@ibm-cloud/platform-services
Version:
Node.js client library for IBM Cloud Platform Services
782 lines • 224 kB
TypeScript
/**
* (C) Copyright IBM Corp. 2025.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
/// <reference types="node" />
import { IncomingHttpHeaders, OutgoingHttpHeaders } from 'http';
import { AbortSignal, BaseService, UserOptions } from 'ibm-cloud-sdk-core';
/**
* The IAM Identity Service API allows for the management of Account Settings and Identities (Service IDs, ApiKeys).
*
* API Version: 1.0.0
*/
declare class IamIdentityV1 extends BaseService {
static DEFAULT_SERVICE_URL: string;
static DEFAULT_SERVICE_NAME: string;
/*************************
* Factory method
************************/
/**
* Constructs an instance of IamIdentityV1 with passed in options and external configuration.
*
* @param {UserOptions} [options] - The parameters to send to the service.
* @param {string} [options.serviceName] - The name of the service to configure
* @param {Authenticator} [options.authenticator] - The Authenticator object used to authenticate requests to the service
* @param {string} [options.serviceUrl] - The base URL for the service
* @returns {IamIdentityV1}
*/
static newInstance(options: UserOptions): IamIdentityV1;
/**
* Construct a IamIdentityV1 object.
*
* @param {Object} options - Options for the service.
* @param {string} [options.serviceUrl] - The base URL for the service
* @param {OutgoingHttpHeaders} [options.headers] - Default headers that shall be included with every request to the service.
* @param {Authenticator} options.authenticator - The Authenticator object used to authenticate requests to the service
* @constructor
* @returns {IamIdentityV1}
*/
constructor(options: UserOptions);
/*************************
* aPIKeyOperations
************************/
/**
* Get API keys for a given service or user IAM ID and account ID.
*
* Returns the list of API key details for a given service or user IAM ID and account ID. Users can manage user API
* keys for themself, or service ID API keys for service IDs they have access to.
*
* @param {Object} [params] - The parameters to send to the service.
* @param {string} [params.accountId] - Account ID of the API keys to query. If a service IAM ID is specified in
* iam_id then account_id must match the account of the IAM ID. If a user IAM ID is specified in iam_id then then
* account_id must match the account of the Authorization token.
* @param {string} [params.iamId] - IAM ID of the API keys to be queried. The IAM ID may be that of a user or a
* service. For a user IAM ID iam_id must match the Authorization token.
* @param {number} [params.pagesize] - Optional size of a single page. Default is 20 items per page. Valid range is 1
* to 100.
* @param {string} [params.pagetoken] - Optional Prev or Next page token returned from a previous query execution.
* Default is start with first page.
* @param {string} [params.scope] - Optional parameter to define the scope of the queried API keys. Can be 'entity'
* (default) or 'account'.
* @param {string} [params.type] - Optional parameter to filter the type of the queried API keys. Can be 'user' or
* 'serviceid'.
* @param {string} [params.sort] - Optional sort property, valid values are name, description, created_at and
* created_by. If specified, the items are sorted by the value of this property.
* @param {string} [params.order] - Optional sort order, valid values are asc and desc. Default: asc.
* @param {boolean} [params.includeHistory] - Defines if the entity history is included in the response.
* @param {string} [params.filter] - An optional filter query parameter used to refine the results of the search
* operation. For more information see [Filtering list results](#filter-list-results) section.
* @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
* @returns {Promise<IamIdentityV1.Response<IamIdentityV1.ApiKeyList>>}
*/
listApiKeys(params?: IamIdentityV1.ListApiKeysParams): Promise<IamIdentityV1.Response<IamIdentityV1.ApiKeyList>>;
/**
* Create an API key.
*
* Creates an API key for a UserID or service ID. Users can manage user API keys for themself, or service ID API keys
* for service IDs they have access to.
*
* @param {Object} params - The parameters to send to the service.
* @param {string} params.name - Name of the API key. The name is not checked for uniqueness. Therefore multiple names
* with the same value can exist. Access is done via the UUID of the API key.
* @param {string} params.iamId - The iam_id that this API key authenticates.
* @param {string} [params.description] - The optional description of the API key. The 'description' property is only
* available if a description was provided during a create of an API key.
* @param {string} [params.accountId] - The account ID of the API key.
* @param {string} [params.apikey] - You can optionally passthrough the API key value for this API key. If passed, a
* minimum length validation of 32 characters for that apiKey value is done, i.e. the value can contain any characters
* and can even be non-URL safe, but the minimum length requirement must be met. If omitted, the API key management
* will create an URL safe opaque API key value. The value of the API key is checked for uniqueness. Ensure enough
* variations when passing in this value.
* @param {boolean} [params.storeValue] - Send true or false to set whether the API key value is retrievable in the
* future by using the Get details of an API key request. If you create an API key for a user, you must specify
* `false` or omit the value. We don't allow storing of API keys for users.
* @param {boolean} [params.supportSessions] - Defines whether you can manage CLI login sessions for the API key. When
* `true`, sessions are created and can be reviewed or revoked. When `false`, no sessions are tracked. To block
* access, delete or rotate the API key. Available only for user API keys.
* @param {string} [params.actionWhenLeaked] - Defines the action to take when API key is leaked, valid values are
* 'none', 'disable' and 'delete'.
* @param {string} [params.entityLock] - Indicates if the API key is locked for further write operations. False by
* default.
* @param {string} [params.entityDisable] - Indicates if the API key is disabled. False by default.
* @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
* @returns {Promise<IamIdentityV1.Response<IamIdentityV1.ApiKey>>}
*/
createApiKey(params: IamIdentityV1.CreateApiKeyParams): Promise<IamIdentityV1.Response<IamIdentityV1.ApiKey>>;
/**
* Get details of an API key by its value.
*
* Returns the details of an API key by its value. Users can manage user API keys for themself, or service ID API keys
* for service IDs they have access to.
*
* @param {Object} [params] - The parameters to send to the service.
* @param {string} [params.iamApiKey] - API key value.
* @param {boolean} [params.includeHistory] - Defines if the entity history is included in the response.
* @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
* @returns {Promise<IamIdentityV1.Response<IamIdentityV1.ApiKey>>}
*/
getApiKeysDetails(params?: IamIdentityV1.GetApiKeysDetailsParams): Promise<IamIdentityV1.Response<IamIdentityV1.ApiKey>>;
/**
* Get details of an API key.
*
* Returns the details of an API key. Users can manage user API keys for themself, or service ID API keys for service
* IDs they have access to.
*
* @param {Object} params - The parameters to send to the service.
* @param {string} params.id - Unique ID of the API key.
* @param {boolean} [params.includeHistory] - Defines if the entity history is included in the response.
* @param {boolean} [params.includeActivity] - Defines if the entity's activity is included in the response.
* Retrieving activity data is an expensive operation, so only request this when needed.
* @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
* @returns {Promise<IamIdentityV1.Response<IamIdentityV1.ApiKey>>}
*/
getApiKey(params: IamIdentityV1.GetApiKeyParams): Promise<IamIdentityV1.Response<IamIdentityV1.ApiKey>>;
/**
* Updates an API key.
*
* Updates properties of an API key. This does NOT affect existing access tokens. Their token content will stay
* unchanged until the access token is refreshed. To update an API key, pass the property to be modified. To delete
* one property's value, pass the property with an empty value "". Users can manage user API keys for themself, or
* service ID API keys for service IDs they have access to.
*
* @param {Object} params - The parameters to send to the service.
* @param {string} params.id - Unique ID of the API key to be updated.
* @param {string} params.ifMatch - Version of the API key to be updated. Specify the version that you retrieved when
* reading the API key. This value helps identifying parallel usage of this API. Pass * to indicate to update any
* version available. This might result in stale updates.
* @param {string} [params.name] - The name of the API key to update. If specified in the request the parameter must
* not be empty. The name is not checked for uniqueness. Failure to this will result in an Error condition.
* @param {string} [params.description] - The description of the API key to update. If specified an empty description
* will clear the description of the API key. If a non empty value is provided the API key will be updated.
* @param {boolean} [params.supportSessions] - Defines whether you can manage CLI login sessions for the API key. When
* `true`, sessions are created and can be reviewed or revoked. When `false`, no sessions are tracked. To block
* access, delete or rotate the API key. Available only for user API keys.
* @param {string} [params.actionWhenLeaked] - Defines the action to take when API key is leaked, valid values are
* 'none', 'disable' and 'delete'.
* @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
* @returns {Promise<IamIdentityV1.Response<IamIdentityV1.ApiKey>>}
*/
updateApiKey(params: IamIdentityV1.UpdateApiKeyParams): Promise<IamIdentityV1.Response<IamIdentityV1.ApiKey>>;
/**
* Deletes an API key.
*
* Deletes an API key. Existing tokens will remain valid until expired. Users can manage user API keys for themself,
* or service ID API keys for service IDs they have access to.
*
* @param {Object} params - The parameters to send to the service.
* @param {string} params.id - Unique ID of the API key.
* @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
* @returns {Promise<IamIdentityV1.Response<IamIdentityV1.EmptyObject>>}
*/
deleteApiKey(params: IamIdentityV1.DeleteApiKeyParams): Promise<IamIdentityV1.Response<IamIdentityV1.EmptyObject>>;
/**
* Lock the API key.
*
* Locks an API key by ID. Users can manage user API keys for themself, or service ID API keys for service IDs they
* have access to.
*
* @param {Object} params - The parameters to send to the service.
* @param {string} params.id - Unique ID of the API key.
* @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
* @returns {Promise<IamIdentityV1.Response<IamIdentityV1.EmptyObject>>}
*/
lockApiKey(params: IamIdentityV1.LockApiKeyParams): Promise<IamIdentityV1.Response<IamIdentityV1.EmptyObject>>;
/**
* Unlock the API key.
*
* Unlocks an API key by ID. Users can manage user API keys for themself, or service ID API keys for service IDs they
* have access to.
*
* @param {Object} params - The parameters to send to the service.
* @param {string} params.id - Unique ID of the API key.
* @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
* @returns {Promise<IamIdentityV1.Response<IamIdentityV1.EmptyObject>>}
*/
unlockApiKey(params: IamIdentityV1.UnlockApiKeyParams): Promise<IamIdentityV1.Response<IamIdentityV1.EmptyObject>>;
/**
* Disable the API key.
*
* Disable an API key. Users can manage user API keys for themself, or service ID API keys for service IDs they have
* access to.
*
* @param {Object} params - The parameters to send to the service.
* @param {string} params.id - Unique ID of the API key.
* @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
* @returns {Promise<IamIdentityV1.Response<IamIdentityV1.EmptyObject>>}
*/
disableApiKey(params: IamIdentityV1.DisableApiKeyParams): Promise<IamIdentityV1.Response<IamIdentityV1.EmptyObject>>;
/**
* Enable the API key.
*
* Enable an API key. Users can manage user API keys for themself, or service ID API keys for service IDs they have
* access to.
*
* @param {Object} params - The parameters to send to the service.
* @param {string} params.id - Unique ID of the API key.
* @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
* @returns {Promise<IamIdentityV1.Response<IamIdentityV1.EmptyObject>>}
*/
enableApiKey(params: IamIdentityV1.EnableApiKeyParams): Promise<IamIdentityV1.Response<IamIdentityV1.EmptyObject>>;
/*************************
* serviceIDOperations
************************/
/**
* List service IDs.
*
* Returns a list of service IDs. Users can manage user API keys for themself, or service ID API keys for service IDs
* they have access to. Note: apikey details are only included in the response when creating a Service ID with an api
* key.
*
* @param {Object} [params] - The parameters to send to the service.
* @param {string} [params.accountId] - Account ID of the service ID(s) to query. This parameter is required (unless
* using a pagetoken).
* @param {string} [params.name] - Name of the service ID(s) to query. Optional.20 items per page. Valid range is 1 to
* 100.
* @param {number} [params.pagesize] - Optional size of a single page. Default is 20 items per page. Valid range is 1
* to 100.
* @param {string} [params.pagetoken] - Optional Prev or Next page token returned from a previous query execution.
* Default is start with first page.
* @param {string} [params.sort] - Optional sort property, valid values are name, description, created_at and
* modified_at. If specified, the items are sorted by the value of this property.
* @param {string} [params.order] - Optional sort order, valid values are asc and desc. Default: asc.
* @param {boolean} [params.includeHistory] - Defines if the entity history is included in the response.
* @param {string} [params.filter] - An optional filter query parameter used to refine the results of the search
* operation. For more information see [Filtering list results](#filter-list-results) section.
* @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
* @returns {Promise<IamIdentityV1.Response<IamIdentityV1.ServiceIdList>>}
*/
listServiceIds(params?: IamIdentityV1.ListServiceIdsParams): Promise<IamIdentityV1.Response<IamIdentityV1.ServiceIdList>>;
/**
* Create a service ID.
*
* Creates a service ID for an IBM Cloud account. Users can manage user API keys for themself, or service ID API keys
* for service IDs they have access to.
*
* @param {Object} params - The parameters to send to the service.
* @param {string} params.accountId - ID of the account the service ID belongs to.
* @param {string} params.name - Name of the Service Id. The name is not checked for uniqueness. Therefore multiple
* names with the same value can exist. Access is done via the UUID of the Service Id.
* @param {string} [params.description] - The optional description of the Service Id. The 'description' property is
* only available if a description was provided during a create of a Service Id.
* @param {string[]} [params.uniqueInstanceCrns] - Optional list of CRNs (string array) which point to the services
* connected to the service ID.
* @param {ApiKeyInsideCreateServiceIdRequest} [params.apikey] - Parameters for the API key in the Create service Id
* V1 REST request.
* @param {string} [params.entityLock] - Indicates if the service ID is locked for further write operations. False by
* default.
* @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
* @returns {Promise<IamIdentityV1.Response<IamIdentityV1.ServiceId>>}
*/
createServiceId(params: IamIdentityV1.CreateServiceIdParams): Promise<IamIdentityV1.Response<IamIdentityV1.ServiceId>>;
/**
* Get details of a service ID.
*
* Returns the details of a service ID. Users can manage user API keys for themself, or service ID API keys for
* service IDs they have access to. Note: apikey details are only included in the response when creating a Service ID
* with an api key.
*
* @param {Object} params - The parameters to send to the service.
* @param {string} params.id - Unique ID of the service ID.
* @param {boolean} [params.includeHistory] - Defines if the entity history is included in the response.
* @param {boolean} [params.includeActivity] - Defines if the entity's activity is included in the response.
* Retrieving activity data is an expensive operation, so only request this when needed.
* @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
* @returns {Promise<IamIdentityV1.Response<IamIdentityV1.ServiceId>>}
*/
getServiceId(params: IamIdentityV1.GetServiceIdParams): Promise<IamIdentityV1.Response<IamIdentityV1.ServiceId>>;
/**
* Update service ID.
*
* Updates properties of a service ID. This does NOT affect existing access tokens. Their token content will stay
* unchanged until the access token is refreshed. To update a service ID, pass the property to be modified. To delete
* one property's value, pass the property with an empty value "".Users can manage user API keys for themself, or
* service ID API keys for service IDs they have access to. Note: apikey details are only included in the response
* when creating a Service ID with an apikey.
*
* @param {Object} params - The parameters to send to the service.
* @param {string} params.id - Unique ID of the service ID to be updated.
* @param {string} params.ifMatch - Version of the service ID to be updated. Specify the version that you retrieved as
* entity_tag (ETag header) when reading the service ID. This value helps identifying parallel usage of this API. Pass
* * to indicate to update any version available. This might result in stale updates.
* @param {string} [params.name] - The name of the service ID to update. If specified in the request the parameter
* must not be empty. The name is not checked for uniqueness. Failure to this will result in an Error condition.
* @param {string} [params.description] - The description of the service ID to update. If specified an empty
* description will clear the description of the service ID. If an non empty value is provided the service ID will be
* updated.
* @param {string[]} [params.uniqueInstanceCrns] - List of CRNs which point to the services connected to this service
* ID. If specified an empty list will clear all existing unique instance crns of the service ID.
* @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
* @returns {Promise<IamIdentityV1.Response<IamIdentityV1.ServiceId>>}
*/
updateServiceId(params: IamIdentityV1.UpdateServiceIdParams): Promise<IamIdentityV1.Response<IamIdentityV1.ServiceId>>;
/**
* Deletes a service ID and associated API keys.
*
* Deletes a service ID and all API keys associated to it. Before deleting the service ID, all associated API keys are
* deleted. In case a Delete Conflict (status code 409) a retry of the request may help as the service ID is only
* deleted if the associated API keys were successfully deleted before. Users can manage user API keys for themself,
* or service ID API keys for service IDs they have access to.
*
* @param {Object} params - The parameters to send to the service.
* @param {string} params.id - Unique ID of the service ID.
* @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
* @returns {Promise<IamIdentityV1.Response<IamIdentityV1.EmptyObject>>}
*/
deleteServiceId(params: IamIdentityV1.DeleteServiceIdParams): Promise<IamIdentityV1.Response<IamIdentityV1.EmptyObject>>;
/**
* Lock the service ID.
*
* Locks a service ID by ID. Users can manage user API keys for themself, or service ID API keys for service IDs they
* have access to.
*
* @param {Object} params - The parameters to send to the service.
* @param {string} params.id - Unique ID of the service ID.
* @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
* @returns {Promise<IamIdentityV1.Response<IamIdentityV1.EmptyObject>>}
*/
lockServiceId(params: IamIdentityV1.LockServiceIdParams): Promise<IamIdentityV1.Response<IamIdentityV1.EmptyObject>>;
/**
* Unlock the service ID.
*
* Unlocks a service ID by ID. Users can manage user API keys for themself, or service ID API keys for service IDs
* they have access to.
*
* @param {Object} params - The parameters to send to the service.
* @param {string} params.id - Unique ID of the service ID.
* @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
* @returns {Promise<IamIdentityV1.Response<IamIdentityV1.EmptyObject>>}
*/
unlockServiceId(params: IamIdentityV1.UnlockServiceIdParams): Promise<IamIdentityV1.Response<IamIdentityV1.EmptyObject>>;
/*************************
* trustedProfilesOperations
************************/
/**
* Create a trusted profile.
*
* Create a trusted profile for a given account ID.
*
* @param {Object} params - The parameters to send to the service.
* @param {string} params.name - Name of the trusted profile. The name is checked for uniqueness. Therefore trusted
* profiles with the same names can not exist in the same account.
* @param {string} params.accountId - The account ID of the trusted profile.
* @param {string} [params.description] - The optional description of the trusted profile. The 'description' property
* is only available if a description was provided during creation of trusted profile.
* @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
* @returns {Promise<IamIdentityV1.Response<IamIdentityV1.TrustedProfile>>}
*/
createProfile(params: IamIdentityV1.CreateProfileParams): Promise<IamIdentityV1.Response<IamIdentityV1.TrustedProfile>>;
/**
* List trusted profiles.
*
* List the trusted profiles in an account. The `account_id` query parameter determines the account from which to
* retrieve the list of trusted profiles.
*
* @param {Object} params - The parameters to send to the service.
* @param {string} params.accountId - Account ID to query for trusted profiles.
* @param {string} [params.name] - Name of the trusted profile to query.
* @param {number} [params.pagesize] - Optional size of a single page. Default is 20 items per page. Valid range is 1
* to 100.
* @param {string} [params.sort] - Optional sort property, valid values are name, description, created_at and
* modified_at. If specified, the items are sorted by the value of this property.
* @param {string} [params.order] - Optional sort order, valid values are asc and desc. Default: asc.
* @param {boolean} [params.includeHistory] - Defines if the entity history is included in the response.
* @param {string} [params.pagetoken] - Optional Prev or Next page token returned from a previous query execution.
* Default is start with first page.
* @param {string} [params.filter] - An optional filter query parameter used to refine the results of the search
* operation. For more information see [Filtering list results](#filter-list-results) section.
* @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
* @returns {Promise<IamIdentityV1.Response<IamIdentityV1.TrustedProfilesList>>}
*/
listProfiles(params: IamIdentityV1.ListProfilesParams): Promise<IamIdentityV1.Response<IamIdentityV1.TrustedProfilesList>>;
/**
* Get a trusted profile.
*
* Retrieve a trusted profile by its `profile-id`. Only the trusted profile's data is returned (`name`, `description`,
* `iam_id`, etc.), not the federated users or compute resources that qualify to apply the trusted profile.
*
* @param {Object} params - The parameters to send to the service.
* @param {string} params.profileId - ID of the trusted profile to get.
* @param {boolean} [params.includeActivity] - Defines if the entity's activity is included in the response.
* Retrieving activity data is an expensive operation, so only request this when needed.
* @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
* @returns {Promise<IamIdentityV1.Response<IamIdentityV1.TrustedProfile>>}
*/
getProfile(params: IamIdentityV1.GetProfileParams): Promise<IamIdentityV1.Response<IamIdentityV1.TrustedProfile>>;
/**
* Update a trusted profile.
*
* Update the name or description of an existing trusted profile.
*
* @param {Object} params - The parameters to send to the service.
* @param {string} params.profileId - ID of the trusted profile to be updated.
* @param {string} params.ifMatch - Version of the trusted profile to be updated. Specify the version that you
* retrived when reading list of trusted profiles. This value helps to identify any parallel usage of trusted profile.
* Pass * to indicate to update any version available. This might result in stale updates.
* @param {string} [params.name] - The name of the trusted profile to update. If specified in the request the
* parameter must not be empty. The name is checked for uniqueness. Failure to this will result in an Error condition.
* @param {string} [params.description] - The description of the trusted profile to update. If specified an empty
* description will clear the description of the trusted profile. If a non empty value is provided the trusted profile
* will be updated.
* @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
* @returns {Promise<IamIdentityV1.Response<IamIdentityV1.TrustedProfile>>}
*/
updateProfile(params: IamIdentityV1.UpdateProfileParams): Promise<IamIdentityV1.Response<IamIdentityV1.TrustedProfile>>;
/**
* Delete a trusted profile.
*
* Delete a trusted profile. When you delete trusted profile, compute resources and federated users are unlinked from
* the profile and can no longer apply the trusted profile identity.
*
* @param {Object} params - The parameters to send to the service.
* @param {string} params.profileId - ID of the trusted profile.
* @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
* @returns {Promise<IamIdentityV1.Response<IamIdentityV1.EmptyObject>>}
*/
deleteProfile(params: IamIdentityV1.DeleteProfileParams): Promise<IamIdentityV1.Response<IamIdentityV1.EmptyObject>>;
/**
* Create claim rule for a trusted profile.
*
* Create a claim rule for a trusted profile. There is a limit of 20 rules per trusted profile.
*
* @param {Object} params - The parameters to send to the service.
* @param {string} params.profileId - ID of the trusted profile to create a claim rule.
* @param {string} params.type - Type of the claim rule, either 'Profile-SAML' or 'Profile-CR'.
* @param {ProfileClaimRuleConditions[]} params.conditions - Conditions of this claim rule.
* @param {ResponseContext} [params.context] - Context with key properties for problem determination.
* @param {string} [params.name] - Name of the claim rule to be created or updated.
* @param {string} [params.realmName] - The realm name of the Idp this claim rule applies to. This field is required
* only if the type is specified as 'Profile-SAML'.
* @param {string} [params.crType] - The compute resource type the rule applies to, required only if type is specified
* as 'Profile-CR'. Valid values are VSI, IKS_SA, ROKS_SA.
* @param {number} [params.expiration] - Session expiration in seconds, only required if type is 'Profile-SAML'.
* @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
* @returns {Promise<IamIdentityV1.Response<IamIdentityV1.ProfileClaimRule>>}
*/
createClaimRule(params: IamIdentityV1.CreateClaimRuleParams): Promise<IamIdentityV1.Response<IamIdentityV1.ProfileClaimRule>>;
/**
* List claim rules for a trusted profile.
*
* Get a list of all claim rules for a trusted profile. The `profile-id` query parameter determines the profile from
* which to retrieve the list of claim rules.
*
* @param {Object} params - The parameters to send to the service.
* @param {string} params.profileId - ID of the trusted profile.
* @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
* @returns {Promise<IamIdentityV1.Response<IamIdentityV1.ProfileClaimRuleList>>}
*/
listClaimRules(params: IamIdentityV1.ListClaimRulesParams): Promise<IamIdentityV1.Response<IamIdentityV1.ProfileClaimRuleList>>;
/**
* Get a claim rule for a trusted profile.
*
* A specific claim rule can be fetched for a given trusted profile ID and rule ID.
*
* @param {Object} params - The parameters to send to the service.
* @param {string} params.profileId - ID of the trusted profile.
* @param {string} params.ruleId - ID of the claim rule to get.
* @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
* @returns {Promise<IamIdentityV1.Response<IamIdentityV1.ProfileClaimRule>>}
*/
getClaimRule(params: IamIdentityV1.GetClaimRuleParams): Promise<IamIdentityV1.Response<IamIdentityV1.ProfileClaimRule>>;
/**
* Update claim rule for a trusted profile.
*
* Update a specific claim rule for a given trusted profile ID and rule ID.
*
* @param {Object} params - The parameters to send to the service.
* @param {string} params.profileId - ID of the trusted profile.
* @param {string} params.ruleId - ID of the claim rule to update.
* @param {string} params.ifMatch - Version of the claim rule to be updated. Specify the version that you retrived
* when reading list of claim rules. This value helps to identify any parallel usage of claim rule. Pass * to indicate
* to update any version available. This might result in stale updates.
* @param {string} params.type - Type of the claim rule, either 'Profile-SAML' or 'Profile-CR'.
* @param {ProfileClaimRuleConditions[]} params.conditions - Conditions of this claim rule.
* @param {ResponseContext} [params.context] - Context with key properties for problem determination.
* @param {string} [params.name] - Name of the claim rule to be created or updated.
* @param {string} [params.realmName] - The realm name of the Idp this claim rule applies to. This field is required
* only if the type is specified as 'Profile-SAML'.
* @param {string} [params.crType] - The compute resource type the rule applies to, required only if type is specified
* as 'Profile-CR'. Valid values are VSI, IKS_SA, ROKS_SA.
* @param {number} [params.expiration] - Session expiration in seconds, only required if type is 'Profile-SAML'.
* @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
* @returns {Promise<IamIdentityV1.Response<IamIdentityV1.ProfileClaimRule>>}
*/
updateClaimRule(params: IamIdentityV1.UpdateClaimRuleParams): Promise<IamIdentityV1.Response<IamIdentityV1.ProfileClaimRule>>;
/**
* Delete a claim rule.
*
* Delete a claim rule. When you delete a claim rule, federated user or compute resources are no longer required to
* meet the conditions of the claim rule in order to apply the trusted profile.
*
* @param {Object} params - The parameters to send to the service.
* @param {string} params.profileId - ID of the trusted profile.
* @param {string} params.ruleId - ID of the claim rule to delete.
* @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
* @returns {Promise<IamIdentityV1.Response<IamIdentityV1.EmptyObject>>}
*/
deleteClaimRule(params: IamIdentityV1.DeleteClaimRuleParams): Promise<IamIdentityV1.Response<IamIdentityV1.EmptyObject>>;
/**
* Create link to a trusted profile.
*
* Create a direct link between a specific compute resource and a trusted profile, rather than creating conditions
* that a compute resource must fulfill to apply a trusted profile.
*
* @param {Object} params - The parameters to send to the service.
* @param {string} params.profileId - ID of the trusted profile.
* @param {string} params.crType - The compute resource type. Valid values are VSI, IKS_SA, ROKS_SA.
* @param {CreateProfileLinkRequestLink} params.link - Link details.
* @param {string} [params.name] - Optional name of the Link.
* @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
* @returns {Promise<IamIdentityV1.Response<IamIdentityV1.ProfileLink>>}
*/
createLink(params: IamIdentityV1.CreateLinkParams): Promise<IamIdentityV1.Response<IamIdentityV1.ProfileLink>>;
/**
* List links to a trusted profile.
*
* Get a list of links to a trusted profile.
*
* @param {Object} params - The parameters to send to the service.
* @param {string} params.profileId - ID of the trusted profile.
* @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
* @returns {Promise<IamIdentityV1.Response<IamIdentityV1.ProfileLinkList>>}
*/
listLinks(params: IamIdentityV1.ListLinksParams): Promise<IamIdentityV1.Response<IamIdentityV1.ProfileLinkList>>;
/**
* Get link to a trusted profile.
*
* Get a specific link to a trusted profile by `link_id`.
*
* @param {Object} params - The parameters to send to the service.
* @param {string} params.profileId - ID of the trusted profile.
* @param {string} params.linkId - ID of the link.
* @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
* @returns {Promise<IamIdentityV1.Response<IamIdentityV1.ProfileLink>>}
*/
getLink(params: IamIdentityV1.GetLinkParams): Promise<IamIdentityV1.Response<IamIdentityV1.ProfileLink>>;
/**
* Delete link to a trusted profile.
*
* Delete a link between a compute resource and a trusted profile.
*
* @param {Object} params - The parameters to send to the service.
* @param {string} params.profileId - ID of the trusted profile.
* @param {string} params.linkId - ID of the link.
* @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
* @returns {Promise<IamIdentityV1.Response<IamIdentityV1.EmptyObject>>}
*/
deleteLink(params: IamIdentityV1.DeleteLinkParams): Promise<IamIdentityV1.Response<IamIdentityV1.EmptyObject>>;
/**
* Get a list of identities that can assume the trusted profile.
*
* Get a list of identities that can assume the trusted profile.
*
* @param {Object} params - The parameters to send to the service.
* @param {string} params.profileId - ID of the trusted profile.
* @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
* @returns {Promise<IamIdentityV1.Response<IamIdentityV1.ProfileIdentitiesResponse>>}
*/
getProfileIdentities(params: IamIdentityV1.GetProfileIdentitiesParams): Promise<IamIdentityV1.Response<IamIdentityV1.ProfileIdentitiesResponse>>;
/**
* Update the list of identities that can assume the trusted profile.
*
* Update the list of identities that can assume the trusted profile.
*
* @param {Object} params - The parameters to send to the service.
* @param {string} params.profileId - ID of the trusted profile.
* @param {string} params.ifMatch - Entity tag of the Identities to be updated. Specify the tag that you retrieved
* when reading the Profile Identities. This value helps identify parallel usage of this API. Pass * to indicate
* updating any available version, which may result in stale updates.
* @param {ProfileIdentityRequest[]} [params.identities] - List of identities that can assume the trusted profile.
* @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
* @returns {Promise<IamIdentityV1.Response<IamIdentityV1.ProfileIdentitiesResponse>>}
*/
setProfileIdentities(params: IamIdentityV1.SetProfileIdentitiesParams): Promise<IamIdentityV1.Response<IamIdentityV1.ProfileIdentitiesResponse>>;
/**
* Add a specific identity that can assume the trusted profile.
*
* Add a specific identity that can assume the trusted profile. This API will update the trusted profile itself, thus
* calling it repeatedly for the same profile can lead to conflicts responded with HTTP code 409. Make sure to call
* this API only once in a few seconds for the same trusted profile.
*
* @param {Object} params - The parameters to send to the service.
* @param {string} params.profileId - ID of the trusted profile.
* @param {string} params.identityType - Type of the identity.
* @param {string} params.identifier - Identifier of the identity that can assume the trusted profiles. This can be a
* user identifier (IAM id), serviceid or crn. Internally it uses account id of the service id for the identifier
* 'serviceid' and for the identifier 'crn' it uses account id contained in the CRN.
* @param {string} params.type - Type of the identity.
* @param {string[]} [params.accounts] - Only valid for the type user. Accounts from which a user can assume the
* trusted profile.
* @param {string} [params.description] - Description of the identity that can assume the trusted profile. This is
* optional field for all the types of identities. When this field is not set for the identity type 'serviceid' then
* the description of the service id is used. Description is recommended for the identity type 'crn' E.g. 'Instance
* 1234 of IBM Cloud Service project'.
* @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
* @returns {Promise<IamIdentityV1.Response<IamIdentityV1.ProfileIdentityResponse>>}
*/
setProfileIdentity(params: IamIdentityV1.SetProfileIdentityParams): Promise<IamIdentityV1.Response<IamIdentityV1.ProfileIdentityResponse>>;
/**
* Get the identity that can assume the trusted profile.
*
* Get the identity that can assume the trusted profile.
*
* @param {Object} params - The parameters to send to the service.
* @param {string} params.profileId - ID of the trusted profile.
* @param {string} params.identityType - Type of the identity.
* @param {string} params.identifierId - Identifier of the identity that can assume the trusted profiles.
* @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
* @returns {Promise<IamIdentityV1.Response<IamIdentityV1.ProfileIdentityResponse>>}
*/
getProfileIdentity(params: IamIdentityV1.GetProfileIdentityParams): Promise<IamIdentityV1.Response<IamIdentityV1.ProfileIdentityResponse>>;
/**
* Delete the identity that can assume the trusted profile. This API will update the trusted profile itself, thus calling it repeatedly for the same profile can lead to conflicts responded with HTTP code 409. Make sure to call this API only once in a few seconds for the same trusted profile.
*
* Delete the identity that can assume the trusted profile.
*
* @param {Object} params - The parameters to send to the service.
* @param {string} params.profileId - ID of the trusted profile.
* @param {string} params.identityType - Type of the identity.
* @param {string} params.identifierId - Identifier of the identity that can assume the trusted profiles.
* @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
* @returns {Promise<IamIdentityV1.Response<IamIdentityV1.EmptyObject>>}
*/
deleteProfileIdentity(params: IamIdentityV1.DeleteProfileIdentityParams): Promise<IamIdentityV1.Response<IamIdentityV1.EmptyObject>>;
/*************************
* accountSettings
************************/
/**
* Get account configurations.
*
* Returns the details of an account's configuration.
*
* @param {Object} params - The parameters to send to the service.
* @param {string} params.accountId - Unique ID of the account.
* @param {boolean} [params.includeHistory] - Defines if the entity history is included in the response.
* @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
* @returns {Promise<IamIdentityV1.Response<IamIdentityV1.AccountSettingsResponse>>}
*/
getAccountSettings(params: IamIdentityV1.GetAccountSettingsParams): Promise<IamIdentityV1.Response<IamIdentityV1.AccountSettingsResponse>>;
/**
* Update account configurations.
*
* Allows a user to configure settings on their account with regards to MFA, MFA excemption list, session lifetimes,
* access control for creating new identities, and enforcing IP restrictions on token creation.
*
* @param {Object} params - The parameters to send to the service.
* @param {string} params.ifMatch - Version of the account settings to be updated. Specify the version that you
* retrieved as entity_tag (ETag header) when reading the account. This value helps identifying parallel usage of this
* API. Pass * to indicate to update any version available. This might result in stale updates.
* @param {string} params.accountId - The id of the account to update the settings for.
* @param {string} [params.restrictCreateServiceId] - Defines whether or not creating a service ID is access
* controlled. Valid values:
* * RESTRICTED - only users assigned the 'Service ID creator' role on the IAM Identity Service can create service
* IDs, including the account owner
* * NOT_RESTRICTED - all members of an account can create service IDs
* * NOT_SET - to 'unset' a previous set value.
* @param {string} [params.restrictCreatePlatformApikey] - Defines whether or not creating platform API keys is access
* controlled. Valid values:
* * RESTRICTED - only users assigned the 'User API key creator' role on the IAM Identity Service can create API
* keys, including the account owner
* * NOT_RESTRICTED - all members of an account can create platform API keys
* * NOT_SET - to 'unset' a previous set value.
* @param {string} [params.allowedIpAddresses] - Defines the IP addresses and subnets from which IAM tokens can be
* created for the account.
* @param {string} [params.mfa] - Defines the MFA trait for the account. Valid values:
* * NONE - No MFA trait set
* * NONE_NO_ROPC- No MFA, disable CLI logins with only a password
* * TOTP - For all non-federated IBMId users
* * TOTP4ALL - For all users
* * LEVEL1 - Email-based MFA for all users
* * LEVEL2 - TOTP-based MFA for all users
* * LEVEL3 - U2F MFA for all users.
* @param {AccountSettingsUserMFA[]} [params.userMfa] - List of users that are exempted from the MFA requirement of
* the account.
* @param {string} [params.sessionExpirationInSeconds] - Defines the session expiration in seconds for the account.
* Valid values:
* * Any whole number between between '900' and '86400'
* * NOT_SET - To unset account setting and use service default.
* @param {string} [params.sessionInvalidationInSeconds] - Defines the period of time in seconds in which a session
* will be invalidated due to inactivity. Valid values:
* * Any whole number between '900' and '7200'
* * NOT_SET - To unset account setting and use service default.
* @param {string} [params.maxSessionsPerIdentity] - Defines the max allowed sessions per identity required by the
* account. Value values:
* * Any whole number greater than 0
* * NOT_SET - To unset account setting and use service default.
* @param {string} [params.systemAccessTokenExpirationInSeconds] - Defines the access token expiration in seconds.
* Valid values:
* * Any whole number between '900' and '3600'
* * NOT_SET - To unset account setting and use service default.
* @param {string} [params.systemRefreshTokenExpirationInSeconds] - Defines the refresh token expiration in seconds.
* Valid values:
* * Any whole number between '900' and '259200'
* * NOT_SET - To unset account setting and use service default.
* @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
* @returns {Promise<IamIdentityV1.Response<IamIdentityV1.AccountSettingsResponse>>}
*/
updateAccountSettings(params: IamIdentityV1.UpdateAccountSettingsParams): Promise<IamIdentityV1.Response<IamIdentityV1.AccountSettingsResponse>>;
/*************************
* mFAEnrollmentStatus
************************/
/**
* Get MFA enrollment status for a single user in the account.
*
* Get MFA enrollment status for a single user in the account.
*
* @param {Object} params - The parameters to send to the service.
* @param {string} params.accountId - ID of the account.
* @param {string} params.iamId - iam_id of the user. This user must be the member of the account.
* @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
* @returns {Promise<IamIdentityV1.Response<IamIdentityV1.UserMfaEnrollments>>}
*/
getMfaStatus(params: IamIdentityV1.GetMfaStatusParams): Promise<IamIdentityV1.Response<IamIdentityV1.UserMfaEnrollments>>;
/**
* Trigger MFA enrollment status report for the account.
*
* Trigger MFA enrollment status report for the account by specifying the account ID. It can take a few minutes to
* generate the report for retrieval.
*
* @param {Object} params - The parameters to send to the service.
* @param {string} params.accountId - ID of the account.
* @param {string} [params.type] - Optional report type. The supported value is 'mfa_status'. List MFA enrollment
* status for all the identities.
* @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
* @returns {Promise<IamIdentityV1.Response<IamIdentityV1.ReportReference>>}
*/
createMfaReport(params: IamIdentityV1.CreateMfaReportParams): Promise<IamIdentityV1.Response<IamIdentityV1.ReportReference>>;
/**
* Get MFA enrollment status report for the account.
*
* Get MFA enrollment status report for the account by specifying the account ID and the reference that is generated
* by triggering the report. Reports older than a day are deleted when generating a new report.
*
* @param {Object} params - The parameters to send to the service.
* @param {string} params.accountId - ID of the account.
* @param {string} params.reference - Reference for the report to be generated, You can use 'latest' to get the latest
* report for the given account.
* @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
* @returns {Promise<IamIdentityV1.Response<IamIdentityV1.ReportMfaEnrollmentStatus>>}
*/
getMfaReport(params: IamIdentityV1.GetMfaReportParams): Promise<IamIdentityV1.Response<IamIdentityV1.ReportMfaEnrollmentStatus>>;
/*************************
* accountSettingsAssignments
************************/
/**
* List assignments.
*
* List account settings assignments.
*
* @param {Object} [params] - The parameters to send to the service.
* @param {string} [params.accountId] - Account ID of the Assignments to query. This parameter is required unless
* using a pagetoken.
* @param {string} [params.te