dict()
7484
7381
 
7485
7382
  def __str__(self) -> str:
7486
- """Return a `str` version of this AccountSettingsTemplateResponse object."""
7383
+ """Return a `str` version of this AccountSettingsTemplateResponse object."""
7384
+ return json.dumps(self.to_dict(), indent=2)
7385
+
7386
+ def __eq__(self, other: 'AccountSettingsTemplateResponse') -> bool:
7387
+ """Return `true` when self and other are equal, false otherwise."""
7388
+ if not isinstance(other, self.__class__):
7389
+ return False
7390
+ return self.__dict__ == other.__dict__
7391
+
7392
+ def __ne__(self, other: 'AccountSettingsTemplateResponse') -> bool:
7393
+ """Return `true` when self and other are not equal, false otherwise."""
7394
+ return not self == other
7395
+
7396
+
7397
+ class AccountSettingsUserDomainRestriction:
7398
+ """
7399
+ Input body parameters for the Account Settings REST request.
7400
+
7401
+ :param str realm_id: The realm that the restrictions apply to.
7402
+ :param List[str] invitation_email_allow_patterns: (optional) The list of allowed
7403
+ email patterns. Wildcard syntax is supported, '*' represents any sequence of
7404
+ zero or more characters in the string, except for '.' and '@'. The sequence ends
7405
+ if a '.' or '@' was found. '**' represents any sequence of zero or more
7406
+ characters in the string - without limit.
7407
+ :param bool restrict_invitation: (optional) When true invites will only be
7408
+ possible to the domain patterns provided, otherwise invites are unrestricted.
7409
+ """
7410
+
7411
+ def __init__(
7412
+ self,
7413
+ realm_id: str,
7414
+ *,
7415
+ invitation_email_allow_patterns: Optional[List[str]] = None,
7416
+ restrict_invitation: Optional[bool] = None,
7417
+ ) -> None:
7418
+ """
7419
+ Initialize a AccountSettingsUserDomainRestriction object.
7420
+
7421
+ :param str realm_id: The realm that the restrictions apply to.
7422
+ :param List[str] invitation_email_allow_patterns: (optional) The list of
7423
+ allowed email patterns. Wildcard syntax is supported, '*' represents any
7424
+ sequence of zero or more characters in the string, except for '.' and '@'.
7425
+ The sequence ends if a '.' or '@' was found. '**' represents any sequence
7426
+ of zero or more characters in the string - without limit.
7427
+ :param bool restrict_invitation: (optional) When true invites will only be
7428
+ possible to the domain patterns provided, otherwise invites are
7429
+ unrestricted.
7430
+ """
7431
+ self.realm_id = realm_id
7432
+ self.invitation_email_allow_patterns = invitation_email_allow_patterns
7433
+ self.restrict_invitation = restrict_invitation
7434
+
7435
+ @classmethod
7436
+ def from_dict(cls, _dict: Dict) -> 'AccountSettingsUserDomainRestriction':
7437
+ """Initialize a AccountSettingsUserDomainRestriction object from a json dictionary."""
7438
+ args = {}
7439
+ if (realm_id := _dict.get('realm_id')) is not None:
7440
+ args['realm_id'] = realm_id
7441
+ else:
7442
+ raise ValueError('Required property \'realm_id\' not present in AccountSettingsUserDomainRestriction JSON')
7443
+ if (invitation_email_allow_patterns := _dict.get('invitation_email_allow_patterns')) is not None:
7444
+ args['invitation_email_allow_patterns'] = invitation_email_allow_patterns
7445
+ if (restrict_invitation := _dict.get('restrict_invitation')) is not None:
7446
+ args['restrict_invitation'] = restrict_invitation
7447
+ return cls(**args)
7448
+
7449
+ @classmethod
7450
+ def _from_dict(cls, _dict):
7451
+ """Initialize a AccountSettingsUserDomainRestriction object from a json dictionary."""
7452
+ return cls.from_dict(_dict)
7453
+
7454
+ def to_dict(self) -> Dict:
7455
+ """Return a json dictionary representing this model."""
7456
+ _dict = {}
7457
+ if hasattr(self, 'realm_id') and self.realm_id is not None:
7458
+ _dict['realm_id'] = self.realm_id
7459
+ if hasattr(self, 'invitation_email_allow_patterns') and self.invitation_email_allow_patterns is not None:
7460
+ _dict['invitation_email_allow_patterns'] = self.invitation_email_allow_patterns
7461
+ if hasattr(self, 'restrict_invitation') and self.restrict_invitation is not None:
7462
+ _dict['restrict_invitation'] = self.restrict_invitation
7463
+ return _dict
7464
+
7465
+ def _to_dict(self):
7466
+ """Return a json dictionary representing this model."""
7467
+ return self.to_dict()
7468
+
7469
+ def __str__(self) -> str:
7470
+ """Return a `str` version of this AccountSettingsUserDomainRestriction object."""
7487
7471
  return json.dumps(self.to_dict(), indent=2)
7488
7472
 
7489
- def __eq__(self, other: 'AccountSettingsTemplateResponse') -> bool:
7473
+ def __eq__(self, other: 'AccountSettingsUserDomainRestriction') -> bool:
7490
7474
  """Return `true` when self and other are equal, false otherwise."""
7491
7475
  if not isinstance(other, self.__class__):
7492
7476
  return False
7493
7477
  return self.__dict__ == other.__dict__
7494
7478
 
7495
- def __ne__(self, other: 'AccountSettingsTemplateResponse') -> bool:
7479
+ def __ne__(self, other: 'AccountSettingsUserDomainRestriction') -> bool:
7496
7480
  """Return `true` when self and other are not equal, false otherwise."""
7497
7481
  return not self == other
7498
7482
 
7499
7483
 
7500
- class AccountSettingsUserMFA:
7484
+ class AccountSettingsUserMFAResponse:
7501
7485
  """
7502
- AccountSettingsUserMFA.
7486
+ AccountSettingsUserMFAResponse.
7503
7487
 
7504
7488
  :param str iam_id: The iam_id of the user.
7505
- :param str mfa: Defines the MFA requirement for the user. Valid values:
7489
+ :param str mfa: MFA trait definitions as follows:
7506
7490
  * NONE - No MFA trait set
7507
7491
  * NONE_NO_ROPC- No MFA, disable CLI logins with only a password
7508
7492
  * TOTP - For all non-federated IBMId users
@@ -7510,18 +7494,27 @@ class AccountSettingsUserMFA:
7510
7494
  * LEVEL1 - Email-based MFA for all users
7511
7495
  * LEVEL2 - TOTP-based MFA for all users
7512
7496
  * LEVEL3 - U2F MFA for all users.
7497
+ :param str name: (optional) name of the user account.
7498
+ :param str user_name: (optional) userName of the user.
7499
+ :param str email: (optional) email of the user.
7500
+ :param str description: (optional) optional description.
7513
7501
  """
7514
7502
 
7515
7503
  def __init__(
7516
7504
  self,
7517
7505
  iam_id: str,
7518
7506
  mfa: str,
7507
+ *,
7508
+ name: Optional[str] = None,
7509
+ user_name: Optional[str] = None,
7510
+ email: Optional[str] = None,
7511
+ description: Optional[str] = None,
7519
7512
  ) -> None:
7520
7513
  """
7521
- Initialize a AccountSettingsUserMFA object.
7514
+ Initialize a AccountSettingsUserMFAResponse object.
7522
7515
 
7523
7516
  :param str iam_id: The iam_id of the user.
7524
- :param str mfa: Defines the MFA requirement for the user. Valid values:
7517
+ :param str mfa: MFA trait definitions as follows:
7525
7518
  * NONE - No MFA trait set
7526
7519
  * NONE_NO_ROPC- No MFA, disable CLI logins with only a password
7527
7520
  * TOTP - For all non-federated IBMId users
@@ -7529,27 +7522,43 @@ class AccountSettingsUserMFA:
7529
7522
  * LEVEL1 - Email-based MFA for all users
7530
7523
  * LEVEL2 - TOTP-based MFA for all users
7531
7524
  * LEVEL3 - U2F MFA for all users.
7525
+ :param str name: (optional) name of the user account.
7526
+ :param str user_name: (optional) userName of the user.
7527
+ :param str email: (optional) email of the user.
7528
+ :param str description: (optional) optional description.
7532
7529
  """
7533
7530
  self.iam_id = iam_id
7534
7531
  self.mfa = mfa
7532
+ self.name = name
7533
+ self.user_name = user_name
7534
+ self.email = email
7535
+ self.description = description
7535
7536
 
7536
7537
  @classmethod
7537
- def from_dict(cls, _dict: Dict) -> 'AccountSettingsUserMFA':
7538
- """Initialize a AccountSettingsUserMFA object from a json dictionary."""
7538
+ def from_dict(cls, _dict: Dict) -> 'AccountSettingsUserMFAResponse':
7539
+ """Initialize a AccountSettingsUserMFAResponse object from a json dictionary."""
7539
7540
  args = {}
7540
7541
  if (iam_id := _dict.get('iam_id')) is not None:
7541
7542
  args['iam_id'] = iam_id
7542
7543
  else:
7543
- raise ValueError('Required property \'iam_id\' not present in AccountSettingsUserMFA JSON')
7544
+ raise ValueError('Required property \'iam_id\' not present in AccountSettingsUserMFAResponse JSON')
7544
7545
  if (mfa := _dict.get('mfa')) is not None:
7545
7546
  args['mfa'] = mfa
7546
7547
  else:
7547
- raise ValueError('Required property \'mfa\' not present in AccountSettingsUserMFA JSON')
7548
+ raise ValueError('Required property \'mfa\' not present in AccountSettingsUserMFAResponse JSON')
7549
+ if (name := _dict.get('name')) is not None:
7550
+ args['name'] = name
7551
+ if (user_name := _dict.get('userName')) is not None:
7552
+ args['user_name'] = user_name
7553
+ if (email := _dict.get('email')) is not None:
7554
+ args['email'] = email
7555
+ if (description := _dict.get('description')) is not None:
7556
+ args['description'] = description
7548
7557
  return cls(**args)
7549
7558
 
7550
7559
  @classmethod
7551
7560
  def _from_dict(cls, _dict):
7552
- """Initialize a AccountSettingsUserMFA object from a json dictionary."""
7561
+ """Initialize a AccountSettingsUserMFAResponse object from a json dictionary."""
7553
7562
  return cls.from_dict(_dict)
7554
7563
 
7555
7564
  def to_dict(self) -> Dict:
@@ -7559,6 +7568,14 @@ class AccountSettingsUserMFA:
7559
7568
  _dict['iam_id'] = self.iam_id
7560
7569
  if hasattr(self, 'mfa') and self.mfa is not None:
7561
7570
  _dict['mfa'] = self.mfa
7571
+ if hasattr(self, 'name') and self.name is not None:
7572
+ _dict['name'] = self.name
7573
+ if hasattr(self, 'user_name') and self.user_name is not None:
7574
+ _dict['userName'] = self.user_name
7575
+ if hasattr(self, 'email') and self.email is not None:
7576
+ _dict['email'] = self.email
7577
+ if hasattr(self, 'description') and self.description is not None:
7578
+ _dict['description'] = self.description
7562
7579
  return _dict
7563
7580
 
7564
7581
  def _to_dict(self):
@@ -7566,22 +7583,22 @@ class AccountSettingsUserMFA:
7566
7583
  return self.to_dict()
7567
7584
 
7568
7585
  def __str__(self) -> str:
7569
- """Return a `str` version of this AccountSettingsUserMFA object."""
7586
+ """Return a `str` version of this AccountSettingsUserMFAResponse object."""
7570
7587
  return json.dumps(self.to_dict(), indent=2)
7571
7588
 
7572
- def __eq__(self, other: 'AccountSettingsUserMFA') -> bool:
7589
+ def __eq__(self, other: 'AccountSettingsUserMFAResponse') -> bool:
7573
7590
  """Return `true` when self and other are equal, false otherwise."""
7574
7591
  if not isinstance(other, self.__class__):
7575
7592
  return False
7576
7593
  return self.__dict__ == other.__dict__
7577
7594
 
7578
- def __ne__(self, other: 'AccountSettingsUserMFA') -> bool:
7595
+ def __ne__(self, other: 'AccountSettingsUserMFAResponse') -> bool:
7579
7596
  """Return `true` when self and other are not equal, false otherwise."""
7580
7597
  return not self == other
7581
7598
 
7582
7599
  class MfaEnum(str, Enum):
7583
7600
  """
7584
- Defines the MFA requirement for the user. Valid values:
7601
+ MFA trait definitions as follows:
7585
7602
  * NONE - No MFA trait set
7586
7603
  * NONE_NO_ROPC- No MFA, disable CLI logins with only a password
7587
7604
  * TOTP - For all non-federated IBMId users
@@ -8840,7 +8857,8 @@ class EffectiveAccountSettingsResponse:
8840
8857
  problem determination.
8841
8858
  :param str account_id: Unique ID of the account.
8842
8859
  :param AccountSettingsEffectiveSection effective:
8843
- :param AccountSettingsAccountSection account:
8860
+ :param AccountSettingsResponse account: Input body parameters for the Account
8861
+ Settings REST request.
8844
8862
  :param List[AccountSettingsAssignedTemplatesSection] assigned_templates:
8845
8863
  (optional) assigned template section.
8846
8864
  """
@@ -8849,7 +8867,7 @@ class EffectiveAccountSettingsResponse:
8849
8867
  self,
8850
8868
  account_id: str,
8851
8869
  effective: 'AccountSettingsEffectiveSection',
8852
- account: 'AccountSettingsAccountSection',
8870
+ account: 'AccountSettingsResponse',
8853
8871
  *,
8854
8872
  context: Optional['ResponseContext'] = None,
8855
8873
  assigned_templates: Optional[List['AccountSettingsAssignedTemplatesSection']] = None,
@@ -8859,7 +8877,8 @@ class EffectiveAccountSettingsResponse:
8859
8877
 
8860
8878
  :param str account_id: Unique ID of the account.
8861
8879
  :param AccountSettingsEffectiveSection effective:
8862
- :param AccountSettingsAccountSection account:
8880
+ :param AccountSettingsResponse account: Input body parameters for the
8881
+ Account Settings REST request.
8863
8882
  :param ResponseContext context: (optional) Context with key properties for
8864
8883
  problem determination.
8865
8884
  :param List[AccountSettingsAssignedTemplatesSection] assigned_templates:
@@ -8886,7 +8905,7 @@ class EffectiveAccountSettingsResponse:
8886
8905
  else:
8887
8906
  raise ValueError('Required property \'effective\' not present in EffectiveAccountSettingsResponse JSON')
8888
8907
  if (account := _dict.get('account')) is not None:
8889
- args['account'] = AccountSettingsAccountSection.from_dict(account)
8908
+ args['account'] = AccountSettingsResponse.from_dict(account)
8890
8909
  else:
8891
8910
  raise ValueError('Required property \'account\' not present in EffectiveAccountSettingsResponse JSON')
8892
8911
  if (assigned_templates := _dict.get('assigned_templates')) is not None:
@@ -8949,142 +8968,6 @@ class EffectiveAccountSettingsResponse:
8949
8968
  return not self == other
8950
8969
 
8951
8970
 
8952
- class EffectiveAccountSettingsUserMFA:
8953
- """
8954
- EffectiveAccountSettingsUserMFA.
8955
-
8956
- :param str iam_id: The iam_id of the user.
8957
- :param str mfa: Defines the MFA requirement for the user. Valid values:
8958
- * NONE - No MFA trait set
8959
- * NONE_NO_ROPC- No MFA, disable CLI logins with only a password
8960
- * TOTP - For all non-federated IBMId users
8961
- * TOTP4ALL - For all users
8962
- * LEVEL1 - Email-based MFA for all users
8963
- * LEVEL2 - TOTP-based MFA for all users
8964
- * LEVEL3 - U2F MFA for all users.
8965
- :param str name: (optional) name of the user account.
8966
- :param str user_name: (optional) userName of the user.
8967
- :param str email: (optional) email of the user.
8968
- :param str description: (optional) optional description.
8969
- """
8970
-
8971
- def __init__(
8972
- self,
8973
- iam_id: str,
8974
- mfa: str,
8975
- *,
8976
- name: Optional[str] = None,
8977
- user_name: Optional[str] = None,
8978
- email: Optional[str] = None,
8979
- description: Optional[str] = None,
8980
- ) -> None:
8981
- """
8982
- Initialize a EffectiveAccountSettingsUserMFA object.
8983
-
8984
- :param str iam_id: The iam_id of the user.
8985
- :param str mfa: Defines the MFA requirement for the user. Valid values:
8986
- * NONE - No MFA trait set
8987
- * NONE_NO_ROPC- No MFA, disable CLI logins with only a password
8988
- * TOTP - For all non-federated IBMId users
8989
- * TOTP4ALL - For all users
8990
- * LEVEL1 - Email-based MFA for all users
8991
- * LEVEL2 - TOTP-based MFA for all users
8992
- * LEVEL3 - U2F MFA for all users.
8993
- :param str name: (optional) name of the user account.
8994
- :param str user_name: (optional) userName of the user.
8995
- :param str email: (optional) email of the user.
8996
- :param str description: (optional) optional description.
8997
- """
8998
- self.iam_id = iam_id
8999
- self.mfa = mfa
9000
- self.name = name
9001
- self.user_name = user_name
9002
- self.email = email
9003
- self.description = description
9004
-
9005
- @classmethod
9006
- def from_dict(cls, _dict: Dict) -> 'EffectiveAccountSettingsUserMFA':
9007
- """Initialize a EffectiveAccountSettingsUserMFA object from a json dictionary."""
9008
- args = {}
9009
- if (iam_id := _dict.get('iam_id')) is not None:
9010
- args['iam_id'] = iam_id
9011
- else:
9012
- raise ValueError('Required property \'iam_id\' not present in EffectiveAccountSettingsUserMFA JSON')
9013
- if (mfa := _dict.get('mfa')) is not None:
9014
- args['mfa'] = mfa
9015
- else:
9016
- raise ValueError('Required property \'mfa\' not present in EffectiveAccountSettingsUserMFA JSON')
9017
- if (name := _dict.get('name')) is not None:
9018
- args['name'] = name
9019
- if (user_name := _dict.get('userName')) is not None:
9020
- args['user_name'] = user_name
9021
- if (email := _dict.get('email')) is not None:
9022
- args['email'] = email
9023
- if (description := _dict.get('description')) is not None:
9024
- args['description'] = description
9025
- return cls(**args)
9026
-
9027
- @classmethod
9028
- def _from_dict(cls, _dict):
9029
- """Initialize a EffectiveAccountSettingsUserMFA object from a json dictionary."""
9030
- return cls.from_dict(_dict)
9031
-
9032
- def to_dict(self) -> Dict:
9033
- """Return a json dictionary representing this model."""
9034
- _dict = {}
9035
- if hasattr(self, 'iam_id') and self.iam_id is not None:
9036
- _dict['iam_id'] = self.iam_id
9037
- if hasattr(self, 'mfa') and self.mfa is not None:
9038
- _dict['mfa'] = self.mfa
9039
- if hasattr(self, 'name') and self.name is not None:
9040
- _dict['name'] = self.name
9041
- if hasattr(self, 'user_name') and self.user_name is not None:
9042
- _dict['userName'] = self.user_name
9043
- if hasattr(self, 'email') and self.email is not None:
9044
- _dict['email'] = self.email
9045
- if hasattr(self, 'description') and self.description is not None:
9046
- _dict['description'] = self.description
9047
- return _dict
9048
-
9049
- def _to_dict(self):
9050
- """Return a json dictionary representing this model."""
9051
- return self.to_dict()
9052
-
9053
- def __str__(self) -> str:
9054
- """Return a `str` version of this EffectiveAccountSettingsUserMFA object."""
9055
- return json.dumps(self.to_dict(), indent=2)
9056
-
9057
- def __eq__(self, other: 'EffectiveAccountSettingsUserMFA') -> bool:
9058
- """Return `true` when self and other are equal, false otherwise."""
9059
- if not isinstance(other, self.__class__):
9060
- return False
9061
- return self.__dict__ == other.__dict__
9062
-
9063
- def __ne__(self, other: 'EffectiveAccountSettingsUserMFA') -> bool:
9064
- """Return `true` when self and other are not equal, false otherwise."""
9065
- return not self == other
9066
-
9067
- class MfaEnum(str, Enum):
9068
- """
9069
- Defines the MFA requirement for the user. Valid values:
9070
- * NONE - No MFA trait set
9071
- * NONE_NO_ROPC- No MFA, disable CLI logins with only a password
9072
- * TOTP - For all non-federated IBMId users
9073
- * TOTP4ALL - For all users
9074
- * LEVEL1 - Email-based MFA for all users
9075
- * LEVEL2 - TOTP-based MFA for all users
9076
- * LEVEL3 - U2F MFA for all users.
9077
- """
9078
-
9079
- NONE = 'NONE'
9080
- NONE_NO_ROPC = 'NONE_NO_ROPC'
9081
- TOTP = 'TOTP'
9082
- TOTP4ALL = 'TOTP4ALL'
9083
- LEVEL1 = 'LEVEL1'
9084
- LEVEL2 = 'LEVEL2'
9085
- LEVEL3 = 'LEVEL3'
9086
-
9087
-
9088
8971
  class EnityHistoryRecord:
9089
8972
  """
9090
8973
  Response body format for an entity history record.
@@ -9467,8 +9350,7 @@ class IdBasedMfaEnrollment:
9467
9350
  """
9468
9351
  IdBasedMfaEnrollment.
9469
9352
 
9470
- :param str trait_account_default: Defines the MFA trait for the account. Valid
9471
- values:
9353
+ :param str trait_account_default: MFA trait definitions as follows:
9472
9354
  * NONE - No MFA trait set
9473
9355
  * NONE_NO_ROPC- No MFA, disable CLI logins with only a password
9474
9356
  * TOTP - For all non-federated IBMId users
@@ -9476,8 +9358,7 @@ class IdBasedMfaEnrollment:
9476
9358
  * LEVEL1 - Email-based MFA for all users
9477
9359
  * LEVEL2 - TOTP-based MFA for all users
9478
9360
  * LEVEL3 - U2F MFA for all users.
9479
- :param str trait_user_specific: (optional) Defines the MFA trait for the
9480
- account. Valid values:
9361
+ :param str trait_user_specific: (optional) MFA trait definitions as follows:
9481
9362
  * NONE - No MFA trait set
9482
9363
  * NONE_NO_ROPC- No MFA, disable CLI logins with only a password
9483
9364
  * TOTP - For all non-federated IBMId users
@@ -9485,7 +9366,7 @@ class IdBasedMfaEnrollment:
9485
9366
  * LEVEL1 - Email-based MFA for all users
9486
9367
  * LEVEL2 - TOTP-based MFA for all users
9487
9368
  * LEVEL3 - U2F MFA for all users.
9488
- :param str trait_effective: Defines the MFA trait for the account. Valid values:
9369
+ :param str trait_effective: MFA trait definitions as follows:
9489
9370
  * NONE - No MFA trait set
9490
9371
  * NONE_NO_ROPC- No MFA, disable CLI logins with only a password
9491
9372
  * TOTP - For all non-federated IBMId users
@@ -9515,8 +9396,7 @@ class IdBasedMfaEnrollment:
9515
9396
  """
9516
9397
  Initialize a IdBasedMfaEnrollment object.
9517
9398
 
9518
- :param str trait_account_default: Defines the MFA trait for the account.
9519
- Valid values:
9399
+ :param str trait_account_default: MFA trait definitions as follows:
9520
9400
  * NONE - No MFA trait set
9521
9401
  * NONE_NO_ROPC- No MFA, disable CLI logins with only a password
9522
9402
  * TOTP - For all non-federated IBMId users
@@ -9524,8 +9404,7 @@ class IdBasedMfaEnrollment:
9524
9404
  * LEVEL1 - Email-based MFA for all users
9525
9405
  * LEVEL2 - TOTP-based MFA for all users
9526
9406
  * LEVEL3 - U2F MFA for all users.
9527
- :param str trait_effective: Defines the MFA trait for the account. Valid
9528
- values:
9407
+ :param str trait_effective: MFA trait definitions as follows:
9529
9408
  * NONE - No MFA trait set
9530
9409
  * NONE_NO_ROPC- No MFA, disable CLI logins with only a password
9531
9410
  * TOTP - For all non-federated IBMId users
@@ -9534,8 +9413,8 @@ class IdBasedMfaEnrollment:
9534
9413
  * LEVEL2 - TOTP-based MFA for all users
9535
9414
  * LEVEL3 - U2F MFA for all users.
9536
9415
  :param bool complies: The enrollment complies to the effective requirement.
9537
- :param str trait_user_specific: (optional) Defines the MFA trait for the
9538
- account. Valid values:
9416
+ :param str trait_user_specific: (optional) MFA trait definitions as
9417
+ follows:
9539
9418
  * NONE - No MFA trait set
9540
9419
  * NONE_NO_ROPC- No MFA, disable CLI logins with only a password
9541
9420
  * TOTP - For all non-federated IBMId users
@@ -9619,7 +9498,7 @@ class IdBasedMfaEnrollment:
9619
9498
 
9620
9499
  class TraitAccountDefaultEnum(str, Enum):
9621
9500
  """
9622
- Defines the MFA trait for the account. Valid values:
9501
+ MFA trait definitions as follows:
9623
9502
  * NONE - No MFA trait set
9624
9503
  * NONE_NO_ROPC- No MFA, disable CLI logins with only a password
9625
9504
  * TOTP - For all non-federated IBMId users
@@ -9639,7 +9518,7 @@ class IdBasedMfaEnrollment:
9639
9518
 
9640
9519
  class TraitUserSpecificEnum(str, Enum):
9641
9520
  """
9642
- Defines the MFA trait for the account. Valid values:
9521
+ MFA trait definitions as follows:
9643
9522
  * NONE - No MFA trait set
9644
9523
  * NONE_NO_ROPC- No MFA, disable CLI logins with only a password
9645
9524
  * TOTP - For all non-federated IBMId users
@@ -9659,7 +9538,7 @@ class IdBasedMfaEnrollment:
9659
9538
 
9660
9539
  class TraitEffectiveEnum(str, Enum):
9661
9540
  """
9662
- Defines the MFA trait for the account. Valid values:
9541
+ MFA trait definitions as follows:
9663
9542
  * NONE - No MFA trait set
9664
9543
  * NONE_NO_ROPC- No MFA, disable CLI logins with only a password
9665
9544
  * TOTP - For all non-federated IBMId users
@@ -13980,6 +13859,106 @@ class UserActivity:
13980
13859
  return not self == other
13981
13860
 
13982
13861
 
13862
+ class UserMfa:
13863
+ """
13864
+ UserMfa.
13865
+
13866
+ :param str iam_id: (optional) The iam_id of the user.
13867
+ :param str mfa: (optional) MFA trait definitions as follows:
13868
+ * NONE - No MFA trait set
13869
+ * NONE_NO_ROPC- No MFA, disable CLI logins with only a password
13870
+ * TOTP - For all non-federated IBMId users
13871
+ * TOTP4ALL - For all users
13872
+ * LEVEL1 - Email-based MFA for all users
13873
+ * LEVEL2 - TOTP-based MFA for all users
13874
+ * LEVEL3 - U2F MFA for all users.
13875
+ """
13876
+
13877
+ def __init__(
13878
+ self,
13879
+ *,
13880
+ iam_id: Optional[str] = None,
13881
+ mfa: Optional[str] = None,
13882
+ ) -> None:
13883
+ """
13884
+ Initialize a UserMfa object.
13885
+
13886
+ :param str iam_id: (optional) The iam_id of the user.
13887
+ :param str mfa: (optional) MFA trait definitions as follows:
13888
+ * NONE - No MFA trait set
13889
+ * NONE_NO_ROPC- No MFA, disable CLI logins with only a password
13890
+ * TOTP - For all non-federated IBMId users
13891
+ * TOTP4ALL - For all users
13892
+ * LEVEL1 - Email-based MFA for all users
13893
+ * LEVEL2 - TOTP-based MFA for all users
13894
+ * LEVEL3 - U2F MFA for all users.
13895
+ """
13896
+ self.iam_id = iam_id
13897
+ self.mfa = mfa
13898
+
13899
+ @classmethod
13900
+ def from_dict(cls, _dict: Dict) -> 'UserMfa':
13901
+ """Initialize a UserMfa object from a json dictionary."""
13902
+ args = {}
13903
+ if (iam_id := _dict.get('iam_id')) is not None:
13904
+ args['iam_id'] = iam_id
13905
+ if (mfa := _dict.get('mfa')) is not None:
13906
+ args['mfa'] = mfa
13907
+ return cls(**args)
13908
+
13909
+ @classmethod
13910
+ def _from_dict(cls, _dict):
13911
+ """Initialize a UserMfa object from a json dictionary."""
13912
+ return cls.from_dict(_dict)
13913
+
13914
+ def to_dict(self) -> Dict:
13915
+ """Return a json dictionary representing this model."""
13916
+ _dict = {}
13917
+ if hasattr(self, 'iam_id') and self.iam_id is not None:
13918
+ _dict['iam_id'] = self.iam_id
13919
+ if hasattr(self, 'mfa') and self.mfa is not None:
13920
+ _dict['mfa'] = self.mfa
13921
+ return _dict
13922
+
13923
+ def _to_dict(self):
13924
+ """Return a json dictionary representing this model."""
13925
+ return self.to_dict()
13926
+
13927
+ def __str__(self) -> str:
13928
+ """Return a `str` version of this UserMfa object."""
13929
+ return json.dumps(self.to_dict(), indent=2)
13930
+
13931
+ def __eq__(self, other: 'UserMfa') -> bool:
13932
+ """Return `true` when self and other are equal, false otherwise."""
13933
+ if not isinstance(other, self.__class__):
13934
+ return False
13935
+ return self.__dict__ == other.__dict__
13936
+
13937
+ def __ne__(self, other: 'UserMfa') -> bool:
13938
+ """Return `true` when self and other are not equal, false otherwise."""
13939
+ return not self == other
13940
+
13941
+ class MfaEnum(str, Enum):
13942
+ """
13943
+ MFA trait definitions as follows:
13944
+ * NONE - No MFA trait set
13945
+ * NONE_NO_ROPC- No MFA, disable CLI logins with only a password
13946
+ * TOTP - For all non-federated IBMId users
13947
+ * TOTP4ALL - For all users
13948
+ * LEVEL1 - Email-based MFA for all users
13949
+ * LEVEL2 - TOTP-based MFA for all users
13950
+ * LEVEL3 - U2F MFA for all users.
13951
+ """
13952
+
13953
+ NONE = 'NONE'
13954
+ NONE_NO_ROPC = 'NONE_NO_ROPC'
13955
+ TOTP = 'TOTP'
13956
+ TOTP4ALL = 'TOTP4ALL'
13957
+ LEVEL1 = 'LEVEL1'
13958
+ LEVEL2 = 'LEVEL2'
13959
+ LEVEL3 = 'LEVEL3'
13960
+
13961
+
13983
13962
  class UserMfaEnrollments:
13984
13963
  """
13985
13964
  UserMfaEnrollments.