@ibm-cloud/platform-services
Version:
Node.js client library for IBM Cloud Platform Services
1,030 lines • 222 kB
JavaScript
"use strict";
/**
* (C) Copyright IBM Corp. 2025.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
var __extends = (this && this.__extends) || (function () {
var extendStatics = function (d, b) {
extendStatics = Object.setPrototypeOf ||
({ __proto__: [] } instanceof Array && function (d, b) { d.__proto__ = b; }) ||
function (d, b) { for (var p in b) if (Object.prototype.hasOwnProperty.call(b, p)) d[p] = b[p]; };
return extendStatics(d, b);
};
return function (d, b) {
if (typeof b !== "function" && b !== null)
throw new TypeError("Class extends value " + String(b) + " is not a constructor or null");
extendStatics(d, b);
function __() { this.constructor = d; }
d.prototype = b === null ? Object.create(b) : (__.prototype = b.prototype, new __());
};
})();
var __assign = (this && this.__assign) || function () {
__assign = Object.assign || function(t) {
for (var s, i = 1, n = arguments.length; i < n; i++) {
s = arguments[i];
for (var p in s) if (Object.prototype.hasOwnProperty.call(s, p))
t[p] = s[p];
}
return t;
};
return __assign.apply(this, arguments);
};
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
return new (P || (P = Promise))(function (resolve, reject) {
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
step((generator = generator.apply(thisArg, _arguments || [])).next());
});
};
var __generator = (this && this.__generator) || function (thisArg, body) {
var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g;
return g = { next: verb(0), "throw": verb(1), "return": verb(2) }, typeof Symbol === "function" && (g[Symbol.iterator] = function() { return this; }), g;
function verb(n) { return function (v) { return step([n, v]); }; }
function step(op) {
if (f) throw new TypeError("Generator is already executing.");
while (g && (g = 0, op[0] && (_ = 0)), _) try {
if (f = 1, y && (t = op[0] & 2 ? y["return"] : op[0] ? y["throw"] || ((t = y["return"]) && t.call(y), 0) : y.next) && !(t = t.call(y, op[1])).done) return t;
if (y = 0, t) op = [op[0] & 2, t.value];
switch (op[0]) {
case 0: case 1: t = op; break;
case 4: _.label++; return { value: op[1], done: false };
case 5: _.label++; y = op[1]; op = [0]; continue;
case 7: op = _.ops.pop(); _.trys.pop(); continue;
default:
if (!(t = _.trys, t = t.length > 0 && t[t.length - 1]) && (op[0] === 6 || op[0] === 2)) { _ = 0; continue; }
if (op[0] === 3 && (!t || (op[1] > t[0] && op[1] < t[3]))) { _.label = op[1]; break; }
if (op[0] === 6 && _.label < t[1]) { _.label = t[1]; t = op; break; }
if (t && _.label < t[2]) { _.label = t[2]; _.ops.push(op); break; }
if (t[2]) _.ops.pop();
_.trys.pop(); continue;
}
op = body.call(thisArg, _);
} catch (e) { op = [6, e]; y = 0; } finally { f = t = 0; }
if (op[0] & 5) throw op[1]; return { value: op[0] ? op[1] : void 0, done: true };
}
};
/**
* IBM OpenAPI SDK Code Generator Version: 3.103.0-e8b84313-20250402-201816
*/
/* eslint-disable max-classes-per-file */
/* eslint-disable no-await-in-loop */
var extend = require("extend");
var ibm_cloud_sdk_core_1 = require("ibm-cloud-sdk-core");
var common_1 = require("../lib/common");
/**
* IAM Policy Management API
*
* API Version: 1.0.1
*/
var IamPolicyManagementV1 = /** @class */ (function (_super) {
__extends(IamPolicyManagementV1, _super);
/**
* Construct a IamPolicyManagementV1 object.
*
* @param {Object} options - Options for the service.
* @param {string} [options.serviceUrl] - The base URL for the service
* @param {OutgoingHttpHeaders} [options.headers] - Default headers that shall be included with every request to the service.
* @param {Authenticator} options.authenticator - The Authenticator object used to authenticate requests to the service
* @constructor
* @returns {IamPolicyManagementV1}
*/
function IamPolicyManagementV1(options) {
var _this = this;
options = options || {};
_this = _super.call(this, options) || this;
if (options.serviceUrl) {
_this.setServiceUrl(options.serviceUrl);
}
else {
_this.setServiceUrl(IamPolicyManagementV1.DEFAULT_SERVICE_URL);
}
return _this;
}
/*************************
* Factory method
************************/
/**
* Constructs an instance of IamPolicyManagementV1 with passed in options and external configuration.
*
* @param {UserOptions} [options] - The parameters to send to the service.
* @param {string} [options.serviceName] - The name of the service to configure
* @param {Authenticator} [options.authenticator] - The Authenticator object used to authenticate requests to the service
* @param {string} [options.serviceUrl] - The base URL for the service
* @returns {IamPolicyManagementV1}
*/
IamPolicyManagementV1.newInstance = function (options) {
options = options || {};
if (!options.serviceName) {
options.serviceName = this.DEFAULT_SERVICE_NAME;
}
if (!options.authenticator) {
options.authenticator = (0, ibm_cloud_sdk_core_1.getAuthenticatorFromEnvironment)(options.serviceName);
}
var service = new IamPolicyManagementV1(options);
service.configureService(options.serviceName);
if (options.serviceUrl) {
service.setServiceUrl(options.serviceUrl);
}
return service;
};
/*************************
* policies
************************/
/**
* Get policies by attributes.
*
* Get policies and filter by attributes. While managing policies, you might want to retrieve policies in the account
* and filter by attribute values. This can be done through query parameters. The following attributes are supported:
* account_id, iam_id, access_group_id, type, service_type, sort, format and state. account_id is a required query
* parameter. Only policies that have the specified attributes and that the caller has read access to are returned. If
* the caller does not have read access to any policies an empty array is returned.
*
* @param {Object} params - The parameters to send to the service.
* @param {string} params.accountId - The account GUID that the policies belong to.
* @param {string} [params.acceptLanguage] - Language code for translations
* * `default` - English
* * `de` - German (Standard)
* * `en` - English
* * `es` - Spanish (Spain)
* * `fr` - French (Standard)
* * `it` - Italian (Standard)
* * `ja` - Japanese
* * `ko` - Korean
* * `pt-br` - Portuguese (Brazil)
* * `zh-cn` - Chinese (Simplified, PRC)
* * `zh-tw` - (Chinese, Taiwan).
* @param {string} [params.iamId] - Optional IAM ID used to identify the subject.
* @param {string} [params.accessGroupId] - Optional access group id.
* @param {string} [params.type] - Optional type of policy.
* @param {string} [params.serviceType] - Optional type of service.
* @param {string} [params.tagName] - Optional name of the access tag in the policy.
* @param {string} [params.tagValue] - Optional value of the access tag in the policy.
* @param {string} [params.sort] - Optional top level policy field to sort results. Ascending sort is default.
* Descending sort available by prepending '-' to field. Example '-last_modified_at'.
* @param {string} [params.format] - Include additional data per policy returned
* * `include_last_permit` - returns details of when the policy last granted a permit decision and the number of times
* it has done so
* * `display` - returns the list of all actions included in each of the policy roles.
* @param {string} [params.state] - The state of the policy.
* * `active` - returns active policies
* * `deleted` - returns non-active policies.
* @param {number} [params.limit] - The number of documents to include in the collection.
* @param {string} [params.start] - Page token that refers to the page of the collection to return.
* @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
* @returns {Promise<IamPolicyManagementV1.Response<IamPolicyManagementV1.PolicyCollection>>}
*/
IamPolicyManagementV1.prototype.listPolicies = function (params) {
var _params = __assign({}, params);
var _requiredParams = ['accountId'];
var _validParams = [
'accountId',
'acceptLanguage',
'iamId',
'accessGroupId',
'type',
'serviceType',
'tagName',
'tagValue',
'sort',
'format',
'state',
'limit',
'start',
'signal',
'headers',
];
var _validationErrors = (0, ibm_cloud_sdk_core_1.validateParams)(_params, _requiredParams, _validParams);
if (_validationErrors) {
return Promise.reject(_validationErrors);
}
var query = {
'account_id': _params.accountId,
'iam_id': _params.iamId,
'access_group_id': _params.accessGroupId,
'type': _params.type,
'service_type': _params.serviceType,
'tag_name': _params.tagName,
'tag_value': _params.tagValue,
'sort': _params.sort,
'format': _params.format,
'state': _params.state,
'limit': _params.limit,
'start': _params.start,
};
var sdkHeaders = (0, common_1.getSdkHeaders)(IamPolicyManagementV1.DEFAULT_SERVICE_NAME, 'v1', 'listPolicies');
var parameters = {
options: {
url: '/v1/policies',
method: 'GET',
qs: query,
},
defaultOptions: extend(true, {}, this.baseOptions, {
headers: extend(true, sdkHeaders, this.baseOptions.headers, {
'Accept': 'application/json',
'Accept-Language': _params.acceptLanguage,
}, _params.headers),
axiosOptions: {
signal: _params.signal,
},
}),
};
return this.createRequest(parameters);
};
/**
* Create a policy.
*
* Creates a policy to grant access between a subject and a resource. There are two types of policies: **access** and
* **authorization**. A policy administrator might want to create an access policy which grants access to a user,
* service-id, or an access group. They might also want to create an authorization policy and setup access between
* services.
*
* ### Access
*
* To create an access policy, use **`"type": "access"`** in the body. The possible subject attributes are
* **`iam_id`** and **`access_group_id`**. Use the **`iam_id`** subject attribute for assigning access for a user or
* service-id. Use the **`access_group_id`** subject attribute for assigning access for an access group. Assign roles
* that are supported by the service or platform roles. For more information, see [IAM roles and
* actions](/docs/account?topic=account-iam-service-roles-actions). Use only the resource attributes supported by the
* service. To view a service's or the platform's supported attributes, check the [documentation](/docs?tab=all-docs).
* The policy resource must include either the **`serviceType`**, **`serviceName`**, **`resourceGroupId`** or
* **`service_group_id`** attribute and the **`accountId`** attribute. The IAM Services group (`IAM`) is a subset of
* account management services that includes the IAM platform services IAM Identity, IAM Access Management, IAM Users
* Management, IAM Groups, and future IAM services. If the subject is a locked service-id, the request will fail.
*
* ### Authorization
*
* Authorization policies are supported by services on a case by case basis. Refer to service documentation to verify
* their support of authorization policies. To create an authorization policy, use **`"type": "authorization"`** in
* the body. The subject attributes must match the supported authorization subjects of the resource. Multiple subject
* attributes might be provided. The following attributes are supported:
* serviceName, serviceInstance, region, resourceType, resource, accountId, resourceGroupId Assign roles that are
* supported by the service or platform roles. For more information, see [IAM roles and
* actions](/docs/account?topic=account-iam-service-roles-actions). The user must also have the same level of access
* or greater to the target resource in order to grant the role. Use only the resource attributes supported by the
* service. To view a service's or the platform's supported attributes, check the [documentation](/docs?tab=all-docs).
* Both the policy subject and the policy resource must include the **`accountId`** attributes. The policy subject
* must include either **`serviceName`** or **`resourceGroupId`** (or both) attributes.
*
* ### Attribute Operators
*
* Currently, only the `stringEquals` and the `stringMatch` operators are available. Resource attributes may support
* one or both operators. For more information, see [Assigning access by using wildcard
* policies](https://cloud.ibm.com/docs/account?topic=account-wildcard).
*
* ### Attribute Validations
*
* Policy attribute values must be between 1 and 1,000 characters in length. If location related attributes like
* geography, country, metro, region, satellite, and locationvalues are supported by the service, they are validated
* against Global Catalog locations.
*
* @param {Object} params - The parameters to send to the service.
* @param {string} params.type - The policy type; either 'access' or 'authorization'.
* @param {PolicySubject[]} params.subjects - The subjects associated with a policy.
* @param {PolicyRole[]} params.roles - A set of role Cloud Resource Names (CRNs) granted by the policy.
* @param {PolicyResource[]} params.resources - The resources associated with a policy.
* @param {string} [params.description] - Customer-defined description.
* @param {string} [params.acceptLanguage] - Language code for translations
* * `default` - English
* * `de` - German (Standard)
* * `en` - English
* * `es` - Spanish (Spain)
* * `fr` - French (Standard)
* * `it` - Italian (Standard)
* * `ja` - Japanese
* * `ko` - Korean
* * `pt-br` - Portuguese (Brazil)
* * `zh-cn` - Chinese (Simplified, PRC)
* * `zh-tw` - (Chinese, Taiwan).
* @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
* @returns {Promise<IamPolicyManagementV1.Response<IamPolicyManagementV1.Policy>>}
*/
IamPolicyManagementV1.prototype.createPolicy = function (params) {
var _params = __assign({}, params);
var _requiredParams = ['type', 'subjects', 'roles', 'resources'];
var _validParams = [
'type',
'subjects',
'roles',
'resources',
'description',
'acceptLanguage',
'signal',
'headers',
];
var _validationErrors = (0, ibm_cloud_sdk_core_1.validateParams)(_params, _requiredParams, _validParams);
if (_validationErrors) {
return Promise.reject(_validationErrors);
}
var body = {
'type': _params.type,
'subjects': _params.subjects,
'roles': _params.roles,
'resources': _params.resources,
'description': _params.description,
};
var sdkHeaders = (0, common_1.getSdkHeaders)(IamPolicyManagementV1.DEFAULT_SERVICE_NAME, 'v1', 'createPolicy');
var parameters = {
options: {
url: '/v1/policies',
method: 'POST',
body: body,
},
defaultOptions: extend(true, {}, this.baseOptions, {
headers: extend(true, sdkHeaders, this.baseOptions.headers, {
'Accept': 'application/json',
'Content-Type': 'application/json',
'Accept-Language': _params.acceptLanguage,
}, _params.headers),
axiosOptions: {
signal: _params.signal,
},
}),
};
return this.createRequest(parameters);
};
/**
* Update a policy.
*
* Update a policy to grant access between a subject and a resource. A policy administrator might want to update an
* existing policy. The policy type cannot be changed (You cannot change an access policy to an authorization policy).
*
* ### Access
*
* To update an access policy, use **`"type": "access"`** in the body. The possible subject attributes are
* **`iam_id`** and **`access_group_id`**. Use the **`iam_id`** subject attribute for assigning access for a user or
* service-id. Use the **`access_group_id`** subject attribute for assigning access for an access group. Assign roles
* that are supported by the service or platform roles. For more information, see [IAM roles and
* actions](/docs/account?topic=account-iam-service-roles-actions). Use only the resource attributes supported by the
* service. To view a service's or the platform's supported attributes, check the [documentation](/docs?tab=all-docs).
* The policy resource must include either the **`serviceType`**, **`serviceName`**, or **`resourceGroupId`**
* attribute and the **`accountId`** attribute.` If the subject is a locked service-id, the request will fail.
*
* ### Authorization
*
* To update an authorization policy, use **`"type": "authorization"`** in the body. The subject attributes must match
* the supported authorization subjects of the resource. Multiple subject attributes might be provided. The following
* attributes are supported:
* serviceName, serviceInstance, region, resourceType, resource, accountId, resourceGroupId Assign roles that are
* supported by the service or platform roles. For more information, see [IAM roles and
* actions](/docs/account?topic=account-iam-service-roles-actions). The user must also have the same level of access
* or greater to the target resource in order to grant the role. Use only the resource attributes supported by the
* service. To view a service's or the platform's supported attributes, check the [documentation](/docs?tab=all-docs).
* Both the policy subject and the policy resource must include the **`accountId`** attributes. The policy subject
* must include either **`serviceName`** or **`resourceGroupId`** (or both) attributes.
*
* ### Attribute Operators
*
* Currently, only the `stringEquals` and the `stringMatch` operators are available. Resource attributes might support
* one or both operators. For more information, see [Assigning access by using wildcard
* policies](https://cloud.ibm.com/docs/account?topic=account-wildcard).
*
* ### Attribute Validations
*
* Policy attribute values must be between 1 and 1,000 characters in length. If location related attributes like
* geography, country, metro, region, satellite, and locationvalues are supported by the service, they are validated
* against Global Catalog locations.
*
* @param {Object} params - The parameters to send to the service.
* @param {string} params.policyId - The policy ID.
* @param {string} params.ifMatch - The revision number for updating a policy and must match the ETag value of the
* existing policy. The Etag can be retrieved using the GET /v1/policies/{policy_id} API and looking at the ETag
* response header.
* @param {string} params.type - The policy type; either 'access' or 'authorization'.
* @param {PolicySubject[]} params.subjects - The subjects associated with a policy.
* @param {PolicyRole[]} params.roles - A set of role Cloud Resource Names (CRNs) granted by the policy.
* @param {PolicyResource[]} params.resources - The resources associated with a policy.
* @param {string} [params.description] - Customer-defined description.
* @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
* @returns {Promise<IamPolicyManagementV1.Response<IamPolicyManagementV1.Policy>>}
*/
IamPolicyManagementV1.prototype.replacePolicy = function (params) {
var _params = __assign({}, params);
var _requiredParams = ['policyId', 'ifMatch', 'type', 'subjects', 'roles', 'resources'];
var _validParams = [
'policyId',
'ifMatch',
'type',
'subjects',
'roles',
'resources',
'description',
'signal',
'headers',
];
var _validationErrors = (0, ibm_cloud_sdk_core_1.validateParams)(_params, _requiredParams, _validParams);
if (_validationErrors) {
return Promise.reject(_validationErrors);
}
var body = {
'type': _params.type,
'subjects': _params.subjects,
'roles': _params.roles,
'resources': _params.resources,
'description': _params.description,
};
var path = {
'policy_id': _params.policyId,
};
var sdkHeaders = (0, common_1.getSdkHeaders)(IamPolicyManagementV1.DEFAULT_SERVICE_NAME, 'v1', 'replacePolicy');
var parameters = {
options: {
url: '/v1/policies/{policy_id}',
method: 'PUT',
body: body,
path: path,
},
defaultOptions: extend(true, {}, this.baseOptions, {
headers: extend(true, sdkHeaders, this.baseOptions.headers, {
'Accept': 'application/json',
'Content-Type': 'application/json',
'If-Match': _params.ifMatch,
}, _params.headers),
axiosOptions: {
signal: _params.signal,
},
}),
};
return this.createRequest(parameters);
};
/**
* Retrieve a policy by ID.
*
* Retrieve a policy by providing a policy ID.
*
* @param {Object} params - The parameters to send to the service.
* @param {string} params.policyId - The policy ID.
* @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
* @returns {Promise<IamPolicyManagementV1.Response<IamPolicyManagementV1.PolicyTemplateMetaData>>}
*/
IamPolicyManagementV1.prototype.getPolicy = function (params) {
var _params = __assign({}, params);
var _requiredParams = ['policyId'];
var _validParams = ['policyId', 'signal', 'headers'];
var _validationErrors = (0, ibm_cloud_sdk_core_1.validateParams)(_params, _requiredParams, _validParams);
if (_validationErrors) {
return Promise.reject(_validationErrors);
}
var path = {
'policy_id': _params.policyId,
};
var sdkHeaders = (0, common_1.getSdkHeaders)(IamPolicyManagementV1.DEFAULT_SERVICE_NAME, 'v1', 'getPolicy');
var parameters = {
options: {
url: '/v1/policies/{policy_id}',
method: 'GET',
path: path,
},
defaultOptions: extend(true, {}, this.baseOptions, {
headers: extend(true, sdkHeaders, this.baseOptions.headers, {
'Accept': 'application/json',
}, _params.headers),
axiosOptions: {
signal: _params.signal,
},
}),
};
return this.createRequest(parameters);
};
/**
* Delete a policy by ID.
*
* Delete a policy by providing a policy ID. A policy cannot be deleted if the subject ID contains a locked service
* ID. If the subject of the policy is a locked service-id, the request will fail.
*
* @param {Object} params - The parameters to send to the service.
* @param {string} params.policyId - The policy ID.
* @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
* @returns {Promise<IamPolicyManagementV1.Response<IamPolicyManagementV1.EmptyObject>>}
*/
IamPolicyManagementV1.prototype.deletePolicy = function (params) {
var _params = __assign({}, params);
var _requiredParams = ['policyId'];
var _validParams = ['policyId', 'signal', 'headers'];
var _validationErrors = (0, ibm_cloud_sdk_core_1.validateParams)(_params, _requiredParams, _validParams);
if (_validationErrors) {
return Promise.reject(_validationErrors);
}
var path = {
'policy_id': _params.policyId,
};
var sdkHeaders = (0, common_1.getSdkHeaders)(IamPolicyManagementV1.DEFAULT_SERVICE_NAME, 'v1', 'deletePolicy');
var parameters = {
options: {
url: '/v1/policies/{policy_id}',
method: 'DELETE',
path: path,
},
defaultOptions: extend(true, {}, this.baseOptions, {
headers: extend(true, sdkHeaders, this.baseOptions.headers, {}, _params.headers),
axiosOptions: {
signal: _params.signal,
},
}),
};
return this.createRequest(parameters);
};
/**
* Restore a deleted policy by ID.
*
* Restore a policy that has recently been deleted. A policy administrator might want to restore a deleted policy. To
* restore a policy, use **`"state": "active"`** in the body.
*
* @param {Object} params - The parameters to send to the service.
* @param {string} params.policyId - The policy ID.
* @param {string} params.ifMatch - The revision number for updating a policy and must match the ETag value of the
* existing policy. The Etag can be retrieved using the GET /v1/policies/{policy_id} API and looking at the ETag
* response header.
* @param {string} [params.state] - The policy state.
* @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
* @returns {Promise<IamPolicyManagementV1.Response<IamPolicyManagementV1.Policy>>}
*/
IamPolicyManagementV1.prototype.updatePolicyState = function (params) {
var _params = __assign({}, params);
var _requiredParams = ['policyId', 'ifMatch'];
var _validParams = ['policyId', 'ifMatch', 'state', 'signal', 'headers'];
var _validationErrors = (0, ibm_cloud_sdk_core_1.validateParams)(_params, _requiredParams, _validParams);
if (_validationErrors) {
return Promise.reject(_validationErrors);
}
var body = {
'state': _params.state,
};
var path = {
'policy_id': _params.policyId,
};
var sdkHeaders = (0, common_1.getSdkHeaders)(IamPolicyManagementV1.DEFAULT_SERVICE_NAME, 'v1', 'updatePolicyState');
var parameters = {
options: {
url: '/v1/policies/{policy_id}',
method: 'PATCH',
body: body,
path: path,
},
defaultOptions: extend(true, {}, this.baseOptions, {
headers: extend(true, sdkHeaders, this.baseOptions.headers, {
'Accept': 'application/json',
'Content-Type': 'application/json',
'If-Match': _params.ifMatch,
}, _params.headers),
axiosOptions: {
signal: _params.signal,
},
}),
};
return this.createRequest(parameters);
};
/*************************
* roles
************************/
/**
* Get roles by filters.
*
* Get roles based on the filters. While managing roles, you may want to retrieve roles and filter by usages. This can
* be done through query parameters. Currently, we only support the following attributes: account_id, service_name,
* service_group_id, source_service_name and policy_type. Both service_name and service_group_id attributes are
* mutually exclusive. Only roles that match the filter and that the caller has read access to are returned. If the
* caller does not have read access to any roles an empty array is returned.
*
* @param {Object} [params] - The parameters to send to the service.
* @param {string} [params.acceptLanguage] - Language code for translations
* * `default` - English
* * `de` - German (Standard)
* * `en` - English
* * `es` - Spanish (Spain)
* * `fr` - French (Standard)
* * `it` - Italian (Standard)
* * `ja` - Japanese
* * `ko` - Korean
* * `pt-br` - Portuguese (Brazil)
* * `zh-cn` - Chinese (Simplified, PRC)
* * `zh-tw` - (Chinese, Taiwan).
* @param {string} [params.accountId] - Optional account GUID in which the roles belong to.
* @param {string} [params.serviceName] - Optional name of IAM enabled service.
* @param {string} [params.sourceServiceName] - Optional name of source IAM enabled service.
* @param {string} [params.policyType] - Optional Policy Type.
* @param {string} [params.serviceGroupId] - Optional id of service group.
* @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
* @returns {Promise<IamPolicyManagementV1.Response<IamPolicyManagementV1.RoleCollection>>}
*/
IamPolicyManagementV1.prototype.listRoles = function (params) {
var _params = __assign({}, params);
var _requiredParams = [];
var _validParams = [
'acceptLanguage',
'accountId',
'serviceName',
'sourceServiceName',
'policyType',
'serviceGroupId',
'signal',
'headers',
];
var _validationErrors = (0, ibm_cloud_sdk_core_1.validateParams)(_params, _requiredParams, _validParams);
if (_validationErrors) {
return Promise.reject(_validationErrors);
}
var query = {
'account_id': _params.accountId,
'service_name': _params.serviceName,
'source_service_name': _params.sourceServiceName,
'policy_type': _params.policyType,
'service_group_id': _params.serviceGroupId,
};
var sdkHeaders = (0, common_1.getSdkHeaders)(IamPolicyManagementV1.DEFAULT_SERVICE_NAME, 'v1', 'listRoles');
var parameters = {
options: {
url: '/v2/roles',
method: 'GET',
qs: query,
},
defaultOptions: extend(true, {}, this.baseOptions, {
headers: extend(true, sdkHeaders, this.baseOptions.headers, {
'Accept': 'application/json',
'Accept-Language': _params.acceptLanguage,
}, _params.headers),
axiosOptions: {
signal: _params.signal,
},
}),
};
return this.createRequest(parameters);
};
/**
* Create a role.
*
* Creates a custom role for a specific service within the account. An account owner or a user assigned the
* Administrator role on the Role management service can create a custom role. Any number of actions for a single
* service can be mapped to the new role, but there must be at least one service-defined action to successfully create
* the new role.
*
* @param {Object} params - The parameters to send to the service.
* @param {string} params.displayName - The display the name of the role that is shown in the console.
* @param {string[]} params.actions - The actions of the role. For more information, see [IAM roles and
* actions](https://cloud.ibm.com/docs/account?topic=account-iam-service-roles-actions).
* @param {string} params.name - The name of the role that is used in the CRN. This must be alphanumeric and
* capitalized.
* @param {string} params.accountId - The account GUID.
* @param {string} params.serviceName - The service name.
* @param {string} [params.description] - The description of the role.
* @param {string} [params.acceptLanguage] - Language code for translations
* * `default` - English
* * `de` - German (Standard)
* * `en` - English
* * `es` - Spanish (Spain)
* * `fr` - French (Standard)
* * `it` - Italian (Standard)
* * `ja` - Japanese
* * `ko` - Korean
* * `pt-br` - Portuguese (Brazil)
* * `zh-cn` - Chinese (Simplified, PRC)
* * `zh-tw` - (Chinese, Taiwan).
* @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
* @returns {Promise<IamPolicyManagementV1.Response<IamPolicyManagementV1.CustomRole>>}
*/
IamPolicyManagementV1.prototype.createRole = function (params) {
var _params = __assign({}, params);
var _requiredParams = ['displayName', 'actions', 'name', 'accountId', 'serviceName'];
var _validParams = [
'displayName',
'actions',
'name',
'accountId',
'serviceName',
'description',
'acceptLanguage',
'signal',
'headers',
];
var _validationErrors = (0, ibm_cloud_sdk_core_1.validateParams)(_params, _requiredParams, _validParams);
if (_validationErrors) {
return Promise.reject(_validationErrors);
}
var body = {
'display_name': _params.displayName,
'actions': _params.actions,
'name': _params.name,
'account_id': _params.accountId,
'service_name': _params.serviceName,
'description': _params.description,
};
var sdkHeaders = (0, common_1.getSdkHeaders)(IamPolicyManagementV1.DEFAULT_SERVICE_NAME, 'v1', 'createRole');
var parameters = {
options: {
url: '/v2/roles',
method: 'POST',
body: body,
},
defaultOptions: extend(true, {}, this.baseOptions, {
headers: extend(true, sdkHeaders, this.baseOptions.headers, {
'Accept': 'application/json',
'Content-Type': 'application/json',
'Accept-Language': _params.acceptLanguage,
}, _params.headers),
axiosOptions: {
signal: _params.signal,
},
}),
};
return this.createRequest(parameters);
};
/**
* Update a role.
*
* Update a custom role. A role administrator might want to update an existing role by updating the display name,
* description, or the actions that are mapped to the role. The name, account_id, and service_name can't be changed.
*
* @param {Object} params - The parameters to send to the service.
* @param {string} params.roleId - The role ID.
* @param {string} params.ifMatch - The revision number for updating a role and must match the ETag value of the
* existing role. The Etag can be retrieved using the GET /v2/roles/{role_id} API and looking at the ETag response
* header.
* @param {string} params.displayName - The display the name of the role that is shown in the console.
* @param {string[]} params.actions - The actions of the role. For more information, see [IAM roles and
* actions](https://cloud.ibm.com/docs/account?topic=account-iam-service-roles-actions).
* @param {string} [params.description] - The description of the role.
* @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
* @returns {Promise<IamPolicyManagementV1.Response<IamPolicyManagementV1.CustomRole>>}
*/
IamPolicyManagementV1.prototype.replaceRole = function (params) {
var _params = __assign({}, params);
var _requiredParams = ['roleId', 'ifMatch', 'displayName', 'actions'];
var _validParams = [
'roleId',
'ifMatch',
'displayName',
'actions',
'description',
'signal',
'headers',
];
var _validationErrors = (0, ibm_cloud_sdk_core_1.validateParams)(_params, _requiredParams, _validParams);
if (_validationErrors) {
return Promise.reject(_validationErrors);
}
var body = {
'display_name': _params.displayName,
'actions': _params.actions,
'description': _params.description,
};
var path = {
'role_id': _params.roleId,
};
var sdkHeaders = (0, common_1.getSdkHeaders)(IamPolicyManagementV1.DEFAULT_SERVICE_NAME, 'v1', 'replaceRole');
var parameters = {
options: {
url: '/v2/roles/{role_id}',
method: 'PUT',
body: body,
path: path,
},
defaultOptions: extend(true, {}, this.baseOptions, {
headers: extend(true, sdkHeaders, this.baseOptions.headers, {
'Accept': 'application/json',
'Content-Type': 'application/json',
'If-Match': _params.ifMatch,
}, _params.headers),
axiosOptions: {
signal: _params.signal,
},
}),
};
return this.createRequest(parameters);
};
/**
* Retrieve a role by ID.
*
* Retrieve a role by providing a role ID.
*
* @param {Object} params - The parameters to send to the service.
* @param {string} params.roleId - The role ID.
* @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
* @returns {Promise<IamPolicyManagementV1.Response<IamPolicyManagementV1.CustomRole>>}
*/
IamPolicyManagementV1.prototype.getRole = function (params) {
var _params = __assign({}, params);
var _requiredParams = ['roleId'];
var _validParams = ['roleId', 'signal', 'headers'];
var _validationErrors = (0, ibm_cloud_sdk_core_1.validateParams)(_params, _requiredParams, _validParams);
if (_validationErrors) {
return Promise.reject(_validationErrors);
}
var path = {
'role_id': _params.roleId,
};
var sdkHeaders = (0, common_1.getSdkHeaders)(IamPolicyManagementV1.DEFAULT_SERVICE_NAME, 'v1', 'getRole');
var parameters = {
options: {
url: '/v2/roles/{role_id}',
method: 'GET',
path: path,
},
defaultOptions: extend(true, {}, this.baseOptions, {
headers: extend(true, sdkHeaders, this.baseOptions.headers, {
'Accept': 'application/json',
}, _params.headers),
axiosOptions: {
signal: _params.signal,
},
}),
};
return this.createRequest(parameters);
};
/**
* Delete a role by ID.
*
* Delete a role by providing a role ID.
*
* @param {Object} params - The parameters to send to the service.
* @param {string} params.roleId - The role ID.
* @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
* @returns {Promise<IamPolicyManagementV1.Response<IamPolicyManagementV1.EmptyObject>>}
*/
IamPolicyManagementV1.prototype.deleteRole = function (params) {
var _params = __assign({}, params);
var _requiredParams = ['roleId'];
var _validParams = ['roleId', 'signal', 'headers'];
var _validationErrors = (0, ibm_cloud_sdk_core_1.validateParams)(_params, _requiredParams, _validParams);
if (_validationErrors) {
return Promise.reject(_validationErrors);
}
var path = {
'role_id': _params.roleId,
};
var sdkHeaders = (0, common_1.getSdkHeaders)(IamPolicyManagementV1.DEFAULT_SERVICE_NAME, 'v1', 'deleteRole');
var parameters = {
options: {
url: '/v2/roles/{role_id}',
method: 'DELETE',
path: path,
},
defaultOptions: extend(true, {}, this.baseOptions, {
headers: extend(true, sdkHeaders, this.baseOptions.headers, {}, _params.headers),
axiosOptions: {
signal: _params.signal,
},
}),
};
return this.createRequest(parameters);
};
/*************************
* v2Policies
************************/
/**
* Get policies by attributes.
*
* Get policies and filter by attributes. While managing policies, you might want to retrieve policies in the account
* and filter by attribute values. This can be done through query parameters. The following attributes are supported:
* account_id, iam_id, access_group_id, type, service_type, sort, format and state. account_id is a required query
* parameter. Only policies that have the specified attributes and that the caller has read access to are returned. If
* the caller does not have read access to any policies an empty array is returned.
*
* @param {Object} params - The parameters to send to the service.
* @param {string} params.accountId - The account GUID in which the policies belong to.
* @param {string} [params.acceptLanguage] - Language code for translations
* * `default` - English
* * `de` - German (Standard)
* * `en` - English
* * `es` - Spanish (Spain)
* * `fr` - French (Standard)
* * `it` - Italian (Standard)
* * `ja` - Japanese
* * `ko` - Korean
* * `pt-br` - Portuguese (Brazil)
* * `zh-cn` - Chinese (Simplified, PRC)
* * `zh-tw` - (Chinese, Taiwan).
* @param {string} [params.iamId] - Optional IAM ID used to identify the subject.
* @param {string} [params.accessGroupId] - Optional access group id.
* @param {string} [params.type] - Optional type of policy.
* @param {string} [params.serviceType] - Optional type of service.
* @param {string} [params.serviceName] - Optional name of service.
* @param {string} [params.serviceGroupId] - Optional ID of service group.
* @param {string} [params.sort] - Optional top level policy field to sort results. Ascending sort is default.
* Descending sort available by prepending '-' to field, for example, '-last_modified_at'. Note that last permit
* information is only included when 'format=include_last_permit', for example,
* "format=include_last_permit&sort=last_permit_at" Example fields that can be sorted on:
* - 'id'
* - 'type'
* - 'href'
* - 'created_at'
* - 'created_by_id'
* - 'last_modified_at'
* - 'last_modified_by_id'
* - 'state'
* - 'last_permit_at'
* - 'last_permit_frequency'.
* @param {string} [params.format] - Include additional data per policy returned
* * `include_last_permit` - returns details of when the policy last granted a permit decision and the number of times
* it has done so
* * `display` - returns the list of all actions included in each of the policy roles and translations for all
* relevant fields.
* @param {string} [params.state] - The state of the policy.
* * `active` - returns active policies
* * `deleted` - returns non-active policies.
* @param {number} [params.limit] - The number of documents to include in the collection.
* @param {string} [params.start] - Page token that refers to the page of the collection to return.
* @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
* @returns {Promise<IamPolicyManagementV1.Response<IamPolicyManagementV1.V2PolicyCollection>>}
*/
IamPolicyManagementV1.prototype.listV2Policies = function (params) {
var _params = __assign({}, params);
var _requiredParams = ['accountId'];
var _validParams = [
'accountId',
'acceptLanguage',
'iamId',
'accessGroupId',
'type',
'serviceType',
'serviceName',
'serviceGroupId',
'sort',
'format',
'state',
'limit',
'start',
'signal',
'headers',
];
var _validationErrors = (0, ibm_cloud_sdk_core_1.validateParams)(_params, _requiredParams, _validParams);
if (_validationErrors) {
return Promise.reject(_validationErrors);
}
var query = {
'account_id': _params.accountId,
'iam_id': _params.iamId,
'access_group_id': _params.accessGroupId,
'type': _params.type,
'service_type': _params.serviceType,
'service_name': _params.serviceName,
'service_group_id': _params.serviceGroupId,
'sort': _params.sort,
'format': _params.format,
'state': _params.state,
'limit': _params.limit,
'start': _params.start,
};
var sdkHeaders = (0, common_1.getSdkHeaders)(IamPolicyManagementV1.DEFAULT_SERVICE_NAME, 'v1', 'listV2Policies');
var parameters = {
options: {
url: '/v2/policies',
method: 'GET',
qs: query,
},
defaultOptions: extend(true, {}, this.baseOptions, {
headers: extend(true, sdkHeaders, this.baseOptions.headers, {
'Accept': 'application/json',
'Accept-Language': _params.acceptLanguage,
}, _params.headers),
axiosOptions: {
signal: _params.signal,
},
}),
};
return this.createRequest(parameters);
};
/**
* Create a policy.
*
* Creates a policy to grant access between a subject and a resource. Currently, there is one type of a v2/policy:
* **access**. A policy administrator might want to create an access policy that grants access to a user, service-id,
* or an access group.
*
* ### Access
*
* To create an access policy, use **`"type": "access"`** in the body. The supported subject attributes are
* **`iam_id`** and **`access_group_id`**. Use the **`iam_id`** subject attribute to assign access to a user or
* service-id. Use the **`access_group_id`** subject attribute to assign access to an access group. Assign roles that
* are supported by the service or platform roles. For more information, see [IAM roles and
* actions](/docs/account?topic=account-iam-service-roles-actions). Use only the resource attributes supported by the
* service. To view a service's or the platform's supported attributes, check the [documentation](/docs?tab=all-docs).
* The policy resource must include either the **`serviceType`**, **`serviceName`**, **`resourceGroupId`** or
* **`service_group_id`** attribute and the **`accountId`** attribute. In the rule field, you can specify a single
* condition by using **`key`**, **`value`**, and condition **`operator`**, or a set of **`conditions`** with a
* combination **`operator`**. The possible combination operators are **`and`** and **`or`**.
*
* Currently, we support two types of patterns:
*
* 1. `time-based`: Used to specify a time-based restriction
*
* Combine conditions to specify a time-based restriction (e.g., access only during business hours, during the
* Monday-Friday work week). For example, a policy can grant access Monday-Friday, 9:00am-5:00pm using the following
* rule:
* ```json
* "rule": {
* "operator": "and",
* "conditions": [{
* "key": "{{environment.attributes.day_of_week}}",
* "