@ibm-cloud/platform-services

/** * (C) Copyright IBM Corp. 2025. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ /// <reference types="node" /> import { IncomingHttpHeaders, OutgoingHttpHeaders } from 'http'; import { BaseService, UserOptions } from 'ibm-cloud-sdk-core'; /** * The IAM Access Groups API allows for the management of access groups (Create, Read, Update, Delete) as well as the * management of memberships and rules within the group container. * * API Version: 2.0 */ declare class IamAccessGroupsV2 extends BaseService { static DEFAULT_SERVICE_URL: string; static DEFAULT_SERVICE_NAME: string; /************************* * Factory method ************************/ /** * Constructs an instance of IamAccessGroupsV2 with passed in options and external configuration. * * @param {UserOptions} [options] - The parameters to send to the service. * @param {string} [options.serviceName] - The name of the service to configure * @param {Authenticator} [options.authenticator] - The Authenticator object used to authenticate requests to the service * @param {string} [options.serviceUrl] - The base URL for the service * @returns {IamAccessGroupsV2} */ static newInstance(options: UserOptions): IamAccessGroupsV2; /** * Construct a IamAccessGroupsV2 object. * * @param {Object} options - Options for the service. * @param {string} [options.serviceUrl] - The base URL for the service * @param {OutgoingHttpHeaders} [options.headers] - Default headers that shall be included with every request to the service. * @param {Authenticator} options.authenticator - The Authenticator object used to authenticate requests to the service * @constructor * @returns {IamAccessGroupsV2} */ constructor(options: UserOptions); /************************* * accessGroupOperations ************************/ /** * Create an access group. * * Create a new access group to assign multiple users and service ids to multiple policies. The group will be created * in the account specified by the `account_id` parameter. The group name is a required field, but a description is * optional. Because the group's name does not have to be unique, it is possible to create multiple groups with the * same name. * * @param {Object} params - The parameters to send to the service. * @param {string} params.accountId - Account ID of the API keys(s) to query. If a service IAM ID is specified in * iam_id then account_id must match the account of the IAM ID. If a user IAM ID is specified in iam_id then then * account_id must match the account of the Authorization token. * @param {string} params.name - Give the access group a unique name that doesn't conflict with an existing access * group in the account. This field is case-insensitive and has a limit of 100 characters. * @param {string} [params.description] - Assign an optional description for the access group. This field has a limit * of 250 characters. * @param {string} [params.transactionId] - An optional transaction ID can be passed to your request, which can be * useful for tracking calls through multiple services by using one identifier. The header key must be set to * Transaction-Id and the value is anything that you choose. If no transaction ID is passed in, then a random ID is * generated. * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers * @returns {Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.Group>>} */ createAccessGroup(params: IamAccessGroupsV2.CreateAccessGroupParams): Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.Group>>; /** * List access groups. * * This API lists access groups within an account. Parameters for pagination and sorting can be used to filter the * results. The `account_id` query parameter determines which account to retrieve groups from. Only the groups you * have access to are returned (either because of a policy on a specific group or account level access (admin, editor, * or viewer)). There may be more groups in the account that aren't shown if you lack the aforementioned permissions. * * @param {Object} params - The parameters to send to the service. * @param {string} params.accountId - Account ID of the API keys(s) to query. If a service IAM ID is specified in * iam_id then account_id must match the account of the IAM ID. If a user IAM ID is specified in iam_id then then * account_id must match the account of the Authorization token. * @param {string} [params.transactionId] - An optional transaction ID can be passed to your request, which can be * useful for tracking calls through multiple services by using one identifier. The header key must be set to * Transaction-Id and the value is anything that you choose. If no transaction ID is passed in, then a random ID is * generated. * @param {string} [params.iamId] - Return groups for member ID (IBMid, service ID or trusted profile ID). * @param {string} [params.search] - Use search to filter access groups list by id, name or description. * * `search=id:<ACCESS_GROUP_ID>` - To list access groups by id * * `search=name:<ACCESS_GROUP_NAME>` - To list access groups by name * * `search=description:<ACCESS_GROUP_DESC>` - To list access groups by description. * @param {string} [params.membershipType] - Membership type need to be specified along with iam_id and must be either * `static`, `dynamic` or `all`. If membership type is `static`, members explicitly added to the group will be shown. * If membership type is `dynamic`, members accessing the access group at the moment via dynamic rules will be shown. * If membership type is `all`, both static and dynamic members will be shown. * @param {number} [params.limit] - Return up to this limit of results where limit is between 0 and 100. * @param {number} [params.offset] - The offset of the first result item to be returned. * @param {string} [params.sort] - Sort the results by id, name, description, or is_federated flag. * @param {boolean} [params.showFederated] - If show_federated is true, each group listed will return an is_federated * value that is set to true if rules exist for the group. * @param {boolean} [params.hidePublicAccess] - If hide_public_access is true, do not include the Public Access Group * in the results. * @param {boolean} [params.showCrn] - If show_crn is true, group CRN will be included in the response. * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers * @returns {Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.GroupsList>>} */ listAccessGroups(params: IamAccessGroupsV2.ListAccessGroupsParams): Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.GroupsList>>; /** * Get an access group. * * Retrieve an access group by its `access_group_id`. Only the groups data is returned (group name, description, * account_id, ...), not membership or rule information. A revision number is returned in the `ETag` header, which is * needed when updating the access group. * * @param {Object} params - The parameters to send to the service. * @param {string} params.accessGroupId - The access group identifier. * @param {string} [params.transactionId] - An optional transaction ID can be passed to your request, which can be * useful for tracking calls through multiple services by using one identifier. The header key must be set to * Transaction-Id and the value is anything that you choose. If no transaction ID is passed in, then a random ID is * generated. * @param {boolean} [params.showFederated] - If show_federated is true, the group will return an is_federated value * that is set to true if rules exist for the group. * @param {boolean} [params.showCrn] - If show_crn is true, group CRN will be included in the response. * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers * @returns {Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.Group>>} */ getAccessGroup(params: IamAccessGroupsV2.GetAccessGroupParams): Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.Group>>; /** * Update an access group. * * Update the group name or description of an existing access group using this API. An `If-Match` header must be * populated with the group's most recent revision number (which can be acquired in the `Get an access group` API). * * @param {Object} params - The parameters to send to the service. * @param {string} params.accessGroupId - The access group identifier. * @param {string} params.ifMatch - The current revision number of the group being updated. This can be found in the * Create/Get access group response ETag header. * @param {string} [params.name] - Give the access group a unique name that doesn't conflict with an existing access * group in the account. This field is case-insensitive and has a limit of 100 characters. * @param {string} [params.description] - Assign an optional description for the access group. This field has a limit * of 250 characters. * @param {string} [params.transactionId] - An optional transaction ID can be passed to your request, which can be * useful for tracking calls through multiple services by using one identifier. The header key must be set to * Transaction-Id and the value is anything that you choose. If no transaction ID is passed in, then a random ID is * generated. * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers * @returns {Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.Group>>} */ updateAccessGroup(params: IamAccessGroupsV2.UpdateAccessGroupParams): Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.Group>>; /** * Delete an access group. * * This API is used for deleting an access group. If the access group has no members or rules associated with it, the * group and its policies will be deleted. However, if rules or members do exist, set the `force` parameter to true to * delete the group as well as its associated members, rules, and policies. * * @param {Object} params - The parameters to send to the service. * @param {string} params.accessGroupId - The access group identifier. * @param {string} [params.transactionId] - An optional transaction ID can be passed to your request, which can be * useful for tracking calls through multiple services by using one identifier. The header key must be set to * Transaction-Id and the value is anything that you choose. If no transaction ID is passed in, then a random ID is * generated. * @param {boolean} [params.force] - If force is true, delete the group as well as its associated members and rules. * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers * @returns {Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.EmptyObject>>} */ deleteAccessGroup(params: IamAccessGroupsV2.DeleteAccessGroupParams): Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.EmptyObject>>; /************************* * membershipOperations ************************/ /** * Check membership in an access group. * * This HEAD operation determines if a given `iam_id` is present in a group either explicitly or via dynamic rules. No * response body is returned with this request. If the membership exists, a `204 - No Content` status code is * returned. If the membership or the group does not exist, a `404 - Not Found` status code is returned. * * @param {Object} params - The parameters to send to the service. * @param {string} params.accessGroupId - The access group identifier. * @param {string} params.iamId - The IAM identifier. * @param {string} [params.transactionId] - An optional transaction ID can be passed to your request, which can be * useful for tracking calls through multiple services by using one identifier. The header key must be set to * Transaction-Id and the value is anything that you choose. If no transaction ID is passed in, then a random ID is * generated. * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers * @returns {Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.EmptyObject>>} */ isMemberOfAccessGroup(params: IamAccessGroupsV2.IsMemberOfAccessGroupParams): Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.EmptyObject>>; /** * Add members to an access group. * * Use this API to add users (`IBMid-...`), service IDs (`iam-ServiceId-...`) or trusted profiles (`iam-Profile-...`) * to an access group. Any member added gains access to resources defined in the group's policies. To revoke a given * members's access, simply remove them from the group. There is no limit to the number of members one group can have, * but each `iam_id` can only be added to 50 groups. Additionally, this API request payload can add up to 50 members * per call. * * @param {Object} params - The parameters to send to the service. * @param {string} params.accessGroupId - The access group identifier. * @param {AddGroupMembersRequestMembersItem[]} [params.members] - An array of member objects to add to an access * group. * @param {string} [params.transactionId] - An optional transaction ID can be passed to your request, which can be * useful for tracking calls through multiple services by using one identifier. The header key must be set to * Transaction-Id and the value is anything that you choose. If no transaction ID is passed in, then a random ID is * generated. * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers * @returns {Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.AddGroupMembersResponse>>} */ addMembersToAccessGroup(params: IamAccessGroupsV2.AddMembersToAccessGroupParams): Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.AddGroupMembersResponse>>; /** * List access group members. * * List all members of a given group using this API. Parameters for pagination and sorting can be used to filter the * results. The most useful query parameter may be the `verbose` flag. If `verbose=true`, user, service ID and trusted * profile names will be retrieved for each `iam_id`. If performance is a concern, leave the `verbose` parameter off * so that name information does not get retrieved. * * @param {Object} params - The parameters to send to the service. * @param {string} params.accessGroupId - The access group identifier. * @param {string} [params.transactionId] - An optional transaction ID can be passed to your request, which can be * useful for tracking calls through multiple services by using one identifier. The header key must be set to * Transaction-Id and the value is anything that you choose. If no transaction ID is passed in, then a random ID is * generated. * @param {string} [params.membershipType] - Filters members by membership type. Filter by `static`, `dynamic` or * `all`. `static` lists the members explicitly added to the access group, and `dynamic` lists the members that are * part of the access group at that time via dynamic rules. `all` lists both static and dynamic members. * @param {number} [params.limit] - Return up to this limit of results where limit is between 0 and 100. * @param {number} [params.offset] - The offset of the first result item to be returned. * @param {string} [params.type] - Filter the results by member type. * @param {boolean} [params.verbose] - Return user's email and name for each user ID or the name for each service ID * or trusted profile. * @param {string} [params.sort] - If verbose is true, sort the results by id, name, or email. * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers * @returns {Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.GroupMembersList>>} */ listAccessGroupMembers(params: IamAccessGroupsV2.ListAccessGroupMembersParams): Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.GroupMembersList>>; /** * Delete member from an access group. * * Remove one member from a group using this API. If the operation is successful, only a `204 - No Content` response * with no body is returned. However, if any error occurs, the standard error format will be returned. Dynamic member * cannot be deleted using this API. Dynamic rules needs to be adjusted to delete dynamic members. * * @param {Object} params - The parameters to send to the service. * @param {string} params.accessGroupId - The access group identifier. * @param {string} params.iamId - The IAM identifier. * @param {string} [params.transactionId] - An optional transaction ID can be passed to your request, which can be * useful for tracking calls through multiple services by using one identifier. The header key must be set to * Transaction-Id and the value is anything that you choose. If no transaction ID is passed in, then a random ID is * generated. * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers * @returns {Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.EmptyObject>>} */ removeMemberFromAccessGroup(params: IamAccessGroupsV2.RemoveMemberFromAccessGroupParams): Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.EmptyObject>>; /** * Delete members from an access group. * * Remove multiple members from a group using this API. On a successful call, this API will always return 207. It is * the caller's responsibility to iterate across the body to determine successful deletion of each member. This API * request payload can delete up to 50 members per call. This API doesnt delete dynamic members accessing the access * group via dynamic rules. * * @param {Object} params - The parameters to send to the service. * @param {string} params.accessGroupId - The access group identifier. * @param {string[]} [params.members] - The `iam_id`s to remove from the access group. This field has a limit of 50 * `iam_id`s. * @param {string} [params.transactionId] - An optional transaction ID can be passed to your request, which can be * useful for tracking calls through multiple services by using one identifier. The header key must be set to * Transaction-Id and the value is anything that you choose. If no transaction ID is passed in, then a random ID is * generated. * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers * @returns {Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.DeleteGroupBulkMembersResponse>>} */ removeMembersFromAccessGroup(params: IamAccessGroupsV2.RemoveMembersFromAccessGroupParams): Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.DeleteGroupBulkMembersResponse>>; /** * Delete member from all access groups. * * This API removes a given member from every group they are a member of within the specified account. By using one * operation, you can revoke one member's access to all access groups in the account. If a partial failure occurs on * deletion, the response will be shown in the body. * * @param {Object} params - The parameters to send to the service. * @param {string} params.accountId - Account ID of the API keys(s) to query. If a service IAM ID is specified in * iam_id then account_id must match the account of the IAM ID. If a user IAM ID is specified in iam_id then then * account_id must match the account of the Authorization token. * @param {string} params.iamId - The IAM identifier. * @param {string} [params.transactionId] - An optional transaction ID can be passed to your request, which can be * useful for tracking calls through multiple services by using one identifier. The header key must be set to * Transaction-Id and the value is anything that you choose. If no transaction ID is passed in, then a random ID is * generated. * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers * @returns {Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.DeleteFromAllGroupsResponse>>} */ removeMemberFromAllAccessGroups(params: IamAccessGroupsV2.RemoveMemberFromAllAccessGroupsParams): Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.DeleteFromAllGroupsResponse>>; /** * Add member to multiple access groups. * * This API will add a member to multiple access groups in an account. The limit of how many groups that can be in the * request is 50. The response is a list of results that show if adding the member to each group was successful or * not. * * @param {Object} params - The parameters to send to the service. * @param {string} params.accountId - Account ID of the API keys(s) to query. If a service IAM ID is specified in * iam_id then account_id must match the account of the IAM ID. If a user IAM ID is specified in iam_id then then * account_id must match the account of the Authorization token. * @param {string} params.iamId - The IAM identifier. * @param {string} [params.type] - The type of the member, must be either "user", "service" or "profile". * @param {string[]} [params.groups] - The ids of the access groups a given member is to be added to. * @param {string} [params.transactionId] - An optional transaction ID can be passed to your request, which can be * useful for tracking calls through multiple services by using one identifier. The header key must be set to * Transaction-Id and the value is anything that you choose. If no transaction ID is passed in, then a random ID is * generated. * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers * @returns {Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.AddMembershipMultipleGroupsResponse>>} */ addMemberToMultipleAccessGroups(params: IamAccessGroupsV2.AddMemberToMultipleAccessGroupsParams): Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.AddMembershipMultipleGroupsResponse>>; /************************* * ruleOperations ************************/ /** * Create rule for an access group. * * Rules can be used to dynamically add users to an access group. If a user's SAML assertions match the rule's * conditions during login, the user will be dynamically added to the group. The duration of the user's access to the * group is determined by the `expiration` field. After access expires, the user will need to log in again to regain * access. Note that the condition's value field must be a stringified JSON value. [Consult this documentation for * further explanation of dynamic rules.](/docs/account?topic=account-rules). * * @param {Object} params - The parameters to send to the service. * @param {string} params.accessGroupId - The access group identifier. * @param {number} params.expiration - Session duration in hours. Access group membership is revoked after this time * period expires. Users must log back in to refresh their access group membership. * @param {string} params.realmName - The URL of the identity provider (IdP). * @param {RuleConditions[]} params.conditions - A list of conditions that identities must satisfy to gain access * group membership. * @param {string} [params.name] - The name of the dynaimic rule. * @param {string} [params.transactionId] - An optional transaction ID can be passed to your request, which can be * useful for tracking calls through multiple services by using one identifier. The header key must be set to * Transaction-Id and the value is anything that you choose. If no transaction ID is passed in, then a random ID is * generated. * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers * @returns {Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.Rule>>} */ addAccessGroupRule(params: IamAccessGroupsV2.AddAccessGroupRuleParams): Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.Rule>>; /** * List access group rules. * * This API lists all rules in a given access group. Because only a few rules are created on each group, there is no * pagination or sorting support on this API. * * @param {Object} params - The parameters to send to the service. * @param {string} params.accessGroupId - The access group identifier. * @param {string} [params.transactionId] - An optional transaction ID can be passed to your request, which can be * useful for tracking calls through multiple services by using one identifier. The header key must be set to * Transaction-Id and the value is anything that you choose. If no transaction ID is passed in, then a random ID is * generated. * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers * @returns {Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.RulesList>>} */ listAccessGroupRules(params: IamAccessGroupsV2.ListAccessGroupRulesParams): Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.RulesList>>; /** * Get an access group rule. * * Retrieve a rule from an access group. A revision number is returned in the `ETag` header, which is needed when * updating the rule. * * @param {Object} params - The parameters to send to the service. * @param {string} params.accessGroupId - The access group identifier. * @param {string} params.ruleId - The rule to get. * @param {string} [params.transactionId] - An optional transaction ID can be passed to your request, which can be * useful for tracking calls through multiple services by using one identifier. The header key must be set to * Transaction-Id and the value is anything that you choose. If no transaction ID is passed in, then a random ID is * generated. * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers * @returns {Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.Rule>>} */ getAccessGroupRule(params: IamAccessGroupsV2.GetAccessGroupRuleParams): Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.Rule>>; /** * Replace an access group rule. * * Update the body of an existing rule using this API. An `If-Match` header must be populated with the rule's most * recent revision number (which can be acquired in the `Get an access group rule` API). * * @param {Object} params - The parameters to send to the service. * @param {string} params.accessGroupId - The access group identifier. * @param {string} params.ruleId - The rule to get. * @param {string} params.ifMatch - The current revision number of the rule being updated. This can be found in the * Get Rule response ETag header. * @param {number} params.expiration - Session duration in hours. Access group membership is revoked after this time * period expires. Users must log back in to refresh their access group membership. * @param {string} params.realmName - The URL of the identity provider (IdP). * @param {RuleConditions[]} params.conditions - A list of conditions that identities must satisfy to gain access * group membership. * @param {string} [params.name] - The name of the dynaimic rule. * @param {string} [params.transactionId] - An optional transaction ID can be passed to your request, which can be * useful for tracking calls through multiple services by using one identifier. The header key must be set to * Transaction-Id and the value is anything that you choose. If no transaction ID is passed in, then a random ID is * generated. * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers * @returns {Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.Rule>>} */ replaceAccessGroupRule(params: IamAccessGroupsV2.ReplaceAccessGroupRuleParams): Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.Rule>>; /** * Delete an access group rule. * * Remove one rule from a group using this API. If the operation is successful, only a `204 - No Content` response * with no body is returned. However, if any error occurs, the standard error format will be returned. * * @param {Object} params - The parameters to send to the service. * @param {string} params.accessGroupId - The access group identifier. * @param {string} params.ruleId - The rule to get. * @param {string} [params.transactionId] - An optional transaction ID can be passed to your request, which can be * useful for tracking calls through multiple services by using one identifier. The header key must be set to * Transaction-Id and the value is anything that you choose. If no transaction ID is passed in, then a random ID is * generated. * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers * @returns {Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.EmptyObject>>} */ removeAccessGroupRule(params: IamAccessGroupsV2.RemoveAccessGroupRuleParams): Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.EmptyObject>>; /************************* * accountSettings ************************/ /** * Get account settings. * * Retrieve the access groups settings for a specific account. * * @param {Object} params - The parameters to send to the service. * @param {string} params.accountId - Account ID of the API keys(s) to query. If a service IAM ID is specified in * iam_id then account_id must match the account of the IAM ID. If a user IAM ID is specified in iam_id then then * account_id must match the account of the Authorization token. * @param {string} [params.transactionId] - An optional transaction ID can be passed to your request, which can be * useful for tracking calls through multiple services by using one identifier. The header key must be set to * Transaction-Id and the value is anything that you choose. If no transaction ID is passed in, then a random ID is * generated. * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers * @returns {Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.AccountSettings>>} */ getAccountSettings(params: IamAccessGroupsV2.GetAccountSettingsParams): Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.AccountSettings>>; /** * Update account settings. * * Update the access groups settings for a specific account. Note: When the `public_access_enabled` setting is set to * false, all policies within the account attached to the Public Access group will be deleted. Only set * `public_access_enabled` to false if you are sure that you want those policies to be removed. * * @param {Object} params - The parameters to send to the service. * @param {string} params.accountId - Account ID of the API keys(s) to query. If a service IAM ID is specified in * iam_id then account_id must match the account of the IAM ID. If a user IAM ID is specified in iam_id then then * account_id must match the account of the Authorization token. * @param {boolean} [params.publicAccessEnabled] - This flag controls the public access feature within the account. It * is set to true by default. Note: When this flag is set to false, all policies within the account attached to the * Public Access group will be deleted. * @param {string} [params.transactionId] - An optional transaction ID can be passed to your request, which can be * useful for tracking calls through multiple services by using one identifier. The header key must be set to * Transaction-Id and the value is anything that you choose. If no transaction ID is passed in, then a random ID is * generated. * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers * @returns {Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.AccountSettings>>} */ updateAccountSettings(params: IamAccessGroupsV2.UpdateAccountSettingsParams): Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.AccountSettings>>; /************************* * templateOperations ************************/ /** * Create template. * * Create an access group template. Make sure that the template is generic enough to apply to multiple different child * accounts. Before you can assign an access group template to child accounts, you must commit it so that no further * changes can be made to the version. * * @param {Object} params - The parameters to send to the service. * @param {string} params.name - Give the access group template a unique name that doesn't conflict with an existing * access group templates in the account. * @param {string} params.accountId - Enterprise account id in which the template will be created. * @param {string} [params.description] - Assign an optional description for the access group template. * @param {AccessGroupRequest} [params.group] - Access Group Component. * @param {PolicyTemplates[]} [params.policyTemplateReferences] - Existing policy templates that you can reference to * assign access in the Access group input component. * @param {string} [params.transactionId] - An optional transaction id for the request. * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers * @returns {Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.TemplateResponse>>} */ createTemplate(params: IamAccessGroupsV2.CreateTemplateParams): Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.TemplateResponse>>; /** * List templates. * * List the access group templates in an enterprise account. * * @param {Object} params - The parameters to send to the service. * @param {string} params.accountId - Enterprise account ID. * @param {string} [params.transactionId] - An optional transaction id for the request. * @param {number} [params.limit] - Return up to this limit of results where limit is between 0 and 100. * @param {number} [params.offset] - The offset of the first result item to be returned. * @param {boolean} [params.verbose] - If `verbose=true`, IAM resource details are returned. If performance is a * concern, leave the `verbose` parameter off so that details are not retrieved. * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers * @returns {Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.ListTemplatesResponse>>} */ listTemplates(params: IamAccessGroupsV2.ListTemplatesParams): Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.ListTemplatesResponse>>; /** * Create template version. * * Create a new version of an access group template. * * @param {Object} params - The parameters to send to the service. * @param {string} params.templateId - ID of the template that you want to create a new version of. * @param {string} [params.name] - This is an optional field. If the field is included it will change the name value * for all existing versions of the template.. * @param {string} [params.description] - Assign an optional description for the access group template version. * @param {AccessGroupRequest} [params.group] - Access Group Component. * @param {PolicyTemplates[]} [params.policyTemplateReferences] - The policy templates associated with the template * version. * @param {string} [params.transactionId] - An optional transaction id for the request. * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers * @returns {Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.TemplateVersionResponse>>} */ createTemplateVersion(params: IamAccessGroupsV2.CreateTemplateVersionParams): Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.TemplateVersionResponse>>; /** * List template versions. * * List all the versions of an access group template. * * @param {Object} params - The parameters to send to the service. * @param {string} params.templateId - ID of the template that you want to list all versions of. * @param {number} [params.limit] - Return up to this limit of results where limit is between 0 and 100. * @param {number} [params.offset] - The offset of the first result item to be returned. * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers * @returns {Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.ListTemplateVersionsResponse>>} */ listTemplateVersions(params: IamAccessGroupsV2.ListTemplateVersionsParams): Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.ListTemplateVersionsResponse>>; /** * Get template version. * * Get a specific version of a template. * * @param {Object} params - The parameters to send to the service. * @param {string} params.templateId - ID of the template to get a specific version of. * @param {string} params.versionNum - Version number. * @param {boolean} [params.verbose] - If `verbose=true`, IAM resource details are returned. If performance is a * concern, leave the `verbose` parameter off so that details are not retrieved. * @param {string} [params.transactionId] - An optional transaction id for the request. * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers * @returns {Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.TemplateVersionResponse>>} */ getTemplateVersion(params: IamAccessGroupsV2.GetTemplateVersionParams): Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.TemplateVersionResponse>>; /** * Update template version. * * Update a template version. You can only update a version that isn't committed. Create a new version if you need to * update a committed version. * * @param {Object} params - The parameters to send to the service. * @param {string} params.templateId - ID of the template. * @param {string} params.versionNum - Version number of the template. * @param {string} params.ifMatch - ETag value of the template version document. * @param {string} [params.name] - This is an optional field. If the field is included it will change the name value * for all existing versions of the template.. * @param {string} [params.description] - Assign an optional description for the access group template version. * @param {AccessGroupRequest} [params.group] - Access Group Component. * @param {PolicyTemplates[]} [params.policyTemplateReferences] - The policy templates associated with the template * version. * @param {string} [params.transactionId] - transaction id in header. * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers * @returns {Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.TemplateVersionResponse>>} */ updateTemplateVersion(params: IamAccessGroupsV2.UpdateTemplateVersionParams): Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.TemplateVersionResponse>>; /** * Delete template version. * * Delete a template version. You must remove all assignments for a template version before you can delete it. * * @param {Object} params - The parameters to send to the service. * @param {string} params.templateId - ID of the template to delete. * @param {string} params.versionNum - version number in path. * @param {string} [params.transactionId] - An optional transaction id for the request. * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers * @returns {Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.EmptyObject>>} */ deleteTemplateVersion(params: IamAccessGroupsV2.DeleteTemplateVersionParams): Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.EmptyObject>>; /** * Commit a template. * * Commit a template version. You must do this before you can assign a template version to child accounts. After you * commit the template version, you can't make any further changes. * * @param {Object} params - The parameters to send to the service. * @param {string} params.templateId - ID of the template to commit. * @param {string} params.versionNum - version number in path. * @param {string} params.ifMatch - ETag value of the template version document. * @param {string} [params.transactionId] - An optional transaction id for the request. * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers * @returns {Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.EmptyObject>>} */ commitTemplate(params: IamAccessGroupsV2.CommitTemplateParams): Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.EmptyObject>>; /** * Get latest template version. * * Get the latest version of a template. * * @param {Object} params - The parameters to send to the service. * @param {string} params.templateId - ID of the template to get a specific version of. * @param {boolean} [params.verbose] - If `verbose=true`, IAM resource details are returned. If performance is a * concern, leave the `verbose` parameter off so that details are not retrieved. * @param {string} [params.transactionId] - An optional transaction id for the request. * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers * @returns {Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.TemplateVersionResponse>>} */ getLatestTemplateVersion(params: IamAccessGroupsV2.GetLatestTemplateVersionParams): Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.TemplateVersionResponse>>; /** * Delete template. * * Endpoint to delete a template. All access assigned by that template is deleted from all of the accounts where the * template was assigned. * * @param {Object} params - The parameters to send to the service. * @param {string} params.templateId - template id parameter. * @param {string} [params.transactionId] - An optional transaction id for the request. * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers * @returns {Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.EmptyObject>>} */ deleteTemplate(params: IamAccessGroupsV2.DeleteTemplateParams): Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.EmptyObject>>; /************************* * templateAssignmentOperations ************************/ /** * Create assignment. * * Assign a template version to accounts that have enabled enterprise-managed IAM. You can specify individual * accounts, or an entire account group to assign the template to all current and future child accounts of that * account group. * * @param {Object} params - The parameters to send to the service. * @param {string} params.templateId - The unique identifier of the template to be assigned. * @param {string} params.templateVersion - The version number of the template to be assigned. * @param {string} params.targetType - The type of the entity to which the template should be assigned, e.g. * 'Account', 'AccountGroup', etc. * @param {string} params.target - The unique identifier of the entity to which the template should be assigned. * @param {string} [params.transactionId] - An optional transaction id for the request. * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers * @returns {Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.TemplateAssignmentResponse>>} */ createAssignment(params: IamAccessGroupsV2.CreateAssignmentParams): Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.TemplateAssignmentResponse>>; /** * List assignments. * * List template assignments from an enterprise account. * * @param {Object} params - The parameters to send to the service. * @param {string} params.accountId - Enterprise account ID. * @param {string} [params.templateId] - Filter results by Template Id. * @param {string} [params.templateVersion] - Filter results by Template Version. * @param {string} [params.target] - Filter results by the assignment target. * @param {string} [params.status] - Filter results by the assignment status. * @param {string} [params.transactionId] - An optional transaction id for the request. * @param {number} [params.limit] - Return up to this limit of results where limit is between 0 and 100. * @param {number} [params.offset] - The offset of the first result item to be returned. * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers * @returns {Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.ListTemplateAssignmentResponse>>} */ listAssignments(params: IamAccessGroupsV2.ListAssignmentsParams): Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.ListTemplateAssignmentResponse>>; /** * Get assignment. * * Get a specific template assignment. * * @param {Object} params - The parameters to send to the service. * @param {string} params.assignmentId - Assignment ID. * @param {string} [params.transactionId] - An optional transaction id for the request. * @param {boolean} [params.verbose] - Returns resources access group template assigned, possible values `true` or * `false`. * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers * @returns {Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.TemplateAssignmentVerboseResponse>>} */ getAssignment(params: IamAccessGroupsV2.GetAssignmentParams): Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.TemplateAssignmentVerboseResponse>>; /** * Update Assignment. * * Endpoint to update template assignment. * * @param {Object} params - The parameters to send to the service. * @param {string} params.assignmentId - ID of the Assignment Record. * @param {string} params.ifMatch - Version of the Assignment to be updated. Specify the version that you retrieved * when reading the Assignment. This value helps identifying parallel usage of this API. Pass * to indicate to update * any version available. This might result in stale updates. * @param {string} params.templateVersion - Template version which shall be applied to the assignment. * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers * @returns {Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.TemplateAssignmentVerboseResponse>>} */ updateAssignment(params: IamAccessGroupsV2.UpdateAssignmentParams): Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.TemplateAssignmentVerboseResponse>>; /** * Delete assignment. * * Delete an access group template assignment. * * @param {Object} params - The parameters to send to the service. * @param {string} params.assignmentId - assignment id path parameter. * @param {string} [params.transactionId] - An optional transaction id for the request. * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers * @returns {Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.EmptyObject>>} */ deleteAssignment(params: IamAccessGroupsV2.DeleteAssignmentParams): Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.EmptyObject>>; } /************************* * interfaces ************************/ declare namespace IamAccessGroupsV2 { /** An operation response. */ interface Response<T = any> { result: T; status: number; statusText: string; headers: IncomingHttpHeaders; } /** The callback for a service request. */ type Callback<T> = (error: any, response?: Response<T>) => void; /** The body of a service request that returns no response data. */ interface EmptyObject { } /** A standard JS object, defined to avoid the limitations of `Object` and `object` */ interface JsonObject { [key: string]: any; } /************************* * request interfaces ************************/ /** Parameters for the `createAccessGroup` operation. */ interface CreateAccessGroupParams { /** Account ID of the API keys(s) to query. If a service IAM ID is specified in iam_id then account_id must * match the account of the IAM ID. If a user IAM ID is specified in iam_id then then account_id must match the * account of the Authorization token. */ accountId: string; /** Give the access group a unique name that doesn't