@ibm-cloud/platform-services
Version:
Node.js client library for IBM Cloud Platform Services
951 lines • 117 kB
JavaScript
"use strict";
/**
* (C) Copyright IBM Corp. 2025.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
var __extends = (this && this.__extends) || (function () {
var extendStatics = function (d, b) {
extendStatics = Object.setPrototypeOf ||
({ __proto__: [] } instanceof Array && function (d, b) { d.__proto__ = b; }) ||
function (d, b) { for (var p in b) if (Object.prototype.hasOwnProperty.call(b, p)) d[p] = b[p]; };
return extendStatics(d, b);
};
return function (d, b) {
if (typeof b !== "function" && b !== null)
throw new TypeError("Class extends value " + String(b) + " is not a constructor or null");
extendStatics(d, b);
function __() { this.constructor = d; }
d.prototype = b === null ? Object.create(b) : (__.prototype = b.prototype, new __());
};
})();
var __assign = (this && this.__assign) || function () {
__assign = Object.assign || function(t) {
for (var s, i = 1, n = arguments.length; i < n; i++) {
s = arguments[i];
for (var p in s) if (Object.prototype.hasOwnProperty.call(s, p))
t[p] = s[p];
}
return t;
};
return __assign.apply(this, arguments);
};
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
return new (P || (P = Promise))(function (resolve, reject) {
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
step((generator = generator.apply(thisArg, _arguments || [])).next());
});
};
var __generator = (this && this.__generator) || function (thisArg, body) {
var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g;
return g = { next: verb(0), "throw": verb(1), "return": verb(2) }, typeof Symbol === "function" && (g[Symbol.iterator] = function() { return this; }), g;
function verb(n) { return function (v) { return step([n, v]); }; }
function step(op) {
if (f) throw new TypeError("Generator is already executing.");
while (g && (g = 0, op[0] && (_ = 0)), _) try {
if (f = 1, y && (t = op[0] & 2 ? y["return"] : op[0] ? y["throw"] || ((t = y["return"]) && t.call(y), 0) : y.next) && !(t = t.call(y, op[1])).done) return t;
if (y = 0, t) op = [op[0] & 2, t.value];
switch (op[0]) {
case 0: case 1: t = op; break;
case 4: _.label++; return { value: op[1], done: false };
case 5: _.label++; y = op[1]; op = [0]; continue;
case 7: op = _.ops.pop(); _.trys.pop(); continue;
default:
if (!(t = _.trys, t = t.length > 0 && t[t.length - 1]) && (op[0] === 6 || op[0] === 2)) { _ = 0; continue; }
if (op[0] === 3 && (!t || (op[1] > t[0] && op[1] < t[3]))) { _.label = op[1]; break; }
if (op[0] === 6 && _.label < t[1]) { _.label = t[1]; t = op; break; }
if (t && _.label < t[2]) { _.label = t[2]; _.ops.push(op); break; }
if (t[2]) _.ops.pop();
_.trys.pop(); continue;
}
op = body.call(thisArg, _);
} catch (e) { op = [6, e]; y = 0; } finally { f = t = 0; }
if (op[0] & 5) throw op[1]; return { value: op[0] ? op[1] : void 0, done: true };
}
};
/**
* IBM OpenAPI SDK Code Generator Version: 3.99.1-daeb6e46-20250131-173156
*/
/* eslint-disable max-classes-per-file */
/* eslint-disable no-await-in-loop */
var extend = require("extend");
var ibm_cloud_sdk_core_1 = require("ibm-cloud-sdk-core");
var common_1 = require("../lib/common");
/**
* The IAM Access Groups API allows for the management of access groups (Create, Read, Update, Delete) as well as the
* management of memberships and rules within the group container.
*
* API Version: 2.0
*/
var IamAccessGroupsV2 = /** @class */ (function (_super) {
__extends(IamAccessGroupsV2, _super);
/**
* Construct a IamAccessGroupsV2 object.
*
* @param {Object} options - Options for the service.
* @param {string} [options.serviceUrl] - The base URL for the service
* @param {OutgoingHttpHeaders} [options.headers] - Default headers that shall be included with every request to the service.
* @param {Authenticator} options.authenticator - The Authenticator object used to authenticate requests to the service
* @constructor
* @returns {IamAccessGroupsV2}
*/
function IamAccessGroupsV2(options) {
var _this = this;
options = options || {};
_this = _super.call(this, options) || this;
if (options.serviceUrl) {
_this.setServiceUrl(options.serviceUrl);
}
else {
_this.setServiceUrl(IamAccessGroupsV2.DEFAULT_SERVICE_URL);
}
return _this;
}
/*************************
* Factory method
************************/
/**
* Constructs an instance of IamAccessGroupsV2 with passed in options and external configuration.
*
* @param {UserOptions} [options] - The parameters to send to the service.
* @param {string} [options.serviceName] - The name of the service to configure
* @param {Authenticator} [options.authenticator] - The Authenticator object used to authenticate requests to the service
* @param {string} [options.serviceUrl] - The base URL for the service
* @returns {IamAccessGroupsV2}
*/
IamAccessGroupsV2.newInstance = function (options) {
options = options || {};
if (!options.serviceName) {
options.serviceName = this.DEFAULT_SERVICE_NAME;
}
if (!options.authenticator) {
options.authenticator = (0, ibm_cloud_sdk_core_1.getAuthenticatorFromEnvironment)(options.serviceName);
}
var service = new IamAccessGroupsV2(options);
service.configureService(options.serviceName);
if (options.serviceUrl) {
service.setServiceUrl(options.serviceUrl);
}
return service;
};
/*************************
* accessGroupOperations
************************/
/**
* Create an access group.
*
* Create a new access group to assign multiple users and service ids to multiple policies. The group will be created
* in the account specified by the `account_id` parameter. The group name is a required field, but a description is
* optional. Because the group's name does not have to be unique, it is possible to create multiple groups with the
* same name.
*
* @param {Object} params - The parameters to send to the service.
* @param {string} params.accountId - Account ID of the API keys(s) to query. If a service IAM ID is specified in
* iam_id then account_id must match the account of the IAM ID. If a user IAM ID is specified in iam_id then then
* account_id must match the account of the Authorization token.
* @param {string} params.name - Give the access group a unique name that doesn't conflict with an existing access
* group in the account. This field is case-insensitive and has a limit of 100 characters.
* @param {string} [params.description] - Assign an optional description for the access group. This field has a limit
* of 250 characters.
* @param {string} [params.transactionId] - An optional transaction ID can be passed to your request, which can be
* useful for tracking calls through multiple services by using one identifier. The header key must be set to
* Transaction-Id and the value is anything that you choose. If no transaction ID is passed in, then a random ID is
* generated.
* @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
* @returns {Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.Group>>}
*/
IamAccessGroupsV2.prototype.createAccessGroup = function (params) {
var _params = __assign({}, params);
var _requiredParams = ['accountId', 'name'];
var _validParams = ['accountId', 'name', 'description', 'transactionId', 'headers'];
var _validationErrors = (0, ibm_cloud_sdk_core_1.validateParams)(_params, _requiredParams, _validParams);
if (_validationErrors) {
return Promise.reject(_validationErrors);
}
var body = {
'name': _params.name,
'description': _params.description,
};
var query = {
'account_id': _params.accountId,
};
var sdkHeaders = (0, common_1.getSdkHeaders)(IamAccessGroupsV2.DEFAULT_SERVICE_NAME, 'v2', 'createAccessGroup');
var parameters = {
options: {
url: '/v2/groups',
method: 'POST',
body: body,
qs: query,
},
defaultOptions: extend(true, {}, this.baseOptions, {
headers: extend(true, sdkHeaders, this.baseOptions.headers, {
'Accept': 'application/json',
'Content-Type': 'application/json',
'Transaction-Id': _params.transactionId,
}, _params.headers),
}),
};
return this.createRequest(parameters);
};
/**
* List access groups.
*
* This API lists access groups within an account. Parameters for pagination and sorting can be used to filter the
* results. The `account_id` query parameter determines which account to retrieve groups from. Only the groups you
* have access to are returned (either because of a policy on a specific group or account level access (admin, editor,
* or viewer)). There may be more groups in the account that aren't shown if you lack the aforementioned permissions.
*
* @param {Object} params - The parameters to send to the service.
* @param {string} params.accountId - Account ID of the API keys(s) to query. If a service IAM ID is specified in
* iam_id then account_id must match the account of the IAM ID. If a user IAM ID is specified in iam_id then then
* account_id must match the account of the Authorization token.
* @param {string} [params.transactionId] - An optional transaction ID can be passed to your request, which can be
* useful for tracking calls through multiple services by using one identifier. The header key must be set to
* Transaction-Id and the value is anything that you choose. If no transaction ID is passed in, then a random ID is
* generated.
* @param {string} [params.iamId] - Return groups for member ID (IBMid, service ID or trusted profile ID).
* @param {string} [params.search] - Use search to filter access groups list by id, name or description.
* * `search=id:<ACCESS_GROUP_ID>` - To list access groups by id
* * `search=name:<ACCESS_GROUP_NAME>` - To list access groups by name
* * `search=description:<ACCESS_GROUP_DESC>` - To list access groups by description.
* @param {string} [params.membershipType] - Membership type need to be specified along with iam_id and must be either
* `static`, `dynamic` or `all`. If membership type is `static`, members explicitly added to the group will be shown.
* If membership type is `dynamic`, members accessing the access group at the moment via dynamic rules will be shown.
* If membership type is `all`, both static and dynamic members will be shown.
* @param {number} [params.limit] - Return up to this limit of results where limit is between 0 and 100.
* @param {number} [params.offset] - The offset of the first result item to be returned.
* @param {string} [params.sort] - Sort the results by id, name, description, or is_federated flag.
* @param {boolean} [params.showFederated] - If show_federated is true, each group listed will return an is_federated
* value that is set to true if rules exist for the group.
* @param {boolean} [params.hidePublicAccess] - If hide_public_access is true, do not include the Public Access Group
* in the results.
* @param {boolean} [params.showCrn] - If show_crn is true, group CRN will be included in the response.
* @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
* @returns {Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.GroupsList>>}
*/
IamAccessGroupsV2.prototype.listAccessGroups = function (params) {
var _params = __assign({}, params);
var _requiredParams = ['accountId'];
var _validParams = [
'accountId',
'transactionId',
'iamId',
'search',
'membershipType',
'limit',
'offset',
'sort',
'showFederated',
'hidePublicAccess',
'showCrn',
'headers',
];
var _validationErrors = (0, ibm_cloud_sdk_core_1.validateParams)(_params, _requiredParams, _validParams);
if (_validationErrors) {
return Promise.reject(_validationErrors);
}
var query = {
'account_id': _params.accountId,
'iam_id': _params.iamId,
'search': _params.search,
'membership_type': _params.membershipType,
'limit': _params.limit,
'offset': _params.offset,
'sort': _params.sort,
'show_federated': _params.showFederated,
'hide_public_access': _params.hidePublicAccess,
'show_crn': _params.showCrn,
};
var sdkHeaders = (0, common_1.getSdkHeaders)(IamAccessGroupsV2.DEFAULT_SERVICE_NAME, 'v2', 'listAccessGroups');
var parameters = {
options: {
url: '/v2/groups',
method: 'GET',
qs: query,
},
defaultOptions: extend(true, {}, this.baseOptions, {
headers: extend(true, sdkHeaders, this.baseOptions.headers, {
'Accept': 'application/json',
'Transaction-Id': _params.transactionId,
}, _params.headers),
}),
};
return this.createRequest(parameters);
};
/**
* Get an access group.
*
* Retrieve an access group by its `access_group_id`. Only the groups data is returned (group name, description,
* account_id, ...), not membership or rule information. A revision number is returned in the `ETag` header, which is
* needed when updating the access group.
*
* @param {Object} params - The parameters to send to the service.
* @param {string} params.accessGroupId - The access group identifier.
* @param {string} [params.transactionId] - An optional transaction ID can be passed to your request, which can be
* useful for tracking calls through multiple services by using one identifier. The header key must be set to
* Transaction-Id and the value is anything that you choose. If no transaction ID is passed in, then a random ID is
* generated.
* @param {boolean} [params.showFederated] - If show_federated is true, the group will return an is_federated value
* that is set to true if rules exist for the group.
* @param {boolean} [params.showCrn] - If show_crn is true, group CRN will be included in the response.
* @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
* @returns {Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.Group>>}
*/
IamAccessGroupsV2.prototype.getAccessGroup = function (params) {
var _params = __assign({}, params);
var _requiredParams = ['accessGroupId'];
var _validParams = ['accessGroupId', 'transactionId', 'showFederated', 'showCrn', 'headers'];
var _validationErrors = (0, ibm_cloud_sdk_core_1.validateParams)(_params, _requiredParams, _validParams);
if (_validationErrors) {
return Promise.reject(_validationErrors);
}
var query = {
'show_federated': _params.showFederated,
'show_crn': _params.showCrn,
};
var path = {
'access_group_id': _params.accessGroupId,
};
var sdkHeaders = (0, common_1.getSdkHeaders)(IamAccessGroupsV2.DEFAULT_SERVICE_NAME, 'v2', 'getAccessGroup');
var parameters = {
options: {
url: '/v2/groups/{access_group_id}',
method: 'GET',
qs: query,
path: path,
},
defaultOptions: extend(true, {}, this.baseOptions, {
headers: extend(true, sdkHeaders, this.baseOptions.headers, {
'Accept': 'application/json',
'Transaction-Id': _params.transactionId,
}, _params.headers),
}),
};
return this.createRequest(parameters);
};
/**
* Update an access group.
*
* Update the group name or description of an existing access group using this API. An `If-Match` header must be
* populated with the group's most recent revision number (which can be acquired in the `Get an access group` API).
*
* @param {Object} params - The parameters to send to the service.
* @param {string} params.accessGroupId - The access group identifier.
* @param {string} params.ifMatch - The current revision number of the group being updated. This can be found in the
* Create/Get access group response ETag header.
* @param {string} [params.name] - Give the access group a unique name that doesn't conflict with an existing access
* group in the account. This field is case-insensitive and has a limit of 100 characters.
* @param {string} [params.description] - Assign an optional description for the access group. This field has a limit
* of 250 characters.
* @param {string} [params.transactionId] - An optional transaction ID can be passed to your request, which can be
* useful for tracking calls through multiple services by using one identifier. The header key must be set to
* Transaction-Id and the value is anything that you choose. If no transaction ID is passed in, then a random ID is
* generated.
* @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
* @returns {Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.Group>>}
*/
IamAccessGroupsV2.prototype.updateAccessGroup = function (params) {
var _params = __assign({}, params);
var _requiredParams = ['accessGroupId', 'ifMatch'];
var _validParams = [
'accessGroupId',
'ifMatch',
'name',
'description',
'transactionId',
'headers',
];
var _validationErrors = (0, ibm_cloud_sdk_core_1.validateParams)(_params, _requiredParams, _validParams);
if (_validationErrors) {
return Promise.reject(_validationErrors);
}
var body = {
'name': _params.name,
'description': _params.description,
};
var path = {
'access_group_id': _params.accessGroupId,
};
var sdkHeaders = (0, common_1.getSdkHeaders)(IamAccessGroupsV2.DEFAULT_SERVICE_NAME, 'v2', 'updateAccessGroup');
var parameters = {
options: {
url: '/v2/groups/{access_group_id}',
method: 'PATCH',
body: body,
path: path,
},
defaultOptions: extend(true, {}, this.baseOptions, {
headers: extend(true, sdkHeaders, this.baseOptions.headers, {
'Accept': 'application/json',
'Content-Type': 'application/json',
'If-Match': _params.ifMatch,
'Transaction-Id': _params.transactionId,
}, _params.headers),
}),
};
return this.createRequest(parameters);
};
/**
* Delete an access group.
*
* This API is used for deleting an access group. If the access group has no members or rules associated with it, the
* group and its policies will be deleted. However, if rules or members do exist, set the `force` parameter to true to
* delete the group as well as its associated members, rules, and policies.
*
* @param {Object} params - The parameters to send to the service.
* @param {string} params.accessGroupId - The access group identifier.
* @param {string} [params.transactionId] - An optional transaction ID can be passed to your request, which can be
* useful for tracking calls through multiple services by using one identifier. The header key must be set to
* Transaction-Id and the value is anything that you choose. If no transaction ID is passed in, then a random ID is
* generated.
* @param {boolean} [params.force] - If force is true, delete the group as well as its associated members and rules.
* @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
* @returns {Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.EmptyObject>>}
*/
IamAccessGroupsV2.prototype.deleteAccessGroup = function (params) {
var _params = __assign({}, params);
var _requiredParams = ['accessGroupId'];
var _validParams = ['accessGroupId', 'transactionId', 'force', 'headers'];
var _validationErrors = (0, ibm_cloud_sdk_core_1.validateParams)(_params, _requiredParams, _validParams);
if (_validationErrors) {
return Promise.reject(_validationErrors);
}
var query = {
'force': _params.force,
};
var path = {
'access_group_id': _params.accessGroupId,
};
var sdkHeaders = (0, common_1.getSdkHeaders)(IamAccessGroupsV2.DEFAULT_SERVICE_NAME, 'v2', 'deleteAccessGroup');
var parameters = {
options: {
url: '/v2/groups/{access_group_id}',
method: 'DELETE',
qs: query,
path: path,
},
defaultOptions: extend(true, {}, this.baseOptions, {
headers: extend(true, sdkHeaders, this.baseOptions.headers, {
'Transaction-Id': _params.transactionId,
}, _params.headers),
}),
};
return this.createRequest(parameters);
};
/*************************
* membershipOperations
************************/
/**
* Check membership in an access group.
*
* This HEAD operation determines if a given `iam_id` is present in a group either explicitly or via dynamic rules. No
* response body is returned with this request. If the membership exists, a `204 - No Content` status code is
* returned. If the membership or the group does not exist, a `404 - Not Found` status code is returned.
*
* @param {Object} params - The parameters to send to the service.
* @param {string} params.accessGroupId - The access group identifier.
* @param {string} params.iamId - The IAM identifier.
* @param {string} [params.transactionId] - An optional transaction ID can be passed to your request, which can be
* useful for tracking calls through multiple services by using one identifier. The header key must be set to
* Transaction-Id and the value is anything that you choose. If no transaction ID is passed in, then a random ID is
* generated.
* @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
* @returns {Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.EmptyObject>>}
*/
IamAccessGroupsV2.prototype.isMemberOfAccessGroup = function (params) {
var _params = __assign({}, params);
var _requiredParams = ['accessGroupId', 'iamId'];
var _validParams = ['accessGroupId', 'iamId', 'transactionId', 'headers'];
var _validationErrors = (0, ibm_cloud_sdk_core_1.validateParams)(_params, _requiredParams, _validParams);
if (_validationErrors) {
return Promise.reject(_validationErrors);
}
var path = {
'access_group_id': _params.accessGroupId,
'iam_id': _params.iamId,
};
var sdkHeaders = (0, common_1.getSdkHeaders)(IamAccessGroupsV2.DEFAULT_SERVICE_NAME, 'v2', 'isMemberOfAccessGroup');
var parameters = {
options: {
url: '/v2/groups/{access_group_id}/members/{iam_id}',
method: 'HEAD',
path: path,
},
defaultOptions: extend(true, {}, this.baseOptions, {
headers: extend(true, sdkHeaders, this.baseOptions.headers, {
'Transaction-Id': _params.transactionId,
}, _params.headers),
}),
};
return this.createRequest(parameters);
};
/**
* Add members to an access group.
*
* Use this API to add users (`IBMid-...`), service IDs (`iam-ServiceId-...`) or trusted profiles (`iam-Profile-...`)
* to an access group. Any member added gains access to resources defined in the group's policies. To revoke a given
* members's access, simply remove them from the group. There is no limit to the number of members one group can have,
* but each `iam_id` can only be added to 50 groups. Additionally, this API request payload can add up to 50 members
* per call.
*
* @param {Object} params - The parameters to send to the service.
* @param {string} params.accessGroupId - The access group identifier.
* @param {AddGroupMembersRequestMembersItem[]} [params.members] - An array of member objects to add to an access
* group.
* @param {string} [params.transactionId] - An optional transaction ID can be passed to your request, which can be
* useful for tracking calls through multiple services by using one identifier. The header key must be set to
* Transaction-Id and the value is anything that you choose. If no transaction ID is passed in, then a random ID is
* generated.
* @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
* @returns {Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.AddGroupMembersResponse>>}
*/
IamAccessGroupsV2.prototype.addMembersToAccessGroup = function (params) {
var _params = __assign({}, params);
var _requiredParams = ['accessGroupId'];
var _validParams = ['accessGroupId', 'members', 'transactionId', 'headers'];
var _validationErrors = (0, ibm_cloud_sdk_core_1.validateParams)(_params, _requiredParams, _validParams);
if (_validationErrors) {
return Promise.reject(_validationErrors);
}
var body = {
'members': _params.members,
};
var path = {
'access_group_id': _params.accessGroupId,
};
var sdkHeaders = (0, common_1.getSdkHeaders)(IamAccessGroupsV2.DEFAULT_SERVICE_NAME, 'v2', 'addMembersToAccessGroup');
var parameters = {
options: {
url: '/v2/groups/{access_group_id}/members',
method: 'PUT',
body: body,
path: path,
},
defaultOptions: extend(true, {}, this.baseOptions, {
headers: extend(true, sdkHeaders, this.baseOptions.headers, {
'Accept': 'application/json',
'Content-Type': 'application/json',
'Transaction-Id': _params.transactionId,
}, _params.headers),
}),
};
return this.createRequest(parameters);
};
/**
* List access group members.
*
* List all members of a given group using this API. Parameters for pagination and sorting can be used to filter the
* results. The most useful query parameter may be the `verbose` flag. If `verbose=true`, user, service ID and trusted
* profile names will be retrieved for each `iam_id`. If performance is a concern, leave the `verbose` parameter off
* so that name information does not get retrieved.
*
* @param {Object} params - The parameters to send to the service.
* @param {string} params.accessGroupId - The access group identifier.
* @param {string} [params.transactionId] - An optional transaction ID can be passed to your request, which can be
* useful for tracking calls through multiple services by using one identifier. The header key must be set to
* Transaction-Id and the value is anything that you choose. If no transaction ID is passed in, then a random ID is
* generated.
* @param {string} [params.membershipType] - Filters members by membership type. Filter by `static`, `dynamic` or
* `all`. `static` lists the members explicitly added to the access group, and `dynamic` lists the members that are
* part of the access group at that time via dynamic rules. `all` lists both static and dynamic members.
* @param {number} [params.limit] - Return up to this limit of results where limit is between 0 and 100.
* @param {number} [params.offset] - The offset of the first result item to be returned.
* @param {string} [params.type] - Filter the results by member type.
* @param {boolean} [params.verbose] - Return user's email and name for each user ID or the name for each service ID
* or trusted profile.
* @param {string} [params.sort] - If verbose is true, sort the results by id, name, or email.
* @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
* @returns {Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.GroupMembersList>>}
*/
IamAccessGroupsV2.prototype.listAccessGroupMembers = function (params) {
var _params = __assign({}, params);
var _requiredParams = ['accessGroupId'];
var _validParams = [
'accessGroupId',
'transactionId',
'membershipType',
'limit',
'offset',
'type',
'verbose',
'sort',
'headers',
];
var _validationErrors = (0, ibm_cloud_sdk_core_1.validateParams)(_params, _requiredParams, _validParams);
if (_validationErrors) {
return Promise.reject(_validationErrors);
}
var query = {
'membership_type': _params.membershipType,
'limit': _params.limit,
'offset': _params.offset,
'type': _params.type,
'verbose': _params.verbose,
'sort': _params.sort,
};
var path = {
'access_group_id': _params.accessGroupId,
};
var sdkHeaders = (0, common_1.getSdkHeaders)(IamAccessGroupsV2.DEFAULT_SERVICE_NAME, 'v2', 'listAccessGroupMembers');
var parameters = {
options: {
url: '/v2/groups/{access_group_id}/members',
method: 'GET',
qs: query,
path: path,
},
defaultOptions: extend(true, {}, this.baseOptions, {
headers: extend(true, sdkHeaders, this.baseOptions.headers, {
'Accept': 'application/json',
'Transaction-Id': _params.transactionId,
}, _params.headers),
}),
};
return this.createRequest(parameters);
};
/**
* Delete member from an access group.
*
* Remove one member from a group using this API. If the operation is successful, only a `204 - No Content` response
* with no body is returned. However, if any error occurs, the standard error format will be returned. Dynamic member
* cannot be deleted using this API. Dynamic rules needs to be adjusted to delete dynamic members.
*
* @param {Object} params - The parameters to send to the service.
* @param {string} params.accessGroupId - The access group identifier.
* @param {string} params.iamId - The IAM identifier.
* @param {string} [params.transactionId] - An optional transaction ID can be passed to your request, which can be
* useful for tracking calls through multiple services by using one identifier. The header key must be set to
* Transaction-Id and the value is anything that you choose. If no transaction ID is passed in, then a random ID is
* generated.
* @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
* @returns {Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.EmptyObject>>}
*/
IamAccessGroupsV2.prototype.removeMemberFromAccessGroup = function (params) {
var _params = __assign({}, params);
var _requiredParams = ['accessGroupId', 'iamId'];
var _validParams = ['accessGroupId', 'iamId', 'transactionId', 'headers'];
var _validationErrors = (0, ibm_cloud_sdk_core_1.validateParams)(_params, _requiredParams, _validParams);
if (_validationErrors) {
return Promise.reject(_validationErrors);
}
var path = {
'access_group_id': _params.accessGroupId,
'iam_id': _params.iamId,
};
var sdkHeaders = (0, common_1.getSdkHeaders)(IamAccessGroupsV2.DEFAULT_SERVICE_NAME, 'v2', 'removeMemberFromAccessGroup');
var parameters = {
options: {
url: '/v2/groups/{access_group_id}/members/{iam_id}',
method: 'DELETE',
path: path,
},
defaultOptions: extend(true, {}, this.baseOptions, {
headers: extend(true, sdkHeaders, this.baseOptions.headers, {
'Transaction-Id': _params.transactionId,
}, _params.headers),
}),
};
return this.createRequest(parameters);
};
/**
* Delete members from an access group.
*
* Remove multiple members from a group using this API. On a successful call, this API will always return 207. It is
* the caller's responsibility to iterate across the body to determine successful deletion of each member. This API
* request payload can delete up to 50 members per call. This API doesnt delete dynamic members accessing the access
* group via dynamic rules.
*
* @param {Object} params - The parameters to send to the service.
* @param {string} params.accessGroupId - The access group identifier.
* @param {string[]} [params.members] - The `iam_id`s to remove from the access group. This field has a limit of 50
* `iam_id`s.
* @param {string} [params.transactionId] - An optional transaction ID can be passed to your request, which can be
* useful for tracking calls through multiple services by using one identifier. The header key must be set to
* Transaction-Id and the value is anything that you choose. If no transaction ID is passed in, then a random ID is
* generated.
* @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
* @returns {Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.DeleteGroupBulkMembersResponse>>}
*/
IamAccessGroupsV2.prototype.removeMembersFromAccessGroup = function (params) {
var _params = __assign({}, params);
var _requiredParams = ['accessGroupId'];
var _validParams = ['accessGroupId', 'members', 'transactionId', 'headers'];
var _validationErrors = (0, ibm_cloud_sdk_core_1.validateParams)(_params, _requiredParams, _validParams);
if (_validationErrors) {
return Promise.reject(_validationErrors);
}
var body = {
'members': _params.members,
};
var path = {
'access_group_id': _params.accessGroupId,
};
var sdkHeaders = (0, common_1.getSdkHeaders)(IamAccessGroupsV2.DEFAULT_SERVICE_NAME, 'v2', 'removeMembersFromAccessGroup');
var parameters = {
options: {
url: '/v2/groups/{access_group_id}/members/delete',
method: 'POST',
body: body,
path: path,
},
defaultOptions: extend(true, {}, this.baseOptions, {
headers: extend(true, sdkHeaders, this.baseOptions.headers, {
'Accept': 'application/json',
'Content-Type': 'application/json',
'Transaction-Id': _params.transactionId,
}, _params.headers),
}),
};
return this.createRequest(parameters);
};
/**
* Delete member from all access groups.
*
* This API removes a given member from every group they are a member of within the specified account. By using one
* operation, you can revoke one member's access to all access groups in the account. If a partial failure occurs on
* deletion, the response will be shown in the body.
*
* @param {Object} params - The parameters to send to the service.
* @param {string} params.accountId - Account ID of the API keys(s) to query. If a service IAM ID is specified in
* iam_id then account_id must match the account of the IAM ID. If a user IAM ID is specified in iam_id then then
* account_id must match the account of the Authorization token.
* @param {string} params.iamId - The IAM identifier.
* @param {string} [params.transactionId] - An optional transaction ID can be passed to your request, which can be
* useful for tracking calls through multiple services by using one identifier. The header key must be set to
* Transaction-Id and the value is anything that you choose. If no transaction ID is passed in, then a random ID is
* generated.
* @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
* @returns {Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.DeleteFromAllGroupsResponse>>}
*/
IamAccessGroupsV2.prototype.removeMemberFromAllAccessGroups = function (params) {
var _params = __assign({}, params);
var _requiredParams = ['accountId', 'iamId'];
var _validParams = ['accountId', 'iamId', 'transactionId', 'headers'];
var _validationErrors = (0, ibm_cloud_sdk_core_1.validateParams)(_params, _requiredParams, _validParams);
if (_validationErrors) {
return Promise.reject(_validationErrors);
}
var query = {
'account_id': _params.accountId,
};
var path = {
'iam_id': _params.iamId,
};
var sdkHeaders = (0, common_1.getSdkHeaders)(IamAccessGroupsV2.DEFAULT_SERVICE_NAME, 'v2', 'removeMemberFromAllAccessGroups');
var parameters = {
options: {
url: '/v2/groups/_allgroups/members/{iam_id}',
method: 'DELETE',
qs: query,
path: path,
},
defaultOptions: extend(true, {}, this.baseOptions, {
headers: extend(true, sdkHeaders, this.baseOptions.headers, {
'Accept': 'application/json',
'Transaction-Id': _params.transactionId,
}, _params.headers),
}),
};
return this.createRequest(parameters);
};
/**
* Add member to multiple access groups.
*
* This API will add a member to multiple access groups in an account. The limit of how many groups that can be in the
* request is 50. The response is a list of results that show if adding the member to each group was successful or
* not.
*
* @param {Object} params - The parameters to send to the service.
* @param {string} params.accountId - Account ID of the API keys(s) to query. If a service IAM ID is specified in
* iam_id then account_id must match the account of the IAM ID. If a user IAM ID is specified in iam_id then then
* account_id must match the account of the Authorization token.
* @param {string} params.iamId - The IAM identifier.
* @param {string} [params.type] - The type of the member, must be either "user", "service" or "profile".
* @param {string[]} [params.groups] - The ids of the access groups a given member is to be added to.
* @param {string} [params.transactionId] - An optional transaction ID can be passed to your request, which can be
* useful for tracking calls through multiple services by using one identifier. The header key must be set to
* Transaction-Id and the value is anything that you choose. If no transaction ID is passed in, then a random ID is
* generated.
* @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
* @returns {Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.AddMembershipMultipleGroupsResponse>>}
*/
IamAccessGroupsV2.prototype.addMemberToMultipleAccessGroups = function (params) {
var _params = __assign({}, params);
var _requiredParams = ['accountId', 'iamId'];
var _validParams = ['accountId', 'iamId', 'type', 'groups', 'transactionId', 'headers'];
var _validationErrors = (0, ibm_cloud_sdk_core_1.validateParams)(_params, _requiredParams, _validParams);
if (_validationErrors) {
return Promise.reject(_validationErrors);
}
var body = {
'type': _params.type,
'groups': _params.groups,
};
var query = {
'account_id': _params.accountId,
};
var path = {
'iam_id': _params.iamId,
};
var sdkHeaders = (0, common_1.getSdkHeaders)(IamAccessGroupsV2.DEFAULT_SERVICE_NAME, 'v2', 'addMemberToMultipleAccessGroups');
var parameters = {
options: {
url: '/v2/groups/_allgroups/members/{iam_id}',
method: 'PUT',
body: body,
qs: query,
path: path,
},
defaultOptions: extend(true, {}, this.baseOptions, {
headers: extend(true, sdkHeaders, this.baseOptions.headers, {
'Accept': 'application/json',
'Content-Type': 'application/json',
'Transaction-Id': _params.transactionId,
}, _params.headers),
}),
};
return this.createRequest(parameters);
};
/*************************
* ruleOperations
************************/
/**
* Create rule for an access group.
*
* Rules can be used to dynamically add users to an access group. If a user's SAML assertions match the rule's
* conditions during login, the user will be dynamically added to the group. The duration of the user's access to the
* group is determined by the `expiration` field. After access expires, the user will need to log in again to regain
* access. Note that the condition's value field must be a stringified JSON value. [Consult this documentation for
* further explanation of dynamic rules.](/docs/account?topic=account-rules).
*
* @param {Object} params - The parameters to send to the service.
* @param {string} params.accessGroupId - The access group identifier.
* @param {number} params.expiration - Session duration in hours. Access group membership is revoked after this time
* period expires. Users must log back in to refresh their access group membership.
* @param {string} params.realmName - The URL of the identity provider (IdP).
* @param {RuleConditions[]} params.conditions - A list of conditions that identities must satisfy to gain access
* group membership.
* @param {string} [params.name] - The name of the dynaimic rule.
* @param {string} [params.transactionId] - An optional transaction ID can be passed to your request, which can be
* useful for tracking calls through multiple services by using one identifier. The header key must be set to
* Transaction-Id and the value is anything that you choose. If no transaction ID is passed in, then a random ID is
* generated.
* @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
* @returns {Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.Rule>>}
*/
IamAccessGroupsV2.prototype.addAccessGroupRule = function (params) {
var _params = __assign({}, params);
var _requiredParams = ['accessGroupId', 'expiration', 'realmName', 'conditions'];
var _validParams = [
'accessGroupId',
'expiration',
'realmName',
'conditions',
'name',
'transactionId',
'headers',
];
var _validationErrors = (0, ibm_cloud_sdk_core_1.validateParams)(_params, _requiredParams, _validParams);
if (_validationErrors) {
return Promise.reject(_validationErrors);
}
var body = {
'expiration': _params.expiration,
'realm_name': _params.realmName,
'conditions': _params.conditions,
'name': _params.name,
};
var path = {
'access_group_id': _params.accessGroupId,
};
var sdkHeaders = (0, common_1.getSdkHeaders)(IamAccessGroupsV2.DEFAULT_SERVICE_NAME, 'v2', 'addAccessGroupRule');
var parameters = {
options: {
url: '/v2/groups/{access_group_id}/rules',
method: 'POST',
body: body,
path: path,
},
defaultOptions: extend(true, {}, this.baseOptions, {
headers: extend(true, sdkHeaders, this.baseOptions.headers, {
'Accept': 'application/json',
'Content-Type': 'application/json',
'Transaction-Id': _params.transactionId,
}, _params.headers),
}),
};
return this.createRequest(parameters);
};
/**
* List access group rules.
*
* This API lists all rules in a given access group. Because only a few rules are created on each group, there is no
* pagination or sorting support on this API.
*
* @param {Object} params - The parameters to send to the service.
* @param {string} params.accessGroupId - The access group identifier.
* @param {string} [params.transactionId] - An optional transaction ID can be passed to your request, which can be
* useful for tracking calls through multiple services by using one identifier. The header key must be set to
* Transaction-Id and the value is anything that you choose. If no transaction ID is passed in, then a random ID is
* generated.
* @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
* @returns {Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.RulesList>>}
*/
IamAccessGroupsV2.prototype.listAccessGroupRules = function (params) {
var _params = __assign({}, params);
var _requiredParams = ['accessGroupId'];
var _validParams = ['accessGroupId', 'transactionId', 'headers'];
var _validationErrors = (0, ibm_cloud_sdk_core_1.validateParams)(_params, _requiredParams, _validParams);
if (_validationErrors) {
return Promise.reject(_validationErrors);
}
var path = {
'access_group_id': _params.accessGroupId,
};
var sdkHeaders = (0, common_1.getSdkHeaders)(IamAccessGroupsV2.DEFAULT_SERVICE_NAME, 'v2', 'listAccessGroupRules');
var parameters = {
options: {
url: '/v2/groups/{access_group_id}/rules',
method: 'GET',
path: path,
},
defaultOptions: extend(true, {}, this.baseOptions, {
headers: extend(true, sdkHeaders, this.baseOptions.headers, {
'Accept': 'application/json',
'Transaction-Id': _params.transactionId,
}, _params.headers),
}),
};
return this.createRequest(parameters);
};
/**
* Get an access group rule.
*
* Retrieve a rule from an access group. A revision number is returned in the `ETag` header, which is needed when
* updating the rule.
*
* @param {Object} params - The parameters to send to the service.
* @param {string} params.accessGroupId - The access group identifier.
* @param {string} params.ruleId - The rule to get.
* @param {string} [params.transactionId] - An optional transaction ID can be passed to your request, which can be
* useful for tracking calls through multiple services by using one identifier. The header key must be set to
* Transaction-Id and the value is anything that you choose. If no transaction ID is passed in, then a random ID is
* generated.
* @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
* @returns {Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.Rule>>}
*/
IamAccessGroupsV2.prototype.getAccessGroupRule = function (params) {
var _params = __assign({}